Add pre-commit to generate ARM template (#520)

* Add pre-commit to generate json * Updating readme per suggestion in #516 * Some extra lines * Test updating child template
microsoft · Apr 30, 2024 · a85beac · a85beac
1 parent 59f63dd
commit a85beac
Show file tree

Hide file tree

Showing 5 changed files with 46 additions and 5 deletions.
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -10,3 +10,15 @@ repos:
     hooks:
     -   id: flake8
         args: [--extend-ignore=E501]
+
+  - repo: local
+    hooks:
+      - id: bicep
+        name: bicep
+        description: Lint and build Bicep files
+        entry: ./infra/generate_arm_template.sh
+        language: script
+        files: \.bicep$
+        require_serial: true
+        args: # Bicep files that we want to generate ARM templates from
+          - -f=./infra/main.bicep
diff --git a/README.md b/README.md
@@ -163,7 +163,7 @@ az deployment sub create --subscription <subscription-id> --location <location>
 
 Or
 
-To deploy with isolated network use following command. (Replace the parameter values where needed). If you do not fill in all three, the deployment will not deploy this to an isolated network.
+To deploy with isolated network use following command. Replace the parameter values with the specifics of your isolated network. You **must** supply all three parameters (i.e. `vnetAddressSpace`, `proxySubnetAddressSpace` and `subnetAddressSpace`) if you wish to deploy to an isolated network.
 
 ```bash
 az login

diff --git a/infra/generate_arm_template.sh b/infra/generate_arm_template.sh
@@ -0,0 +1,29 @@
+#!/usr/bin/env bash
+
+set -e
+
+az bicep version 2>/dev/null || az bicep install
+
+TEMPLATES=()
+FILES=()
+
+for ARG in $@; do
+    # If the argument is supplied with "-f", then it is a template file that needs to be built
+    if [[ $ARG == -f=* ]]; then
+        TEMPLATES+=(${ARG#-f=})
+    else
+    # Otherwise, it is a file that has been edited
+        az bicep format --insert-final-newline -f $ARG &
+        FILES+=($ARG)
+    fi
+done
+
+wait
+
+git add ${FILES[@]}
+
+# Build the templates
+for TEMPLATE in ${TEMPLATES[@]}; do
+    az bicep build -f $TEMPLATE
+    git add "${TEMPLATE%.bicep}.json" # Change the extension from .bicep to .json
+done
diff --git a/infra/main.json b/infra/main.json
@@ -5,7 +5,7 @@
     "_generator": {
       "name": "bicep",
       "version": "0.26.170.59819",
-      "templateHash": "12432953680684304440"
+      "templateHash": "14273384520214979046"
     }
   },
   "parameters": {
@@ -229,7 +229,7 @@
             "_generator": {
               "name": "bicep",
               "version": "0.26.170.59819",
-              "templateHash": "14632940777771929108"
+              "templateHash": "2144895217405179275"
             }
           },
           "parameters": {
@@ -248,7 +248,7 @@
               "type": "string",
               "defaultValue": "",
               "metadata": {
-                "description": "Service principal that should be granted read access to the KeyVault. If unset, no service principal is granted access by default"
+                "description": "Service principal will be granted read access to the KeyVault. If unset, no service principal is granted access by default"
               }
             }
           },

diff --git a/infra/shared/keyvault.bicep b/infra/shared/keyvault.bicep
@@ -2,7 +2,7 @@ param name string
 param location string = resourceGroup().location
 param tags object = {}
 
-@description('Service principal that should be granted read access to the KeyVault. If unset, no service principal is granted access by default')
+@description('Service principal will be granted read access to the KeyVault. If unset, no service principal is granted access by default')
 param principalId string = ''
 
 var defaultAccessPolicies = !empty(principalId) ? [