Merge branch 'Mayank-goel360:main' into main #20
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # # .github/workflows/pr-validate.yml | |
| #name: π PR Validation via OIDC (GET & POST) | |
| # on: | |
| # pull_request_target: | |
| # types: [opened, synchronize] | |
| # permissions: | |
| # id-token: write # enable OIDC token issuance | |
| # contents: read # allow checkout of code | |
| # env: | |
| # CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} | |
| # API_BASE: ${{ secrets.SENTINEL_CONTENT_API_URL }} | |
| # jobs: | |
| # pr-validate: | |
| # runs-on: ubuntu-latest | |
| # steps: | |
| # - name: Checkout PR code | |
| # uses: actions/checkout@v3 | |
| # with: | |
| # fetch-depth: 0 | |
| # ref: ${{ github.event.pull_request.head.ref }} | |
| # repository: ${{ github.event.pull_request.head.repo.full_name }} | |
| # - name: Get changed JSON files and contents to send to API endpoint | |
| # id: prepare_json_files | |
| # run: | | |
| # echo "Collecting changed JSON files..." | |
| # BASE="${{ github.event.pull_request.base.sha }}" | |
| # HEAD="${{ github.event.pull_request.head.sha }}" | |
| # mapfile -t files < <(git diff --name-only "$BASE" "$HEAD" | grep '\.json$') | |
| # echo "Changed JSON files: ${files[@]}" | |
| # if [ ${#files[@]} -eq 0 ]; then | |
| # echo "No JSON files changed in this PR." | |
| # echo "JSON_PAYLOAD_PATH=empty" >> $GITHUB_ENV | |
| # exit 0 | |
| # fi | |
| # json_array="[" | |
| # for file in "${files[@]}"; do | |
| # if [ -f "$file" ]; then | |
| # if jq -e . "$file" > /dev/null 2>&1; then | |
| # content=$(jq -c . < "$file") | |
| # json_array+="{\"filename\": \"${file}\", \"content\": $content}," | |
| # else | |
| # echo "β Invalid JSON structure in file: $file" | |
| # exit 1 | |
| # fi | |
| # fi | |
| # done | |
| # json_array="${json_array%,}]" | |
| # echo "$json_array" > files_payload.json | |
| # echo "JSON_PAYLOAD_PATH=files_payload.json" >> $GITHUB_ENV | |
| # - name: π Request OIDC token from GitHub | |
| # id: fetch_token | |
| # run: | | |
| # echo "π Requesting OIDC token..." | |
| # raw=$(curl -s \ | |
| # -H "Authorization: Bearer $ACTIONS_ID_TOKEN_REQUEST_TOKEN" \ | |
| # "${ACTIONS_ID_TOKEN_REQUEST_URL}&audience=api://${CLIENT_ID}") | |
| # echo "π Raw token response JSON: $raw" | |
| # token=$(echo "$raw" | jq -r '.value') | |
| # echo "βοΈ Token length: ${#token}" | |
| # echo "TOKEN=$token" >> $GITHUB_ENV | |
| # # 3. Send a simple GET request to "/" | |
| # - name: π‘ Send GET request to protected root endpoint | |
| # run: | | |
| # echo "π GET $API_BASE/" | |
| # response=$(curl -s -H "Authorization: Bearer $TOKEN" "$API_BASE/") | |
| # echo "π GET response:" | |
| # echo "$response" | jq . || true | |
| # # 5. Send POST request with JSON payload to "/" | |
| # - name: π Send POST request with JSON payload to root | |
| # run: | | |
| # echo "π POST $API_BASE/" | |
| # echo "π Payload contents:" | |
| # cat "$JSON_PAYLOAD_PATH" || { echo "β files_payload.json not found"; exit 1; } | |
| # echo | |
| # response=$(curl -s -w "\n%{http_code}" -X POST "$API_BASE/" \ | |
| # -H "Authorization: Bearer $TOKEN" \ | |
| # -H "Content-Type: application/json" \ | |
| # --data-binary "@$JSON_PAYLOAD_PATH") | |
| # body=$(echo "$response" | head -n -1) | |
| # status_code=$(echo "$response" | tail -n1) | |
| # echo "π HTTP status: $status_code" | |
| # echo "π Response body:" | |
| # echo "$body" | jq . || true | |
| # if [ "$status_code" -ne 200 ]; then | |
| # echo "β POST failed (HTTP $status_code)" | |
| # exit 1 | |
| # fi | |
| # result_status=$(jq -r '.status' <<< "$body") | |
| # result_message=$(jq -r '.message' <<< "$body") | |
| # if [ "$result_status" != "passed" ]; then | |
| # echo "β Validation failed: $result_message" | |
| # exit 1 | |
| # fi | |
| # echo "β Validation passed: $result_message" |