bytebase · adela-bytebase · Jan 16, 2025 · Jan 16, 2025
diff --git a/.github/workflows/2-bb-masking-column.yml b/.github/workflows/2-bb-masking-column.yml
@@ -130,7 +130,7 @@ jobs:
         with:
           script: |
             const changedFiles = process.env.CHANGED_FILES || '';
-            let commentBody = `### Masking Policy Update Summary\n\n`;
+            let commentBody = `### Update Column Masking and Exception Summary\n\n`;
 
             // Add status of merge
             commentBody += `✅ **PR Status:** Merged\n\n`;

diff --git a/.github/workflows/3-bb-masking-classification.yml b/.github/workflows/3-bb-masking-classification.yml
@@ -88,34 +88,29 @@ jobs:
         id: apply-global-masking-rule
         if: ${{ steps.changed-files.outputs.any_changed == 'true' && contains(steps.changed-files.outputs.all_changed_files, 'global-masking-rule-classification.json') }}
         run: |
-          # Process all global-masking-rule-classification.json files
-          echo "${{ steps.changed-files.outputs.all_changed_files }}" | tr ' ' '\n' | grep "global-masking-rule-classification.json" | while read -r CHANGED_FILE; do
-            echo "Processing: $CHANGED_FILE"
-
-            response=$(curl -s -w "\n%{http_code}" --request PATCH "${{ steps.bytebase-login.outputs.api_url }}/policies/masking_rule?allow_missing=true&update_mask=payload" \
-              --header "Authorization: Bearer ${{ steps.bytebase-login.outputs.token }}" \
-              --header "Content-Type: application/json" \
-              --data @"$CHANGED_FILE")
-
-            # Extract status code and response body
-            status_code=$(echo "$response" | tail -n1)
-            body=$(echo "$response" | sed '$d')
-
-            echo "Status code: $status_code"
-            echo "Response body: $body"
-
-            # Append to outputs (with unique identifiers)
-            if [[ $status_code -ge 200 && $status_code -lt 300 ]]; then
-              echo "${body}" >> $GITHUB_OUTPUT
-            else
-              echo "Failed with status code: $status_code"
-              echo "Response body: ${body}"
-              if [[ $status_code -eq 403 ]]; then
-                echo "Access denied. Please check your permissions and API token."
-              fi
-              exit 1
-            fi
-          done
+          CHANGED_FILE="masking/global-masking-rule-classification.json"     
+          echo "Processing: $CHANGED_FILE"
+
+          response=$(curl -s -w "\n%{http_code}" --request PATCH "${{ steps.bytebase-login.outputs.api_url }}/policies/masking_rule?allow_missing=true&update_mask=payload" \
+            --header "Authorization: Bearer ${{ steps.bytebase-login.outputs.token }}" \
+            --data @"$CHANGED_FILE")
+
+          # Extract status code and response body
+          status_code=$(echo "$response" | tail -n1)
+          body=$(echo "$response" | sed '$d')
+
+          echo "status_code=${status_code}" >> $GITHUB_OUTPUT
+          echo "response_body<<EOF" >> $GITHUB_OUTPUT
+          echo "${body}" >> $GITHUB_OUTPUT
+          echo "EOF" >> $GITHUB_OUTPUT
+
+          echo "status_code=${status_code}"
+          echo "response_body=${body}"
+
+          if [[ $status_code -lt 200 || $status_code -ge 300 ]]; then
+            echo "Failed with status code: $status_code"
+            exit 1
+          fi
 
       - name: Apply column masking policy
         id: apply-column-masking

diff --git a/masking/global-masking-rule-classification.json b/masking/global-masking-rule-classification.json
@@ -7,7 +7,7 @@
       {
         "id": "76356d81-6231-4128-9be7-2c549fc505f5",
         "condition": {
-          "expression": "classification_level in [\"2\", \"3\"]",
+          "expression": "classification_level in [\"2\"]",
           "title": "",
           "description": ""
         },