Skip to content

Commit 8968421

Browse files
Vamshi-MicrosoftVamshi-Microsoft
committed
Added Input Validation and Mapping Inputs to Env
1 parent 9314c1f commit 8968421

5 files changed

Lines changed: 549 additions & 46 deletions

File tree

.github/workflows/deploy-linux.yml

Lines changed: 150 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -69,16 +69,158 @@ on:
6969
type: string
7070

7171
jobs:
72+
validate-inputs:
73+
name: Validate Input Parameters
74+
runs-on: ubuntu-latest
75+
outputs:
76+
validation_passed: ${{ steps.validate.outputs.passed }}
77+
azure_location: ${{ steps.validate.outputs.azure_location }}
78+
resource_group_name: ${{ steps.validate.outputs.resource_group_name }}
79+
waf_enabled: ${{ steps.validate.outputs.waf_enabled }}
80+
exp: ${{ steps.validate.outputs.exp }}
81+
cleanup_resources: ${{ steps.validate.outputs.cleanup_resources }}
82+
run_e2e_tests: ${{ steps.validate.outputs.run_e2e_tests }}
83+
azure_env_log_analytics_workspace_id: ${{ steps.validate.outputs.azure_env_log_analytics_workspace_id }}
84+
existing_webapp_url: ${{ steps.validate.outputs.existing_webapp_url }}
85+
86+
steps:
87+
- name: Validate Workflow Input Parameters
88+
id: validate
89+
shell: bash
90+
env:
91+
INPUT_AZURE_LOCATION: ${{ github.event.inputs.azure_location }}
92+
INPUT_RESOURCE_GROUP_NAME: ${{ github.event.inputs.resource_group_name }}
93+
INPUT_WAF_ENABLED: ${{ github.event.inputs.waf_enabled }}
94+
INPUT_EXP: ${{ github.event.inputs.EXP }}
95+
INPUT_CLEANUP_RESOURCES: ${{ github.event.inputs.cleanup_resources }}
96+
INPUT_RUN_E2E_TESTS: ${{ github.event.inputs.run_e2e_tests }}
97+
INPUT_AZURE_ENV_LOG_ANALYTICS_WORKSPACE_ID: ${{ github.event.inputs.AZURE_ENV_LOG_ANALYTICS_WORKSPACE_ID }}
98+
INPUT_EXISTING_WEBAPP_URL: ${{ github.event.inputs.existing_webapp_url }}
99+
100+
run: |
101+
echo "🔍 Validating workflow input parameters..."
102+
VALIDATION_FAILED=false
103+
104+
# Validate azure_location (Azure region format)
105+
LOCATION="${INPUT_AZURE_LOCATION:-australiaeast}"
106+
107+
if [[ ! "$LOCATION" =~ ^[a-z0-9]+$ ]]; then
108+
echo "❌ ERROR: azure_location '$LOCATION' is invalid. Must contain only lowercase letters and numbers"
109+
VALIDATION_FAILED=true
110+
else
111+
echo "✅ azure_location: '$LOCATION' is valid"
112+
fi
113+
114+
# Validate resource_group_name (Azure naming convention, optional)
115+
if [[ -n "$INPUT_RESOURCE_GROUP_NAME" ]]; then
116+
if [[ ! "$INPUT_RESOURCE_GROUP_NAME" =~ ^[a-zA-Z0-9._\(\)-]+$ ]] || [[ "$INPUT_RESOURCE_GROUP_NAME" =~ \.$ ]]; then
117+
echo "❌ ERROR: resource_group_name '$INPUT_RESOURCE_GROUP_NAME' is invalid. Must contain only alphanumerics, periods, underscores, hyphens, and parentheses. Cannot end with period."
118+
VALIDATION_FAILED=true
119+
elif [[ ${#INPUT_RESOURCE_GROUP_NAME} -gt 90 ]]; then
120+
echo "❌ ERROR: resource_group_name '$INPUT_RESOURCE_GROUP_NAME' exceeds 90 characters (length: ${#INPUT_RESOURCE_GROUP_NAME})"
121+
VALIDATION_FAILED=true
122+
else
123+
echo "✅ resource_group_name: '$INPUT_RESOURCE_GROUP_NAME' is valid"
124+
fi
125+
else
126+
echo "✅ resource_group_name: Not provided (will be auto-generated)"
127+
fi
128+
129+
# Validate waf_enabled (boolean)
130+
WAF_ENABLED="${INPUT_WAF_ENABLED:-false}"
131+
if [[ "$WAF_ENABLED" != "true" && "$WAF_ENABLED" != "false" ]]; then
132+
echo "❌ ERROR: waf_enabled must be 'true' or 'false', got: '$WAF_ENABLED'"
133+
VALIDATION_FAILED=true
134+
else
135+
echo "✅ waf_enabled: '$WAF_ENABLED' is valid"
136+
fi
137+
138+
# Validate EXP (boolean)
139+
EXP_ENABLED="${INPUT_EXP:-false}"
140+
if [[ "$EXP_ENABLED" != "true" && "$EXP_ENABLED" != "false" ]]; then
141+
echo "❌ ERROR: EXP must be 'true' or 'false', got: '$EXP_ENABLED'"
142+
VALIDATION_FAILED=true
143+
else
144+
echo "✅ EXP: '$EXP_ENABLED' is valid"
145+
fi
146+
147+
# Validate cleanup_resources (boolean)
148+
CLEANUP_RESOURCES="${INPUT_CLEANUP_RESOURCES:-false}"
149+
if [[ "$CLEANUP_RESOURCES" != "true" && "$CLEANUP_RESOURCES" != "false" ]]; then
150+
echo "❌ ERROR: cleanup_resources must be 'true' or 'false', got: '$CLEANUP_RESOURCES'"
151+
VALIDATION_FAILED=true
152+
else
153+
echo "✅ cleanup_resources: '$CLEANUP_RESOURCES' is valid"
154+
fi
155+
156+
# Validate run_e2e_tests (specific allowed values)
157+
TEST_OPTION="${INPUT_RUN_E2E_TESTS:-GoldenPath-Testing}"
158+
if [[ "$TEST_OPTION" != "GoldenPath-Testing" && "$TEST_OPTION" != "Smoke-Testing" && "$TEST_OPTION" != "None" ]]; then
159+
echo "❌ ERROR: run_e2e_tests must be one of: GoldenPath-Testing, Smoke-Testing, None, got: '$TEST_OPTION'"
160+
VALIDATION_FAILED=true
161+
else
162+
echo "✅ run_e2e_tests: '$TEST_OPTION' is valid"
163+
fi
164+
165+
# Validate AZURE_ENV_LOG_ANALYTICS_WORKSPACE_ID (optional, Azure Resource ID format)
166+
if [[ -n "$INPUT_AZURE_ENV_LOG_ANALYTICS_WORKSPACE_ID" ]]; then
167+
if [[ ! "$INPUT_AZURE_ENV_LOG_ANALYTICS_WORKSPACE_ID" =~ ^/subscriptions/[a-fA-F0-9-]+/[Rr]esource[Gg]roups/[^/]+/providers/[Mm]icrosoft\.[Oo]perational[Ii]nsights/[Ww]orkspaces/[^/]+$ ]]; then
168+
echo "❌ ERROR: AZURE_ENV_LOG_ANALYTICS_WORKSPACE_ID is invalid. Must be a valid Azure Resource ID format:"
169+
echo " /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}"
170+
echo " Got: '$INPUT_AZURE_ENV_LOG_ANALYTICS_WORKSPACE_ID'"
171+
VALIDATION_FAILED=true
172+
else
173+
echo "✅ AZURE_ENV_LOG_ANALYTICS_WORKSPACE_ID: Valid Resource ID format"
174+
fi
175+
else
176+
echo "✅ AZURE_ENV_LOG_ANALYTICS_WORKSPACE_ID: Not provided (optional)"
177+
fi
178+
179+
# Validate existing_webapp_url (optional, must start with https)
180+
if [[ -n "$INPUT_EXISTING_WEBAPP_URL" ]]; then
181+
if [[ ! "$INPUT_EXISTING_WEBAPP_URL" =~ ^https:// ]]; then
182+
echo "❌ ERROR: existing_webapp_url must start with 'https://', got: '$INPUT_EXISTING_WEBAPP_URL'"
183+
VALIDATION_FAILED=true
184+
else
185+
echo "✅ existing_webapp_url: '$INPUT_EXISTING_WEBAPP_URL' is valid"
186+
fi
187+
else
188+
echo "✅ existing_webapp_url: Not provided (will perform deployment)"
189+
fi
190+
191+
# Fail workflow if any validation failed
192+
if [[ "$VALIDATION_FAILED" == "true" ]]; then
193+
echo ""
194+
echo "❌ Parameter validation failed. Please correct the errors above and try again."
195+
exit 1
196+
fi
197+
198+
echo ""
199+
echo "✅ All input parameters validated successfully!"
200+
201+
# Output validated values
202+
echo "passed=true" >> $GITHUB_OUTPUT
203+
echo "azure_location=$LOCATION" >> $GITHUB_OUTPUT
204+
echo "resource_group_name=$INPUT_RESOURCE_GROUP_NAME" >> $GITHUB_OUTPUT
205+
echo "waf_enabled=$WAF_ENABLED" >> $GITHUB_OUTPUT
206+
echo "exp=$EXP_ENABLED" >> $GITHUB_OUTPUT
207+
echo "cleanup_resources=$CLEANUP_RESOURCES" >> $GITHUB_OUTPUT
208+
echo "run_e2e_tests=$TEST_OPTION" >> $GITHUB_OUTPUT
209+
echo "azure_env_log_analytics_workspace_id=$INPUT_AZURE_ENV_LOG_ANALYTICS_WORKSPACE_ID" >> $GITHUB_OUTPUT
210+
echo "existing_webapp_url=$INPUT_EXISTING_WEBAPP_URL" >> $GITHUB_OUTPUT
211+
72212
Run:
213+
needs: validate-inputs
214+
if: needs.validate-inputs.outputs.validation_passed == 'true'
73215
uses: ./.github/workflows/deploy-orchestrator.yml
74216
with:
75-
azure_location: ${{ github.event.inputs.azure_location || 'australiaeast' }}
76-
resource_group_name: ${{ github.event.inputs.resource_group_name || '' }}
77-
waf_enabled: ${{ github.event.inputs.waf_enabled == 'true' }}
78-
EXP: ${{ github.event.inputs.EXP == 'true' }}
79-
cleanup_resources: ${{ github.event.inputs.cleanup_resources == 'true' }}
80-
run_e2e_tests: ${{ github.event.inputs.run_e2e_tests || 'GoldenPath-Testing' }}
81-
AZURE_ENV_LOG_ANALYTICS_WORKSPACE_ID: ${{ github.event.inputs.AZURE_ENV_LOG_ANALYTICS_WORKSPACE_ID || '' }}
82-
existing_webapp_url: ${{ github.event.inputs.existing_webapp_url || '' }}
217+
azure_location: ${{ needs.validate-inputs.outputs.azure_location || 'australiaeast' }}
218+
resource_group_name: ${{ needs.validate-inputs.outputs.resource_group_name || '' }}
219+
waf_enabled: ${{ needs.validate-inputs.outputs.waf_enabled == 'true' }}
220+
EXP: ${{ needs.validate-inputs.outputs.exp == 'true' }}
221+
cleanup_resources: ${{ needs.validate-inputs.outputs.cleanup_resources == 'true' }}
222+
run_e2e_tests: ${{ needs.validate-inputs.outputs.run_e2e_tests || 'GoldenPath-Testing' }}
223+
AZURE_ENV_LOG_ANALYTICS_WORKSPACE_ID: ${{ needs.validate-inputs.outputs.azure_env_log_analytics_workspace_id || '' }}
224+
existing_webapp_url: ${{ needs.validate-inputs.outputs.existing_webapp_url || '' }}
83225
trigger_type: ${{ github.event_name }}
84226
secrets: inherit

.github/workflows/deploy-orchestrator.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -96,7 +96,7 @@ jobs:
9696
secrets: inherit
9797

9898
cleanup-deployment:
99-
if: "!cancelled() && needs.deploy.result == 'success' && needs.deploy.outputs.RESOURCE_GROUP_NAME != '' && inputs.existing_webapp_url == '' && (inputs.trigger_type != 'workflow_dispatch' || inputs.cleanup_resources)"
99+
if: "!cancelled() && needs.deploy.outputs.RESOURCE_GROUP_NAME != '' && inputs.existing_webapp_url == '' && (inputs.trigger_type != 'workflow_dispatch' || inputs.cleanup_resources)"
100100
needs: [deploy, e2e-test]
101101
uses: ./.github/workflows/job-cleanup-deployment.yml
102102
with:

.github/workflows/job-cleanup-deployment.yml

Lines changed: 93 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -48,6 +48,99 @@ jobs:
4848
ENV_NAME: ${{ inputs.ENV_NAME }}
4949
IMAGE_TAG: ${{ inputs.IMAGE_TAG }}
5050
steps:
51+
- name: Validate Workflow Input Parameters
52+
shell: bash
53+
env:
54+
INPUT_TRIGGER_TYPE: ${{ inputs.trigger_type }}
55+
INPUT_CLEANUP_RESOURCES: ${{ inputs.cleanup_resources }}
56+
INPUT_EXISTING_WEBAPP_URL: ${{ inputs.existing_webapp_url }}
57+
INPUT_RESOURCE_GROUP_NAME: ${{ inputs.RESOURCE_GROUP_NAME }}
58+
INPUT_AZURE_LOCATION: ${{ inputs.AZURE_LOCATION }}
59+
INPUT_AZURE_ENV_OPENAI_LOCATION: ${{ inputs.AZURE_ENV_OPENAI_LOCATION }}
60+
INPUT_ENV_NAME: ${{ inputs.ENV_NAME }}
61+
INPUT_IMAGE_TAG: ${{ inputs.IMAGE_TAG }}
62+
run: |
63+
echo "🔍 Validating workflow input parameters..."
64+
VALIDATION_FAILED=false
65+
66+
# Validate trigger_type (required - alphanumeric with underscores)
67+
if [[ -z "$INPUT_TRIGGER_TYPE" ]]; then
68+
echo "❌ ERROR: trigger_type is required but was not provided"
69+
VALIDATION_FAILED=true
70+
elif [[ ! "$INPUT_TRIGGER_TYPE" =~ ^[a-zA-Z0-9_]+$ ]]; then
71+
echo "❌ ERROR: trigger_type '$INPUT_TRIGGER_TYPE' is invalid. Must contain only alphanumeric characters and underscores"
72+
VALIDATION_FAILED=true
73+
fi
74+
75+
# Validate cleanup_resources (boolean)
76+
if [[ "$INPUT_CLEANUP_RESOURCES" != "true" && "$INPUT_CLEANUP_RESOURCES" != "false" ]]; then
77+
echo "❌ ERROR: cleanup_resources must be 'true' or 'false', got '$INPUT_CLEANUP_RESOURCES'"
78+
VALIDATION_FAILED=true
79+
fi
80+
81+
# Validate existing_webapp_url (optional - must start with https if provided)
82+
if [[ -n "$INPUT_EXISTING_WEBAPP_URL" ]]; then
83+
if [[ ! "$INPUT_EXISTING_WEBAPP_URL" =~ ^https:// ]]; then
84+
echo "❌ ERROR: existing_webapp_url must start with 'https://', got '$INPUT_EXISTING_WEBAPP_URL'"
85+
VALIDATION_FAILED=true
86+
fi
87+
fi
88+
89+
# Validate RESOURCE_GROUP_NAME (required - Azure resource group naming convention)
90+
if [[ -z "$INPUT_RESOURCE_GROUP_NAME" ]]; then
91+
echo "❌ ERROR: RESOURCE_GROUP_NAME is required but was not provided"
92+
VALIDATION_FAILED=true
93+
elif [[ ! "$INPUT_RESOURCE_GROUP_NAME" =~ ^[a-zA-Z0-9._\(\)-]+$ ]] || [[ "$INPUT_RESOURCE_GROUP_NAME" =~ \.$ ]]; then
94+
echo "❌ ERROR: RESOURCE_GROUP_NAME is invalid. Must contain only alphanumerics, periods, underscores, hyphens, and parentheses. Cannot end with period."
95+
VALIDATION_FAILED=true
96+
elif [[ ${#INPUT_RESOURCE_GROUP_NAME} -gt 90 ]]; then
97+
echo "❌ ERROR: RESOURCE_GROUP_NAME exceeds 90 characters"
98+
VALIDATION_FAILED=true
99+
fi
100+
101+
# Validate AZURE_LOCATION (required - Azure region format)
102+
if [[ -z "$INPUT_AZURE_LOCATION" ]]; then
103+
echo "❌ ERROR: AZURE_LOCATION is required but was not provided"
104+
VALIDATION_FAILED=true
105+
elif [[ ! "$INPUT_AZURE_LOCATION" =~ ^[a-z0-9]+$ ]]; then
106+
echo "❌ ERROR: AZURE_LOCATION '$INPUT_AZURE_LOCATION' is invalid. Must contain only lowercase letters and numbers"
107+
VALIDATION_FAILED=true
108+
fi
109+
110+
# Validate AZURE_ENV_OPENAI_LOCATION (required - Azure region format)
111+
if [[ -z "$INPUT_AZURE_ENV_OPENAI_LOCATION" ]]; then
112+
echo "❌ ERROR: AZURE_ENV_OPENAI_LOCATION is required but was not provided"
113+
VALIDATION_FAILED=true
114+
elif [[ ! "$INPUT_AZURE_ENV_OPENAI_LOCATION" =~ ^[a-z0-9]+$ ]]; then
115+
echo "❌ ERROR: AZURE_ENV_OPENAI_LOCATION '$INPUT_AZURE_ENV_OPENAI_LOCATION' is invalid. Must contain only lowercase letters and numbers"
116+
VALIDATION_FAILED=true
117+
fi
118+
119+
# Validate ENV_NAME (required - alphanumeric with underscores and hyphens)
120+
if [[ -z "$INPUT_ENV_NAME" ]]; then
121+
echo "❌ ERROR: ENV_NAME is required but was not provided"
122+
VALIDATION_FAILED=true
123+
elif [[ ! "$INPUT_ENV_NAME" =~ ^[a-zA-Z0-9_-]+$ ]]; then
124+
echo "❌ ERROR: ENV_NAME '$INPUT_ENV_NAME' is invalid. Must contain only alphanumeric characters, underscores, and hyphens"
125+
VALIDATION_FAILED=true
126+
fi
127+
128+
# Validate IMAGE_TAG (required - Docker tag pattern)
129+
if [[ -z "$INPUT_IMAGE_TAG" ]]; then
130+
echo "❌ ERROR: IMAGE_TAG is required but was not provided"
131+
VALIDATION_FAILED=true
132+
elif [[ ! "$INPUT_IMAGE_TAG" =~ ^[a-zA-Z0-9_][a-zA-Z0-9._-]{0,127}$ ]]; then
133+
echo "❌ ERROR: IMAGE_TAG '$INPUT_IMAGE_TAG' is invalid. Must be a valid Docker tag (alphanumeric start, up to 128 chars)"
134+
VALIDATION_FAILED=true
135+
fi
136+
137+
if [[ "$VALIDATION_FAILED" == "true" ]]; then
138+
echo "❌ Input validation failed. Please check the errors above."
139+
exit 1
140+
fi
141+
142+
echo "✅ All input parameters validated successfully"
143+
51144
- name: Setup Azure CLI
52145
shell: bash
53146
run: |

0 commit comments

Comments
 (0)