cweining/Deploy-AzureResourceGroup.ps1 Secret

## Deploy-AzureResourceGroup.ps1
#Requires -Version 3.0

Param(
    [string] [Parameter(Mandatory=$true)] $ResourceGroupLocation,
    [string] $ResourceGroupName = '$defaultResourceGroupName$',
    [switch] $UploadArtifacts,
    [string] $StorageAccountName,
    [string] $StorageContainerName = $ResourceGroupName.ToLowerInvariant() + '-stageartifacts',
    [string] $TemplateFile = '$deployTemplateFileName$.json',
    [string] $TemplateParametersFile = '$deployTemplateFileName$.parameters.json',
    [string] $ArtifactStagingDirectory = '.',
    [string] $DSCSourceFolder = 'DSC',
    [switch] $ValidateOnly
)

Set-Variable -Name DeploymentScriptVersion -Value "17.7.0" -Option Constant

try {
    [Microsoft.Azure.Common.Authentication.AzureSession]::ClientFactory.AddUserAgent("VSAzureTools-$UI$($host.name)".replace(' ','_'), $DeploymentScriptVersion)
} catch { }

try {
    $PSStyle.OutputRendering=[System.Management.Automation.OutputRendering]::PlainText;
}
catch {}

Write-Host "PowerShell $($PSVersionTable.PSVersion.Major).$($PSVersionTable.PSVersion.Minor).$($PSVersionTable.PSVersion.Patch) from $PSHome"
if ($PSVersionTable.PSVersion.Major -lt 7) {
    throw "PowerShell 7.0 or higher is recommended for this version of the deployment script, see https://learn.microsoft.com/powershell/scripting/install/installing-powershell-on-windows to install"
}
if ((Get-Module -Name Az -ListAvailable | Measure-Object).Count -eq 0) {
    throw "This version of the deployment script requires the Azure PowerShell module (Az), see https://learn.microsoft.com/powershell/azure/install-azps-windows to install"
}

$ErrorActionPreference = 'Stop'
Set-StrictMode -Version 3

function Format-ValidationOutput {
    param ($ValidationOutput, [int] $Depth = 0)
    Set-StrictMode -Off
    return @($ValidationOutput | Where-Object { $_ -ne $null } | ForEach-Object { @('  ' * $Depth + ': ' + $_.Message) + @(Format-ValidationOutput @($_.Details) ($Depth + 1)) })
}

$OptionalParameters = New-Object -TypeName Hashtable
$TemplateFile = [System.IO.Path]::GetFullPath([System.IO.Path]::Combine($PSScriptRoot, $TemplateFile))
$TemplateParametersFile = [System.IO.Path]::GetFullPath([System.IO.Path]::Combine($PSScriptRoot, $TemplateParametersFile))

if ($UploadArtifacts) {
    Write-Host "Uploading artifacts..."

    # Convert relative paths to absolute paths if needed
    $ArtifactStagingDirectory = [System.IO.Path]::GetFullPath([System.IO.Path]::Combine($PSScriptRoot, $ArtifactStagingDirectory))
    $DSCSourceFolder = [System.IO.Path]::GetFullPath([System.IO.Path]::Combine($PSScriptRoot, $DSCSourceFolder))

    # Parse the parameter file and update the values of artifacts location and artifacts location SAS token if they are present
    $JsonParameters = Get-Content $TemplateParametersFile -Raw | ConvertFrom-Json
    if ($null -ne ($JsonParameters | Get-Member -Type NoteProperty 'parameters')) {
        $JsonParameters = $JsonParameters.parameters
    }
    $ArtifactsLocationName = '_artifactsLocation'
    $ArtifactsLocationSasTokenName = '_artifactsLocationSasToken'
    $OptionalParameters[$ArtifactsLocationName] = $JsonParameters | Select-Object -Expand $ArtifactsLocationName -ErrorAction Ignore | Select-Object -Expand 'value' -ErrorAction Ignore
    $OptionalParameters[$ArtifactsLocationSasTokenName] = $JsonParameters | Select-Object -Expand $ArtifactsLocationSasTokenName -ErrorAction Ignore | Select-Object -Expand 'value' -ErrorAction Ignore

    # Create DSC configuration archive
    if (Test-Path $DSCSourceFolder) {
        $DSCSourceFilePaths = @(Get-ChildItem $DSCSourceFolder -File -Filter '*.ps1' | ForEach-Object -Process {$_.FullName})
        foreach ($DSCSourceFilePath in $DSCSourceFilePaths) {
            $DSCArchiveFilePath = $DSCSourceFilePath.Substring(0, $DSCSourceFilePath.Length - 4) + '.zip'
            Publish-AzVMDscConfiguration $DSCSourceFilePath -OutputArchivePath $DSCArchiveFilePath -Force -Verbose
        }
    }

    # Create a storage account name if none was provided
    if ($StorageAccountName -eq '') {
        $StorageAccountName = 'stage' + ((Get-AzContext).Subscription.SubscriptionId).Replace('-', '').substring(0, 19)
    }

    $StorageAccount = (Get-AzStorageAccount | Where-Object{$_.StorageAccountName -eq $StorageAccountName})

    # Create the storage account if it doesn't already exist
    if ($null -eq $StorageAccount) {
        $StorageResourceGroupName = 'ARM_Deploy_Staging'
        New-AzResourceGroup -Location "$ResourceGroupLocation" -Name $StorageResourceGroupName -Force
        $StorageAccount = New-AzStorageAccount -StorageAccountName $StorageAccountName -Type 'Standard_LRS' -ResourceGroupName $StorageResourceGroupName -Location "$ResourceGroupLocation"
    }

    # Generate the value for artifacts location if it is not provided in the parameter file
    if ($null -eq $OptionalParameters[$ArtifactsLocationName]) {
        $OptionalParameters[$ArtifactsLocationName] = $StorageAccount.Context.BlobEndPoint + $StorageContainerName + '/'
    }

    # Copy files from the local storage staging location to the storage account container
    New-AzStorageContainer -Name $StorageContainerName -Context $StorageAccount.Context -ErrorAction SilentlyContinue *>&1

    $ArtifactFilePaths = Get-ChildItem $ArtifactStagingDirectory -Recurse -File | ForEach-Object -Process {$_.FullName}
    foreach ($SourcePath in $ArtifactFilePaths) {
        $Blob = Set-AzStorageBlobContent -File $SourcePath -Blob $SourcePath.Substring($ArtifactStagingDirectory.length + 1) `
            -Container $StorageContainerName -Context $StorageAccount.Context -Force
        Write-Host "  Uploaded: $($Blob.Name)"
    }

    # Generate a 4 hour SAS token for the artifacts location if one was not provided in the parameters file
    if ($null -eq $OptionalParameters[$ArtifactsLocationSasTokenName]) {
        $OptionalParameters[$ArtifactsLocationSasTokenName] = ConvertTo-SecureString -AsPlainText -Force `
            (New-AzStorageContainerSASToken -Container $StorageContainerName -Context $StorageAccount.Context -Permission r -ExpiryTime (Get-Date).AddHours(4))
    }
}

# Create the resource group only when it doesn't already exist
if ($null -eq (Get-AzResourceGroup -Name $ResourceGroupName -Location $ResourceGroupLocation -Verbose -ErrorAction SilentlyContinue)) {
    Write-Host "Creating resource group $ResourceGroupName..."
    New-AzResourceGroup -Name $ResourceGroupName -Location $ResourceGroupLocation -Verbose -Force -ErrorAction Stop
}

if ($ValidateOnly) {
    Write-Host "Validating..."
    $ErrorMessages = Format-ValidationOutput (Test-AzResourceGroupDeployment -ResourceGroupName $ResourceGroupName `
                                                                                  -TemplateFile $TemplateFile `
                                                                                  -TemplateParameterFile $TemplateParametersFile `
                                                                                  @OptionalParameters)
    if ($ErrorMessages) {
        Write-Output '', 'Validation returned the following errors:', @($ErrorMessages), '', 'Template is invalid.'
    }
    else {
        Write-Output '', 'Template is valid.'
    }
}
else {
    Write-Host "Deploying..."
    New-AzResourceGroupDeployment -Name ((Get-ChildItem $TemplateFile).BaseName + '-' + ((Get-Date).ToUniversalTime()).ToString('MMdd-HHmm')) `
                                       -ResourceGroupName $ResourceGroupName `
                                       -TemplateFile $TemplateFile `
                                       -TemplateParameterFile $TemplateParametersFile `
                                       @OptionalParameters `
                                       -Force -Verbose `
                                       -ErrorVariable ErrorMessages
    if ($ErrorMessages) {
        Write-Output '', 'Template deployment returned the following errors:', @(@($ErrorMessages) | ForEach-Object { $_.Exception.Message.TrimEnd("`r`n") })
    }
}

 Write-Host "End of script."
	#Requires -Version 3.0

	Param(
	[string] [Parameter(Mandatory=$true)] $ResourceGroupLocation,
	[string] $ResourceGroupName = '$defaultResourceGroupName$',
	[switch] $UploadArtifacts,
	[string] $StorageAccountName,
	[string] $StorageContainerName = $ResourceGroupName.ToLowerInvariant() + '-stageartifacts',
	[string] $TemplateFile = '$deployTemplateFileName$.json',
	[string] $TemplateParametersFile = '$deployTemplateFileName$.parameters.json',
	[string] $ArtifactStagingDirectory = '.',
	[string] $DSCSourceFolder = 'DSC',
	[switch] $ValidateOnly
	)

	Set-Variable -Name DeploymentScriptVersion -Value "17.7.0" -Option Constant

	try {
	[Microsoft.Azure.Common.Authentication.AzureSession]::ClientFactory.AddUserAgent("VSAzureTools-$UI$($host.name)".replace(' ','_'), $DeploymentScriptVersion)
	} catch { }

	try {
	$PSStyle.OutputRendering=[System.Management.Automation.OutputRendering]::PlainText;
	}
	catch {}

	Write-Host "PowerShell $($PSVersionTable.PSVersion.Major).$($PSVersionTable.PSVersion.Minor).$($PSVersionTable.PSVersion.Patch) from $PSHome"
	if ($PSVersionTable.PSVersion.Major -lt 7) {
	throw "PowerShell 7.0 or higher is recommended for this version of the deployment script, see https://learn.microsoft.com/powershell/scripting/install/installing-powershell-on-windows to install"
	}
	if ((Get-Module -Name Az -ListAvailable \| Measure-Object).Count -eq 0) {
	throw "This version of the deployment script requires the Azure PowerShell module (Az), see https://learn.microsoft.com/powershell/azure/install-azps-windows to install"
	}

	$ErrorActionPreference = 'Stop'
	Set-StrictMode -Version 3

	function Format-ValidationOutput {
	param ($ValidationOutput, [int] $Depth = 0)
	Set-StrictMode -Off
	return @($ValidationOutput \| Where-Object { $_ -ne $null } \| ForEach-Object { @(' ' * $Depth + ': ' + $_.Message) + @(Format-ValidationOutput @($_.Details) ($Depth + 1)) })
	}

	$OptionalParameters = New-Object -TypeName Hashtable
	$TemplateFile = [System.IO.Path]::GetFullPath([System.IO.Path]::Combine($PSScriptRoot, $TemplateFile))
	$TemplateParametersFile = [System.IO.Path]::GetFullPath([System.IO.Path]::Combine($PSScriptRoot, $TemplateParametersFile))

	if ($UploadArtifacts) {
	Write-Host "Uploading artifacts..."

	# Convert relative paths to absolute paths if needed
	$ArtifactStagingDirectory = [System.IO.Path]::GetFullPath([System.IO.Path]::Combine($PSScriptRoot, $ArtifactStagingDirectory))
	$DSCSourceFolder = [System.IO.Path]::GetFullPath([System.IO.Path]::Combine($PSScriptRoot, $DSCSourceFolder))

	# Parse the parameter file and update the values of artifacts location and artifacts location SAS token if they are present
	$JsonParameters = Get-Content $TemplateParametersFile -Raw \| ConvertFrom-Json
	if ($null -ne ($JsonParameters \| Get-Member -Type NoteProperty 'parameters')) {
	$JsonParameters = $JsonParameters.parameters
	}
	$ArtifactsLocationName = '_artifactsLocation'
	$ArtifactsLocationSasTokenName = '_artifactsLocationSasToken'
	$OptionalParameters[$ArtifactsLocationName] = $JsonParameters \| Select-Object -Expand $ArtifactsLocationName -ErrorAction Ignore \| Select-Object -Expand 'value' -ErrorAction Ignore
	$OptionalParameters[$ArtifactsLocationSasTokenName] = $JsonParameters \| Select-Object -Expand $ArtifactsLocationSasTokenName -ErrorAction Ignore \| Select-Object -Expand 'value' -ErrorAction Ignore

	# Create DSC configuration archive
	if (Test-Path $DSCSourceFolder) {
	$DSCSourceFilePaths = @(Get-ChildItem $DSCSourceFolder -File -Filter '*.ps1' \| ForEach-Object -Process {$_.FullName})
	foreach ($DSCSourceFilePath in $DSCSourceFilePaths) {
	$DSCArchiveFilePath = $DSCSourceFilePath.Substring(0, $DSCSourceFilePath.Length - 4) + '.zip'
	Publish-AzVMDscConfiguration $DSCSourceFilePath -OutputArchivePath $DSCArchiveFilePath -Force -Verbose
	}
	}

	# Create a storage account name if none was provided
	if ($StorageAccountName -eq '') {
	$StorageAccountName = 'stage' + ((Get-AzContext).Subscription.SubscriptionId).Replace('-', '').substring(0, 19)
	}

	$StorageAccount = (Get-AzStorageAccount \| Where-Object{$_.StorageAccountName -eq $StorageAccountName})

	# Create the storage account if it doesn't already exist
	if ($null -eq $StorageAccount) {
	$StorageResourceGroupName = 'ARM_Deploy_Staging'
	New-AzResourceGroup -Location "$ResourceGroupLocation" -Name $StorageResourceGroupName -Force
	$StorageAccount = New-AzStorageAccount -StorageAccountName $StorageAccountName -Type 'Standard_LRS' -ResourceGroupName $StorageResourceGroupName -Location "$ResourceGroupLocation"
	}

	# Generate the value for artifacts location if it is not provided in the parameter file
	if ($null -eq $OptionalParameters[$ArtifactsLocationName]) {
	$OptionalParameters[$ArtifactsLocationName] = $StorageAccount.Context.BlobEndPoint + $StorageContainerName + '/'
	}

	# Copy files from the local storage staging location to the storage account container
	New-AzStorageContainer -Name $StorageContainerName -Context $StorageAccount.Context -ErrorAction SilentlyContinue *>&1

	$ArtifactFilePaths = Get-ChildItem $ArtifactStagingDirectory -Recurse -File \| ForEach-Object -Process {$_.FullName}
	foreach ($SourcePath in $ArtifactFilePaths) {
	$Blob = Set-AzStorageBlobContent -File $SourcePath -Blob $SourcePath.Substring($ArtifactStagingDirectory.length + 1) `
	-Container $StorageContainerName -Context $StorageAccount.Context -Force
	Write-Host " Uploaded: $($Blob.Name)"
	}

	# Generate a 4 hour SAS token for the artifacts location if one was not provided in the parameters file
	if ($null -eq $OptionalParameters[$ArtifactsLocationSasTokenName]) {
	$OptionalParameters[$ArtifactsLocationSasTokenName] = ConvertTo-SecureString -AsPlainText -Force `
	(New-AzStorageContainerSASToken -Container $StorageContainerName -Context $StorageAccount.Context -Permission r -ExpiryTime (Get-Date).AddHours(4))
	}
	}

	# Create the resource group only when it doesn't already exist
	if ($null -eq (Get-AzResourceGroup -Name $ResourceGroupName -Location $ResourceGroupLocation -Verbose -ErrorAction SilentlyContinue)) {
	Write-Host "Creating resource group $ResourceGroupName..."
	New-AzResourceGroup -Name $ResourceGroupName -Location $ResourceGroupLocation -Verbose -Force -ErrorAction Stop
	}

	if ($ValidateOnly) {
	Write-Host "Validating..."
	$ErrorMessages = Format-ValidationOutput (Test-AzResourceGroupDeployment -ResourceGroupName $ResourceGroupName `
	-TemplateFile $TemplateFile `
	-TemplateParameterFile $TemplateParametersFile `
	@OptionalParameters)
	if ($ErrorMessages) {
	Write-Output '', 'Validation returned the following errors:', @($ErrorMessages), '', 'Template is invalid.'
	}
	else {
	Write-Output '', 'Template is valid.'
	}
	}
	else {
	Write-Host "Deploying..."
	New-AzResourceGroupDeployment -Name ((Get-ChildItem $TemplateFile).BaseName + '-' + ((Get-Date).ToUniversalTime()).ToString('MMdd-HHmm')) `
	-ResourceGroupName $ResourceGroupName `
	-TemplateFile $TemplateFile `
	-TemplateParameterFile $TemplateParametersFile `
	@OptionalParameters `
	-Force -Verbose `
	-ErrorVariable ErrorMessages
	if ($ErrorMessages) {
	Write-Output '', 'Template deployment returned the following errors:', @(@($ErrorMessages) \| ForEach-Object { $_.Exception.Message.TrimEnd("`r`n") })
	}
	}

	Write-Host "End of script."