|
| 1 | +# name: final |
| 2 | + |
| 3 | +# on: |
| 4 | +# pull_request_target: |
| 5 | +# branches: |
| 6 | +# - main |
| 7 | +# types: |
| 8 | +# - opened |
| 9 | +# - synchronize |
| 10 | + |
| 11 | +# permissions: |
| 12 | +# id-token: write |
| 13 | +# contents: read |
| 14 | + |
| 15 | +# env: |
| 16 | +# CLIENT_ID: da7fd62a-590e-4e7a-8525-55ea01ffb1ac |
| 17 | +# API_BASE: https://sentinel-content-validationapi-prod-bvgsc3hjhyeqangg.canadacentral-01.azurewebsites.net/ |
| 18 | + |
| 19 | +# jobs: |
| 20 | +# pr-validate: |
| 21 | +# runs-on: ubuntu-latest |
| 22 | + |
| 23 | +# steps: |
| 24 | +# - name: Checkout PR code |
| 25 | +# uses: actions/checkout@v3 |
| 26 | +# with: |
| 27 | +# token: ${{ secrets.GITHUB_TOKEN }} # needed when using pull_request_target on forks |
| 28 | +# fetch-depth: 0 |
| 29 | +# ref: ${{ github.event.pull_request.head.ref }} |
| 30 | +# repository: ${{ github.event.pull_request.head.repo.full_name }} |
| 31 | + |
| 32 | +# - name: Get changed JSON files and contents |
| 33 | +# id: prepare_json_files |
| 34 | +# run: | |
| 35 | + |
| 36 | +# echo "🔍 Collecting changed JSON files…" |
| 37 | +# BASE="${{ github.event.pull_request.base.sha }}" |
| 38 | +# HEAD="${{ github.event.pull_request.head.sha }}" |
| 39 | + |
| 40 | +# mapfile -t files < <(git diff --name-only "$BASE" "$HEAD" | grep -Ei '\.json$') |
| 41 | +# echo "→ All .json files: ${files[*]:-<none>}" |
| 42 | + |
| 43 | +# # Case-insensitive filter for “poll” |
| 44 | +# filtered=() |
| 45 | +# for f in "${files[@]}"; do |
| 46 | +# if [[ "$f" =~ [Pp]oll ]]; then |
| 47 | +# filtered+=("$f") |
| 48 | +# fi |
| 49 | +# done |
| 50 | + |
| 51 | +# if [ ${#filtered[@]} -eq 0 ]; then |
| 52 | +# echo "→ No polling JSON files changed; skipping validation." |
| 53 | +# echo "JSON_PAYLOAD_PATH=empty" >> $GITHUB_ENV |
| 54 | +# exit 0 |
| 55 | +# fi |
| 56 | + |
| 57 | +# echo "→ Polling files: ${filtered[*]}" |
| 58 | + |
| 59 | +# # Build JSON array payload |
| 60 | +# json_array="[" |
| 61 | +# for f in "${filtered[@]}"; do |
| 62 | +# if jq -e . "$f" > /dev/null; then |
| 63 | +# content=$(jq -c . "$f") |
| 64 | +# json_array+="{\"filename\":\"$f\",\"content\":$content}," |
| 65 | +# else |
| 66 | +# echo "❌ Invalid JSON in $f" |
| 67 | +# exit 1 |
| 68 | +# fi |
| 69 | +# done |
| 70 | +# json_array="${json_array%,}]" |
| 71 | +# echo "$json_array" > files_payload.json |
| 72 | +# echo "JSON_PAYLOAD_PATH=files_payload.json" >> $GITHUB_ENV |
| 73 | + |
| 74 | +# - name: Request OIDC token from GitHub |
| 75 | +# if: env.JSON_PAYLOAD_PATH != 'empty' |
| 76 | +# id: fetch_token |
| 77 | +# run: | |
| 78 | + |
| 79 | +# echo "🔐 Fetching OIDC token…" |
| 80 | +# raw=$(curl -s \ |
| 81 | +# -H "Authorization: Bearer $ACTIONS_ID_TOKEN_REQUEST_TOKEN" \ |
| 82 | +# "${ACTIONS_ID_TOKEN_REQUEST_URL}&audience=api://${CLIENT_ID}") |
| 83 | +# token=$(echo "$raw" | jq -r .value) |
| 84 | +# echo "✔️ Got token (length=${#token})" |
| 85 | +# echo "TOKEN=$token" >> $GITHUB_ENV |
| 86 | + |
| 87 | + |
| 88 | +# - name: 📡 Health-check GET |
| 89 | +# if: env.JSON_PAYLOAD_PATH != 'empty' |
| 90 | +# run: | |
| 91 | + |
| 92 | +# echo "🚀 Hitting $API_BASE…" |
| 93 | +# # Capture both body and status |
| 94 | +# resp=$(curl -s -w "\n%{http_code}" \ |
| 95 | +# -H "Authorization: Bearer $TOKEN" \ |
| 96 | +# "$API_BASE") |
| 97 | +# body=$(echo "$resp" | sed '$d') # all but last line |
| 98 | +# status=$(echo "$resp" | tail -n1) # last line |
| 99 | + |
| 100 | +# # Try to parse JSON, but don’t exit if it fails |
| 101 | +# if echo "$body" | jq . > /dev/null 2>&1; then |
| 102 | +# echo "✔️ Parsed JSON:" |
| 103 | +# echo "$body" | jq . |
| 104 | +# else |
| 105 | +# echo "⚠️ Body is not JSON or empty" |
| 106 | +# fi |
| 107 | + |
| 108 | +# # Exit non-2xx |
| 109 | +# if [[ "$status" != 2* ]]; then |
| 110 | +# echo "❌ Health check failed (status $status)" |
| 111 | +# exit 1 |
| 112 | +# fi |
| 113 | + |
| 114 | +# - name: 📦 POST polling payload |
| 115 | +# if: env.JSON_PAYLOAD_PATH != 'empty' |
| 116 | +# run: | |
| 117 | +# echo "Sending JSON payload to API" |
| 118 | + |
| 119 | +# response=$(curl -s -X POST "$API_BASE/polling" -H "Authorization: Bearer $TOKEN" -H "Content-Type: application/json" --data-binary "@$JSON_PAYLOAD_PATH") |
| 120 | + |
| 121 | +# result_status=$(echo "$response" | jq -r '.status // empty') |
| 122 | +# message=$(echo "$response" | jq -r '.message // "No message provided"') |
| 123 | + |
| 124 | +# if [ "$result_status" != "passed" ]; then |
| 125 | +# echo -e " ❌ Validation failed: \n $message" |
| 126 | +# exit 1 |
| 127 | +# fi |
| 128 | + |
| 129 | +# echo "✅ $message" |
| 130 | + |
| 131 | +name: final |
| 132 | + |
| 133 | +on: |
| 134 | + pull_request_target: |
| 135 | + branches: |
| 136 | + - main |
| 137 | + types: |
| 138 | + - opened |
| 139 | + - synchronize |
| 140 | + |
| 141 | +permissions: |
| 142 | + id-token: write |
| 143 | + contents: read |
| 144 | + |
| 145 | +env: |
| 146 | + CLIENT_ID: da7fd62a-590e-4e7a-8525-55ea01ffb1ac |
| 147 | + API_BASE: https://sentinel-content-validationapi-prod-bvgsc3hjhyeqangg.canadacentral-01.azurewebsites.net/ |
| 148 | + |
| 149 | +jobs: |
| 150 | + pr-validate: |
| 151 | + runs-on: ubuntu-latest |
| 152 | + |
| 153 | + steps: |
| 154 | + - name: Checkout PR code |
| 155 | + uses: actions/checkout@v3 |
| 156 | + with: |
| 157 | + token: ${{ secrets.GITHUB_TOKEN }} |
| 158 | + fetch-depth: 0 |
| 159 | + ref: ${{ github.event.pull_request.head.ref }} |
| 160 | + repository: ${{ github.event.pull_request.head.repo.full_name }} |
| 161 | + |
| 162 | + - name: Get changed JSON files and contents for all types |
| 163 | + id: prepare_json_files |
| 164 | + run: | |
| 165 | + echo "🔍 Collecting changed JSON files…" |
| 166 | + BASE="${{ github.event.pull_request.base.sha }}" |
| 167 | + HEAD="${{ github.event.pull_request.head.sha }}" |
| 168 | + mapfile -t files < <(git diff --name-only "$BASE" "$HEAD" | grep -Ei '\.json$') |
| 169 | + echo "→ All .json files: ${files[*]:-<none>}" |
| 170 | +
|
| 171 | + declare -A keywords=( ["poll"]="poll" ["definition"]="definition" ["dcr"]="dcr" ["_CL"]="_CL" ) |
| 172 | + for key in "${!keywords[@]}"; do |
| 173 | + filtered=() |
| 174 | + for f in "${files[@]}"; do |
| 175 | + if [[ "$f" =~ ${keywords[$key]} ]]; then |
| 176 | + filtered+=("$f") |
| 177 | + fi |
| 178 | + done |
| 179 | + echo "→ ${key^^} files: ${filtered[*]:-<none>}" |
| 180 | + if [ ${#filtered[@]} -eq 0 ]; then |
| 181 | + echo "JSON_${key^^}_PATH=empty" >> $GITHUB_ENV |
| 182 | + continue |
| 183 | + fi |
| 184 | +
|
| 185 | + json_array="[" |
| 186 | + for f in "${filtered[@]}"; do |
| 187 | + if jq -e . "$f" > /dev/null; then |
| 188 | + content=$(jq -c . "$f") |
| 189 | + json_array+="{\"filename\":\"$f\",\"content\":$content}," |
| 190 | + else |
| 191 | + echo "❌ Invalid JSON in $f" |
| 192 | + exit 1 |
| 193 | + fi |
| 194 | + done |
| 195 | + json_array="${json_array%,}]" |
| 196 | + file_name="files_payload_${key}.json" |
| 197 | + echo "$json_array" > "$file_name" |
| 198 | + echo "JSON_${key^^}_PATH=$file_name" >> $GITHUB_ENV |
| 199 | + done |
| 200 | +
|
| 201 | + - name: Request OIDC token from GitHub |
| 202 | + id: fetch_token |
| 203 | + run: | |
| 204 | + echo "🔐 Fetching OIDC token…" |
| 205 | + raw=$(curl -s -H "Authorization: Bearer $ACTIONS_ID_TOKEN_REQUEST_TOKEN" "${ACTIONS_ID_TOKEN_REQUEST_URL}&audience=api://${CLIENT_ID}") |
| 206 | + token=$(echo "$raw" | jq -r .value) |
| 207 | + echo "✔️ Got token (length=${#token})" |
| 208 | + echo "TOKEN=$token" >> $GITHUB_ENV |
| 209 | +
|
| 210 | + - name: 📡 Health-check GET |
| 211 | + run: | |
| 212 | + echo "🚀 Hitting $API_BASE…" |
| 213 | + resp=$(curl -s -w "\n%{http_code}" -H "Authorization: Bearer $TOKEN" "$API_BASE") |
| 214 | + body=$(echo "$resp" | sed '$d') |
| 215 | + status=$(echo "$resp" | tail -n1) |
| 216 | + if echo "$body" | jq . > /dev/null 2>&1; then |
| 217 | + echo "$body" | jq . |
| 218 | + else |
| 219 | + echo "⚠️ Body is not JSON or empty" |
| 220 | + fi |
| 221 | + if [[ "$status" != 2* ]]; then |
| 222 | + echo "❌ Health check failed (status $status)" |
| 223 | + exit 1 |
| 224 | + fi |
| 225 | +
|
| 226 | + - name: POST polling payload |
| 227 | + if: env.JSON_POLL_PATH != 'empty' |
| 228 | + run: | |
| 229 | + response=$(curl -s -X POST "$API_BASE/polling" -H "Authorization: Bearer $TOKEN" -H "Content-Type: application/json" --data-binary "@$JSON_POLL_PATH") |
| 230 | + result_status=$(echo "$response" | jq -r '.status // empty') |
| 231 | + message=$(echo "$response" | jq -r '.message // "No message provided"') |
| 232 | + if [ "$result_status" != "passed" ]; then |
| 233 | + echo -e " ❌ Validation failed: \n $message" |
| 234 | + exit 1 |
| 235 | + fi |
| 236 | + echo "✅ $message" |
| 237 | +
|
| 238 | + - name: POST definition payload |
| 239 | + if: env.JSON_DEFINITION_PATH != 'empty' |
| 240 | + run: | |
| 241 | + response=$(curl -s -X POST "$API_BASE/definition" -H "Authorization: Bearer $TOKEN" -H "Content-Type: application/json" --data-binary "@$JSON_DEFINITION_PATH") |
| 242 | + result_status=$(echo "$response" | jq -r '.status // empty') |
| 243 | + message=$(echo "$response" | jq -r '.message // "No message provided"') |
| 244 | + if [ "$result_status" != "passed" ]; then |
| 245 | + echo -e " ❌ Validation failed: \n $message" |
| 246 | + exit 1 |
| 247 | + fi |
| 248 | + echo "✅ $message" |
| 249 | +
|
| 250 | + - name: POST DCR payload |
| 251 | + if: env.JSON_DCR_PATH != 'empty' |
| 252 | + run: | |
| 253 | + response=$(curl -s -X POST "$API_BASE/dcr" -H "Authorization: Bearer $TOKEN" -H "Content-Type: application/json" --data-binary "@$JSON_DCR_PATH") |
| 254 | + result_status=$(echo "$response" | jq -r '.status // empty') |
| 255 | + message=$(echo "$response" | jq -r '.message // "No message provided"') |
| 256 | + if [ "$result_status" != "passed" ]; then |
| 257 | + echo -e " ❌ Validation failed: \n $message" |
| 258 | + exit 1 |
| 259 | + fi |
| 260 | + echo "✅ $message" |
| 261 | +
|
| 262 | + - name: POST _CL payload |
| 263 | + if: env.JSON__CL_PATH != 'empty' |
| 264 | + run: | |
| 265 | + response=$(curl -s -X POST "$API_BASE/cl" -H "Authorization: Bearer $TOKEN" -H "Content-Type: application/json" --data-binary "@$JSON__CL_PATH") |
| 266 | + result_status=$(echo "$response" | jq -r '.status // empty') |
| 267 | + message=$(echo "$response" | jq -r '.message // "No message provided"') |
| 268 | + if [ "$result_status" != "passed" ]; then |
| 269 | + echo -e " ❌ Validation failed: \n $message" |
| 270 | + exit 1 |
| 271 | + fi |
| 272 | + echo "✅ $message" |
0 commit comments