Fix API payload truncation, add client-secret action input, and cap workflow run pagination by Rishabh4275 · Pull Request #25 · microsoft/PurviewIntegrations

Rishabh4275 · 2026-04-07T00:29:29Z

API payloads were silently truncated — A jsonReplacer intended for log sanitization was also used when serializing HTTP request bodies via JSON.stringify(payload, this.jsonReplacer). Any string field over 1,000 characters (file diffs, PR descriptions, commit details) was truncated to 100 characters + "... [truncated in logs]" in the
actual API request, causing incomplete data to be sent to Purview.
client-secret required an environment variable instead of an action input — client-certificate was a proper action input (core.getInput), but client-secret was
read from process.env['AZURE_CLIENT_SECRET']. This was inconsistent and required users to pass the secret via env: instead of with:.
Workflow run history check had no pagination cap — findLastProcessedCommitSha() paginated through all successful workflow runs with no upper bound. For repos with
long histories this could result in excessive API calls, even though the query is already scoped to a single branch.

Fix API payload truncation:

Removed this.jsonReplacer from all 5 JSON.stringify() calls that serialize HTTP request bodies in PurviewClient (processContentAsync, processContent,
uploadSignal, searchTenantProtectionScope, searchUserProtectionScope). These now use plain JSON.stringify(payload).
Deleted the now-unused jsonReplacer method from PurviewClient. The logger's own jsonReplacer (in logger.ts) is unaffected and continues to handle log formatting
separately.

Add client-secret action input:

Added client-secret as a new input in action.yml, alongside client-certificate.
Changed inputValidator.ts from process.env['AZURE_CLIENT_SECRET'] to core.getInput('client-secret').
Updated tests to use setupInputMocks({ 'client-secret': ... }) instead of setting the env var.
Updated workflow samples in sample/purview-scan.yml, README.md, sample/README.md, and Instructions.md to document and demonstrate the new input.

Cap workflow run pagination:

Added maxRuns = 20 limit to findLastProcessedCommitSha(). The loop now stops after checking 20 runs (2 pages of 10), which is sufficient since the query is already
branch-scoped.

The code builds clean without any errors or warnings
The PR follows the Contribution Guidelines
All unit tests pass (180/180), and existing tests were updated where needed
The dist/ folder has been rebuilt (npm run build && npm run package)
Is this a breaking change? If yes, add "[BREAKING]" prefix to the title of the PR.

Rishabh Chawla added 3 commits April 6, 2026 15:21

Fix truncation bug

9677245

Update client-secret to use correct parameter

13e5aed

Max limit for finding the last run

450e549

eoindoherty1 approved these changes Apr 7, 2026

View reviewed changes

Rishabh4275 merged commit 8bb10d9 into main Apr 7, 2026
5 checks passed

Provide feedback