feat: Add NetworkConnectivity pre-flight check to Test-AcceleratorRequirement

[Copilot]

• Understand current state of checks in Deploy-Accelerator.ps1 and Test-NetworkConnectivity.ps1
• Add https://www.powershellgallery.com endpoint to Test-NetworkConnectivity.ps1
• Add NetworkConnectivity to the checks in Deploy-Accelerator.ps1 (guarded by skip_internet_checks)
• Update Test-NetworkConnectivity.Tests.ps1 endpoint count assertions: 5 → 6
• All 47 unit tests pass

Original prompt

Summary

Add a new NetworkConnectivity check to Test-AcceleratorRequirement (and the underlying Test-Tooling plumbing) that probes the external URLs the module must reach during a Bicep deployment, before any download or API call is attempted.

Background

Currently the module has no pre-flight network reachability check. It assumes connectivity is present and only surfaces failures at the point of use (e.g. inside Invoke-WebRequest/Invoke-RestMethod). This makes it hard for users in restricted environments to diagnose connectivity issues early.

Changes Required

1. New file: src/ALZ/Private/Tools/Checks/Test-NetworkConnectivity.ps1

Create a new check function following the same pattern as the existing checks (e.g. Test-GitInstallation.ps1). It should:

• Probe each of the external endpoints the module calls during a Bicep deployment using Invoke-WebRequest with -Method Head (or a lightweight GET where HEAD is not supported), with a short timeout (e.g. 10 seconds) and -SkipHttpErrorCheck / -ErrorAction SilentlyContinue so it doesn't throw.
• Return a Results array and a HasFailure bool in the same shape as all other checks.
• Treat any endpoint that cannot be reached (connection error / timeout) as a Failure, and any reachable endpoint (even a non-200 status, which may just be auth) as a Success — the goal is reachability, not authentication.
• The endpoints to check are:

Endpoint	Purpose
https://api.github.com	GitHub API (release tag lookups)
https://github.com	Bootstrap & starter module downloads
https://api.releases.hashicorp.com	Terraform version resolution
https://releases.hashicorp.com	Terraform binary download
https://management.azure.com	Azure Management API

Example skeleton (follow the pattern of Test-GitInstallation.ps1):

function Test-NetworkConnectivity {
    [CmdletBinding()]
    param()

    $results = @()
    $hasFailure = $false

    $endpoints = @(
        @{ Uri = "https://api.github.com";                   Description = "GitHub API (release lookups)" },
        @{ Uri = "https://github.com";                       Description = "GitHub (module downloads)" },
        @{ Uri = "https://api.releases.hashicorp.com";       Description = "HashiCorp Releases API (Terraform version)" },
        @{ Uri = "https://releases.hashicorp.com";           Description = "HashiCorp Releases (Terraform binary download)" },
        @{ Uri = "https://management.azure.com";             Description = "Azure Management API" }
    )

    foreach ($endpoint in $endpoints) {
        Write-Verbose "Testing network connectivity to $($endpoint.Uri)"
        try {
            $response = Invoke-WebRequest -Uri $endpoint.Uri -Method Head -TimeoutSec 10 -SkipHttpErrorCheck -ErrorAction Stop -UseBasicParsing
            $results += @{
                message = "Network connectivity to $($endpoint.Description) ($($endpoint.Uri)) is available."
                result  = "Success"
            }
        } catch {
            $results += @{
                message = "Cannot reach $($endpoint.Description) ($($endpoint.Uri)). Check network/firewall settings. Error: $($_.Exception.Message)"
                result  = "Failure"
            }
            $hasFailure = $true
        }
    }

    return @{
        Results    = $results
        HasFailure = $hasFailure
    }
}

2. Update src/ALZ/Private/Tools/Test-Tooling.ps1

• Add "NetworkConnectivity" to the [ValidateSet(...)] on the $Checks parameter.
• Add a new if ($Checks -contains "NetworkConnectivity") block that calls Test-NetworkConnectivity and accumulates results, following the same pattern as the other checks.

3. Update src/ALZ/Public/Test-AcceleratorRequirement.ps1

• Add "NetworkConnectivity" to the [ValidateSet(...)] on the $Checks parameter.
• Add "NetworkConnectivity" to the default value of $Checks so it runs automatically when Test-AcceleratorRequirement is called with no arguments.
• Update the .SYNOPSIS/.DESCRIPTION doc comment to mention the network connectivity check.

4. Add unit tests: src/Tests/Unit/Private/Test-NetworkConnectivity.Tests.ps1

Add Pester unit tests for Test-NetworkConnectivity following the pattern used by other tests in src/Tests/Unit/. Cover at minimum:

• All endpoints reachable → no failure, all Success results.
• One or more endpoints unreachable (mock Invoke-WebRequest to throw) → HasFailure = $true, correct Failure messages.

Notes

• Do not add NetworkConnectivity to the default checks inside Deploy-Accelerator.ps1 — it already has its own $skip_internet_checks bypass path and calling a network check there would be redundant. The check belongs in Test-AcceleratorRequirement only.
• Keep the check non-blocking in the sense that it should check all endpoints and report all failures, not stop at the first unreachable one.
• Follow t...

This pull request was created from Copilot chat.

---

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

[jtracey93]

LGTM

[jaredfholgate]

LGTM