edited readme

.pipelines/prchecks/CveSpecFilePRCheck/CveSpecFilePRCheck.yml

@@ -1,68 +1,69 @@
+# prchecks/CveSpecFilePRCheck/CveSpecFilePRCheck.yml
+# Trigger on PRs to fasttrack/abadawi/test/3.0 when .spec or .patch files change
 trigger: none
 
 pr:
   branches:
     include:
       - fasttrack/abadawi/test/3.0
+  paths:
+    include:
+      - '**/*.spec'
+      - '**/*.patch'
 
 name: Automaton-OpenAI-PR-Check
 
 pool:
   name: mariner-dev-build-1es-mariner2-amd64
 
-variables:
-  AZURE_SUBSCRIPTION_ID: '<YOUR_SUBSCRIPTION_ID>'            # in ADO UI
-  YOUR_USER_ASSIGNED_IDENTITY_CLIENT_ID: '<YOUR_UMI_CLIENT_ID>'  # in ADO UI
-  PYTHON_VERSION: '3.9'
-
 steps:
-- checkout: self
+  # 1) Clone the repo
+  - checkout: self
 
-# install jq so our script can parse JSON
-- task: Bash@3
-  displayName: 'Install jq'
-  inputs:
-    targetType: inline
-    script: |
-      apt-get update && apt-get install -y jq
+  # 2) Debug workspace (optional — remove once paths are correct)
+  - task: Bash@3
+    displayName: '🔍 Debug: list workspace contents'
+    inputs:
+      targetType: inline
+      script: |
+        echo "Working directory: $(pwd)"
+        ls -la .
+        ls -la .pipelines/prchecks/CveSpecFilePRCheck || echo "Directory not found"
 
-# render the JSON template (inject only the UMI)
-- task: Bash@3
-  displayName: 'Render security-config'
-  inputs:
-    targetType: inline
-    script: |
-      envsubst < scripts/security-config-dev.template.json \
-        > scripts/security-config-dev.json
-  env:
-    umiId: $(YOUR_USER_ASSIGNED_IDENTITY_CLIENT_ID)
+  # 3) Apply OpenAI config via your UMI-login script
+  - task: Bash@3
+    displayName: '⚙️  Apply OpenAI Config'
+    inputs:
+      targetType: inline
+      script: |
+        # make sure we're in the folder containing the scripts
+        cd .pipelines/prchecks/CveSpecFilePRCheck
 
-# now call the script—which will do the UMI login + extract OpenAI vars
-- task: Bash@3
-  displayName: 'Apply OpenAI Config'
-  inputs:
-    targetType: inline
-    script: |
-      bash scripts/apply-security-config.sh \
-        --aiCvePatching \
-        --openaiModel=o3-mini
+        # fail fast if the script is missing
+        if [ ! -f apply-security-config.sh ]; then
+          echo "❌ Cannot find apply-security-config.sh in $(pwd)"
+          exit 1
+        fi
 
-- task: UsePythonVersion@0
-  displayName: 'Select Python $(PYTHON_VERSION)'
-  inputs:
-    versionSpec: '$(PYTHON_VERSION)'
+        # run the UMI-login + var-export script
+        bash apply-security-config.sh --openaiModel=o3-mini
 
-- task: Bash@3
-  displayName: 'Install Python Dependencies'
-  inputs:
-    targetType: inline
-    script: |
-      pip install --upgrade pip
-      pip install -r requirements.txt
+  # 4) Verify and use system Python
+  - task: Bash@3
+    displayName: '🐍 Verify System Python'
+    inputs:
+      targetType: inline
+      script: |
+        python3 --version
+        which python3
+        echo "Using system Python instead of downloading version"
 
-- task: Bash@3
-  displayName: 'Full PR Check (bash wrapper)'
-  inputs:
-    targetType: 'inline'
-    script: |
-      bash scripts/run-pr-check.sh
+  # 5) Run your PR‐check entrypoint (installs deps & invokes Azure OpenAI)
+  - task: Bash@3
+    displayName: '🔍 Run PR Check'
+    inputs:
+      targetType: inline
+      script: |
+        cd .pipelines/prchecks/CveSpecFilePRCheck
+        chmod +x run-pr-check.sh
+        ./run-pr-check.sh