Skip to content
Bytebase Masking Policy Update 2

newfile #36

Sign in to view logs

newfile

newfile #36

Workflow file for this run

.github/workflows/bb-masking-2.yml at ce223d8
name: Bytebase Masking Policy Update 2
on:
pull_request:
types: [closed]
branches:
- main
workflow_dispatch:
jobs:
bytebase-masking-2:
if: github.event.pull_request.merged == true
runs-on: ubuntu-latest
permissions:
pull-requests: write
issues: write
contents: read
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.sha }}
fetch-depth: 0
- name: Login Bytebase
id: bytebase-login
uses: bytebase/[email protected]
with:
bytebase-url: ${{ secrets.BYTEBASE_URL }}
service-key: ${{ secrets.BYTEBASE_SERVICE_KEY }}
service-secret: ${{ secrets.BYTEBASE_SERVICE_SECRET }}
- name: Get changed files
id: changed-files
uses: tj-actions/changed-files@v42
with:
files: |
masking/masking-algorithm.json
masking/semantic-type.json
since_last_remote_commit: true
fetch_depth: 0
include_all_old_new_renamed_files: true
- name: Debug changed files
run: |
echo "All changed and added files:"
echo "Modified files: ${{ steps.changed-files.outputs.modified_files }}"
echo "Added files: ${{ steps.changed-files.outputs.added_files }}"
echo "All changes: ${{ steps.changed-files.outputs.all_changed_files }}"
- name: Debug changed files in detail
run: |
echo "All changed files:"
echo "${{ steps.changed-files.outputs.all_changed_files }}"
echo "Contains masking-algorithm.json: ${{ contains(steps.changed-files.outputs.all_changed_files, 'masking-algorithm.json') }}"
echo "Contains semantic-type.json: ${{ contains(steps.changed-files.outputs.all_changed_files, 'semantic-type.json') }}"
echo "Raw output:"
echo "${{ toJSON(steps.changed-files.outputs) }}"
- name: Apply masking algorithm
id: apply-masking-algorithm
if: ${{ steps.changed-files.outputs.any_changed == 'true' && contains(steps.changed-files.outputs.all_changed_files, 'masking-algorithm.json') }}
run: |
CHANGED_FILE="masking/masking-algorithm.json"
echo "Processing: $CHANGED_FILE"
response=$(curl -s -w "\n%{http_code}" --request PATCH "${{ steps.bytebase-login.outputs.api_url }}/settings/bb.workspace.masking-algorithm?allow_missing=true" \
--header "Authorization: Bearer ${{ steps.bytebase-login.outputs.token }}" \
--header "Content-Type: application/json" \
--data @"$CHANGED_FILE")
# Extract status code and response body
status_code=$(echo "$response" | tail -n1)
body=$(echo "$response" | sed '$d')
echo "status_code=${status_code}" >> $GITHUB_OUTPUT
echo "response_body<<EOF" >> $GITHUB_OUTPUT
echo "${body}" >> $GITHUB_OUTPUT
echo "EOF" >> $GITHUB_OUTPUT
if [[ $status_code -lt 200 || $status_code -ge 300 ]]; then
echo "Failed with status code: $status_code"
exit 1
fi
- name: Apply semantic type
id: apply-semantic-type
if: ${{ steps.changed-files.outputs.any_changed == 'true' && contains(steps.changed-files.outputs.all_changed_files, '/semantic-type.json') }}
run: |
# Process all masking-exception.json files
echo "${{ steps.changed-files.outputs.all_changed_files }}" | tr ' ' '\n' | grep "semantic-type.json" | while read -r CHANGED_FILE; do
echo "Processing: $CHANGED_FILE"
response=$(curl -s -w "\n%{http_code}" --request PATCH "${{ steps.bytebase-login.outputs.api_url }}/settings/bb.workspace.semantic-types?allow_missing=true" \
--header "Authorization: Bearer ${{ steps.bytebase-login.outputs.token }}" \
--header "Content-Type: application/json" \
--data @"$CHANGED_FILE")
# Extract status code and response body
status_code=$(echo "$response" | tail -n1)
body=$(echo "$response" | sed '$d')
echo "Status code: $status_code"
echo "Response body: $body"
# Append to outputs (with unique identifiers)
echo "${body}" >> $GITHUB_OUTPUT
echo "EOF" >> $GITHUB_OUTPUT
if [[ $status_code -lt 200 || $status_code -ge 300 ]]; then
echo "Failed with status code: $status_code"
exit 1
fi
done
- name: Comment on PR
uses: actions/github-script@v7
env:
CHANGED_FILES: ${{ steps.changed-files.outputs.all_changed_files }}
with:
script: |
const changedFiles = process.env.CHANGED_FILES || '';
let commentBody = `### Masking Policy Update 2 Summary\n\n`;
// Add status of merge
commentBody += `✅ **PR Status:** Merged\n\n`;
// Add changed files section
commentBody += `📝 **Changed Files:**\n\n`;
if (changedFiles.trim()) {
commentBody += changedFiles.split(' ').map(f => `- ${f}`).join('\n');
} else {
commentBody += `None`;
}
commentBody += '\n\n';
// Add API calls summary
commentBody += `🔄 **API Calls:**\n\n`;
let apiCallsFound = false;
if (changedFiles.includes('masking-algorithm.json')) {
const status = ${{ toJSON(steps.apply-masking-algorithm.outputs) }}.status_code;
if (status) {
apiCallsFound = true;
const success = status >= 200 && status < 300;
commentBody += `- Column Masking: ${success ? '✅' : '❌'} ${status}\n`;
}
}
if (changedFiles.includes('semantic-type.json')) {
const exceptionStatuses = Object.keys(${{ toJSON(steps.apply-semantic-type.outputs) }} || {})
.filter(key => key.startsWith('status_code_'))
.map(key => ({
name: key.replace('status_code_', ''),
status: ${{ toJSON(steps.apply-semantic-type.outputs) }}[key]
}));
exceptionStatuses.forEach(({name, status}) => {
apiCallsFound = true;
const success = status >= 200 && status < 300;
commentBody += `- Masking Exception (${name}): ${success ? '✅' : '❌'} ${status}\n`;
});
}
if (!apiCallsFound) {
commentBody += `None`;
}
await github.rest.issues.createComment({
...context.repo,
issue_number: context.issue.number,
body: commentBody
});