Updated export script and GH action (#334)

Azure · Aug 27, 2023 · 961497d · 961497d
1 parent 784f232
commit 961497d
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 2 deletions.
diff --git a/Scripts/Operations/Export-AzPolicyResources.ps1 b/Scripts/Operations/Export-AzPolicyResources.ps1
@@ -34,6 +34,7 @@ Operating mode:
     b) 'collectRawFile' exports the raw data only; Often used with 'inputPacSelector' when running non-interactive in a multi-tenant scenario to collect the raw data once per tenant into a file named after the EPAC environment
     c) 'exportFromRawFiles' reads the files generated with one or more runs of b) and outputs the files the same as normal 'export'.
     d) 'exportRawToPipeline' exports EPAC environments in EPAC format, should be used with -Interactive $true in a multi-tenant scenario, or use with an inputPacSelector to limit the scope to one EPAC environment.
+    e) 'psrule' exports EPAC environment into a file which can be used to create policy rules for PSRule for Azure
 
 .PARAMETER InputPacSelector
 Limits the collection to one EPAC environment, useful for non-interactive use in a multi-tenant scenario, especially with -Mode 'collectRawFile'.
@@ -45,6 +46,9 @@ Suppress documentation generation.
 .PARAMETER SuppressEpacOutput
 Suppress output generation in EPAC format.
 
+.PARAMETER PSRuleIgnoreFullScope
+Ignore full scope for PsRule Extraction
+
 .EXAMPLE
 Export-AzPolicyResources -DefinitionsRootFolder ./Definitions -OutputFolder ./Outputs -Interactive $true -IncludeChildScopes -IncludeAutoAssigned -ExemptionFiles csv -FileExtension jsonc -Mode export -InputPacSelector '*'
 
@@ -86,6 +90,7 @@ param (
         b) 'collectRawFile' exports the raw data only; Often used with 'inputPacSelector' when running non-interactive in a multi-tenant scenario to collect the raw data once per tenant into a file named after the EPAC environment
         c) 'exportFromRawFiles' reads the files generated with one or more runs of b) and outputs the files the same as normal 'export'.
         d) 'exportRawToPipeline' exports EPAC environments in EPAC format, should be used with -Interactive `$true in a multi-tenant scenario, or use with an inputPacSelector to limit the scope to one EPAC environment.
+        e) 'psrule' exports EPAC environment into a file which can be used to create policy rules for PSRule for Azure
     ")]
     [string] $Mode = 'export',
     # [string] $Mode = 'collectRawFile',
@@ -316,7 +321,7 @@ if ($Mode -ne 'exportFromRawFiles') {
         }
 
         $outputArray | ConvertTo-Json -Depth 100 | Out-File -FilePath "$OutputFolder/psrule.assignment.json" -Force
-        exit 0
+        return 0
     }
 
 }

diff --git a/StarterKit/Pipelines/GitHubActions/.github/workflows/build.yaml b/StarterKit/Pipelines/GitHubActions/.github/workflows/build.yaml
@@ -56,6 +56,9 @@ jobs:
           }
           if (Test-Path $env:planFolder) {
             echo "Deploy=true" >> $env:GITHUB_ENV
+            if (!(Get-ChildItem $env:planFolder -Recurse -Include policy-plan.json)){
+              echo "RolesOnly=true" >> $env:GITHUB_ENV
+            }
           }
       - shell: pwsh
         name: Create PR
@@ -71,4 +74,10 @@ jobs:
           git add .
           git commit -m "Deployment plan commit"
           git push --set-upstream origin $branchName
-          gh pr create -B main -H $branchName --title "Approval Required for Policy Deployment - $branchName" -F body.txt --reviewer $env:REVIEWER --label PolicyDeployment
+          if ($env:RolesOnly -eq "true") {
+            gh pr create -B main -H $branchName --title "Approval Required for Role Deployment - $branchName" -F body.txt --reviewer $env:REVIEWER --label RoleDeployment
+          }
+          else {
+            gh pr create -B main -H $branchName --title "Approval Required for Policy Deployment - $branchName" -F body.txt --reviewer $env:REVIEWER --label PolicyDeployment
+          }
+