Merge pull request #61 from clouddrove/feat/6.2.1

added 6.2.1 version changes

Author: dverma-cd

.github/workflows/scorecard.yml

@@ -38,7 +38,7 @@ jobs:
           persist-credentials: false
 
       - name: "Run analysis"
-        uses: ossf/scorecard-action@f49aabe0b5af0936a0987cfb85d86b75731b0186  # v2.4.1
+        uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736  # v2.3.1
         with:
           results_file: results.sarif
           results_format: sarif
@@ -69,6 +69,6 @@ jobs:
       # Upload the results to GitHub's code scanning dashboard (optional).
       # Commenting out will disable upload of results to your repo's Code Scanning dashboard
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@45775bd8235c68ba998cffa5171334d58593da47  # v3.28.15
+        uses: github/codeql-action/upload-sarif@2e230e8fe0ad3a14a340ad0815ddb96d599d2aff  # v3.25.8
         with:
           sarif_file: results.sarif

.github/workflows/update-policy.yml

@@ -1,132 +1,131 @@
 ---
-  name: Update Library Templates
-  
-  # yamllint disable-line rule:truthy
-  on:
-    schedule:
-      - cron: "0 8 * * 1-5"
-    workflow_dispatch:
-      inputs:
-        enterprise-scale-repository-branch:
-          description: "The branch to target for the enterprise scale repository"
-          required: false
-          default: "main"
-  
-  env:
-    remote_repository: "Azure/Enterprise-Scale"
-    remote_repository_branch: ${{ github.event.inputs.enterprise-scale-repository-branch != 'main' && github.event.inputs.enterprise-scale-repository-branch || 'main' }}
-    branch_name: "patch-library-${{ github.run_number }}"
-    pr_title: "Update Library Templates (automated)"
-    pr_body:
-      "This is an automated 'pull_request' containing updates to the library templates stored in 'modules/archetypes/lib'.\n
-      Please review the 'files changed' tab to review changes."
-  
-  jobs:
-    update-templates:
-      name: Update Library Templates
-      runs-on: ubuntu-latest
-      permissions:
-        contents: write
-        pull-requests: write
-      steps:
-        - name: Local repository checkout
-          uses: actions/checkout@v4
-          with:
-            path: ${{ github.repository }}
-            fetch-depth: 0
-  
-        - name: Remote repository checkout
-          uses: actions/checkout@v4
-          with:
-            repository: ${{ env.remote_repository }}
-            path: ${{ env.remote_repository }}
-            ref: ${{ env.remote_repository_branch }}
-  
-        - uses: tibdex/github-app-token@v2
-          id: generate-token
-          with:
-            app_id: ${{ secrets.APP_ID }}
-            private_key: ${{ secrets.APP_PRIVATE_KEY }}
-  
-        - name: Configure local git
-          run: |
-            git config user.name github-actions
-            git config user.email [email protected]
-          working-directory: ${{ github.repository }}
-  
-        - name: Create and checkout branch
-          run: |
-            BRANCH_URL="repos/${{ github.repository }}/branches"
-            JQ_FILTER=".[] | select(.name == \"${{ env.branch_name }}\").name"
-            CHECK_BRANCH_ORIGIN=$(gh api $BRANCH_URL | jq -r "$JQ_FILTER")
-            if [ -z "$CHECK_BRANCH_ORIGIN" ]
-            then
-              echo "Checkout local branch (create new, no origin)..."
-              git checkout -b ${{ env.branch_name }}
-            else
-              echo "Checkout local branch (create new, track from origin)..."
-              git checkout -b ${{ env.branch_name }} --track origin/${{ env.branch_name }}
-            fi
-          working-directory: ${{ github.repository }}
-          env:
-            GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }}
-  
-        - name: Update library templates
-          uses: azure/powershell@v2
-          with:
-            inlineScript: |
-              Write-Information "==> Running policy definitions script..." -InformationAction Continue
-              ${{ github.repository }}/.github/scripts/Invoke-LibraryUpdatePolicyDefinitions.ps1 `
-                -AlzToolsPath "${{ github.workspace }}/${{ env.remote_repository }}/src/Alz.Tools/" `
-                -TargetPath "${{ github.workspace }}/${{ github.repository }}" `
-                -SourcePath "${{ github.workspace }}/${{ env.remote_repository }}" `
-                -Reset
-  
-              Write-Information "==> Running policy assignments and archetypes script..." -InformationAction Continue
-              ${{ github.repository }}/.github/scripts/Invoke-LibraryUpdatePolicyAssignmentArchetypes.ps1 `
-                -AlzToolsPath "${{ github.workspace }}/${{ env.remote_repository }}/src/Alz.Tools/" `
-                -TargetPath "${{ github.workspace }}/${{ github.repository }}" `
-                -SourcePath "${{ github.workspace }}/${{ env.remote_repository }}"
-            azPSVersion: "latest"
-  
-        - name: Check for changes
-          id: git_status
-          run: |
-            mapfile -t "CHECK_GIT_STATUS" < <(git status -s)
-            printf "%s\n" "${CHECK_GIT_STATUS[@]}"
-            echo "changes=${#CHECK_GIT_STATUS[@]}" >> "$GITHUB_OUTPUT"
-          working-directory: ${{ github.repository }}
-  
-        # - name: Add files, commit and push
-        #   if: steps.git_status.outputs.changes > 0
-        #   run: |
-        #     echo "Pushing changes to origin..."
-        #     git add modules/archetypes/lib
-        #     git commit -m '${{ env.pr_title }}'
-        #     git push origin ${{ env.branch_name }}
-        #   working-directory: ${{ github.repository }}
-  
-        # - name: Create pull request
-        #   if: steps.git_status.outputs.changes > 0
-        #   run: |
-        #     HEAD_LABEL="${{ github.repository_owner }}:${{ env.branch_name }}"
-        #     BASE_LABEL="${{ github.repository_owner }}:$(echo '${{ github.ref }}' | sed 's:refs/heads/::')"
-        #     PULL_REQUEST_URL="repos/${{ github.repository }}/pulls"
-        #     JQ_FILTER=".[] | select(.head.label == \"$HEAD_LABEL\") | select(.base.label == \"$BASE_LABEL\") | .url"
-        #     CHECK_PULL_REQUEST_URL=$(gh api $PULL_REQUEST_URL | jq -r "$JQ_FILTER")
-        #     if [ -z "$CHECK_PULL_REQUEST_URL" ]
-        #     then
-        #       CHECK_PULL_REQUEST_URL=$(gh pr create \
-        #       --title "${{ env.pr_title }}" \
-        #       --body "${{ env.pr_body }}" \
-        #       --base "${{ github.ref }}" \
-        #       --head "${{ env.branch_name }}" \
-        #       --draft)
-        #       echo "Created new PR: $CHECK_PULL_REQUEST_URL"
-        #     else
-        #       echo "Existing PR found: $CHECK_PULL_REQUEST_URL"
-        #     fi
-        #   working-directory: ${{ github.repository }}
-        #   env:
-        #     GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }}
-  
+name: Update Library Templates
+
+# yamllint disable-line rule:truthy
+on:
+  schedule:
+    - cron: "0 8 * * 1-5"
+  workflow_dispatch:
+    inputs:
+      enterprise-scale-repository-branch:
+        description: "The branch to target for the enterprise scale repository"
+        required: false
+        default: "main"
+
+env:
+  remote_repository: "Azure/Enterprise-Scale"
+  remote_repository_branch: ${{ github.event.inputs.enterprise-scale-repository-branch != 'main' && github.event.inputs.enterprise-scale-repository-branch || 'main' }}
+  branch_name: "patch-library-${{ github.run_number }}"
+  pr_title: "Update Library Templates (automated)"
+  pr_body:
+    "This is an automated 'pull_request' containing updates to the library templates stored in 'modules/archetypes/lib'.\n
+    Please review the 'files changed' tab to review changes."
+
+jobs:
+  update-templates:
+    name: Update Library Templates
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      pull-requests: write
+    steps:
+      - name: Local repository checkout
+        uses: actions/checkout@v4
+        with:
+          path: ${{ github.repository }}
+          fetch-depth: 0
+
+      - name: Remote repository checkout
+        uses: actions/checkout@v4
+        with:
+          repository: ${{ env.remote_repository }}
+          path: ${{ env.remote_repository }}
+          ref: ${{ env.remote_repository_branch }}
+
+      - uses: tibdex/github-app-token@v2
+        id: generate-token
+        with:
+          app_id: ${{ secrets.APP_ID }}
+          private_key: ${{ secrets.APP_PRIVATE_KEY }}
+
+      - name: Configure local git
+        run: |
+          git config user.name github-actions
+          git config user.email [email protected]
+        working-directory: ${{ github.repository }}
+
+      - name: Create and checkout branch
+        run: |
+          BRANCH_URL="repos/${{ github.repository }}/branches"
+          JQ_FILTER=".[] | select(.name == \"${{ env.branch_name }}\").name"
+          CHECK_BRANCH_ORIGIN=$(gh api $BRANCH_URL | jq -r "$JQ_FILTER")
+          if [ -z "$CHECK_BRANCH_ORIGIN" ]
+          then
+            echo "Checkout local branch (create new, no origin)..."
+            git checkout -b ${{ env.branch_name }}
+          else
+            echo "Checkout local branch (create new, track from origin)..."
+            git checkout -b ${{ env.branch_name }} --track origin/${{ env.branch_name }}
+          fi
+        working-directory: ${{ github.repository }}
+        env:
+          GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }}
+
+      - name: Update library templates
+        uses: azure/powershell@v2
+        with:
+          inlineScript: |
+            Write-Information "==> Running policy definitions script..." -InformationAction Continue
+            ${{ github.repository }}/.github/scripts/Invoke-LibraryUpdatePolicyDefinitions.ps1 `
+              -AlzToolsPath "${{ github.workspace }}/${{ env.remote_repository }}/src/Alz.Tools/" `
+              -TargetPath "${{ github.workspace }}/${{ github.repository }}" `
+              -SourcePath "${{ github.workspace }}/${{ env.remote_repository }}" `
+              -Reset
+
+            Write-Information "==> Running policy assignments and archetypes script..." -InformationAction Continue
+            ${{ github.repository }}/.github/scripts/Invoke-LibraryUpdatePolicyAssignmentArchetypes.ps1 `
+              -AlzToolsPath "${{ github.workspace }}/${{ env.remote_repository }}/src/Alz.Tools/" `
+              -TargetPath "${{ github.workspace }}/${{ github.repository }}" `
+              -SourcePath "${{ github.workspace }}/${{ env.remote_repository }}"
+          azPSVersion: "latest"
+
+      - name: Check for changes
+        id: git_status
+        run: |
+          mapfile -t "CHECK_GIT_STATUS" < <(git status -s)
+          printf "%s\n" "${CHECK_GIT_STATUS[@]}"
+          echo "changes=${#CHECK_GIT_STATUS[@]}" >> "$GITHUB_OUTPUT"
+        working-directory: ${{ github.repository }}
+
+      # - name: Add files, commit and push
+      #   if: steps.git_status.outputs.changes > 0
+      #   run: |
+      #     echo "Pushing changes to origin..."
+      #     git add modules/archetypes/lib
+      #     git commit -m '${{ env.pr_title }}'
+      #     git push origin ${{ env.branch_name }}
+      #   working-directory: ${{ github.repository }}
+
+      # - name: Create pull request
+      #   if: steps.git_status.outputs.changes > 0
+      #   run: |
+      #     HEAD_LABEL="${{ github.repository_owner }}:${{ env.branch_name }}"
+      #     BASE_LABEL="${{ github.repository_owner }}:$(echo '${{ github.ref }}' | sed 's:refs/heads/::')"
+      #     PULL_REQUEST_URL="repos/${{ github.repository }}/pulls"
+      #     JQ_FILTER=".[] | select(.head.label == \"$HEAD_LABEL\") | select(.base.label == \"$BASE_LABEL\") | .url"
+      #     CHECK_PULL_REQUEST_URL=$(gh api $PULL_REQUEST_URL | jq -r "$JQ_FILTER")
+      #     if [ -z "$CHECK_PULL_REQUEST_URL" ]
+      #     then
+      #       CHECK_PULL_REQUEST_URL=$(gh pr create \
+      #       --title "${{ env.pr_title }}" \
+      #       --body "${{ env.pr_body }}" \
+      #       --base "${{ github.ref }}" \
+      #       --head "${{ env.branch_name }}" \
+      #       --draft)
+      #       echo "Created new PR: $CHECK_PULL_REQUEST_URL"
+      #     else
+      #       echo "Existing PR found: $CHECK_PULL_REQUEST_URL"
+      #     fi
+      #   working-directory: ${{ github.repository }}
+      #   env:
+      #     GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }}

README.md

@@ -1,6 +1,11 @@
 <!-- BEGIN_TF_DOCS -->
 # Azure landing zones Terraform module
 
+> [!IMPORTANT]
+> For new deployments we now recommend using Azure Verified Modules for Platform Landing Zones.
+> Please see the documentation at <https://aka.ms/alz/tf>.
+> This module will continue to be supported for existing deployments.
+
 [![Build Status](https://dev.azure.com/mscet/CAE-ALZ-Terraform/_apis/build/status/Tests/E2E?branchName=refs%2Ftags%2Fv6.0.0)](https://dev.azure.com/mscet/CAE-ALZ-Terraform/_build/latest?definitionId=26&branchName=refs%2Ftags%2Fv6.0.0)
 ![GitHub release (latest SemVer)](https://img.shields.io/github/v/release/Azure/terraform-azurerm-caf-enterprise-scale?style=flat&logo=github)
 [![Average time to resolve an issue](http://isitmaintained.com/badge/resolution/azure/terraform-azurerm-caf-enterprise-scale.svg)](http://isitmaintained.com/project/azure/terraform-azurerm-caf-enterprise-scale "Average time to resolve an issue")

_README_header.md

@@ -1,5 +1,10 @@
 # Azure landing zones Terraform module
 
+> [!IMPORTANT]
+> For new deployments we now recommend using Azure Verified Modules for Platform Landing Zones.
+> Please see the documentation at <https://aka.ms/alz/tf>.
+> This module will continue to be supported for existing deployments.
+
 [![Build Status](https://dev.azure.com/mscet/CAE-ALZ-Terraform/_apis/build/status/Tests/E2E?branchName=refs%2Ftags%2Fv6.0.0)](https://dev.azure.com/mscet/CAE-ALZ-Terraform/_build/latest?definitionId=26&branchName=refs%2Ftags%2Fv6.0.0)
 ![GitHub release (latest SemVer)](https://img.shields.io/github/v/release/Azure/terraform-azurerm-caf-enterprise-scale?style=flat&logo=github)
 [![Average time to resolve an issue](http://isitmaintained.com/badge/resolution/azure/terraform-azurerm-caf-enterprise-scale.svg)](http://isitmaintained.com/project/azure/terraform-azurerm-caf-enterprise-scale "Average time to resolve an issue")

docs/wiki/_Header.md

@@ -0,0 +1,5 @@
+<!-- markdownlint-disable MD041 -->
+> [!IMPORTANT]
+> For new deployments we now recommend using Azure Verified Modules for Platform Landing Zones.
+> Please see the documentation at <https://aka.ms/alz/tf>.
+> This module will continue to be supported for existing deployments.

modules/archetypes/README.md

@@ -1,6 +1,11 @@
 <!-- BEGIN_TF_DOCS -->
 # Archetypes sub-module
 
+> [!IMPORTANT]
+> For new deployments we now recommend using Azure Verified Modules for Platform Landing Zones.
+> Please see the documentation at <https://aka.ms/alz/tf>.
+> This module will continue to be supported for existing deployments.
+
 ## Documentation
 <!-- markdownlint-disable MD033 -->
 

modules/archetypes/_README_header.md

@@ -1 +1,6 @@
 # Archetypes sub-module
+
+> [!IMPORTANT]
+> For new deployments we now recommend using Azure Verified Modules for Platform Landing Zones.
+> Please see the documentation at <https://aka.ms/alz/tf>.
+> This module will continue to be supported for existing deployments.

modules/connectivity/README.md

@@ -1,6 +1,11 @@
 <!-- BEGIN_TF_DOCS -->
 # Connectivity sub-module
 
+> [!IMPORTANT]
+> For new deployments we now recommend using Azure Verified Modules for Platform Landing Zones.
+> Please see the documentation at <https://aka.ms/alz/tf>.
+> This module will continue to be supported for existing deployments.
+
 ## Documentation
 <!-- markdownlint-disable MD033 -->
 

modules/connectivity/_README_header.md

@@ -1 +1,6 @@
 # Connectivity sub-module
+
+> [!IMPORTANT]
+> For new deployments we now recommend using Azure Verified Modules for Platform Landing Zones.
+> Please see the documentation at <https://aka.ms/alz/tf>.
+> This module will continue to be supported for existing deployments.

modules/identity/README.md

@@ -1,6 +1,11 @@
 <!-- BEGIN_TF_DOCS -->
 # Identity sub-module
 
+> [!IMPORTANT]
+> For new deployments we now recommend using Azure Verified Modules for Platform Landing Zones.
+> Please see the documentation at <https://aka.ms/alz/tf>.
+> This module will continue to be supported for existing deployments.
+
 ## Documentation
 <!-- markdownlint-disable MD033 -->