superset icon indicating copy to clipboard operation
superset copied to clipboard
Published 6 days ago verified publisher icon apache

feat(ci): add GitHub Action to track role permission changes

Open eschutho opened this issue 1 week ago • 5 comments

Add a new workflow that automatically detects and reports changes to role-defining constants in the security manager. This helps reviewers understand the permission impact of PRs.

The workflow:

  • Triggers on PRs that modify security-related files
  • Extracts role definitions from both base and head commits
  • Generates a diff report highlighting added/removed permissions
  • Posts a comment on the PR with the changes

New scripts:

  • scripts/extract_role_definitions.py: Parses the security manager to extract role-defining constants without requiring a database
  • scripts/compare_role_definitions.py: Compares two definitions and generates markdown, JSON, or text reports

SUMMARY

BEFORE/AFTER SCREENSHOTS OR ANIMATED GIF

TESTING INSTRUCTIONS

ADDITIONAL INFORMATION

  • [ ] Has associated issue:
  • [ ] Required feature flags:
  • [ ] Changes UI
  • [ ] Includes DB Migration (follow approval process in SIP-59)
    • [ ] Migration is atomic, supports rollback & is backwards-compatible
    • [ ] Confirm DB migration upgrade and downgrade tested
    • [ ] Runtime estimates and downtime expectations provided
  • [ ] Introduces new feature or API
  • [ ] Removes existing feature or API

eschutho avatar Jan 08 '26 00:01 eschutho