Skip to content

docs: update GitHub Actions data masking tutorials to latest API #1080

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
adela-bytebase merged 4 commits into from
Apr 21, 2026
+14 −7
Merged

docs: update GitHub Actions data masking tutorials to latest API #1080

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
d3c153b
docs: update GitHub Actions data masking tutorials to latest API
adela-bytebase Apr 17, 2026
a3f8c30
fix: use camelCase query params per OpenAPI spec
adela-bytebase Apr 17, 2026
c34ecd7
docs: polish wording in masking parts 2 and 3
adela-bytebase Apr 21, 2026
6472918
fix: resolve workspace name before PATCH masking_rule
adela-bytebase Apr 21, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 9 additions & 2 deletions docs/tutorials/github-action-data-masking-part1.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -103,7 +103,7 @@ Go to **Data Access > Semantic Types** and click **Add**. You can create a new s
Find the step `Apply semantic type`, which will apply the semantic type to the database via API. All the masking algorithms should be defined in one file in the root directory as `masking/semantic-type.json`.

```bash
response=$(curl -s -w "\n%{http_code}" --request PATCH "${BYTEBASE_API_URL}/settings/bb.workspace.semantic-types?allow_missing=true" \
response=$(curl -s -w "\n%{http_code}" --request PATCH "${BYTEBASE_API_URL}/settings/SEMANTIC_TYPES" \
--header "Authorization: Bearer ${BYTEBASE_TOKEN}" \
--header "Content-Type: application/json" \
--data @"$CHANGED_FILE")
Expand All @@ -126,7 +126,14 @@ Go to **Data Access > Global Masking** and click **Add**. You can create a new g
Find the step `Apply global masking rule`, which will apply the global masking rule to the database via API. All the global masking rules should be defined in one file in the root directory as `masking/global-masking-rule.json`. The code it calls Bytebase API is as follows:

```bash
response=$(curl -s -w "\n%{http_code}" --request PATCH "${BYTEBASE_API_URL}/policies/masking_rule?allow_missing=true&update_mask=payload" \
# Resolve the current workspace resource name (e.g. "workspaces/abcd1234").
# Policy URLs require the real workspace ID — the "workspaces/-" wildcard only
# works for the GetWorkspace RPC, not for policy endpoints.
WORKSPACE_NAME=$(curl -s \
--header "Authorization: Bearer ${BYTEBASE_TOKEN}" \
"${BYTEBASE_API_URL}/workspaces/-" | jq -r '.name')

response=$(curl -s -w "\n%{http_code}" --request PATCH "${BYTEBASE_API_URL}/${WORKSPACE_NAME}/policies/masking_rule?allowMissing=true&updateMask=payload" \
--header "Authorization: Bearer ${BYTEBASE_TOKEN}" \
--header "Content-Type: application/json" \
--data @"$CHANGED_FILE")
Expand Down
6 changes: 3 additions & 3 deletions docs/tutorials/github-action-data-masking-part2.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -73,16 +73,16 @@ Go to a project page, then click **Manage > Masking Exemptions**, you can grant

### In GitHub Workflow

Find the step `Apply masking exception`, which will apply the masking exception to the database and the process is similar, the code it calls Bytebase API is as follows:
Find the step `Apply masking exemption`, which applies the masking exemption to the database. The process is similar, and the code to call the Bytebase API is as follows:

```bash
response=$(curl -s -w "\n%{http_code}" --request PATCH "${BYTEBASE_API_URL}/projects/${PROJECT_NAME}/policies/masking_exception?allow_missing=true&update_mask=payload" \
response=$(curl -s -w "\n%{http_code}" --request PATCH "${BYTEBASE_API_URL}/projects/${PROJECT_NAME}/policies/masking_exemption?allowMissing=true&updateMask=payload" \
--header "Authorization: Bearer ${BYTEBASE_TOKEN}" \
--header "Content-Type: application/json" \
--data @"$CHANGED_FILE")
```

By changing file `masking/projects/**/masking-exception.json`, create a PR and then merge, the change will be applied.
By changing the file `masking/projects/**/masking-exemption.json`, creating a PR, and merging it, the change will be applied.

Log in Bytebase console, go to the project `Sample Project`, click **Manage > Masking Exemptions**, you can see the masking exemption is applied.

Expand Down
4 changes: 2 additions & 2 deletions docs/tutorials/github-action-data-masking-part3.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -46,10 +46,10 @@ Go to **Data Access > Data Classification**, you can upload the classification f

### In GitHub Workflow

Find the step `Apply classification`, which will apply the classification to the database via API. All the classifications should be defined in one file in the root directory as `masking/classification.json`. The code it calls Bytebase API is as follows:
Find the step `Apply classification`, which will apply the classification to the database via API. All the classifications should be defined in one file in the root directory as `masking/data-classification.json`. The code to call the Bytebase API is as follows:

```bash
response=$(curl -s -w "\n%{http_code}" --request PATCH "${BYTEBASE_API_URL}/settings/bb.workspace.classification" \
response=$(curl -s -w "\n%{http_code}" --request PATCH "${BYTEBASE_API_URL}/settings/DATA_CLASSIFICATION" \
--header "Authorization: Bearer ${BYTEBASE_TOKEN}" \
--header "Content-Type: application/json" \
--data @"$CHANGED_FILE")
Expand Down
Loading