tasks/bicep.tasks.ps1
$BaseBranch = "origin/main" $BicepRegistryFqdn = $env:BicepRegistryFqdn $RegistryPath = $env:RegistryPath $BicepModulesDir = "" $OverwriteTag = $false $AlwaysTag = $false $RequiredBicepCliVersion = "0.8.9" function getAllBicepFiles { [CmdletBinding()] param ( [Parameter()] [string] $Path = $SourcesDir ) Get-ChildItem -Recurse -Filter *.bicep -Path $Path } function getChangedBicepModules { $changedModules = git diff $BaseBranch --name-only | Where-Object { $_.StartsWith("modules") } | ForEach-Object { $split = $_ -split "/"; $split[1..2] -join "/" } | Where-Object { $_.Contains("/") } | Where-Object { Test-path $BicepModulesDir/$_ } | Select-Object -Unique Write-Host "Changed modules:`n$($changedModules -join "`n")" $changedModules } # Synopsis: Lints Bicep files and builds the ARM template task BuildBicepFiles ` -Partial ` -Inputs { getAllBicepFiles } ` -Outputs { process { [System.IO.Path]::ChangeExtension($_, 'json')} } ` -Jobs InstallBicepTooling,{ begin { $failBuild = $false } process { Write-Build White "Building: $_" & az bicep build -f $_ if ($LASTEXITCODE -ne 0) { $failBuild = $true } } end { if ($failBuild) { throw "Bicep build error(s) - check preceeding log messages" } else { Write-Build Green "Bicep files OK" } } } # Synopsis: Installs Bicep CLI and Bicep Registry Module tooling task InstallBicepTooling -If { getAllBicepFiles } { Write-Host "Checking Bicep CLI version:" $script:currentBicepVersion = $null $currentVersionBanner = try { & bicep --version } catch {} if ($currentVersionBanner) { Write-Host $currentVersionBanner if ($currentVersionBanner -imatch "\d+(\.\d+)+") { $script:currentBicepVersion = [version]$Matches[0] Write-Host $currentBicepVersion } } else { Write-Warning "Bicep tooling is not installed" } # Only install Bicep CLI if it's not already installed or if it's an older version if (!$currentBicepVersion -or $currentBicepVersion -lt [version]$RequiredBicepCliVersion) { if ($env:GITHUB_ACTIONS -or $env:TF_BUILD) { $bitness = [System.Environment]::Is64BitOperatingSystem ? "x64" : "x86" if ($IsMacOS) { $downloadFile = "bicep-osx-$bitness" } elseif ($IsLinux) { $downloadFile = "bicep-linux-$bitness" } else { $downloadFile = "bicep-win-$bitness.exe" } $destPath = $IsWindows ? "$($env:TEMP)/bicepcli/bicep" : "/tmp/bicepcli/bicep" New-Item -ItemType Directory (Split-Path -Path $destPath) -EA 0 | Out-Null $downloadUrl = "https://github.com/Azure/bicep/releases/download/v$RequiredBicepCliVersion/$downloadFile" Write-Host "Downloading Bicep CLI: $downloadUrl ==> $destPath" $res = Invoke-WebRequest ` -Uri $downloadUrl ` -OutFile $destPath if ($IsMacOS -or $IsLinux) { & chmod +x $destPath } Write-Host "Updating PATH to use upgraded Bicep CLI" $env:PATH = "{0}{1}{2}" -f ` (Split-Path -Parent $destPath), [IO.Path]::PathSeparator, $env:PATH Get-Command bicep | Out-String | Write-Host } else { throw ("Bicep tooling mismatch. Required version is '$RequiredBicepCliVersion', please update your installed version.") } } # Ensure the Bicep Registry Module tool is installed with a version consistent with the installed version of the Bicep CLI Write-Host "Ensuring matching version of 'brm' tool" Install-DotNetTool Azure.Bicep.RegistryModuleTool -Version (!$currentBicepVersion ? $RequiredBicepCliVersion : $currentBicepVersion.ToString()) } # Synopsis: Installs the Nerdbank GitVersion global tool task InstallNbgvTool { Install-DotNetTool nbgv } # Synopsis: Validates all Bicep modules via 'brm validate' task ValidateBicepModules -If { $BicepModulesDir } ` -Inputs { getAllBicepFiles -Path $BicepModulesDir | ? { !$_.FullName.EndsWith(".test.bicep") } } ` -Outputs "always-run" ` -Jobs InstallBicepTooling,{ begin { $passed = $true } process { Push-Location (Split-Path -Parent $_) Write-Build White "Validating $_" & brm validate if ($LASTEXITCODE -ne 0) { $passed = $false } Pop-Location } end { if (!$passed) { throw "Validation failed for one more modules - check previous logs" } else { Write-Build Green "All Bicep modules validated successfully" } } } # synopsis: Updates generated content for Bicep modules via 'brm generate' task RunBrmGenerate -If { $BicepModulesDir } ` -Inputs { getAllBicepFiles -Path $BicepModulesDir | ? { !$_.FullName.EndsWith(".test.bicep") } } ` -Outputs "always-run" ` -Jobs InstallBicepTooling,{ begin { $passed = $true } process { Push-Location (Split-Path -Parent $_) Write-Build White "Regenerating $_" & brm generate if ($LASTEXITCODE -ne 0) { $passed = $false } Pop-Location } end { if (!$passed) { throw "Generation failed for one more modules - check previous logs" } else { Write-Build Green "All Bicep modules regenerated successfully" } } } # Synopsis: Publishes any updated Bicep modules via 'bicep publish' task PublishBicepModules -If { $BicepModulesDir } ` -Inputs { getAllBicepFiles | ? { !$_.FullName.EndsWith(".test.bicep") } } ` -Outputs "always-run" ` -Jobs InstallBicepTooling,InstallNbgvTool, { # validate publish details if (!$BicepRegistryFqdn) { throw "The 'BicepRegistryFqdn' variables has not been defined" } elseif (!$BicepRegistryFqdn.EndsWith(".azurecr.io")) { throw "The 'BicepRegistryFqdn' must point to an Azure Container Registry with the '.azurecr.io' suffix - current value: $BicepRegistryFqdn" } # Publishing Bicep modules requires a logged-in Azure-Cli session if (!(Test-AzCliConnection)) { throw "You must be logged-in to azure-cli to publish Bicep modules to a private registry" } $modulesToPublish = getChangedBicepModules $gitTagsToPush = $false foreach ($module in $modulesToPublish) { Write-Build White "Processing module: $module" # Derive next version using nbgv Push-Location $BicepModulesDir/$module $res = & nbgv get-version --format json Pop-Location if ($res -eq $null) { Write-Warning "Error deriving version for '$module'" continue } $nbgvResults = $res | ConvertFrom-Json $semver = $nbgvResults.SemVer2 [bool]$isPublicRelease = $nbgvResults.PublicRelease # Publish to ACR $moduleRegistryFullPath = "$BicepRegistryFqdn/$RegistryPath/$($module):$semver" bicep publish "$BicepModulesDir/$module/main.json" --target "br:$moduleRegistryFullPath" if ($LASTEXITCODE -ne 0) { Write-Warning "Error publishing module '$module' to '$moduleRegistryFullPath'" continue } Write-Build Green " Published - OK" # Create/push tag $tag = "$module/$semver" # Tag all 'public releases' as identified by nbgv or when explicitly requested if ($isPublicRelease -or $AlwaysTag) { # By default don't update existing git tags if ($OverwriteTag) { Write-Build White " Any existing tag will be updated" & git tag -f $tag } else { & git tag $tag } if ($LASTEXITCODE -ne 0) { Write-Warning "Error tagging module '$module' with '$tag'" continue } $gitTagsToPush = $true Write-Build Green " Tagging - OK" } else { Write-Build White " Tagging - Skipped" } } if ($gitTagsToPush) { Write-Build White "Pushing module tags..." if ($OverwriteTag) { Write-Build White " Any existing tag will be updated" & git push --tags -f } else { & git push --tags } if ($LASTEXITCODE -ne 0) { Write-Warning "Error pushing modules' git tags to remote repo" } else { Write-Build Green "Pushed module tags - OK" } } else { Write-Build White "No module tags to push" } } # Synopsis: Build for running locally that includes regenerating module content files task LocalBicepBuild RunBrmGenerate,FullBuild |