Pin Bicep to v0.4.1272

.devcontainer/Dockerfile

@@ -16,6 +16,9 @@ ARG TFLINT_AZURERM=0.14.0
 # Azure CLI version
 ARG AZURE_CLI_VERSION=2.31.0-1~focal
 
+# Bicep version
+ARG BICEP_VERSION=v0.4.1272
+
 # Update distro (software-properties-common installs the add-apt-repository command)
 RUN apt-get update \
     && apt-get -y install --no-install-recommends apt-utils software-properties-common 2>&1 \
@@ -89,7 +92,7 @@ RUN AZ_REPO=$(lsb_release -cs) \
 RUN apt-get update && apt-get install -y azure-cli=${AZURE_CLI_VERSION}
 
 # Install Bicep
-RUN curl -Lo /usr/local/bin/bicep https://github.com/Azure/bicep/releases/latest/download/bicep-linux-x64 \
+RUN curl -Lo /usr/local/bin/bicep https://github.com/Azure/bicep/releases/download/${BICEP_VERSION}/bicep-linux-x64 \
     && chmod +x /usr/local/bin/bicep
 
 # Clean up

.github/workflows/validate-build-bicep.yml

@@ -2,12 +2,14 @@
 # Licensed under the MIT License.
 
 name: validate-build-bicep
-on: 
+on:
   pull_request:
     branches: [main]
-    paths: 
+    paths:
     - 'src/bicep/**'
     - '!src/bicep/**.md'
+env:
+  BICEP_VERSION: 'v0.4.1272'
 jobs:
   validate-build:
     runs-on: ubuntu-latest
@@ -18,6 +20,8 @@ jobs:
       - run: |
           git config user.name github-actions
           git config user.email github-actions@github.com
+          az bicep install --version "$BICEP_VERSION"
+          az bicep version
           az bicep build --file src/bicep/mlz.bicep --outfile src/bicep/mlz.json
           if [[ $(git status --porcelain) ]]; then
             git add src/bicep/mlz.json

src/bicep/mlz.bicep

@@ -879,6 +879,7 @@ module hubPolicyAssignment './modules/policyAssignment.bicep' = if (deployPolicy
     logAnalyticsWorkspaceName: logAnalyticsWorkspace.outputs.name
     logAnalyticsWorkspaceResourceGroupName: logAnalyticsWorkspace.outputs.resourceGroupName
     operationsSubscriptionId: operationsSubscriptionId
+    location: location
   }
 }
 
@@ -890,6 +891,7 @@ module spokePolicyAssignments './modules/policyAssignment.bicep' = [for spoke in
     logAnalyticsWorkspaceName: logAnalyticsWorkspace.outputs.name
     logAnalyticsWorkspaceResourceGroupName: logAnalyticsWorkspace.outputs.resourceGroupName
     operationsSubscriptionId: operationsSubscriptionId
+    location: location
   }
 }]
 

src/bicep/modules/hubNetwork.bicep

@@ -240,6 +240,7 @@ module azureMonitorPrivateLink './privateLink.bicep' = if ( contains(supportedCl
     logAnalyticsWorkspaceResourceId: logAnalyticsWorkspaceResourceId
     privateEndpointSubnetName: subnetName
     privateEndpointVnetName: virtualNetwork.outputs.name
+    location: location
     tags: tags
   }
   dependsOn: [

src/bicep/modules/policyAssignment.bicep

@@ -12,6 +12,9 @@ param operationsSubscriptionId string
 @description('Starts a policy remediation for the VM Agent policies in hub RG. Set to false by default since this is time consuming in deployment.')
 param deployRemediation bool = false
 
+@description('The location of this resource')
+param location string = resourceGroup().location
+
 resource logAnalyticsWorkspace 'Microsoft.OperationalInsights/workspaces@2021-06-01' existing = {
   name: logAnalyticsWorkspaceName
   scope: resourceGroup(operationsSubscriptionId, logAnalyticsWorkspaceResourceGroupName)
@@ -42,7 +45,7 @@ var lawsReaderRoleDefinitionId = resourceId('Microsoft.Authorization/roleDefinit
 // assign policy to resource group
 resource assignment 'Microsoft.Authorization/policyAssignments@2020-09-01' = {
   name: assignmentName
-  location: resourceGroup().location
+  location: location
   properties: {
       policyDefinitionId: policyDefinitionID[modifiedAssignment].id
       parameters: policyDefinitionID[modifiedAssignment].parameters
@@ -54,7 +57,7 @@ resource assignment 'Microsoft.Authorization/policyAssignments@2020-09-01' = {
 
 resource vmssAgentAssignment 'Microsoft.Authorization/policyAssignments@2020-09-01' = {
   name: agentVmssAssignmentName
-  location: resourceGroup().location
+  location: location
   properties: {
     policyDefinitionId: '/providers/Microsoft.Authorization/policySetDefinitions/75714362-cae7-409e-9b99-a8e5075b7fad'
     parameters: {
@@ -70,7 +73,7 @@ resource vmssAgentAssignment 'Microsoft.Authorization/policyAssignments@2020-09-
 
 resource vmAgentAssignment 'Microsoft.Authorization/policyAssignments@2020-09-01' = {
   name: agentVmAssignmentName
-  location: resourceGroup().location
+  location: location
   properties: {
     policyDefinitionId: '/providers/Microsoft.Authorization/policySetDefinitions/55f3eceb-5573-4f18-9695-226972c6d74a'
     parameters: {

src/bicep/modules/privateLink.bicep

@@ -22,6 +22,9 @@ param vnetResourceGroup string = resourceGroup().name
 @description('The subscription id of the subscription the virtual network exists in')
 param vnetSubscriptionId string = subscription().subscriptionId
 
+@description('The location of this resource')
+param location string = resourceGroup().location
+
 var privateLinkConnectionName  = take('plconn${logAnalyticsWorkspaceName}${uniqueData}', 80)
 var privateLinkEndpointName = take('pl${logAnalyticsWorkspaceName}${uniqueData}', 80)
 var privateLinkScopeName = take('plscope${logAnalyticsWorkspaceName}${uniqueData}', 80)
@@ -45,7 +48,7 @@ resource logAnalyticsWorkspacePrivateLinkScope  'microsoft.insights/privateLinkS
 
 resource subnetPrivateEndpoint  'Microsoft.Network/privateEndpoints@2020-07-01' = {
   name: privateLinkEndpointName
-  location: resourceGroup().location
+  location: location
   tags: tags
   properties: {
     subnet: {