From 215927eb4ea6b2fac287c76904d4fead6a4470e8 Mon Sep 17 00:00:00 2001 From: OP3ratordec <1914592563@qq.com> Date: Wed, 4 Dec 2024 17:11:12 +0800 Subject: [PATCH 1/2] test --- masking/data-classification.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/masking/data-classification.json b/masking/data-classification.json index d2caa69..9958df4 100644 --- a/masking/data-classification.json +++ b/masking/data-classification.json @@ -8,7 +8,7 @@ "levels": [ { "id": "1", - "title": "Level 1", + "title": "Level 01", "description": "" }, { From f70cda873f97c105d1b0d53f53dd713a683d61cf Mon Sep 17 00:00:00 2001 From: OP3ratordec <1914592563@qq.com> Date: Wed, 4 Dec 2024 17:35:03 +0800 Subject: [PATCH 2/2] chore: masking-3 update --- .github/workflows/bb-masking-3.yml | 172 +++++++++++++++++++++++++++++ masking/data-classification.json | 2 +- 2 files changed, 173 insertions(+), 1 deletion(-) create mode 100644 .github/workflows/bb-masking-3.yml diff --git a/.github/workflows/bb-masking-3.yml b/.github/workflows/bb-masking-3.yml new file mode 100644 index 0000000..c898f99 --- /dev/null +++ b/.github/workflows/bb-masking-3.yml @@ -0,0 +1,172 @@ +name: Bytebase Masking Policy Update 3 +on: + pull_request: + types: [closed] + branches: + - main + workflow_dispatch: + +jobs: + bytebase-masking-3: + if: github.event.pull_request.merged == true + runs-on: ubuntu-latest + permissions: + pull-requests: write + issues: write + contents: read + steps: + - name: Checkout code + uses: actions/checkout@v4 + with: + ref: ${{ github.event.pull_request.head.sha }} + fetch-depth: 0 + + - name: Login Bytebase + id: bytebase-login + uses: bytebase/login-action@0.0.2 + with: + bytebase-url: ${{ secrets.BYTEBASE_URL }} + service-key: ${{ secrets.BYTEBASE_SERVICE_KEY }} + service-secret: ${{ secrets.BYTEBASE_SERVICE_SECRET }} + + - name: Get changed files + id: changed-files + uses: tj-actions/changed-files@v42 + with: + files: | + masking/data-classification.json + masking/global-masking-rule.json + since_last_remote_commit: true + fetch_depth: 0 + include_all_old_new_renamed_files: true + + - name: Debug changed files + run: | + echo "All changed and added files:" + echo "Modified files: ${{ steps.changed-files.outputs.modified_files }}" + echo "Added files: ${{ steps.changed-files.outputs.added_files }}" + echo "All changes: ${{ steps.changed-files.outputs.all_changed_files }}" + + - name: Debug changed files in detail + run: | + echo "All changed files:" + echo "${{ steps.changed-files.outputs.all_changed_files }}" + echo "Contains data-classification.json: ${{ contains(steps.changed-files.outputs.all_changed_files, 'data-classification.json') }}" + echo "Contains global-masking-rule.json: ${{ contains(steps.changed-files.outputs.all_changed_files, 'global-masking-rule.json') }}" + echo "Raw output:" + echo "${{ toJSON(steps.changed-files.outputs) }}" + + - name: Apply data classification + id: apply-data-classification + if: ${{ steps.changed-files.outputs.any_changed == 'true' && contains(steps.changed-files.outputs.all_changed_files, 'data-classification.json') }} + run: | + CHANGED_FILE="masking/data-classification.json" + echo "Processing: $CHANGED_FILE" + + response=$(curl -s -w "\n%{http_code}" --request PATCH "${{ steps.bytebase-login.outputs.api_url }}/settings/bb.workspace.data-classification?allow_missing=true" \ + --header "Authorization: Bearer ${{ steps.bytebase-login.outputs.token }}" \ + --header "Content-Type: application/json" \ + --data @"$CHANGED_FILE") + + # Extract status code and response body + status_code=$(echo "$response" | tail -n1) + body=$(echo "$response" | sed '$d') + + echo "status_code=${status_code}" >> $GITHUB_OUTPUT + echo "response_body<> $GITHUB_OUTPUT + echo "${body}" >> $GITHUB_OUTPUT + echo "EOF" >> $GITHUB_OUTPUT + + if [[ $status_code -lt 200 || $status_code -ge 300 ]]; then + echo "Failed with status code: $status_code" + exit 1 + fi + + - name: Apply semantic type + id: apply-global-masking-rule + if: ${{ steps.changed-files.outputs.any_changed == 'true' && contains(steps.changed-files.outputs.all_changed_files, '/global-masking-rule.json') }} + run: | + # Process all masking-exception.json files + echo "${{ steps.changed-files.outputs.all_changed_files }}" | tr ' ' '\n' | grep "global-masking-exception.json" | while read -r CHANGED_FILE; do + echo "Processing: $CHANGED_FILE" + + response=$(curl -s -w "\n%{http_code}" --request PATCH "${{ steps.bytebase-login.outputs.api_url }}/settings/bb.workspace.semantic-types?allow_missing=true" \ + --header "Authorization: Bearer ${{ steps.bytebase-login.outputs.token }}" \ + --header "Content-Type: application/json" \ + --data @"$CHANGED_FILE") + + # Extract status code and response body + status_code=$(echo "$response" | tail -n1) + body=$(echo "$response" | sed '$d') + + echo "Status code: $status_code" + echo "Response body: $body" + + # Append to outputs (with unique identifiers) + echo "${body}" >> $GITHUB_OUTPUT + echo "EOF" >> $GITHUB_OUTPUT + + if [[ $status_code -lt 200 || $status_code -ge 300 ]]; then + echo "Failed with status code: $status_code" + exit 1 + fi + done + + - name: Comment on PR + uses: actions/github-script@v7 + env: + CHANGED_FILES: ${{ steps.changed-files.outputs.all_changed_files }} + with: + script: | + const changedFiles = process.env.CHANGED_FILES || ''; + let commentBody = `### Masking Policy Update 2 Summary\n\n`; + + // Add status of merge + commentBody += `✅ **PR Status:** Merged\n\n`; + + // Add changed files section + commentBody += `📝 **Changed Files:**\n\n`; + if (changedFiles.trim()) { + commentBody += changedFiles.split(' ').map(f => `- ${f}`).join('\n'); + } else { + commentBody += `None`; + } + commentBody += '\n\n'; + + // Add API calls summary + commentBody += `🔄 **API Calls:**\n\n`; + let apiCallsFound = false; + + if (changedFiles.includes('masking-algorithm.json')) { + const status = ${{ toJSON(steps.apply-masking-algorithm.outputs) }}.status_code; + if (status) { + apiCallsFound = true; + const success = status >= 200 && status < 300; + commentBody += `- Column Masking: ${success ? '✅' : '❌'} ${status}\n`; + } + } + + if (changedFiles.includes('semantic-type.json')) { + const exceptionStatuses = Object.keys(${{ toJSON(steps.apply-semantic-type.outputs) }} || {}) + .filter(key => key.startsWith('status_code_')) + .map(key => ({ + name: key.replace('status_code_', ''), + status: ${{ toJSON(steps.apply-semantic-type.outputs) }}[key] + })); + + exceptionStatuses.forEach(({name, status}) => { + apiCallsFound = true; + const success = status >= 200 && status < 300; + commentBody += `- Masking Exception (${name}): ${success ? '✅' : '❌'} ${status}\n`; + }); + } + + if (!apiCallsFound) { + commentBody += `None`; + } + + await github.rest.issues.createComment({ + ...context.repo, + issue_number: context.issue.number, + body: commentBody + }); diff --git a/masking/data-classification.json b/masking/data-classification.json index 9958df4..d2caa69 100644 --- a/masking/data-classification.json +++ b/masking/data-classification.json @@ -8,7 +8,7 @@ "levels": [ { "id": "1", - "title": "Level 01", + "title": "Level 1", "description": "" }, {