Merge branch 'arm-template-size' of https://github.com/oZakari/ALZ-Bicep

into arm-template-size
Azure · Aug 30, 2024 · 946e995 · 946e995
2 parents 5cdd406 + 737eb2e
commit 946e995
Show file tree

Hide file tree

Showing 8 changed files with 34 additions and 14 deletions.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -0,0 +1,7 @@
+version: 2
+
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "daily"
diff --git a/.github/workflows/code-review.yml b/.github/workflows/code-review.yml
@@ -20,7 +20,7 @@ jobs:
           fetch-depth: 0
 
       - name: Run github/super-linter
-        uses: github/super-linter@v4
+        uses: github/super-linter@v6
         env:
           # Lint all code - disabled in as part of #262
           VALIDATE_ALL_CODEBASE: false
@@ -48,7 +48,7 @@ jobs:
           fetch-depth: 0
 
       - name: Check links in markdown files
-        uses: gaurav-nelson/[email protected].13
+        uses: gaurav-nelson/[email protected].15
         with:
           config-file: ".github/actions-config/mlc_config.json"
           use-verbose-mode: "yes"

diff --git a/.github/workflows/release-tests.yml b/.github/workflows/release-tests.yml
@@ -21,7 +21,7 @@ jobs:
       - name: Pester Tests
         id: pester
         if: startsWith(github.head_ref, 'release')
-        uses: azure/powershell@v1
+        uses: azure/powershell@v2
         with:
           inlineScript: |
             Import-Module Pester -Force

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -28,7 +28,7 @@ jobs:
         zip -r ../accelerator.zip .
 
     - name: Upload Artifacts to Action
-      uses: actions/upload-artifact@v4
+      uses: actions/upload-artifact@v4.3.6
       with:
         name: accelerator
         path: |

diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
@@ -59,7 +59,7 @@ jobs:
       # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
       # format to the repository Actions tab.
       - name: "Upload artifact"
-        uses: actions/upload-artifact@97a0fba1372883ab732affbe8f94b823f91727db # v3.pre.node20
+        uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6
         with:
           name: SARIF file
           path: results.sarif
@@ -68,6 +68,6 @@ jobs:
       # Upload the results to GitHub's code scanning dashboard (optional).
       # Commenting out will disable upload of results to your repo's Code Scanning dashboard
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@1b1aada464948af03b950897e5eb522f92603cc2 # v3.24.9
+        uses: github/codeql-action/upload-sarif@2c779ab0d087cd7fe7b826087247c2c81f27bfa6 # v3.26.5
         with:
           sarif_file: results.sarif
diff --git a/.github/workflows/update-policy-china.yml b/.github/workflows/update-policy-china.yml
@@ -65,7 +65,7 @@ jobs:
           GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }}
 
       - name: Update Policy Library
-        uses: azure/powershell@v1
+        uses: azure/powershell@v2
         with:
           inlineScript: |
             Write-Information "==> Running script..." -InformationAction Continue
@@ -82,7 +82,7 @@ jobs:
           Install-Module -Name 'ALZ' -Force
 
       - name: Update Policy Definition Bicep Input Files
-        uses: azure/powershell@v1
+        uses: azure/powershell@v2
         with:
           inlineScript: |
             cd ${{ github.workspace }}/${{ github.repository }}

diff --git a/.github/workflows/update-policy.yml b/.github/workflows/update-policy.yml
@@ -65,7 +65,7 @@ jobs:
           GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }}
 
       - name: Update Policy Library
-        uses: azure/powershell@v1
+        uses: azure/powershell@v2
         with:
           inlineScript: |
             Write-Information "==> Running script..." -InformationAction Continue
@@ -82,7 +82,7 @@ jobs:
           Install-Module -Name 'ALZ' -Force
 
       - name: Update Policy Definition Bicep Input Files
-        uses: azure/powershell@v1
+        uses: azure/powershell@v2
         with:
           inlineScript: |
             cd ${{ github.workspace }}/${{ github.repository }}

diff --git a/...licy/assignments/alzDefaults/generateddocs/alzDefaultPolicyAssignments.bicep.md b/...licy/assignments/alzDefaults/generateddocs/alzDefaultPolicyAssignments.bicep.md
@@ -8,8 +8,8 @@ Parameter name | Required | Description
 -------------- | -------- | -----------
 parTopLevelManagementGroupPrefix | No       | Prefix for the management group hierarchy.
 parTopLevelManagementGroupSuffix | No       | Optional suffix for management group names/IDs. Include a dash if needed.
-parTopLevelPolicyAssignmentSovereigntyGlobal | No       | Settings for assigning Sovereignty Baseline - Global Policies to the intermediate root management group.
-parPolicyAssignmentSovereigntyConfidential | No       | Settings for assigning Sovereignty Baseline - Confidential Policies to confidential landing zone management groups.
+parTopLevelPolicyAssignmentSovereigntyGlobal | No       | Object used to assign Sovereignty Baseline - Global Policies to the intermediate root management group.'  - `parTopLevelSovereignGlobalPoliciesEnable` - Switch to enable/disable deployment of the Sovereignty Baseline - Global Policies Assignment to the intermediate root management group. - `parListOfAllowedLocations` - The list of locations that your organization can use to restrict deploying resources to. If left empty, only the deployment location will be allowed. - `parPolicyEffect` - The effect type for the Sovereignty Baseline - Global Policies Assignment.  
+parPolicyAssignmentSovereigntyConfidential | No       | Object used to assign Sovereignty Baseline - Confidential Policies to the confidential landing zone management groups.'  - `parAllowedResourceTypes` - The list of Azure resource types approved for usage, which is the set of resource types that have a SKU backed by Azure Confidential Computing or resource types that do not process customer data. Leave empty to allow all relevant resource types. - `parListOfAllowedLocations` - The list of locations that your organization can use to restrict deploying resources to. If left empty, only the deployment location will be allowed. - `parallowedVirtualMachineSKUs` - The list of VM SKUs approved approved for usage, which is the set of SKUs backed by Azure Confidential Computing. Leave empty to allow all relevant SKUs. - `parPolicyEffect` - The effect type for the Sovereignty Baseline - Confidential Policies Assignment.  
 parPlatformMgAlzDefaultsEnable | No       | Toggle to apply platform policies to the Platform group or child groups.
 parLandingZoneChildrenMgAlzDefaultsEnable | No       | Toggle to assign policies to Corp & Online Management Groups under Landing Zones.
 parLandingZoneMgConfidentialEnable | No       | Toggle to assign policies to Confidential Corp and Online groups under Landing Zones.
@@ -51,15 +51,28 @@ Optional suffix for management group names/IDs. Include a dash if needed.
 
 ![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square)
 
-Settings for assigning Sovereignty Baseline - Global Policies to the intermediate root management group.
+Object used to assign Sovereignty Baseline - Global Policies to the intermediate root management group.'
+
+- `parTopLevelSovereignGlobalPoliciesEnable` - Switch to enable/disable deployment of the Sovereignty Baseline - Global Policies Assignment to the intermediate root management group.
+- `parListOfAllowedLocations` - The list of locations that your organization can use to restrict deploying resources to. If left empty, only the deployment location will be allowed.
+- `parPolicyEffect` - The effect type for the Sovereignty Baseline - Global Policies Assignment.
+
+
 
 - Default value: `@{parTopLevelSovereigntyGlobalPoliciesEnable=False; parListOfAllowedLocations=System.Object[]; parPolicyEffect=Deny}`
 
 ### parPolicyAssignmentSovereigntyConfidential
 
 ![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square)
 
-Settings for assigning Sovereignty Baseline - Confidential Policies to confidential landing zone management groups.
+Object used to assign Sovereignty Baseline - Confidential Policies to the confidential landing zone management groups.'
+
+- `parAllowedResourceTypes` - The list of Azure resource types approved for usage, which is the set of resource types that have a SKU backed by Azure Confidential Computing or resource types that do not process customer data. Leave empty to allow all relevant resource types.
+- `parListOfAllowedLocations` - The list of locations that your organization can use to restrict deploying resources to. If left empty, only the deployment location will be allowed.
+- `parallowedVirtualMachineSKUs` - The list of VM SKUs approved approved for usage, which is the set of SKUs backed by Azure Confidential Computing. Leave empty to allow all relevant SKUs.
+- `parPolicyEffect` - The effect type for the Sovereignty Baseline - Confidential Policies Assignment.
+
+
 
 - Default value: `@{parAllowedResourceTypes=System.Object[]; parListOfAllowedLocations=System.Object[]; parAllowedVirtualMachineSKUs=System.Object[]; parPolicyEffect=Deny}`