TEST do not merge #3
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CCF data connector validation | |
| on: | |
| pull_request_target: | |
| types: [opened, synchronize] | |
| paths: | |
| - 'Solutions/**' | |
| permissions: | |
| id-token: write | |
| contents: read | |
| env: | |
| CLIENT_ID: ${{ secrets.AZURE_CONTENT_VALIDATION_CLIENT_ID }} | |
| API_BASE: https://sentinel-content-validationapi-prod-bvgsc3hjhyeqangg.canadacentral-01.azurewebsites.net/ | |
| jobs: | |
| pr-validate: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout PR code | |
| uses: actions/checkout@v3 | |
| with: | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| fetch-depth: 0 | |
| ref: ${{ github.event.pull_request.head.ref }} | |
| repository: ${{ github.event.pull_request.head.repo.full_name }} | |
| - name: Get changed JSON files and contents | |
| id: prepare_json_files | |
| run: | | |
| echo " Collecting changed JSON files…" | |
| BASE="${{ github.event.pull_request.base.sha }}" | |
| HEAD="${{ github.event.pull_request.head.sha }}" | |
| mapfile -t files < <(git diff --diff-filter=ACMR --name-only "$BASE" "$HEAD" | grep -Ei '\.json$') | |
| echo "→ All .json files: ${files[*]:-<none>}" | |
| if [ ${#files[@]} -eq 0 ]; then | |
| echo "→ No JSON files changed; skipping validation." | |
| echo "JSON_PAYLOAD_PATH=empty" >> $GITHUB_ENV | |
| exit 0 | |
| fi | |
| echo "→ JSON files: ${files[*]}" | |
| # Build JSON array payload | |
| json_array="[" | |
| for f in "${files[@]}"; do | |
| if jq -e . "$f" > /dev/null; then | |
| content=$(jq -c . "$f") | |
| json_array+="{\"filename\":\"$f\",\"content\":$content}," | |
| else | |
| echo "❌ Invalid JSON in $f" | |
| exit 1 | |
| fi | |
| done | |
| json_array="${json_array%,}]" | |
| echo "$json_array" > files_payload.json | |
| echo "JSON_PAYLOAD_PATH=files_payload.json" >> $GITHUB_ENV | |
| - name: Request OIDC token from GitHub | |
| if: env.JSON_PAYLOAD_PATH != 'empty' | |
| id: fetch_token | |
| run: | | |
| echo " Fetching OIDC token…" | |
| raw=$(curl -s -H "Authorization: Bearer $ACTIONS_ID_TOKEN_REQUEST_TOKEN" "${ACTIONS_ID_TOKEN_REQUEST_URL}&audience=api://${CLIENT_ID}") | |
| token=$(echo "$raw" | jq -r .value) | |
| echo "✔️ Got token (length=${#token})" | |
| echo "TOKEN=$token" >> $GITHUB_ENV | |
| - name: Health-check | |
| if: env.JSON_PAYLOAD_PATH != 'empty' | |
| run: | | |
| echo " Hitting $API_BASE…" | |
| # Capture both body and status | |
| resp=$(curl -s -w "\n%{http_code}" -H "Authorization: Bearer $TOKEN" "$API_BASE") | |
| body=$(echo "$resp" | sed '$d') # all but last line | |
| status=$(echo "$resp" | tail -n1) # last line | |
| # Try to parse JSON, but dont exit if it fails | |
| if echo "$body" | jq . > /dev/null 2>&1; then | |
| echo "✔️ Parsed JSON:" | |
| echo "$body" | jq . | |
| else | |
| echo "⚠️ Body is not JSON or empty" | |
| fi | |
| # Exit non-2xx | |
| if [[ "$status" != 2* ]]; then | |
| echo "❌ Health check failed (status $status)" | |
| exit 1 | |
| fi | |
| - name: POST CCF payload | |
| if: env.JSON_PAYLOAD_PATH != 'empty' | |
| run: | | |
| echo "Sending JSON payload to API" | |
| response=$(curl -s -X POST "$API_BASE/CCF_dataconnector" -H "Authorization: Bearer $TOKEN" -H "Content-Type: application/json" -H "Source: GitHub" --data-binary "@$JSON_PAYLOAD_PATH") | |
| result_status=$(echo "$response" | jq -r '.status // empty') | |
| message=$(echo "$response" | jq -r '.message // "No message provided"') | |
| id=$(echo "$response" | jq -r '.operation_Id // "No message provided"') | |
| if [ "$result_status" != "Passed" ]; then | |
| echo -e "\n" | |
| echo -e " ❌ Validation failed: \n" | |
| echo -e " $message" | |
| echo -e "\n" | |
| echo "operation id is $id" | |
| exit 1 | |
| fi | |
| echo "✅ $message" | |
| echo -e "\n" | |
| echo "operation id is $id" |