Skip to content

Validate in the pipeline that policy id is not equal to any built-in policies #126

Validate in the pipeline that policy id is not equal to any built-in policies

Validate in the pipeline that policy id is not equal to any built-in policies #126

name: Confirm Policy Definition is valid
on:
pull_request:
branches:
- main
jobs:
validate_policy_definition:
runs-on: ubuntu-latest
name: Validate Policy Definition
permissions:
pull-requests: read
steps:
- uses: actions/checkout@v3
- name: Get changed files
id: changed_files
uses: tj-actions/[email protected]
with:
separator: "§" # Character not used within a file name or path
safe_output: true # Enable safe_output for security
- name: Sanitize file paths
id: sanitize_paths
shell: pwsh
run: |
$files = "${{ steps.changed_files.outputs.all_changed_files }}".Replace('\§', '§').TrimEnd('\')
echo "Sanitized files: $files"
# Use Environment Files to set the output
echo "SANITIZED_FILES=$files" | Out-File -FilePath $Env:GITHUB_ENV -Append -Encoding utf8
- name: Debug output for sanitized changed files
run: |
echo "Sanitized changed files: $SANITIZED_FILES"
shell: pwsh
env:
SANITIZED_FILES: ${{ env.SANITIZED_FILES }}
- name: Run if changed files are found
if: ${{ steps.changed_files.outputs.any_changed }} == 'true'
run: |
$files = "${{ env.SANITIZED_FILES }}"
$files = $files.Split("§")
foreach ( $file in $files ) {
Write-Host "$file changed"
if ($file.Contains("azurepolicy.json")) {
Write-Host "$file validated"
Write-Host "Processing file: $file"
.\Scripts\Confirm-PolicyDefinitionIsValid.ps1 -FileName $file
}
}
shell: pwsh