1+
2+ name : PR Validation for Polling file
3+
4+ on :
5+ pull_request_target :
6+ branches :
7+ # - doNotMerge-ContentValidationCCP ##########################################################################
8+ - main
9+ types : [opened, synchronize]
10+
11+ permissions :
12+ id-token : write
13+ contents : read
14+
15+ env :
16+ CLIENT_ID : ${{ secrets.AZURE_CONTENT_VALIDATION_CLIENT_ID }}
17+ API_BASE : ${{ secrets.SENTINEL_CONTENT_API_URL }}
18+
19+ jobs :
20+ pr-validate :
21+ runs-on : ubuntu-latest
22+
23+ steps :
24+ - name : Checkout PR code
25+ uses : actions/checkout@v3
26+ with :
27+ fetch-depth : 0
28+ ref : ${{ github.event.pull_request.head.ref }}
29+ repository : ${{ github.event.pull_request.head.repo.full_name }}
30+
31+ - name : Get changed JSON files and contents to send to API endpoint
32+ id : prepare_json_files
33+ run : |
34+ echo "Collecting changed JSON files:"
35+ BASE="${{ github.event.pull_request.base.sha }}"
36+ HEAD="${{ github.event.pull_request.head.sha }}"
37+
38+ mapfile -t files < <(git diff --name-only "$BASE" "$HEAD" | grep '\.json$')
39+ echo "Changed JSON files:"
40+ for file in "${files[@]}"; do
41+ echo "$file"
42+ done
43+
44+ filtered_files=()
45+ for file in "${files[@]}"; do
46+ if [[ "$file" =~ [Pp][Oo][Ll][Ll] ]]; then
47+ filtered_files+=("$file")
48+ fi
49+ done
50+
51+ echo "Polling JSON files:"
52+ for file in "${filtered_files[@]}"; do
53+ echo "$file"
54+ done
55+
56+ if [ ${#filtered_files[@]} -eq 0 ]; then
57+ echo "No JSON files with 'poll' in the name changed in this PR."
58+ echo "JSON_PAYLOAD_PATH=empty" >> $GITHUB_ENV
59+ exit 0
60+ fi
61+
62+ json_array="["
63+ for file in "${filtered_files[@]}"; do
64+ if [ -f "$file" ]; then
65+ if jq -e . "$file" > /dev/null 2>&1; then
66+ content=$(jq -c . < "$file")
67+ json_array+="{\"filename\": \"${file}\", \"content\": $content},"
68+ else
69+ echo "❌ Invalid JSON structure in file: $file"
70+ exit 1
71+ fi
72+ fi
73+ done
74+ json_array="${json_array%,}]"
75+
76+ # 🔍 Debug echo
77+ echo "Constructed JSON array: $json_array"
78+
79+ echo "$json_array" > files_payload.json
80+ echo "JSON_PAYLOAD_PATH=files_payload.json" >> $GITHUB_ENV
81+
82+ name : Request OIDC token from GitHub
83+ if : ${{ env.JSON_PAYLOAD_PATH != 'empty' }}
84+ id : fetch_token
85+ run : |
86+ raw=$(curl -s -H "Authorization: Bearer $ACTIONS_ID_TOKEN_REQUEST_TOKEN" "${ACTIONS_ID_TOKEN_REQUEST_URL}&audience=api://${CLIENT_ID}")
87+ token=$(echo "$raw" | jq -r '.value')
88+ echo "TOKEN=$token" >> $GITHUB_ENV
89+
90+ name : Send GET request to check if API is live
91+ if : ${{ env.JSON_PAYLOAD_PATH != 'empty' }}
92+ id : check_api
93+ run : |
94+ response=$(curl -s -H "Authorization: Bearer $TOKEN" "$API_BASE/")
95+ echo "$response" | jq . || true
96+
97+ name : Send POST request with JSON payload
98+ if : ${{ env.JSON_PAYLOAD_PATH != 'empty' }}
99+ run : |
100+ echo "Sending JSON payload to API"
101+
102+ response=$(curl -s -X POST "$API_BASE/" -H "Authorization: Bearer $TOKEN" -H "Content-Type: application/json" --data-binary "@$JSON_PAYLOAD_PATH")
103+
104+ result_status=$(echo "$response" | jq -r '.status // empty')
105+ message=$(echo "$response" | jq -r '.message // "No message provided"')
106+
107+ if [ "$result_status" != "passed" ]; then
108+ echo -e " ❌ Validation failed: $message"
109+ exit 1
110+ fi
111+
112+ echo "✅ $message"
0 commit comments