Generic policy to protect an array of resource types from accidental or malicious deletion #198
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Confirm Policy Definition is valid | |
| on: | |
| pull_request: | |
| branches: | |
| - main | |
| jobs: | |
| validate_policy_definition: | |
| runs-on: ubuntu-latest | |
| name: Validate Policy Definition | |
| permissions: | |
| pull-requests: read | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Get changed files | |
| id: changed_files | |
| uses: tj-actions/changed-files@v42.0.2 | |
| with: | |
| separator: "§" # Character not used within a file name or path | |
| safe_output: true # Enable safe_output for security | |
| - name: Sanitize file paths | |
| id: sanitize_paths | |
| shell: pwsh | |
| run: | | |
| $files = "${{ steps.changed_files.outputs.all_changed_files }}".Replace('\§', '§').TrimEnd('\') | |
| echo "Sanitized files: $files" | |
| # Use Environment Files to set the output | |
| echo "SANITIZED_FILES=$files" | Out-File -FilePath $Env:GITHUB_ENV -Append -Encoding utf8 | |
| - name: Debug output for sanitized changed files | |
| run: | | |
| echo "Sanitized changed files: $SANITIZED_FILES" | |
| shell: pwsh | |
| env: | |
| SANITIZED_FILES: ${{ env.SANITIZED_FILES }} | |
| - name: Run if changed files are found | |
| if: ${{ steps.changed_files.outputs.any_changed }} == 'true' | |
| run: | | |
| $files = "${{ env.SANITIZED_FILES }}" | |
| $files = $files.Split("§") | |
| foreach ( $file in $files ) { | |
| Write-Host "$file changed" | |
| if ($file.Contains("azurepolicy.json")) { | |
| Write-Host "$file validated" | |
| Write-Host "Processing file: $file" | |
| .\Scripts\Confirm-PolicyDefinitionIsValid.ps1 -FileName $file | |
| } | |
| } | |
| shell: pwsh |