action.yml

name: Firely.Terminal (GitHub Actions)
description: Run Firely.Terminal and the offical FHIR Java Validator in a GitHub Actions pipeline

inputs:
  PATH_TO_CONFORMANCE_RESOURCES:
    description: 'Relative paths of the folder(s) containing FHIR Conformance resources (StructureDefinition, ValueSet, CodeSystem)'
    required: true
  PATH_TO_EXAMPLES:
    description: 'Relative paths of the folder(s) containing examples for the FHIR Conformance resources defined by the project'
    required: false
  PATH_TO_QUALITY_CONTROL_RULES:
    description: 'Relative path pointing to Quality Control rules. Path MUST not include the .rules.yaml part of the file. Runs minimal.rules.yaml by default.'
    required: false
  DOTNET_VALIDATION_ENABLED:
    description: 'Boolean flag to run the .NET validator to validate conformance resources and examples'
    required: false
    default: true
  JAVA_VALIDATION_ENABLED:
    description: 'Boolean flag to run the offical HL7 Java validator to validate conformance resources and examples'
    required: false
    default: false
  EXPECTED_FAILS:
    description: 'Specify which steps in your validation workflow are expected to fail due to possible bugs in the validator(s). Allowed values: VALIDATION_CONFORMANCE_JAVA, VALIDATION_CONFORMANCE_DOTNET, VALIDATION_EXAMPLES_JAVA, VALIDATION_EXAMPLES_DOTNET'
    required: false
  OUTPUT_FORMAT:
    description: 'Specify the format of the validation output: Allowed values: RAW, SUMMARY (produces a markdown compatible overview of all validation issues)'
    default: 'RAW'
    required: false
  JAVA_VALIDATION_OPTIONS:
    description: 'Custom options passed to the Java validator. See https://confluence.hl7.org/display/FHIR/Using+the+FHIR+Validator'
    required: false
  SIMPLIFIER_USERNAME:
    description: 'Simplifier email address (not username), needed for running Quality Control checks. Please use GitHub Secrets for this variable.'
    required: true
  SIMPLIFIER_PASSWORD:
    description: 'Simplifier password, needed for running Quality Control checks. Please use GitHub Secrets for this variable.'
    required: true
  SUSHI_ENABLED:
    description: 'Boolean flag to run fsh-sushi on the current repository to generated conformance resources based on FHIR shorthand'
    required: false
    default: false
  SUSHI_OPTIONS:
    description: 'Custom options passed to SUSHI. See https://www.npmjs.com/package/fsh-sushi'
    required: false
  FIRELY_TERMINAL_VERSION:
    description: 'Version of Firely Terminal used for .NET-based validation'
    default: '3.3.2'
    required: true
  JAVA_VALIDATOR_VERSION:
    description: 'Version of org.hl7.fhir.core library used for Java-based validation'
    default: '6.5.0'
    required: true
  SUSHI_VERSION:
    description: 'Version of SUSHI used for compiling the FSH files'
    default: '3.12.1'
    required: true

# Validate all resources using Firely Terminal 
runs:
  using: "composite"
  steps:
  
    # --------------------------------------------------------------------------------------------------- #
    #                                        FIRELY TERMINAL RESTORE                                      #
    # --------------------------------------------------------------------------------------------------- #
  
    # Firely.Terminal steps
    
    - name: Check if .NET is installed
      run: |
        if $INPUT_DOTNET_VALIDATION_ENABLED || $INPUT_SUSHI_ENABLED; then
          if ! command -v dotnet &> /dev/null
          then
              echo "dotnet could not be found. Please see actions/setup-dotnet to set it up before running this action."
              exit 1
          fi
        fi
      shell: bash
      env:
        INPUT_DOTNET_VALIDATION_ENABLED: ${{ inputs.DOTNET_VALIDATION_ENABLED }}
        INPUT_SUSHI_ENABLED: ${{ inputs.SUSHI_ENABLED }}
        
    # Test Firely SDK version
    - name: Check .NET SDK Version
      run: |
        if $INPUT_DOTNET_VALIDATION_ENABLED || $INPUT_SUSHI_ENABLED; then
          CHECK_DOTNET_VERSION=$(dotnet --version)
          echo "DOTNET_VERSION: $CHECK_DOTNET_VERSION"
        fi
      shell: bash
      env:
        INPUT_DOTNET_VALIDATION_ENABLED: ${{ inputs.DOTNET_VALIDATION_ENABLED }}
        INPUT_SUSHI_ENABLED: ${{ inputs.SUSHI_ENABLED }}
          
    # Install Firely.Terminal
    - name: Install Firely.Terminal
      run: |
        if $INPUT_DOTNET_VALIDATION_ENABLED || $INPUT_SUSHI_ENABLED; then
          if ! command -v fhir &> /dev/null
          then
            dotnet tool install --global Firely.Terminal --version $FIRELY_TERMINAL_VERSION > /dev/null
          fi
        fi
      shell: bash
      env:
       FIRELY_TERMINAL_VERSION: ${{ inputs.FIRELY_TERMINAL_VERSION }}
       INPUT_DOTNET_VALIDATION_ENABLED: ${{ inputs.DOTNET_VALIDATION_ENABLED }}
       INPUT_SUSHI_ENABLED: ${{ inputs.SUSHI_ENABLED }}
      
    # Test Firely.Terminal install
    - name: Check Firely Terminal Version
      run: |
        if $INPUT_DOTNET_VALIDATION_ENABLED || $INPUT_SUSHI_ENABLED; then
         CHECK_FIRELY_TERMINAL_VERSION=$(fhir -v | tr '\n' ' ') # Print everything in a single line
          echo "FIRELY_TERMINAL_VERSION: $CHECK_FIRELY_TERMINAL_VERSION"
        fi
      shell: bash
      env:
       INPUT_DOTNET_VALIDATION_ENABLED: ${{ inputs.DOTNET_VALIDATION_ENABLED }}
       INPUT_SUSHI_ENABLED: ${{ inputs.SUSHI_ENABLED }}
    
    # Simplifier Login
    - name: Simplifier login
      run: |
       if $INPUT_DOTNET_VALIDATION_ENABLED || $INPUT_SUSHI_ENABLED; then
        fhir login email=$INPUT_SIMPLIFIER_USERNAME password=$INPUT_SIMPLIFIER_PASSWORD
       fi
      shell: bash
      env:
       INPUT_DOTNET_VALIDATION_ENABLED: ${{ inputs.DOTNET_VALIDATION_ENABLED }}
       INPUT_SUSHI_ENABLED: ${{ inputs.SUSHI_ENABLED }}
       INPUT_SIMPLIFIER_USERNAME: ${{ inputs.SIMPLIFIER_USERNAME }}
       INPUT_SIMPLIFIER_PASSWORD: ${{ inputs.SIMPLIFIER_PASSWORD }}
       
    # Restore all dependencies listed in the package.json file (need to be on the root level)
    - name: FHIR Dependency restore
      run: |
        if $INPUT_DOTNET_VALIDATION_ENABLED || $INPUT_SUSHI_ENABLED; then
          if [ ! -f "package.json" ]; then
            echo "package.json does not exist. Please add it to the root folder and add all project dependencies."
            exit 1
          fi
          
          fhirVersions=("3.0.2" "4.0.1" "4.1.0" "4.6.0")
          for fhirVersion in ${fhirVersions[@]}; do
            fhirVersionFoundInPackageJson=$(cat package.json | jq '.fhirVersions | index('\"$fhirVersion\"')')
            if [[ ! "$fhirVersionFoundInPackageJson" = null ]]; then
              echo "Found FHIR version $fhirVersion in package.json"
              if [[ "$fhirVersion" = "3.0.2" ]]; then
                fhir spec R3
                break
              elif [[ "$fhirVersion" = "4.0.1" ]]; then
                fhir spec R4
                break
              elif [[ "$fhirVersion" = "4.1.0" ]]; then
                fhir spec R4B
                break
              elif [[ "$fhirVersion" = "4.6.0" ]]; then
                fhir spec R5
                break
              else
                echo "This FHIR version is currently not supported.";
                exit 1
              fi
            fi
          done

          echo "Attempting to restore package dependencies based on package.json ..."
          FHIR_RESTORE=$((fhir restore | tr '\n' ' ')|| true)  # Print everything in a single line
          if [[ "$FHIR_RESTORE" == *"Cannot restore"* ]]; then
            echo $FHIR_RESTORE
            exit 1
          fi
          echo "Restore of package.json was successful: $FHIR_RESTORE"
        fi
      shell: bash
      env:
        INPUT_DOTNET_VALIDATION_ENABLED: ${{ inputs.DOTNET_VALIDATION_ENABLED }}
        INPUT_SUSHI_ENABLED: ${{ inputs.SUSHI_ENABLED }}
        
    # --------------------------------------------------------------------------------------------------- #
    #                                                 SUSHI                                               #
    # --------------------------------------------------------------------------------------------------- #
    
    - name: Check if npm is installed
      run: |
        if $INPUT_SUSHI_ENABLED; then
          if ! command -v npm &> /dev/null
          then
              echo "npm could not be found. Please see actions/setup-node to set it up before running this action."
              exit 1
          fi
        fi
      shell: bash
      env:
       INPUT_SUSHI_ENABLED: ${{ inputs.SUSHI_ENABLED }}
       
    - name: Check npm Version
      run: |
        if $INPUT_SUSHI_ENABLED; then
          CHECK_NPM_VERSION=$(npm --version)
          echo "NPM_VERSION: $CHECK_NPM_VERSION"
        fi
      shell: bash
      env:
        INPUT_SUSHI_ENABLED: ${{ inputs.SUSHI_ENABLED }}
        
    - name: Install fsh-sushi
      run: |
        if $INPUT_SUSHI_ENABLED; then
          sudo chown -R $USER /usr/local/lib/node_modules
          sudo npm install -g fsh-sushi@$SUSHI_VERSION
        fi
      shell: bash
      env:
        SUSHI_VERSION: ${{ inputs.SUSHI_VERSION }}
        INPUT_SUSHI_ENABLED: ${{ inputs.SUSHI_ENABLED }}
        
    - name: Check SUSHI version
      run: |
        if $INPUT_SUSHI_ENABLED; then
          sushi -v
        fi
      shell: bash
      env:
        INPUT_SUSHI_ENABLED: ${{ inputs.SUSHI_ENABLED }}
        
    - name: Generate conformance resources with SUSHI
      run: |
        if $INPUT_SUSHI_ENABLED; then
          sushi $INPUT_SUSHI_OPTIONS
        fi
      shell: bash
      env:
        INPUT_SUSHI_ENABLED: ${{ inputs.SUSHI_ENABLED }}
        INPUT_SUSHI_OPTIONS: ${{ inputs.SUSHI_OPTIONS }}
        
    # --------------------------------------------------------------------------------------------------- #
    #                                            .NET VALIDATOR                                           #
    # --------------------------------------------------------------------------------------------------- #
                
    # Run Quality Control checks incl. validation
    - name: Run Quality Control checks
      run: |
        if $INPUT_DOTNET_VALIDATION_ENABLED; then
          echo "Running quality control checks incl. validation based on Firely Terminal ..."
          fhir check $INPUT_PATH_TO_QUALITY_CONTROL_RULES
        fi
      shell: bash
      env:
        INPUT_DOTNET_VALIDATION_ENABLED: ${{ inputs.DOTNET_VALIDATION_ENABLED }}
        INPUT_PATH_TO_QUALITY_CONTROL_RULES: ${{ inputs.PATH_TO_QUALITY_CONTROL_RULES }}
        
    - name: Report Success - .NET Validator
      run: |
        if $INPUT_DOTNET_VALIDATION_ENABLED; then
          echo "Finished validation using .NET validator (Conformance resources) ..."
        fi
      shell: bash
      env:
        INPUT_DOTNET_VALIDATION_ENABLED: ${{ inputs.DOTNET_VALIDATION_ENABLED }}
      
    #Examples are currently not used as Firely Terminal can't differentiate between these two in QC checks.
    
    # --------------------------------------------------------------------------------------------------- #
    #                                            JAVA Validator                                           #
    # --------------------------------------------------------------------------------------------------- #
    
    # Offical HL7 Java validator steps
    
    - name: Check if Java is installed
      run: |
        if $INPUT_JAVA_VALIDATION_ENABLED; then
          if ! command -v java &> /dev/null
          then
              echo "java could not be found. Please see actions/setup-java to set it up before running this action."
              exit 1
          fi
        fi
      shell: bash
      env:
        INPUT_JAVA_VALIDATION_ENABLED: ${{ inputs.JAVA_VALIDATION_ENABLED }}
    
    - name: Download Java Validator
      run: |
        if $INPUT_JAVA_VALIDATION_ENABLED; then
          CHECK_JAVA_VERSION=$(java -version 2>&1 | head -1 | cut -d'"' -f2)
          echo "JAVA_VERSION: $CHECK_JAVA_VERSION"
          wget -q https://github.com/hapifhir/org.hl7.fhir.core/releases/download/$JAVA_VALIDATOR_VERSION/validator_cli.jar
          echo "JAVA_VALIDATOR_VERSION: $JAVA_VALIDATOR_VERSION"
        fi
      shell: bash
      env:
       JAVA_VALIDATOR_VERSION: ${{ inputs.JAVA_VALIDATOR_VERSION }}
       INPUT_JAVA_VALIDATION_ENABLED: ${{ inputs.JAVA_VALIDATION_ENABLED }}
      
    - name: Install jq
      run: |
        if $INPUT_JAVA_VALIDATION_ENABLED; then 
          sudo apt-get update > /dev/null
          sudo apt-get install --no-install-recommends -y jq findutils curl ca-certificates > /dev/null
        fi
      shell: bash
      env:
       INPUT_JAVA_VALIDATION_ENABLED: ${{ inputs.JAVA_VALIDATION_ENABLED }}
          
    - name: Validate all conformance resources in scope of the repository
      run: |
      
        print_output_details () {
          levels=($(echo "$1" | grep -P '(Error|Warning|Information)'| grep -oP '(?<=\s)[^\s]+(?=\s@)'))
          locations=($(echo "$1" | grep -oP '(?<=@\s)[^:]*(?=\s)'))
          messages=($(echo "$1" | grep -oP '(?<=\s:\s).*'))
          for i in "${!levels[@]}"; do
            echo "Level: ${levels[$i]}"
            echo "Location: ${locations[$i]}"
            echo "Message: ${messages[$i]}"
            echo -e ""
          done
        }
        
        if $INPUT_JAVA_VALIDATION_ENABLED; then
          echo "Starting validation using Java validator (Conformance resources) ..."
          IG_DEPENDENCIES=$(jq '.dependencies | to_entries | map("-ig " + .key + "#" + .value) | join(" ")' package.json)
          
          for p in $INPUT_PATH_TO_CONFORMANCE_RESOURCES; # Get combined path to conformance resources, we want to provide all other directories as context for the current validation
          do  
            LOCAL_IG_PARAMETERS+="-ig $GITHUB_WORKSPACE/$p "
          done
          
          for p in $INPUT_PATH_TO_CONFORMANCE_RESOURCES; 
          do
          
            # Ensure directory ends with "/"
            if [[ ! "$p" =~ .*/$ ]]; then
              p="$p/"
            fi
            
            UNESCPAED_IG_DEPENDENCIES=$(echo $IG_DEPENDENCIES | tr -d '"')
            
            if echo $INPUT_EXPECTED_FAILS | grep -w -q VALIDATION_CONFORMANCE_JAVA; then
              javaValidatorOutput=$(java -jar validator_cli.jar $GITHUB_WORKSPACE/$p*.xml $GITHUB_WORKSPACE/$p*.json -version $FHIR_VERSION $INPUT_JAVA_VALIDATION_OPTIONS $UNESCPAED_IG_DEPENDENCIES $LOCAL_IG_PARAMETERS|| true)
            else
              javaValidatorOutput=$(java -jar validator_cli.jar $GITHUB_WORKSPACE/$p*.xml $GITHUB_WORKSPACE/$p*.json -version $FHIR_VERSION $INPUT_JAVA_VALIDATION_OPTIONS $UNESCPAED_IG_DEPENDENCIES $LOCAL_IG_PARAMETERS)
            fi
            
            if echo $INPUT_OUTPUT_FORMAT | grep -w -q RAW; then
              echo "$javaValidatorOutput"
            else
              SAVEIFS=$IFS 
              IFS=$'\n'
              pathToValidatedResource=$(echo "$javaValidatorOutput" | grep -P '\-\-\s' || true)
              pathToValidatedResource=($(echo "$pathToValidatedResource" | grep -oP '(?<=--\s).+(?=\s--)' || true))
              
              if [ ${#pathToValidatedResource[@]} -eq 0 ]; then # Single resource validation only, no section header with resource path will be printed by the Java validator
                echo "----"
                pathToValidatedResource=$(echo "$javaValidatorOutput" | grep -oP '(?<=Validate\s).+(?=\s[0-9][0-9]:[0-9][0-9].[0-9]{0,})')
                echo "Path to valiated resource: ${pathToValidatedResource}"
                echo "----"
                print_output_details "$javaValidatorOutput"
              else # We encountered a directory with more than a single resource in it, Java validator output will differ (each resource will be printed with its own section)  
                resourceBoundaries=$(echo "$javaValidatorOutput" | grep -b -oP '(?<!-)-{2}\s' || true)
                resourceBoundaries=($(echo "$resourceBoundaries" | cut -d: -f1))
              
                for i in "${!resourceBoundaries[@]}"; do
                  echo "----"
                  echo "Path to valiated resource: ${pathToValidatedResource[$i]}"
                  echo "----"
                  if [[ ! -z "${resourceBoundaries[$i+1]:-}" ]]; then
                    offsetDiff=$(expr ${resourceBoundaries[$i+1]} - ${resourceBoundaries[$i]})
                    resourceOutput=$(echo "$javaValidatorOutput" | tail -c+${resourceBoundaries[$i]} | head -c+${offsetDiff})
                  else
                    resourceOutput=$(echo "$javaValidatorOutput" | tail -c+${resourceBoundaries[$i]})
                  fi

                  levels=($(echo "$resourceOutput" | grep -P '(Error|Warning|Information)'| grep -oP '(?<=\s)[^\s]+(?=\s@)'))
                  locations=($(echo "$resourceOutput" | grep -oP '(?<=@\s)[^:]*(?=\s)'))
                  messages=($(echo "$resourceOutput" | grep -oP '(?<=\s:\s).*'))

                  for i in "${!levels[@]}"; do
                    echo "Level: ${levels[$i]}"
                    echo "Location: ${locations[$i]}"
                    echo "Message: ${messages[$i]}"
                    echo -e ""
                  done

                done
              fi
              IFS=$SAVEIFS
            fi
          done
        fi
        echo "Finished validation using Java validator (Conformance resources) ..."
      shell: bash
      env:
       FHIR_VERSION: "4.0"
       INPUT_PATH_TO_CONFORMANCE_RESOURCES: ${{ inputs.PATH_TO_CONFORMANCE_RESOURCES }}
       INPUT_JAVA_VALIDATION_ENABLED: ${{ inputs.JAVA_VALIDATION_ENABLED }}
       INPUT_EXPECTED_FAILS: ${{ inputs.EXPECTED_FAILS }}
       INPUT_OUTPUT_FORMAT: ${{ inputs.OUTPUT_FORMAT }}
       INPUT_JAVA_VALIDATION_OPTIONS: ${{ inputs.JAVA_VALIDATION_OPTIONS }}
        
    - name: Validate all example resources in scope of the repository
      run: |
        if $INPUT_JAVA_VALIDATION_ENABLED; then 
          IG_DEPENDENCIES=$(jq '.dependencies | to_entries | map("-ig " + .key + "#" + .value) | join(" ")' package.json)
          for p in $INPUT_PATH_TO_CONFORMANCE_RESOURCES; # Get combined path to conformance resources, we want to validate against the current version of the conformance resources
          do  
            COMBINED_IG_PARAMETERS+="-ig $GITHUB_WORKSPACE/$p "
          done
          
          for p in $PATH_TO_EXAMPLES; 
          do
            
            # Ensure directory ends with "/"
            if [[ ! "$p" =~ .*/$ ]]; then
              p="$p/"
            fi
          
            UNESCPAED_IG_DEPENDENCIES=$(echo $IG_DEPENDENCIES | tr -d '"')
            
            if echo $INPUT_EXPECTED_FAILS | grep -w -q VALIDATION_EXAMPLES_JAVA; then
              java -jar validator_cli.jar $GITHUB_WORKSPACE/$p*.xml $GITHUB_WORKSPACE/$p*.json -version $FHIR_VERSION $INPUT_JAVA_VALIDATION_OPTIONS $UNESCPAED_IG_DEPENDENCIES $COMBINED_IG_PARAMETERS || true
            else
              java -jar validator_cli.jar $GITHUB_WORKSPACE/$p*.xml $GITHUB_WORKSPACE/$p*.json -version $FHIR_VERSION $INPUT_JAVA_VALIDATION_OPTIONS $UNESCPAED_IG_DEPENDENCIES $COMBINED_IG_PARAMETERS
            fi
            
          done
        fi
      shell: bash
      env:
       INPUT_PATH_TO_CONFORMANCE_RESOURCES: ${{ inputs.PATH_TO_CONFORMANCE_RESOURCES }}
       PATH_TO_EXAMPLES: ${{ inputs.PATH_TO_EXAMPLES }}
       FHIR_VERSION: "4.0"
       INPUT_JAVA_VALIDATION_ENABLED: ${{ inputs.JAVA_VALIDATION_ENABLED }}
       INPUT_EXPECTED_FAILS: ${{ inputs.EXPECTED_FAILS }}
       INPUT_JAVA_VALIDATION_OPTIONS: ${{ inputs.JAVA_VALIDATION_OPTIONS }}