diff --git a/.github/workflows/2-bb-masking-column.yml b/.github/workflows/2-bb-masking-column.yml index 3c28634..eb64ae2 100644 --- a/.github/workflows/2-bb-masking-column.yml +++ b/.github/workflows/2-bb-masking-column.yml @@ -130,7 +130,7 @@ jobs: with: script: | const changedFiles = process.env.CHANGED_FILES || ''; - let commentBody = `### Masking Policy Update Summary\n\n`; + let commentBody = `### Update Column Masking and Exception Summary\n\n`; // Add status of merge commentBody += `✅ **PR Status:** Merged\n\n`; diff --git a/.github/workflows/3-bb-masking-classification.yml b/.github/workflows/3-bb-masking-classification.yml index 5a5bd7f..3dac346 100644 --- a/.github/workflows/3-bb-masking-classification.yml +++ b/.github/workflows/3-bb-masking-classification.yml @@ -88,34 +88,29 @@ jobs: id: apply-global-masking-rule if: ${{ steps.changed-files.outputs.any_changed == 'true' && contains(steps.changed-files.outputs.all_changed_files, 'global-masking-rule-classification.json') }} run: | - # Process all global-masking-rule-classification.json files - echo "${{ steps.changed-files.outputs.all_changed_files }}" | tr ' ' '\n' | grep "global-masking-rule-classification.json" | while read -r CHANGED_FILE; do - echo "Processing: $CHANGED_FILE" - - response=$(curl -s -w "\n%{http_code}" --request PATCH "${{ steps.bytebase-login.outputs.api_url }}/policies/masking_rule?allow_missing=true&update_mask=payload" \ - --header "Authorization: Bearer ${{ steps.bytebase-login.outputs.token }}" \ - --header "Content-Type: application/json" \ - --data @"$CHANGED_FILE") - - # Extract status code and response body - status_code=$(echo "$response" | tail -n1) - body=$(echo "$response" | sed '$d') - - echo "Status code: $status_code" - echo "Response body: $body" - - # Append to outputs (with unique identifiers) - if [[ $status_code -ge 200 && $status_code -lt 300 ]]; then - echo "${body}" >> $GITHUB_OUTPUT - else - echo "Failed with status code: $status_code" - echo "Response body: ${body}" - if [[ $status_code -eq 403 ]]; then - echo "Access denied. Please check your permissions and API token." - fi - exit 1 - fi - done + CHANGED_FILE="masking/global-masking-rule-classification.json" + echo "Processing: $CHANGED_FILE" + + response=$(curl -s -w "\n%{http_code}" --request PATCH "${{ steps.bytebase-login.outputs.api_url }}/policies/masking_rule?allow_missing=true&update_mask=payload" \ + --header "Authorization: Bearer ${{ steps.bytebase-login.outputs.token }}" \ + --data @"$CHANGED_FILE") + + # Extract status code and response body + status_code=$(echo "$response" | tail -n1) + body=$(echo "$response" | sed '$d') + + echo "status_code=${status_code}" >> $GITHUB_OUTPUT + echo "response_body<> $GITHUB_OUTPUT + echo "${body}" >> $GITHUB_OUTPUT + echo "EOF" >> $GITHUB_OUTPUT + + echo "status_code=${status_code}" + echo "response_body=${body}" + + if [[ $status_code -lt 200 || $status_code -ge 300 ]]; then + echo "Failed with status code: $status_code" + exit 1 + fi - name: Apply column masking policy id: apply-column-masking diff --git a/masking/global-masking-rule-classification.json b/masking/global-masking-rule-classification.json index 4ff3dec..b17c7f5 100644 --- a/masking/global-masking-rule-classification.json +++ b/masking/global-masking-rule-classification.json @@ -7,7 +7,7 @@ { "id": "76356d81-6231-4128-9be7-2c549fc505f5", "condition": { - "expression": "classification_level in [\"2\", \"3\"]", + "expression": "classification_level in [\"2\"]", "title": "", "description": "" },