This repository contains an Azure Monitor Workbooks deployment written in Bicep for analyzing PSRule.Rules.AzureDevOps results captured to an Azure Log Analytics workspace. Azure Pipelines and GitHub Actions yaml templates are included to setup a daily analysis of Azure DevOps Organizations with PSRule. The analysis will loop through all projects in the organization and capture the results.

The following steps will guide you through deploying the log analytics workspace and workbooks to your Azure subscription.

• Azure CLI version 2.20.0 or later.
• Local copy of this repository. Use git clone to download and maintain a local copy of this repo.

The following steps will guide you through deploying the log analytics workspace, workbooks and a keyvault to your Azure subscription. In your local copy of this repository, run the following command to create a new resource group:

# Set the location to deploy to
$location = 'westeurope'
# Set the resource group name
$resourceGroupName = 'rg-psrule-azuredevops-weu'
# Create the resource group in the specified location
az group create --name $resourceGroupName --location $location

Next, run the following command to deploy the log analytics workspace and workbooks:

az deployment group create `
    --resource-group $resourceGroupName `
    --template-file .\src\bicep\main.bicep `
    --query properties.outputs `
    -p azDoOrganization='contoso' `
    -p azDoPAT='xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'

The deployment will take approximately 5 minutes to complete. After the deployment has completed, there will be a log analytics workspace with workbooks and a key vault available in the resource group. The key vault will contain the necessary secrets to run the analysis with PSRule from an Azure Pipeline.

The following steps will guide you through setting up a daily analysis of Azure DevOps projects with PSRule using Azure Pipelines.

Create a new repository in Azure DevOps to store the pipeline definition. To create a new repository, follow the steps in Create a repo. After creating the repository, clone it to your local machine and add the following files to the root of the repository:

• azure-pipelines/psrule-azdo-loganalytics.yaml

Add the key vault as a variable group in Azure DevOps to allow the pipeline to access the secrets. The key vault can be found in the resource group specified in the deployment. To add the key vault as a variable group, follow the steps in Create a variable group. When prompted to select a source, select Azure Key Vault and select the key vault created in the previous step. Name the variable group azdo-psrule-run and select Allow access to all pipelines.

Create a new pipeline in Azure DevOps to run the PSRule analysis. To create a new pipeline, follow the steps in Create your first pipeline. When prompted to select a template, select Existing Azure Pipelines YAML file and select the azure-pipelines/psrule-azdo-loganalytics.yaml file from the repository.

Run the pipeline to verify the setup. The pipeline will run for approximately 2 to 5 minutes depending on the size of the Azure DevOps project. Do not run the pipeline more than once a day as the workbook is designed to analyze a single day of data.

Note: When running the pipeline for the first time, it will take up to 15 minutes for data to appear in the workbook.

After the pipeline has completed, check the workbook in the log analytics workspace. The main workbook is named Azure DevOps Main and is available in the Workbooks section of the log analytics workspace. The workbook will show the results of the last run in 24 hour intervals.

• PSRule by @BernieWhite
• PSRule.Monitor by @BernieWhite
• PSRule.Rules.AzureDevOps by Roderick Bant