Support for GitHub Actions

[SenthuranSivananthan]

Support for deploying landing zone modules through GitHub Actions. This support will expand the automation capabilities to:

• Azure DevOps Pipelines exists
• PowerShell exists
• GitHub Actions

GitHub Actions should provide the ability to deploy each module separately. These modules are:

• Management Groups
• Roles
• Logging
• Policies
• Hub Networking + NVA
• Hub Networking + Azure Firewall
• Subscriptions

[skeeler]

In scope

• Run workflows manually (workflow_dispatch)
• A GitHub Workflow to run all individual workflows in correct sequence (Everything), with:
  • input option to select HubNetworkWithAzureFirewall or HubNetworkWithNVA
  • input option to specify zero or more subscription ids to run deploy subscriptions workflow

Out of scope

• Triggering workflows based on push, PR, or any other automated mechanism. Triggered workflows are intentionally left as exercise for implementers based on their workflow preferences.
• Azure Pipelines conversion: leave as-implemented for now. Possible future conversion if we can live with the GitHub Workflow limitations.
• Parallelization of custom and built-in policies: the PowerShell scripts handle both sequentially so we can't easily replicate how the Azure Pipelines allow concurrent processing without refactoring those scripts (possible future work).
• Parallelization of subscription deployments: unlike Azure Pipelines where we process subscription deployments concurrently, one of (many) limitations in GitHub Workflows is their lack of support for looping within a workflow definition. Currently, the only near-but-not-quite-the-same functionality in GitHub Workflows is the matrix strategy, but it relies on values specified as arrays which are not (yet) a valid/supported workflow input type. So we can't do this in the same generic way that we are able to parallelize subscription deployments in Azure Pipelines.

Implementation