feat: Avm ptn acalza hostingenvironment - `avm/ptn/aca-lza/hosting-en…

…vironment` (#2969)

## Description

This Azure Container Apps pattern module represents an Azure Container
Apps deployment aligned with the cloud adoption framework implementing
industry proven practices, such as those presented in [Azure landing
zones](https://learn.microsoft.com/azure/cloud-adoption-framework/ready/landing-zone/)
guidance in the Cloud Adoption Framework, owned and operated by a
workload team. This avm pattern module provides a production ready
reference implementation of a containerized apps hosting environment
with Azure Container Apps.

As part of this pattern module the following services will be deployed:

A resource group (Spoke) to deploy all resources
A VNet with 4 subnets hosting the services
An internal Azure container apps environment
An Azure key vault exposed through a private endpoint
An Azure Container Registry reachable through a private endpoint
Azure Application Gateway or Azure Front Door to expose applications
hosted at Azure Container Apps
A Virtual Machine serving as a jump box for the locked down environment

## Pipeline Reference

<!-- Insert your Pipeline Status Badge below -->

| Pipeline |
| -------- |
|
[![avm.ptn.aca-lza.hosting-environment](https://github.com/kpantos/bicep-registry-modules/actions/workflows/avm.ptn.aca-lza.hosting-environment.yml/badge.svg?branch=avm-ptn-acalza-hostingenvironment)](https://github.com/kpantos/bicep-registry-modules/actions/workflows/avm.ptn.aca-lza.hosting-environment.yml)
|

## Type of Change

<!-- Use the checkboxes [x] on the options that are relevant. -->

- [ ] Update to CI Environment or utilities (Non-module affecting
changes)
- [X] Azure Verified Module updates:
  - [X] New pattern module implementation
- [ ] Bugfix containing backwards-compatible bug fixes, and I have NOT
bumped the MAJOR or MINOR version in `version.json`:
- [ ] Someone has opened a bug report issue, and I have included "Closes
#{bug_report_issue_number}" in the PR description.
- [ ] The bug was found by the module author, and no one has opened an
issue to report it yet.
- [ ] Feature update backwards compatible feature updates, and I have
bumped the MINOR version in `version.json`.
- [ ] Breaking changes and I have bumped the MAJOR version in
`version.json`.
  - [ ] Update to documentation

## Checklist

- [X] I'm sure there are no other open Pull Requests for the same
update/change
- [X] I have run `Set-AVMModule` locally to generate the supporting
module files.
- [X] My corresponding pipelines / checks run clean and green without
any errors or warnings

<!-- Please keep up to date with the contribution guide at
https://aka.ms/avm/contribute/bicep -->

---------

Co-authored-by: Alexander Sehr <ASehr@hotmail.de>

.github/CODEOWNERS

@@ -3,6 +3,7 @@
 /scripts/ @Azure/bicep-admins @Azure/avm-core-team-technical-bicep
 /avm/ @Azure/avm-core-team-technical-bicep
 /avm/utilities/ @Azure/avm-core-team-technical-bicep
+/avm/ptn/aca-lza/hosting-environment/ @Azure/avm-ptn-acalza-hostingenvironment-module-owners-bicep @Azure/avm-module-reviewers-bicep
 /avm/ptn/ai-platform/baseline/ @Azure/avm-ptn-aiplatform-baseline-module-owners-bicep @Azure/avm-module-reviewers-bicep
 /avm/ptn/authorization/policy-assignment/ @Azure/avm-ptn-authorization-policyassignment-module-owners-bicep @Azure/avm-module-reviewers-bicep
 /avm/ptn/authorization/resource-role-assignment/ @Azure/avm-ptn-authorization-resourceroleassignment-module-owners-bicep @Azure/avm-module-reviewers-bicep

.github/ISSUE_TEMPLATE/avm_module_issue.yml

@@ -38,6 +38,7 @@ body:
  description: Which existing AVM module is this issue related to?
  options:
  - ""
+ - "avm/ptn/aca-lza/hosting-environment"
  - "avm/ptn/ai-platform/baseline"
  - "avm/ptn/authorization/policy-assignment"
  - "avm/ptn/authorization/resource-role-assignment"

.github/workflows/avm.ptn.aca-lza.hosting-environment.yml

@@ -0,0 +1,90 @@
+name: "avm.ptn.aca-lza.hosting-environment"
+
+on:
+ workflow_dispatch:
+ inputs:
+ staticValidation:
+ type: boolean
+ description: "Execute static validation"
+ required: false
+ default: true
+ deploymentValidation:
+ type: boolean
+ description: "Execute deployment validation"
+ required: false
+ default: true
+ removeDeployment:
+ type: boolean
+ description: "Remove deployed module"
+ required: false
+ default: true
+ customLocation:
+ type: string
+ description: "Default location overwrite (e.g., eastus)"
+ required: false
+ default: 'northeurope'
+ push:
+ branches:
+ - main
+ - avm-ptn-acalza-hostingenvironment
+ paths:
+ - ".github/actions/templates/avm-**"
+ - ".github/workflows/avm.template.module.yml"
+ - ".github/workflows/avm.ptn.aca-lza.hosting-environment.yml"
+ - "avm/ptn/aca-lza/hosting-environment/**"
+ - "avm/utilities/pipelines/**"
+ - "!avm/utilities/pipelines/platform/**"
+ - "!*/**/README.md"
+
+env:
+ modulePath: "avm/ptn/aca-lza/hosting-environment"
+ workflowPath: ".github/workflows/avm.ptn.aca-lza.hosting-environment.yml"
+
+concurrency:
+ group: ${{ github.workflow }}
+
+jobs:
+ ###########################
+ # Initialize pipeline #
+ ###########################
+ job_initialize_pipeline:
+ runs-on: ubuntu-latest
+ name: "Initialize pipeline"
+ steps:
+ - name: "Checkout"
+ uses: actions/checkout@v4
+ with:
+ fetch-depth: 0
+ - name: "Set input parameters to output variables"
+ id: get-workflow-param
+ uses: ./.github/actions/templates/avm-getWorkflowInput
+ with:
+ workflowPath: "${{ env.workflowPath}}"
+ - name: "Get module test file paths"
+ id: get-module-test-file-paths
+ uses: ./.github/actions/templates/avm-getModuleTestFiles
+ with:
+ modulePath: "${{ env.modulePath }}"
+ outputs:
+ workflowInput: ${{ steps.get-workflow-param.outputs.workflowInput }}
+ moduleTestFilePaths: ${{ steps.get-module-test-file-paths.outputs.moduleTestFilePaths }}
+ psRuleModuleTestFilePaths: ${{ steps.get-module-test-file-paths.outputs.psRuleModuleTestFilePaths }}
+ modulePath: "${{ env.modulePath }}"
+
+ ##############################
+ # Call reusable workflow #
+ ##############################
+ call-workflow-passing-data:
+ name: "Run"
+ permissions:
+ id-token: write # For OIDC
+ contents: write # For release tags
+ needs:
+ - job_initialize_pipeline
+ uses: ./.github/workflows/avm.template.module.yml
+ with:
+ workflowInput: "${{ needs.job_initialize_pipeline.outputs.workflowInput }}"
+ moduleTestFilePaths: "${{ needs.job_initialize_pipeline.outputs.moduleTestFilePaths }}"
+ psRuleModuleTestFilePaths: "${{ needs.job_initialize_pipeline.outputs.psRuleModuleTestFilePaths }}"
+ modulePath: "${{ needs.job_initialize_pipeline.outputs.modulePath}}"
+ secrets: inherit