cqrenet/astral
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 2 Wiki Activity

Sync from dev @ ad9f9ab

Browse Source 
Source: main (ad9f9ab)
Excluded: live tenant exports, generated artifacts, and dev-only tooling.
This commit is contained in:
Tomas Kracmar
2026-04-17 18:05:00 +02:00
parent 56448711e8
commit 0acbaf7e0b
3 changed files with 115 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
azure-pipelines-restore.yml
View File

@@ -64,6 +64,26 @@ jobs:
- checkout: self
persistCredentials: true
# Uncomment the block below for agent-side debugging.
# - task: Bash@3
# displayName: DEBUG — dump agent state (restore)
# inputs:
# targetType: inline
# script: |
# set -euo pipefail
# echo "=== Variables ==="
# echo "BACKUP_FOLDER=$(BACKUP_FOLDER)"
# echo "INTUNE_BACKUP_SUBDIR=$(INTUNE_BACKUP_SUBDIR)"
# echo "BASELINE_BRANCH=$(BASELINE_BRANCH)"
# echo "=== Git state ==="
# git branch -a
# git log --oneline -5
# git status --short
# echo "=== File system ==="
# ls -la "$(Build.SourcesDirectory)"
# find "$(BACKUP_FOLDER)" -maxdepth 2 -type d 2>/dev/null || true
# workingDirectory: "$(Build.SourcesDirectory)"
- task: Bash@3
displayName: Checkout approved baseline snapshot
inputs:

40
azure-pipelines-review-sync.yml
View File

@@ -26,6 +26,26 @@ jobs:
- checkout: self
persistCredentials: true
# Uncomment the block below for agent-side debugging.
# - task: Bash@3
# displayName: DEBUG — dump agent state (Intune review sync)
# inputs:
# targetType: inline
# script: |
# set -euo pipefail
# echo "=== Variables ==="
# echo "BACKUP_FOLDER=$(BACKUP_FOLDER)"
# echo "DRIFT_BRANCH_INTUNE=$(DRIFT_BRANCH_INTUNE)"
# echo "BASELINE_BRANCH=$(BASELINE_BRANCH)"
# echo "=== Git state ==="
# git branch -a
# git log --oneline -5
# git status --short
# echo "=== File system ==="
# ls -la "$(Build.SourcesDirectory)"
# find "$(BACKUP_FOLDER)" -maxdepth 2 -type d 2>/dev/null || true
# workingDirectory: "$(Build.SourcesDirectory)"
- task: Bash@3
displayName: Apply reviewer /reject decisions (Intune)
condition: eq(variables['ENABLE_PR_REVIEWER_DECISIONS'], 'true')
@@ -114,6 +134,26 @@ jobs:
- checkout: self
persistCredentials: true
# Uncomment the block below for agent-side debugging.
# - task: Bash@3
# displayName: DEBUG — dump agent state (Entra review sync)
# inputs:
# targetType: inline
# script: |
# set -euo pipefail
# echo "=== Variables ==="
# echo "BACKUP_FOLDER=$(BACKUP_FOLDER)"
# echo "DRIFT_BRANCH_ENTRA=$(DRIFT_BRANCH_ENTRA)"
# echo "BASELINE_BRANCH=$(BASELINE_BRANCH)"
# echo "=== Git state ==="
# git branch -a
# git log --oneline -5
# git status --short
# echo "=== File system ==="
# ls -la "$(Build.SourcesDirectory)"
# find "$(BACKUP_FOLDER)" -maxdepth 2 -type d 2>/dev/null || true
# workingDirectory: "$(Build.SourcesDirectory)"
- task: Bash@3
displayName: Apply reviewer /reject decisions (Entra)
condition: eq(variables['ENABLE_PR_REVIEWER_DECISIONS'], 'true')

56
azure-pipelines.yml
View File

@@ -85,6 +85,28 @@ jobs:
- checkout: self
persistCredentials: true
# Uncomment the block below for agent-side debugging.
# - task: Bash@3
# displayName: DEBUG — dump agent state (Intune)
# inputs:
# targetType: inline
# script: |
# set -euo pipefail
# echo "=== Variables ==="
# echo "BACKUP_FOLDER=$(BACKUP_FOLDER)"
# echo "INTUNE_BACKUP_SUBDIR=$(INTUNE_BACKUP_SUBDIR)"
# echo "DRIFT_BRANCH_INTUNE=$(DRIFT_BRANCH_INTUNE)"
# echo "BASELINE_BRANCH=$(BASELINE_BRANCH)"
# echo "AGENT_POOL_NAME=$(AGENT_POOL_NAME)"
# echo "=== Git state ==="
# git branch -a
# git log --oneline -5
# git status --short
# echo "=== File system ==="
# ls -la "$(Build.SourcesDirectory)"
# find "$(BACKUP_FOLDER)" -maxdepth 2 -type d 2>/dev/null || true
# workingDirectory: "$(Build.SourcesDirectory)"
- task: Bash@3
displayName: Snapshot validation helper script (Intune job)
inputs:
@@ -757,13 +779,23 @@ jobs:
$generatedSplitMarkdownPattern = '^' + [Regex]::Escape("$(BACKUP_FOLDER)") + '/.*\.md$'
$generatedReportPattern = '^' + [Regex]::Escape("$(BACKUP_FOLDER)/$(REPORTS_SUBDIR)/")
$workloadConfigPattern = '^' + [Regex]::Escape("$(BACKUP_FOLDER)/$(INTUNE_BACKUP_SUBDIR)/")
$changedFile = $untrackedFile, $trackedFile | % { $_ } | ? {
Write-Host "DEBUG: BACKUP_FOLDER=$(BACKUP_FOLDER), INTUNE_BACKUP_SUBDIR=$(INTUNE_BACKUP_SUBDIR)"
Write-Host "DEBUG: workloadConfigPattern = $workloadConfigPattern"
Write-Host "DEBUG: untracked count = $($untrackedFile.Count), tracked count = $($trackedFile.Count)"
$allFiles = @()
if ($untrackedFile) { $allFiles += $untrackedFile }
if ($trackedFile) { $allFiles += $trackedFile }
$changedFile = $allFiles | ? {
$_ -and
$_ -match $workloadConfigPattern -and
$_ -notmatch $generatedSplitMarkdownPattern -and
$_ -notmatch $generatedReportPattern -and
$_ -notlike "*/Assignment Report/*"
}
Write-Host "DEBUG: changed count = $($changedFile.Count)"
if ($changedFile.Count -gt 0) {
$changedFile | Select-Object -First 5 | ForEach-Object { Write-Host "DEBUG: changed file: $_" }
}
if ($changedFile) {
git show-ref --verify --quiet "refs/remotes/origin/$(DRIFT_BRANCH_INTUNE)"
@@ -1337,6 +1369,28 @@ jobs:
- checkout: self
persistCredentials: true
# Uncomment the block below for agent-side debugging.
# - task: Bash@3
# displayName: DEBUG — dump agent state (Entra)
# inputs:
# targetType: inline
# script: |
# set -euo pipefail
# echo "=== Variables ==="
# echo "BACKUP_FOLDER=$(BACKUP_FOLDER)"
# echo "ENTRA_BACKUP_SUBDIR=$(ENTRA_BACKUP_SUBDIR)"
# echo "DRIFT_BRANCH_ENTRA=$(DRIFT_BRANCH_ENTRA)"
# echo "BASELINE_BRANCH=$(BASELINE_BRANCH)"
# echo "AGENT_POOL_NAME=$(AGENT_POOL_NAME)"
# echo "=== Git state ==="
# git branch -a
# git log --oneline -5
# git status --short
# echo "=== File system ==="
# ls -la "$(Build.SourcesDirectory)"
# find "$(BACKUP_FOLDER)" -maxdepth 2 -type d 2>/dev/null || true
# workingDirectory: "$(Build.SourcesDirectory)"
- task: Bash@3
displayName: Snapshot export/validation helper scripts (Entra job)
inputs: