added API linting workflow #9
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Basic Tyk API + Policies validation triggered on any PR requests. The idea of this workflow is to validate specific field requirements | |
| # or enforce governance to make sure specific custom plugins are used or formats | |
| name: Tyk Schema Validation | |
| # Perform the Tyk schema validation only on PR requests | |
| on: | |
| pull_request: | |
| paths: | |
| - 'dev/**' | |
| - 'stg/**' | |
| - 'prod/**' | |
| # workflow_dispatch: | |
| # inputs: | |
| # environment: | |
| # type: choice | |
| # options: | |
| # - stg | |
| # - prod | |
| workflow_call: | |
| inputs: | |
| environment: | |
| type: string | |
| jobs: | |
| schema-linter-and-validation: | |
| runs-on: ubuntu-latest | |
| steps: | |
| # Check out the current repo and fetch only the current commits (JTBD) | |
| - name: 'Checkout Repository' | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 1 | |
| # List the content that exists within the repo to validate the files | |
| - name: 'List Repository Contents' | |
| run: | | |
| ls -la | |
| pwd | |
| # Install JQ library used to introspect the API and Policy definitions | |
| - name: 'Install JQ Library' | |
| uses: dcarbone/install-jq-action@v2 | |
| - name: 'Check JQ Library' | |
| run: | | |
| which jq | |
| jq --version | |
| - name: Determine Environment | |
| id: determine_environment | |
| run: | | |
| if [[ "${{ github.event_name }}" == "workflow_call" ]]; then | |
| # Workflow called with an input | |
| echo "environment=${{ inputs.environment }}" >> $GITHUB_ENV | |
| elif [[ "${{ github.event_name }}" == "workflow_dispatch" ]]; then | |
| # Workflow called with an input | |
| echo "environment=${{ inputs.environment }}" >> $GITHUB_ENV | |
| elif [[ "${{ github.event_name }}" == "pull_request" ]]; then | |
| # Determine which directory to process based on modified files | |
| MODIFIED_FILES=$(git diff --name-only ${{ github.event.before }} ${{ github.event.after }}) | |
| echo $MODIFIED_FILES | |
| if echo "$MODIFIED_FILES" | grep -q '^stg/'; then | |
| echo "environment=stg" >> $GITHUB_ENV | |
| elif echo "$MODIFIED_FILES" | grep -q '^/prod/'; then | |
| echo "environment=prod" >> $GITHUB_ENV | |
| else | |
| echo "Error: No relevant files modified in the pull request." >&2 | |
| echo "environment=dev" >> $GITHUB_ENV | |
| fi | |
| fi | |
| - name: Lint API Definitions | |
| uses: stoplightio/spectral-action@latest | |
| with: | |
| file_glob: ${{ env.environment }}/apis/api-*.json | |
| spectral_ruleset: ${{ env.environment }}/tykapi-ruleset.yaml | |
| continue-on-error: true | |
| # # Tyk API Linting and API Governance for Minimum Required Fields | |
| # - name: 'Validate min fields for APIs and Policies' | |
| # run: | | |
| # cd ./dev | |
| # for file in $(find . -name "*.json"); do | |
| # echo "Validating API/Policy definition $file" | |
| # # Check if target_url is valid and not empty | |
| # if jq -e '.proxy.target_url | length > 0' "$file" > /dev/null; then | |
| # echo "$file contains a valid proxy.target_url." | |
| # target_url=$(jq -r '.proxy.target_url' "$file") | |
| # echo "proxy.target_url: $target_url" | |
| # else | |
| # echo "$file does NOT contain a valid proxy.target_url." | |
| # exit 1 | |
| # fi | |
| # # Check if either JWT auth or or MutuatTLS is enabled | |
| # if jq -e '.enable_jwt == true or .auth_configs.use_mutual_tls_auth == true' "$file" > /dev/null; then | |
| # echo "$file has either enable_jwt or auth_configs.use_mutual_tls_auth set to true." | |
| # else | |
| # echo "$file does NOT have either enable_jwt or auth_configs.use_mutual_tls_auth set to true." | |
| # exit 1 | |
| # fi | |
| # done |