Adding Query Validation Workflow #5514
Conversation
|
Thank you for your contribution! As this is an open source project, we require contributors to sign our Contributor License Agreement and do not have yours on file. To proceed with your PR, please sign your name here and we will add you to our approved list of contributors. |
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
|
Thank you for your contribution! As this is an open source project, we require contributors to sign our Contributor License Agreement and do not have yours on file. To proceed with your PR, please sign your name here and we will add you to our approved list of contributors. |
…in permissions Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
|
Thank you for your contribution! As this is an open source project, we require contributors to sign our Contributor License Agreement and do not have yours on file. To proceed with your PR, please sign your name here and we will add you to our approved list of contributors. |
|
Thank you for your contribution! As this is an open source project, we require contributors to sign our Contributor License Agreement and do not have yours on file. To proceed with your PR, please sign your name here and we will add you to our approved list of contributors. |
|
Thank you for your contribution! As this is an open source project, we require contributors to sign our Contributor License Agreement and do not have yours on file. To proceed with your PR, please sign your name here and we will add you to our approved list of contributors. |
|
Thank you for your contribution! As this is an open source project, we require contributors to sign our Contributor License Agreement and do not have yours on file. To proceed with your PR, please sign your name here and we will add you to our approved list of contributors. |
|
Thank you for your contribution! As this is an open source project, we require contributors to sign our Contributor License Agreement and do not have yours on file. To proceed with your PR, please sign your name here and we will add you to our approved list of contributors. |
|
Thank you for your contribution! As this is an open source project, we require contributors to sign our Contributor License Agreement and do not have yours on file. To proceed with your PR, please sign your name here and we will add you to our approved list of contributors. |
|
Thank you for your contribution! As this is an open source project, we require contributors to sign our Contributor License Agreement and do not have yours on file. To proceed with your PR, please sign your name here and we will add you to our approved list of contributors. |
|
Thank you for your contribution! As this is an open source project, we require contributors to sign our Contributor License Agreement and do not have yours on file. To proceed with your PR, please sign your name here and we will add you to our approved list of contributors. |
|
When correct query is added: https://github.com/SumoLogic/sumologic-documentation/actions/runs/15831172117 |
|
Thank you for your contribution! As this is an open source project, we require contributors to sign our Contributor License Agreement and do not have yours on file. To proceed with your PR, please sign your name here and we will add you to our approved list of contributors. |
|
Thank you for your contribution! As this is an open source project, we require contributors to sign our Contributor License Agreement and do not have yours on file. To proceed with your PR, please sign your name here and we will add you to our approved list of contributors. |
…ocumentation into doc_pr_validations
Moved the Content-Type header update before setting session auth in SumoLogicClient to ensure headers are set correctly. Also updated a collector example in where.md from ABC4 to ABC5.
| runs-on: ubuntu-latest | ||
| steps: | ||
| - uses: actions/checkout@v4 | ||
| with: | ||
| fetch-depth: 0 # Required for git diff detection | ||
|
|
||
| - name: Check for SQL changes | ||
| id: check-sql | ||
| run: | | ||
| # Get the base commit for comparison | ||
| if [ "${{ github.event_name }}" = "pull_request" ]; then | ||
| BASE_COMMIT="${{ github.event.pull_request.base.sha }}" | ||
| else | ||
| # For push events, compare with previous commit | ||
| BASE_COMMIT="${{ github.event.before }}" | ||
| fi | ||
|
|
||
| echo "Base commit: $BASE_COMMIT" | ||
| echo "Current commit: ${{ github.sha }}" | ||
|
|
||
| # Get changed markdown files | ||
| git diff --name-only --diff-filter=AM $BASE_COMMIT...${{ github.sha }} -- '**/*.md' > changed_files.txt | ||
|
|
||
| if [ ! -s changed_files.txt ]; then | ||
| echo "No markdown files changed" | ||
| echo "sql_changed=false" >> $GITHUB_OUTPUT | ||
| exit 0 | ||
| fi | ||
|
|
||
| echo "Changed markdown files:" | ||
| cat changed_files.txt | ||
|
|
||
| # Check if any of the changed files have SQL code block modifications | ||
| SQL_CHANGED=false | ||
| while IFS= read -r file; do | ||
| if [ -f "$file" ]; then | ||
| # Check if the diff contains changes to SQL code blocks | ||
| if git diff $BASE_COMMIT...${{ github.sha }} -- "$file" | grep -E "^[+-].*\`\`\`(sql|sumo)" > /dev/null; then | ||
| echo "SQL code block changes detected in: $file" | ||
| SQL_CHANGED=true | ||
| fi | ||
| fi | ||
| done < changed_files.txt | ||
|
|
||
| echo "sql_changed=$SQL_CHANGED" >> $GITHUB_OUTPUT | ||
| echo "SQL changes detected: $SQL_CHANGED" | ||
|
|
||
| - name: Set up Python | ||
| if: steps.check-sql.outputs.sql_changed == 'true' | ||
| uses: actions/setup-python@v4 | ||
| with: | ||
| python-version: "3.10" | ||
|
|
||
| - name: Install dependencies | ||
| if: steps.check-sql.outputs.sql_changed == 'true' | ||
| run: pip install requests python-dotenv | ||
|
|
||
| - name: Validate queries | ||
| if: steps.check-sql.outputs.sql_changed == 'true' | ||
| working-directory: ./scripts | ||
| env: | ||
| SUMO_LOGIC_ACCESS_ID: ${{ secrets.SUMO_LOGIC_ACCESS_ID }} | ||
| SUMO_LOGIC_ACCESS_KEY: ${{ secrets.SUMO_LOGIC_ACCESS_KEY }} | ||
| run: | | ||
| python validate_queries.py | ||
|
|
||
| - name: Skip validation | ||
| if: steps.check-sql.outputs.sql_changed == 'false' | ||
| run: echo "No SQL code block changes detected, skipping validation" |
Check warning
Code scanning / CodeQL
Workflow does not contain permissions Medium
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 9 days ago
To fix the issue, we will add a permissions block at the root of the workflow file. This block will explicitly define the minimal permissions required for the workflow. Based on the workflow's operations, it only needs contents: read to read files and validate changes. No write permissions are necessary.
The permissions block will be added immediately after the name field in the workflow file.
| @@ -1,2 +1,4 @@ | ||
| name: SQL Query Validation | ||
| permissions: | ||
| contents: read | ||
| on: |
- Updated where.md with missing reducer functions documentation - Fixed validate_queries.py to properly detect changed files via git diff - Prevents processing all 484 files and failing on pre-existing issues
- Improved diff parsing to only extract content from SQL code blocks - Enhanced SQL query extraction to skip table rows (lines with | delimiters) - Prevents false positives from Markdown table formatting being treated as SQL
- Enhanced environment variable debugging - Added changed_files.txt content inspection - Improved exit handling with clear summary when no files need validation - Will help identify why 484 files are being processed instead of just changed files
Purpose of this pull request
DO NOT MERGE
Slack: https://sumologic.slack.com/archives/C0S86TM6K/p1750056970482669
Select the type of change
Ticket (if applicable)
DOCS-934