Skip to content

Adding Query Validation Workflow #5514

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
wants to merge 34 commits into
base: main
Choose a base branch
from
Draft

Conversation

ntanwar-sumo
Copy link
Collaborator

@ntanwar-sumo ntanwar-sumo commented Jun 23, 2025

Purpose of this pull request

DO NOT MERGE

Slack: https://sumologic.slack.com/archives/C0S86TM6K/p1750056970482669

Select the type of change

  • Minor Changes - Typos, formatting, slight revisions
  • Update Content - Revisions, updating sections
  • New Content - New features, sections, pages, tutorials
  • Site and Tools - .clabot, version updates, maintenance, dependencies, new packages for the site (Docusaurus, Gatsby, React, etc.)

Ticket (if applicable)

DOCS-934

Copy link

cla-bot bot commented Jun 23, 2025

Thank you for your contribution! As this is an open source project, we require contributors to sign our Contributor License Agreement and do not have yours on file. To proceed with your PR, please sign your name here and we will add you to our approved list of contributors.

Copy link

cla-bot bot commented Jun 23, 2025

Thank you for your contribution! As this is an open source project, we require contributors to sign our Contributor License Agreement and do not have yours on file. To proceed with your PR, please sign your name here and we will add you to our approved list of contributors.

…in permissions

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
Copy link

cla-bot bot commented Jun 23, 2025

Thank you for your contribution! As this is an open source project, we require contributors to sign our Contributor License Agreement and do not have yours on file. To proceed with your PR, please sign your name here and we will add you to our approved list of contributors.

Copy link

cla-bot bot commented Jun 23, 2025

Thank you for your contribution! As this is an open source project, we require contributors to sign our Contributor License Agreement and do not have yours on file. To proceed with your PR, please sign your name here and we will add you to our approved list of contributors.

Copy link

cla-bot bot commented Jun 23, 2025

Thank you for your contribution! As this is an open source project, we require contributors to sign our Contributor License Agreement and do not have yours on file. To proceed with your PR, please sign your name here and we will add you to our approved list of contributors.

Copy link

cla-bot bot commented Jun 23, 2025

Thank you for your contribution! As this is an open source project, we require contributors to sign our Contributor License Agreement and do not have yours on file. To proceed with your PR, please sign your name here and we will add you to our approved list of contributors.

Copy link

cla-bot bot commented Jun 23, 2025

Thank you for your contribution! As this is an open source project, we require contributors to sign our Contributor License Agreement and do not have yours on file. To proceed with your PR, please sign your name here and we will add you to our approved list of contributors.

Copy link

cla-bot bot commented Jun 23, 2025

Thank you for your contribution! As this is an open source project, we require contributors to sign our Contributor License Agreement and do not have yours on file. To proceed with your PR, please sign your name here and we will add you to our approved list of contributors.

Copy link

cla-bot bot commented Jun 23, 2025

Thank you for your contribution! As this is an open source project, we require contributors to sign our Contributor License Agreement and do not have yours on file. To proceed with your PR, please sign your name here and we will add you to our approved list of contributors.

Copy link

cla-bot bot commented Jun 23, 2025

Thank you for your contribution! As this is an open source project, we require contributors to sign our Contributor License Agreement and do not have yours on file. To proceed with your PR, please sign your name here and we will add you to our approved list of contributors.

@ntanwar-sumo
Copy link
Collaborator Author

Copy link

cla-bot bot commented Jun 23, 2025

Thank you for your contribution! As this is an open source project, we require contributors to sign our Contributor License Agreement and do not have yours on file. To proceed with your PR, please sign your name here and we will add you to our approved list of contributors.

Copy link

cla-bot bot commented Jun 23, 2025

Thank you for your contribution! As this is an open source project, we require contributors to sign our Contributor License Agreement and do not have yours on file. To proceed with your PR, please sign your name here and we will add you to our approved list of contributors.

@kimsauce kimsauce added the do-not-merge Pull requests that should not be merged label Jun 24, 2025
@cla-bot cla-bot bot added the cla-signed Contributor approved, listed in .clabot file label Jun 24, 2025
ntanwar-sumo and others added 9 commits June 24, 2025 12:35
Moved the Content-Type header update before setting session auth in SumoLogicClient to ensure headers are set correctly. Also updated a collector example in where.md from ABC4 to ABC5.
Comment on lines 12 to 80
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0 # Required for git diff detection

- name: Check for SQL changes
id: check-sql
run: |
# Get the base commit for comparison
if [ "${{ github.event_name }}" = "pull_request" ]; then
BASE_COMMIT="${{ github.event.pull_request.base.sha }}"
else
# For push events, compare with previous commit
BASE_COMMIT="${{ github.event.before }}"
fi

echo "Base commit: $BASE_COMMIT"
echo "Current commit: ${{ github.sha }}"

# Get changed markdown files
git diff --name-only --diff-filter=AM $BASE_COMMIT...${{ github.sha }} -- '**/*.md' > changed_files.txt

if [ ! -s changed_files.txt ]; then
echo "No markdown files changed"
echo "sql_changed=false" >> $GITHUB_OUTPUT
exit 0
fi

echo "Changed markdown files:"
cat changed_files.txt

# Check if any of the changed files have SQL code block modifications
SQL_CHANGED=false
while IFS= read -r file; do
if [ -f "$file" ]; then
# Check if the diff contains changes to SQL code blocks
if git diff $BASE_COMMIT...${{ github.sha }} -- "$file" | grep -E "^[+-].*\`\`\`(sql|sumo)" > /dev/null; then
echo "SQL code block changes detected in: $file"
SQL_CHANGED=true
fi
fi
done < changed_files.txt

echo "sql_changed=$SQL_CHANGED" >> $GITHUB_OUTPUT
echo "SQL changes detected: $SQL_CHANGED"

- name: Set up Python
if: steps.check-sql.outputs.sql_changed == 'true'
uses: actions/setup-python@v4
with:
python-version: "3.10"

- name: Install dependencies
if: steps.check-sql.outputs.sql_changed == 'true'
run: pip install requests python-dotenv

- name: Validate queries
if: steps.check-sql.outputs.sql_changed == 'true'
working-directory: ./scripts
env:
SUMO_LOGIC_ACCESS_ID: ${{ secrets.SUMO_LOGIC_ACCESS_ID }}
SUMO_LOGIC_ACCESS_KEY: ${{ secrets.SUMO_LOGIC_ACCESS_KEY }}
run: |
python validate_queries.py

- name: Skip validation
if: steps.check-sql.outputs.sql_changed == 'false'
run: echo "No SQL code block changes detected, skipping validation"

Check warning

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {contents: read}

Copilot Autofix

AI 2 days ago

To fix the issue, we will add a permissions block at the root of the workflow file. This block will explicitly define the minimal permissions required for the workflow. Based on the workflow's operations, it only needs contents: read to read files and validate changes. No write permissions are necessary.

The permissions block will be added immediately after the name field in the workflow file.


Suggested changeset 1
.github/workflows/validate-queries.yml

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/.github/workflows/validate-queries.yml b/.github/workflows/validate-queries.yml
--- a/.github/workflows/validate-queries.yml
+++ b/.github/workflows/validate-queries.yml
@@ -1,2 +1,4 @@
 name: SQL Query Validation
+permissions:
+  contents: read
 on:
EOF
@@ -1,2 +1,4 @@
name: SQL Query Validation
permissions:
contents: read
on:
Copilot is powered by AI and may make mistakes. Always verify output.
- Updated where.md with missing reducer functions documentation
- Fixed validate_queries.py to properly detect changed files via git diff
- Prevents processing all 484 files and failing on pre-existing issues
- Improved diff parsing to only extract content from SQL code blocks
- Enhanced SQL query extraction to skip table rows (lines with | delimiters)
- Prevents false positives from Markdown table formatting being treated as SQL
- Enhanced environment variable debugging
- Added changed_files.txt content inspection
- Improved exit handling with clear summary when no files need validation
- Will help identify why 484 files are being processed instead of just changed files
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
cla-signed Contributor approved, listed in .clabot file do-not-merge Pull requests that should not be merged
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants