-
Notifications
You must be signed in to change notification settings - Fork 328
54 lines (47 loc) · 1.67 KB
/
confirm-policy-definition-validity.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
name: Confirm Policy Definition is valid
on:
pull_request:
branches:
- main
jobs:
validate_policy_definition:
runs-on: ubuntu-latest
name: Validate Policy Definition
permissions:
pull-requests: read
steps:
- uses: actions/checkout@v3
- name: Get changed files
id: changed_files
uses: tj-actions/[email protected]
with:
separator: "§" # Character not used within a file name or path
safe_output: true # Enable safe_output for security
- name: Sanitize file paths
id: sanitize_paths
shell: pwsh
run: |
$files = "${{ steps.changed_files.outputs.all_changed_files }}".Replace('\§', '§').TrimEnd('\')
echo "Sanitized files: $files"
# Use Environment Files to set the output
echo "SANITIZED_FILES=$files" | Out-File -FilePath $Env:GITHUB_ENV -Append -Encoding utf8
- name: Debug output for sanitized changed files
run: |
echo "Sanitized changed files: $SANITIZED_FILES"
shell: pwsh
env:
SANITIZED_FILES: ${{ env.SANITIZED_FILES }}
- name: Run if changed files are found
if: ${{ steps.changed_files.outputs.any_changed }} == 'true'
run: |
$files = "${{ env.SANITIZED_FILES }}"
$files = $files.Split("§")
foreach ( $file in $files ) {
Write-Host "$file changed"
if ($file.Contains("azurepolicy.json")) {
Write-Host "$file validated"
Write-Host "Processing file: $file"
.\Scripts\Confirm-PolicyDefinitionIsValid.ps1 -FileName $file
}
}
shell: pwsh