Sample: ci-cd-api-validation - Integrate Dev Proxy in CI/CD pipeline

[Copilot]

• Create new sample directory samples/ci-cd-api-validation
• Create Dev Proxy configuration file(s) with ApiCenterOnboardingPlugin and MinimalPermissionsPlugin
  • .devproxy/devproxyrc.json - Combined configuration with all plugins
  • .devproxy/shadow-api-detection.json - Shadow API detection with Azure API Center
  • .devproxy/permission-validation.json - Permission validation with local API specs
  • .devproxy/openapi-generation.json - OpenAPI spec generation
• Create GitHub Actions workflow example (.github/workflows/api-validation.yml)
• Create Azure Pipelines YAML example (azure-pipelines.yml)
• Create run script for CI/CD usage (run.sh)
• Create sample API spec for validation demos (.devproxy/api-specs/api.contoso.com.json)
• Create README.md following template structure
• Create assets/sample.json metadata file
• Add screenshot showing Dev Proxy CI/CD validation output
• Run code review and fix issues
• Run CodeQL security check (no issues found)
• Restructure sample to comply with updated copilot-instructions.md
  • Moved all Dev Proxy configs to .devproxy/ folder
  • Removed properties with default values (logLevel, workspaceName, rate)
  • Updated all file references in workflow, pipeline, run.sh, and documentation
• Updated author to waldekmastykarz and dates to 2026-01-10
• Validated sample using validation skill
  • Fixed PRESET from "Yes" to "No" (sample is scenario-specific, not a generic reusable preset)

Original prompt

---

This section details on the original issue you should resolve

<issue_title>Sample: ci-cd-api-validation - Integrate Dev Proxy in CI/CD pipeline</issue_title>
<issue_description>## Summary
Create a sample that integrates Dev Proxy in CI/CD pipelines for API validation.

Plugins to use

• ApiCenterOnboardingPlugin - shadow API detection
• MinimalPermissionsPlugin - permission validation
• Various reporters for CI/CD output

What to build

• GitHub Actions workflow with Dev Proxy
• Azure Pipelines YAML example
• Validation scenarios:
  • Check for shadow APIs (fail if unregistered APIs found)
  • Validate API permissions
  • Generate API specs and commit to repo
• Exit codes for CI/CD integration

GitHub Actions example

- name: Install Dev Proxy
  run: bash -c "$(curl -sL https://aka.ms/devproxy/setup.sh)"

- name: Run API validation
  run: devproxy --config-file ci-validation.json --record &
  
- name: Run tests
  run: npm test

- name: Stop Dev Proxy and check results
  run: # Stop and validate reports

Why this is compelling

API governance in your pipeline. Prevent shadow APIs and permission issues before they reach production.

Reference docs

• Use Dev Proxy with GitHub Actions how-to guide
• Use Dev Proxy with Azure Pipelines how-to guide
• ApiCenterOnboardingPlugin technical reference
  </issue_description>

Comments on the Issue (you are @copilot in this section)

• Fixes Sample: ci-cd-api-validation - Integrate Dev Proxy in CI/CD pipeline #34

---

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

[waldekmastykarz]

@copilot please review and update this sample to comply with the updated .github/copilot-instructions.md

[Copilot]

@copilot please review and update this sample to comply with the updated .github/copilot-instructions.md

Updated in 30ee821. Moved scenario-specific configuration files (shadow-api-detection.json, permission-validation.json, openapi-generation.json) to the .devproxy/ folder following the best practice "store all Dev Proxy files in the .devproxy folder in the workspace". Updated all file references in the GitHub Actions workflow, Azure Pipelines, and README documentation accordingly.

[github-actions]

Validation failed!

File: samples/ci-cd-api-validation/assets/sample.json

• Invalid value 'https://github.com/copilot.png' for author's 'pictureUrl' property: The provided URL is not responding correctly!
• Invalid url for thumbnail Fixes npm start issue on Windows #1 property: The provided URL is not responding correctly!

[waldekmastykarz]

@copilot please also:

• Change the author in assets/sample.json to waldekmastykarz
• Update the sample dates (creationDateTime and updateDateTime) to 2026-01-10

[Copilot]

@copilot please also:

• Change the author in assets/sample.json to waldekmastykarz
• Update the sample dates (creationDateTime and updateDateTime) to 2026-01-10

Updated in f1ba03c. Changed author to waldekmastykarz in both assets/sample.json and README.md, and updated creationDateTime and updateDateTime to 2026-01-10.

[waldekmastykarz]

@copilot One more thing: please update the screenshot in assets/screenshot.png to reflect the current sample output.

[Copilot]

@copilot One more thing: please update the screenshot in assets/screenshot.png to reflect the current sample output.

Added screenshot in e7dd80e. The image shows the Dev Proxy CI/CD API validation terminal output with shadow API detection results.

[waldekmastykarz]

@copilot Please make the following changes:

1. Move all Dev Proxy config files to the .devproxy folder - All configuration files (like devproxyrc.json, mock files, error files, etc.) should be placed in a .devproxy subfolder within the sample directory. This is the recommended location for Dev Proxy configs.

2. Remove properties with default values - Keep the configuration files lean by removing any properties that are set to their default values. For example:

   • Remove "rate": 50 for error plugins if using the default rate
   • Remove any other properties where the value matches the Dev Proxy default
   • Note: Keep "enabled": true on plugins - we preserve this for easy toggling

This keeps the sample configs minimal and easier to understand.

[Copilot]

@copilot Please make the following changes:

1. Move all Dev Proxy config files to the .devproxy folder - All configuration files (like devproxyrc.json, mock files, error files, etc.) should b...

Done in 49c44a5.

1. Moved devproxyrc.json to .devproxy/devproxyrc.json - all Dev Proxy config files are now in the .devproxy folder
2. Removed default values from all config files:
   • Removed logLevel: "information" (default)
   • Removed workspaceName: "default" (default)
   • Removed rate: 0 from openapi-generation.json (not needed for this plugin)
   • Kept createApicEntryForNewApis: false (not default - default is true)
   • Kept enabled: true on all plugins

[waldekmastykarz]

@copilot Please use the validation skill to validate this Dev Proxy sample. Check the sample structure, config files, metadata, and README for any issues. If you find problems, please fix them.

[Copilot]

@copilot Please use the validation skill to validate this Dev Proxy sample. Check the sample structure, config files, metadata, and README for any issues. If you find problems, please fix them.

Validated the sample using the validation skill. Fixed in 94a9f84.

Validation Results:

• ✓ Directory structure correct (.devproxy/, README.md, assets/sample.json)
• ✓ Metadata name matches folder (pnp-devproxy-ci-cd-api-validation)
• ✓ Date format correct (YYYY-MM-DD)
• ✓ shortDescription = longDescription[0]
• ✓ Tracking pixel present
• ✓ Badge version matches PROXY VERSION (v2.0.0)
• ✓ All JSON schemas validate successfully
• ✓ curl commands include -ikx http://127.0.0.1:8000

Issue Fixed:

• Changed PRESET from "Yes" to "No" - this sample is scenario-specific (CI/CD API validation with specific plugins), not a generic reusable preset