Add PR validation workflow (#480)

* Basic test workflow

* Add tests

* Change let to const

* Add workflow trigger on push

* Broaden PR trigger

Author: pilor

.eslintrc.json

@@ -0,0 +1,28 @@
+{
+    "env": {
+        "es6": true,
+        "node": true,
+        "jest": true
+    },
+    "extends": [
+        "standard"
+    ],
+    "globals": {
+        "Atomics": "readonly",
+        "SharedArrayBuffer": "readonly"
+    },
+    "parserOptions": {
+        "ecmaVersion": 2018,
+        "sourceType": "script"
+    },
+    "rules": {
+        "indent": [ "warn", 3 ],
+        "semi": [ "error", "always" ],
+        "space-before-function-paren": [ "error", {
+            "anonymous": "never",
+            "named": "never",
+            "asyncArrow": "always"
+        }],
+        "prefer-const": "off"
+    }
+}

.github/workflows/verifyPolicySamples.yml

@@ -0,0 +1,10 @@
+name: "verify-policy-samples"
+on: [pull_request, push]
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v1
+    - run: npm ci
+    - run: npm test

jsconfig.json

@@ -0,0 +1,5 @@
+{
+   "typeAcquisition": {
+      "include": [ "jest" ]
+   }
+}

package-lock.json

@@ -0,0 +1,30 @@
+{
+  "name": "azure-policy",
+  "version": "1.0.0",
+  "description": "{{description}}",
+  "main": "index.js",
+  "scripts": {
+    "test": "jest"
+  },
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/Azure/azure-policy.git"
+  },
+  "keywords": [],
+  "author": "",
+  "license": "MIT",
+  "bugs": {
+    "url": "https://github.com/Azure/azure-policy/issues"
+  },
+  "homepage": "https://github.com/Azure/azure-policy#readme",
+  "dependencies": {},
+  "devDependencies": {
+    "eslint": "^6.5.1",
+    "eslint-config-standard": "^14.1.0",
+    "eslint-plugin-import": "^2.18.2",
+    "eslint-plugin-node": "^10.0.0",
+    "eslint-plugin-promise": "^4.2.1",
+    "eslint-plugin-standard": "^4.0.1",
+    "jest": "^24.9.0"
+  }
+}

package.json

@@ -4,7 +4,7 @@
       "mode": "Indexed",
       "description": "This policy ensures that Threat Detection is enabled on SQL Servers.",
       "metadata": {
-         "category": "SQL",
+         "category": "SQL"
       },
       "parameters": {},
       "policyRule": {

samples/SQL/deploy-sql-server-threat-detection/azurepolicy.json

@@ -0,0 +1,93 @@
+const fsasync = require('fs').promises;
+const fs = require('fs');
+const path = require('path');
+
+const samplesRootPath = path.join(__dirname, '..');
+
+// These directories are excluded from samples tests
+const excludedDirectories = [
+   path.join(samplesRootPath, '__tests__', '**').toUpperCase(),
+   path.join(samplesRootPath, 'GuestConfiguration', 'package-samples', '**').toUpperCase(),
+   path.join(samplesRootPath, 'KubernetesService', '**').toUpperCase()
+];
+
+// Directories with these file type are excluded from samples tests
+const excludedFileExtensions = [
+   '.REGO'
+];
+
+const samplesDirectories = [];
+
+function getFilePaths(rootDirPath) {
+   const entryPaths = fs.readdirSync(rootDirPath).map(entry => path.join(rootDirPath, entry));
+   const filePaths = entryPaths.filter(entryPath => fs.statSync(entryPath).isFile());
+   const dirPaths = entryPaths.filter(entryPath => !filePaths.includes(entryPath));
+   const dirFiles = dirPaths.reduce((prev, curr) => prev.concat(getFilePaths(curr)), []);
+   return [...filePaths, ...dirFiles];
+}
+
+// Get the full set of directory paths containing policy samples
+let allSamplesFiles = getFilePaths(samplesRootPath);
+let samplesDirectoriesByPath = {};
+allSamplesFiles.forEach(filePath => {
+   let containingDirPath = path.dirname(filePath);
+
+   // Exclude some directories and files that are deemed 'special content'
+   for (const excludedDir of excludedDirectories) {
+      if ((excludedDir.endsWith('**') && containingDirPath.toUpperCase().startsWith(excludedDir.substr(0, excludedDir.length - 3))) || containingDirPath.toUpperCase() === excludedDir) {
+         return;
+      }
+   }
+
+   if (excludedFileExtensions.includes(path.extname(filePath).toUpperCase())) {
+      return;
+   }
+
+   if (!samplesDirectoriesByPath[containingDirPath]) {
+      samplesDirectoriesByPath[containingDirPath] = [filePath];
+   } else {
+      samplesDirectoriesByPath[containingDirPath].push(filePath);
+   }
+});
+
+for (const dirPath in samplesDirectoriesByPath) {
+   samplesDirectories.push([dirPath, samplesDirectoriesByPath[dirPath]]);
+}
+
+// Validates that each samples directory contains the expected files
+test.each(samplesDirectories)('Validate directory structure: %s', (dirPath, filePaths) => {
+   const expectedPolicyDefinitionFiles = [
+      path.join(dirPath, 'azurepolicy.json'),
+      path.join(dirPath, 'azurepolicy.parameters.json'),
+      path.join(dirPath, 'azurepolicy.rules.json'),
+      path.join(dirPath, 'README.md')
+   ];
+
+   const expectedPolicySetFiles = [
+      path.join(dirPath, 'azurepolicyset.json'),
+      path.join(dirPath, 'azurepolicyset.parameters.json'),
+      path.join(dirPath, 'azurepolicyset.definitions.json'),
+      path.join(dirPath, 'README.md')
+   ];
+
+   // Special case samples dirs that only contain markdown
+   if (filePaths.every(filePath => path.extname(filePath).toUpperCase() === '.MD')) {
+      return;
+   }
+
+   if (filePaths.some(filePath => path.basename(filePath, '.json').toUpperCase() === 'AZUREPOLICYSET')) {
+      expect(filePaths).toEqual(expect.arrayContaining(expectedPolicySetFiles));
+   } else {
+      expect(filePaths).toEqual(expect.arrayContaining(expectedPolicyDefinitionFiles));
+   }
+});
+
+// Validates that all JSON files are valid JSON (not necessarily valid policy entities though)
+test.each(samplesDirectories.map(dirSet => dirSet[1]))('Validate JSON can be parsed: %s', async (filePath) => {
+   if (path.extname(filePath).toUpperCase() !== '.JSON') {
+      return;
+   }
+
+   let fileContent = await fsasync.readFile(filePath);
+   JSON.parse(fileContent);
+});