fix(uat): block minimal artifacts and add validation helper + tests #158

	name: PR Validation

	on:
	pull_request:
	branches: [main]
	paths-ignore:
	- 'docs/**'
	- '.github/**'

	concurrency:
	group: ${{ github.workflow }}-${{ github.event.pull_request.number \|\| github.ref }}
	cancel-in-progress: true

	permissions:
	contents: read

	jobs:
	validate:
	name: Validate PR
	runs-on: ubuntu-latest

	steps:
	- name: Checkout
	uses: actions/checkout@v6

	- name: Setup .NET
	uses: actions/setup-dotnet@v5
	with:
	global-json-file: global.json

	- name: Restore dependencies
	run: dotnet restore

	- name: Check formatting
	run: dotnet format --verify-no-changes --verbosity diagnostic

	- name: Build
	run: dotnet build --no-restore --configuration Release

	- name: Test
	run: dotnet test --no-build --configuration Release --verbosity normal

	- name: Setup Node
	uses: actions/setup-node@v6
	with:
	node-version: 20

	- name: Generate comprehensive demo report
	run: \|
	mkdir -p artifacts
	dotnet run --project src/Oocx.TfPlan2Md/Oocx.TfPlan2Md.csproj -- examples/comprehensive-demo/plan.json --principals examples/comprehensive-demo/demo-principals.json --output artifacts/comprehensive-demo.md

	- name: Lint comprehensive demo markdown
	run: npx markdownlint-cli2 artifacts/comprehensive-demo.md

	- name: Check for vulnerable packages
	run: \|
	dotnet list package --vulnerable --include-transitive 2>&1 \| tee vulnerability-report.txt
	if grep -q "has the following vulnerable packages" vulnerability-report.txt; then
	echo "::error::Vulnerable packages detected!"
	exit 1
	fi

Provide feedback