feat: DeploymentRemoval: Added LZ-Vending MgmtGroup to deployment cle…

…anup (Azure#3010)

## Description

Added LZ-Vending MgmtGroup to deployment cleanup
Added resilient case handling for forks where the mgmt-group may not
exist (is skipped)
> WARNING: Management Group [xyz] not found or not authorized. Skipping
removal.

Fixes Azure#2302


## Pipeline Reference

<!-- Insert your Pipeline Status Badge below -->

| Pipeline |
| -------- |
| [![.Platform - Clean up deployment
history](https://github.com/Azure/bicep-registry-modules/actions/workflows/platform.deployment.history.cleanup.yml/badge.svg?branch=users%2Falsehr%2FdeploymentRemovalMgmtId&event=workflow_dispatch)](https://github.com/Azure/bicep-registry-modules/actions/workflows/platform.deployment.history.cleanup.yml)
|

## Type of Change

<!-- Use the checkboxes [x] on the options that are relevant. -->

- [x] Update to CI Environment or utilities (Non-module affecting
changes)
- [ ] Azure Verified Module updates:
- [ ] Bugfix containing backwards-compatible bug fixes, and I have NOT
bumped the MAJOR or MINOR version in `version.json`:
- [ ] Someone has opened a bug report issue, and I have included "Closes
#{bug_report_issue_number}" in the PR description.
- [ ] The bug was found by the module author, and no one has opened an
issue to report it yet.
- [ ] Feature update backwards compatible feature updates, and I have
bumped the MINOR version in `version.json`.
- [ ] Breaking changes and I have bumped the MAJOR version in
`version.json`.
  - [ ] Update to documentation

.github/workflows/platform.deployment.history.cleanup.yml

@@ -114,13 +114,18 @@ jobs:
             # Load used functions
             . (Join-Path $env:GITHUB_WORKSPACE 'avm' 'utilities' 'pipelines' 'platform' 'deploymentRemoval' 'Clear-ManagementGroupDeploymentHistory.ps1')
 
-            $functionInput = @{
-              ManagementGroupId            = '${{ secrets.ARM_MGMTGROUP_ID }}'
-              maxDeploymentRetentionInDays = '${{ (fromJson(needs.job_initialize_pipeline.outputs.workflowInput)).maxDeploymentRetentionInDays }}'
-            }
+            $mgmtGroupIdInput = '${{ (fromJson(needs.job_initialize_pipeline.outputs.workflowInput)).customManagementGroupId }}'
 
-            Write-Verbose "Invoke task with" -Verbose
-            Write-Verbose ($functionInput | ConvertTo-Json | Out-String) -Verbose
+            foreach($mgmtGroupId in @('${{ secrets.ARM_MGMTGROUP_ID }}', 'bicep-lz-vending-automation-child')) {
+              Write-Verbose "Processing mgmtGroupId [$mgmtGroupId]" -Verbose
+              $functionInput = @{
+                ManagementGroupId            = $mgmtGroupId
+                maxDeploymentRetentionInDays = '${{ (fromJson(needs.job_initialize_pipeline.outputs.workflowInput)).maxDeploymentRetentionInDays }}'
+              }
+
+              Write-Verbose "Invoke task with" -Verbose
+              Write-Verbose ($functionInput | ConvertTo-Json | Out-String) -Verbose
 
-            Clear-ManagementGroupDeploymentHistory @functionInput
+              Clear-ManagementGroupDeploymentHistory @functionInput
+            }
           azPSVersion: "latest"

avm/utilities/pipelines/platform/deploymentRemoval/Clear-ManagementGroupDeploymentHistory.ps1

@@ -53,7 +53,12 @@ function Clear-ManagementGroupDeploymentHistory {
             Authorization = 'Bearer {0}' -f ((Get-AzAccessToken -AsSecureString).Token | ConvertFrom-SecureString -AsPlainText)
         }
     }
-    $response = Invoke-RestMethod @getInputObject
+    try {
+        $response = Invoke-RestMethod @getInputObject
+    } catch {
+        Write-Warning "Management Group [$ManagementGroupId] not found or not authorized. Skipping removal."
+        return
+    }
 
     if (($response | Get-Member -MemberType 'NoteProperty').Name -notcontains 'value') {
         throw ('Fetching deployments failed with error [{0}]' -f ($reponse | Out-String))