-
Notifications
You must be signed in to change notification settings - Fork 6
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Eureka permission changes -- validate module descriptor (#825)
* ci: Turn on validate workflow in order to change module descriptor perms to fit Eureka shape * ci: Format JSON in ModuleDescriptor * chore: Bring refdata perms in line with licenses PR: folio-org/mod-licenses#271 * chore: Bring custom properties permissions in line with licenses PR * docs: Added section to README about how to run the validator locally should a developer wish to do so * chore: Change clone permission to match licenses PR * chore: Change `erm.admin.action` to match licenses PR (No group so is likely surfaced elsewhere and may require changes) * chore: STS permissions cleanup * chore: Job permission tweaks (Added logging granular perms, added fileobject perm, added logging perm group) * refactor: Whitsepace change in URLMappings Not real change, just changing out whitespace for consistency * chore: Cleanup jobs by type permission * chore: Cleanup entitlementOptions perms (separate granular permission for static vs dynamic endpoints) * chore: Added property specific KB validate permission to protect that endpoint * chore: Tweak to resources on an agreement perms * chore: Tweak export permission setup -- This feels pretty gross, multiple ways to get exactly the same stuff * Tweak electronic vs all resource collection get * chore: Change package content permissions and package sorce get permissions * chore: Extend to add usage data providers collection perm--need to check that it makes sense to include that in agrement view perm * chore: Add separate perm for related entitlements * chore: Log entry permission Added separate logEntry colleciton permission * chore: Added separate validate permission for subscription agreement property level endpoint * chore: linkedLicenses collection permission (Check with Owen whether to include that in permission group or not) * chore: linkedLicenses collection permission (Check with Owen whether to include that in permission group or not) * chore: Tweak electronic titles permission * chore: Add "replaces" for refdata permissions, and dot separates * chore: Added replaces for erm.admin.action * chore: All Module Descriptor changes discussed on call with Owen * chore: More module des descriptor tweaks * chore: Final module descriptor tweaks * chore: Accidentally didn't change over all contexts perms to "collection" basis
- Loading branch information
1 parent
daf3bcd
commit 76e7fe9
Showing
4 changed files
with
1,258 additions
and
454 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,71 +1,71 @@ | ||
# name: Validate module | ||
name: Validate module | ||
|
||
# on: | ||
# push: | ||
on: | ||
push: | ||
|
||
# jobs: | ||
# run: | ||
# name: Validate module descriptor | ||
# runs-on: ubuntu-latest | ||
# steps: | ||
# - name: Checkout repository | ||
# uses: actions/checkout@v4 | ||
# - name: Get Pull Request Number | ||
# id: pr_number | ||
# run: echo "pull_request_number=$(gh pr view --json number -q .number || echo "")" >> $GITHUB_OUTPUT | ||
# env: | ||
# GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
# - name: Setup java | ||
# uses: actions/setup-java@v4 | ||
# with: | ||
# distribution: 'temurin' # See 'Supported distributions' for available options | ||
# java-version: '17' | ||
# - name: Set up Maven | ||
# uses: stCarolas/setup-maven@v5 | ||
# with: | ||
# maven-version: 3.8.2 | ||
# - name: Set up settings file | ||
# uses: 1arp/[email protected] | ||
# with: | ||
# path: 'service' | ||
# file: 'settings.xml' | ||
# content: | ||
# <settings> | ||
# <profiles> | ||
# <profile> | ||
# <id>folioMavenProfile</id> | ||
# <pluginRepositories> | ||
# <pluginRepository> | ||
# <id>folio-nexus</id> | ||
# <name>FOLIO Maven repository</name> | ||
# <url>https://repository.folio.org/repository/maven-folio</url> | ||
# </pluginRepository> | ||
# </pluginRepositories> | ||
# </profile> | ||
# </profiles> | ||
# <activeProfiles> | ||
# <activeProfile>folioMavenProfile</activeProfile> | ||
# </activeProfiles> | ||
# </settings> | ||
# - name: Run validator | ||
# run: mvn org.folio:folio-module-descriptor-validator:1.0.0:validate -DmoduleDescriptorFile=service/src/main/okapi/ModuleDescriptor-template.json -s service/settings.xml -l validate_module_descriptor_output.txt | ||
# - name: Upload validator result | ||
# uses: actions/upload-artifact@v4 | ||
# if: always() | ||
# with: | ||
# name: validate_module_descriptor_output | ||
# path: | | ||
# validate_module_descriptor_output.txt | ||
# retention-days: 1 | ||
# - name: Setup validate_module_descriptor_errors file | ||
# if: failure() | ||
# run: echo "$(cat validate_module_descriptor_output.txt)" | egrep "\[ERROR\]\s*(\"key\"|\"value\")" | sed 's/\[ERROR\]\(\s*\)//;s/\"value\"\(\s*\):\(\s*\)\(.*\)/\3\n/;s/"key\"\(\s*\):\(\s*\)\(.*\)/\3/' | tee validate_module_descriptor_errors.txt | ||
# - name: Comment failures on PR | ||
# if: failure() | ||
# run: | | ||
# # Use GitHub API to create a comment on the PR | ||
# PR_NUMBER=${{ steps.pr_number.outputs.pull_request_number }} | ||
# GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }} | ||
# COMMENT_URL="https://api.github.com/repos/${{ github.repository }}/issues/${PR_NUMBER}/comments" | ||
# echo "SENDING TO: $COMMENT_URL" | ||
# curl -s -H "Authorization: token ${GITHUB_TOKEN}" -X POST $COMMENT_URL --data "{ \"body\": $(cat validate_module_descriptor_errors.txt | jq -Rs) }" | ||
jobs: | ||
run: | ||
name: Validate module descriptor | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Checkout repository | ||
uses: actions/checkout@v4 | ||
- name: Get Pull Request Number | ||
id: pr_number | ||
run: echo "pull_request_number=$(gh pr view --json number -q .number || echo "")" >> $GITHUB_OUTPUT | ||
env: | ||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
- name: Setup java | ||
uses: actions/setup-java@v4 | ||
with: | ||
distribution: 'temurin' # See 'Supported distributions' for available options | ||
java-version: '17' | ||
- name: Set up Maven | ||
uses: stCarolas/setup-maven@v5 | ||
with: | ||
maven-version: 3.8.2 | ||
- name: Set up settings file | ||
uses: 1arp/[email protected] | ||
with: | ||
path: 'service' | ||
file: 'settings.xml' | ||
content: | ||
<settings> | ||
<profiles> | ||
<profile> | ||
<id>folioMavenProfile</id> | ||
<pluginRepositories> | ||
<pluginRepository> | ||
<id>folio-nexus</id> | ||
<name>FOLIO Maven repository</name> | ||
<url>https://repository.folio.org/repository/maven-folio</url> | ||
</pluginRepository> | ||
</pluginRepositories> | ||
</profile> | ||
</profiles> | ||
<activeProfiles> | ||
<activeProfile>folioMavenProfile</activeProfile> | ||
</activeProfiles> | ||
</settings> | ||
- name: Run validator | ||
run: mvn org.folio:folio-module-descriptor-validator:1.0.0:validate -DmoduleDescriptorFile=service/src/main/okapi/ModuleDescriptor-template.json -s service/settings.xml -l validate_module_descriptor_output.txt | ||
- name: Upload validator result | ||
uses: actions/upload-artifact@v4 | ||
if: always() | ||
with: | ||
name: validate_module_descriptor_output | ||
path: | | ||
validate_module_descriptor_output.txt | ||
retention-days: 1 | ||
- name: Setup validate_module_descriptor_errors file | ||
if: failure() | ||
run: echo "$(cat validate_module_descriptor_output.txt)" | egrep "\[ERROR\]\s*(\"key\"|\"value\")" | sed 's/\[ERROR\]\(\s*\)//;s/\"value\"\(\s*\):\(\s*\)\(.*\)/\3\n/;s/"key\"\(\s*\):\(\s*\)\(.*\)/\3/' | tee validate_module_descriptor_errors.txt | ||
- name: Comment failures on PR | ||
if: failure() | ||
run: | | ||
# Use GitHub API to create a comment on the PR | ||
PR_NUMBER=${{ steps.pr_number.outputs.pull_request_number }} | ||
GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }} | ||
COMMENT_URL="https://api.github.com/repos/${{ github.repository }}/issues/${PR_NUMBER}/comments" | ||
echo "SENDING TO: $COMMENT_URL" | ||
curl -s -H "Authorization: token ${GITHUB_TOKEN}" -X POST $COMMENT_URL --data "{ \"body\": $(cat validate_module_descriptor_errors.txt | jq -Rs) }" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.