|
1 | 1 | name: Deploy-Test-Cleanup (v2) Linux |
| 2 | +permissions: |
| 3 | + contents: read |
| 4 | + actions: read |
2 | 5 | on: |
3 | 6 | workflow_run: |
4 | 7 | workflows: ["Build Docker and Optional Push"] |
|
78 | 81 | - cron: '0 5,17 * * *' # Runs at 5:00 AM and 5:00 PM GMT |
79 | 82 |
|
80 | 83 | jobs: |
| 84 | + validate-inputs: |
| 85 | + runs-on: ubuntu-latest |
| 86 | + outputs: |
| 87 | + validation_passed: ${{ steps.validate.outputs.passed }} |
| 88 | + azure_location: ${{ steps.validate.outputs.azure_location }} |
| 89 | + resource_group_name: ${{ steps.validate.outputs.resource_group_name }} |
| 90 | + waf_enabled: ${{ steps.validate.outputs.waf_enabled }} |
| 91 | + exp: ${{ steps.validate.outputs.exp }} |
| 92 | + build_docker_image: ${{ steps.validate.outputs.build_docker_image }} |
| 93 | + cleanup_resources: ${{ steps.validate.outputs.cleanup_resources }} |
| 94 | + run_e2e_tests: ${{ steps.validate.outputs.run_e2e_tests }} |
| 95 | + azure_env_log_analytics_workspace_id: ${{ steps.validate.outputs.azure_env_log_analytics_workspace_id }} |
| 96 | + azure_existing_ai_project_resource_id: ${{ steps.validate.outputs.azure_existing_ai_project_resource_id }} |
| 97 | + existing_webapp_url: ${{ steps.validate.outputs.existing_webapp_url }} |
| 98 | + steps: |
| 99 | + - name: Validate Workflow Input Parameters |
| 100 | + id: validate |
| 101 | + shell: bash |
| 102 | + env: |
| 103 | + INPUT_AZURE_LOCATION: ${{ github.event.inputs.azure_location }} |
| 104 | + INPUT_RESOURCE_GROUP_NAME: ${{ github.event.inputs.resource_group_name }} |
| 105 | + INPUT_WAF_ENABLED: ${{ github.event.inputs.waf_enabled }} |
| 106 | + INPUT_EXP: ${{ github.event.inputs.EXP }} |
| 107 | + INPUT_BUILD_DOCKER_IMAGE: ${{ github.event.inputs.build_docker_image }} |
| 108 | + INPUT_CLEANUP_RESOURCES: ${{ github.event.inputs.cleanup_resources }} |
| 109 | + INPUT_RUN_E2E_TESTS: ${{ github.event.inputs.run_e2e_tests }} |
| 110 | + INPUT_AZURE_ENV_LOG_ANALYTICS_WORKSPACE_ID: ${{ github.event.inputs.AZURE_ENV_LOG_ANALYTICS_WORKSPACE_ID }} |
| 111 | + INPUT_AZURE_EXISTING_AI_PROJECT_RESOURCE_ID: ${{ github.event.inputs.AZURE_EXISTING_AI_PROJECT_RESOURCE_ID }} |
| 112 | + INPUT_EXISTING_WEBAPP_URL: ${{ github.event.inputs.existing_webapp_url }} |
| 113 | + run: | |
| 114 | + echo "🔍 Validating workflow input parameters..." |
| 115 | + VALIDATION_FAILED=false |
| 116 | + |
| 117 | + # Validate azure_location (Azure region format) |
| 118 | + LOCATION="${INPUT_AZURE_LOCATION:-australiaeast}" |
| 119 | + |
| 120 | + if [[ ! "$LOCATION" =~ ^[a-z0-9]+$ ]]; then |
| 121 | + echo "❌ ERROR: azure_location '$LOCATION' is invalid. Must contain only lowercase letters and numbers" |
| 122 | + VALIDATION_FAILED=true |
| 123 | + else |
| 124 | + echo "✅ azure_location: '$LOCATION' is valid" |
| 125 | + fi |
| 126 | + |
| 127 | + # Validate resource_group_name (Azure naming convention, optional) |
| 128 | + if [[ -n "$INPUT_RESOURCE_GROUP_NAME" ]]; then |
| 129 | + if [[ ! "$INPUT_RESOURCE_GROUP_NAME" =~ ^[a-zA-Z0-9._\(\)-]+$ ]] || [[ "$INPUT_RESOURCE_GROUP_NAME" =~ \.$ ]]; then |
| 130 | + echo "❌ ERROR: resource_group_name '$INPUT_RESOURCE_GROUP_NAME' is invalid. Must contain only alphanumerics, periods, underscores, hyphens, and parentheses. Cannot end with period." |
| 131 | + VALIDATION_FAILED=true |
| 132 | + elif [[ ${#INPUT_RESOURCE_GROUP_NAME} -gt 90 ]]; then |
| 133 | + echo "❌ ERROR: resource_group_name '$INPUT_RESOURCE_GROUP_NAME' exceeds 90 characters (length: ${#INPUT_RESOURCE_GROUP_NAME})" |
| 134 | + VALIDATION_FAILED=true |
| 135 | + else |
| 136 | + echo "✅ resource_group_name: '$INPUT_RESOURCE_GROUP_NAME' is valid" |
| 137 | + fi |
| 138 | + else |
| 139 | + echo "✅ resource_group_name: Not provided (will be auto-generated)" |
| 140 | + fi |
| 141 | + |
| 142 | + # Validate waf_enabled (boolean) |
| 143 | + WAF_ENABLED="${INPUT_WAF_ENABLED:-false}" |
| 144 | + if [[ "$WAF_ENABLED" != "true" && "$WAF_ENABLED" != "false" ]]; then |
| 145 | + echo "❌ ERROR: waf_enabled must be 'true' or 'false', got: '$WAF_ENABLED'" |
| 146 | + VALIDATION_FAILED=true |
| 147 | + else |
| 148 | + echo "✅ waf_enabled: '$WAF_ENABLED' is valid" |
| 149 | + fi |
| 150 | + |
| 151 | + # Validate EXP (boolean) |
| 152 | + EXP_ENABLED="${INPUT_EXP:-false}" |
| 153 | + if [[ "$EXP_ENABLED" != "true" && "$EXP_ENABLED" != "false" ]]; then |
| 154 | + echo "❌ ERROR: EXP must be 'true' or 'false', got: '$EXP_ENABLED'" |
| 155 | + VALIDATION_FAILED=true |
| 156 | + else |
| 157 | + echo "✅ EXP: '$EXP_ENABLED' is valid" |
| 158 | + fi |
| 159 | + |
| 160 | + # Validate build_docker_image (boolean) |
| 161 | + BUILD_DOCKER="${INPUT_BUILD_DOCKER_IMAGE:-false}" |
| 162 | + if [[ "$BUILD_DOCKER" != "true" && "$BUILD_DOCKER" != "false" ]]; then |
| 163 | + echo "❌ ERROR: build_docker_image must be 'true' or 'false', got: '$BUILD_DOCKER'" |
| 164 | + VALIDATION_FAILED=true |
| 165 | + else |
| 166 | + echo "✅ build_docker_image: '$BUILD_DOCKER' is valid" |
| 167 | + fi |
| 168 | + |
| 169 | + # Validate cleanup_resources (boolean) |
| 170 | + CLEANUP_RESOURCES="${INPUT_CLEANUP_RESOURCES:-false}" |
| 171 | + if [[ "$CLEANUP_RESOURCES" != "true" && "$CLEANUP_RESOURCES" != "false" ]]; then |
| 172 | + echo "❌ ERROR: cleanup_resources must be 'true' or 'false', got: '$CLEANUP_RESOURCES'" |
| 173 | + VALIDATION_FAILED=true |
| 174 | + else |
| 175 | + echo "✅ cleanup_resources: '$CLEANUP_RESOURCES' is valid" |
| 176 | + fi |
| 177 | + |
| 178 | + # Validate run_e2e_tests (specific allowed values) |
| 179 | + TEST_OPTION="${INPUT_RUN_E2E_TESTS:-GoldenPath-Testing}" |
| 180 | + if [[ "$TEST_OPTION" != "GoldenPath-Testing" && "$TEST_OPTION" != "Smoke-Testing" && "$TEST_OPTION" != "None" ]]; then |
| 181 | + echo "❌ ERROR: run_e2e_tests must be one of: GoldenPath-Testing, Smoke-Testing, None, got: '$TEST_OPTION'" |
| 182 | + VALIDATION_FAILED=true |
| 183 | + else |
| 184 | + echo "✅ run_e2e_tests: '$TEST_OPTION' is valid" |
| 185 | + fi |
| 186 | + |
| 187 | + # Validate AZURE_ENV_LOG_ANALYTICS_WORKSPACE_ID (optional, Azure Resource ID format) |
| 188 | + if [[ -n "$INPUT_AZURE_ENV_LOG_ANALYTICS_WORKSPACE_ID" ]]; then |
| 189 | + if [[ ! "$INPUT_AZURE_ENV_LOG_ANALYTICS_WORKSPACE_ID" =~ ^/subscriptions/[a-fA-F0-9-]+/[Rr]esource[Gg]roups/[^/]+/providers/[Mm]icrosoft\.[Oo]perational[Ii]nsights/[Ww]orkspaces/[^/]+$ ]]; then |
| 190 | + echo "❌ ERROR: AZURE_ENV_LOG_ANALYTICS_WORKSPACE_ID is invalid. Must be a valid Azure Resource ID format:" |
| 191 | + echo " /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}" |
| 192 | + echo " Got: '$INPUT_AZURE_ENV_LOG_ANALYTICS_WORKSPACE_ID'" |
| 193 | + VALIDATION_FAILED=true |
| 194 | + else |
| 195 | + echo "✅ AZURE_ENV_LOG_ANALYTICS_WORKSPACE_ID: Valid Resource ID format" |
| 196 | + fi |
| 197 | + else |
| 198 | + echo "✅ AZURE_ENV_LOG_ANALYTICS_WORKSPACE_ID: Not provided (optional)" |
| 199 | + fi |
| 200 | + |
| 201 | + # Validate AZURE_EXISTING_AI_PROJECT_RESOURCE_ID (optional, Azure Resource ID format) |
| 202 | + if [[ -n "$INPUT_AZURE_EXISTING_AI_PROJECT_RESOURCE_ID" ]]; then |
| 203 | + if [[ ! "$INPUT_AZURE_EXISTING_AI_PROJECT_RESOURCE_ID" =~ ^/subscriptions/[a-fA-F0-9-]+/[Rr]esource[Gg]roups/[^/]+/providers/([Mm]icrosoft\.[Mm]achine[Ll]earning[Ss]ervices/([Ww]orkspaces|[Pp]rojects)/[^/]+|[Mm]icrosoft\.[Cc]ognitive[Ss]ervices/[Aa]ccounts/[^/]+/[Pp]rojects/[^/]+)$ ]]; then |
| 204 | + echo "❌ ERROR: AZURE_EXISTING_AI_PROJECT_RESOURCE_ID is invalid. Must be a valid Azure Resource ID format:" |
| 205 | + echo " /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.CognitiveServices/accounts/{accountName}/projects/{projectName}" |
| 206 | + echo " Got: '$INPUT_AZURE_EXISTING_AI_PROJECT_RESOURCE_ID'" |
| 207 | + VALIDATION_FAILED=true |
| 208 | + else |
| 209 | + echo "✅ AZURE_EXISTING_AI_PROJECT_RESOURCE_ID: Valid Resource ID format" |
| 210 | + fi |
| 211 | + else |
| 212 | + echo "✅ AZURE_EXISTING_AI_PROJECT_RESOURCE_ID: Not provided (optional)" |
| 213 | + fi |
| 214 | + |
| 215 | + # Validate existing_webapp_url (optional, must start with https) |
| 216 | + if [[ -n "$INPUT_EXISTING_WEBAPP_URL" ]]; then |
| 217 | + if [[ ! "$INPUT_EXISTING_WEBAPP_URL" =~ ^https:// ]]; then |
| 218 | + echo "❌ ERROR: existing_webapp_url must start with 'https://', got: '$INPUT_EXISTING_WEBAPP_URL'" |
| 219 | + VALIDATION_FAILED=true |
| 220 | + else |
| 221 | + echo "✅ existing_webapp_url: '$INPUT_EXISTING_WEBAPP_URL' is valid" |
| 222 | + fi |
| 223 | + else |
| 224 | + echo "✅ existing_webapp_url: Not provided (will perform deployment)" |
| 225 | + fi |
| 226 | + |
| 227 | + # Fail workflow if any validation failed |
| 228 | + if [[ "$VALIDATION_FAILED" == "true" ]]; then |
| 229 | + echo "" |
| 230 | + echo "❌ Parameter validation failed. Please correct the errors above and try again." |
| 231 | + exit 1 |
| 232 | + fi |
| 233 | + |
| 234 | + echo "" |
| 235 | + echo "✅ All input parameters validated successfully!" |
| 236 | + |
| 237 | + # Output validated values |
| 238 | + echo "passed=true" >> $GITHUB_OUTPUT |
| 239 | + echo "azure_location=$LOCATION" >> $GITHUB_OUTPUT |
| 240 | + echo "resource_group_name=$INPUT_RESOURCE_GROUP_NAME" >> $GITHUB_OUTPUT |
| 241 | + echo "waf_enabled=$WAF_ENABLED" >> $GITHUB_OUTPUT |
| 242 | + echo "exp=$EXP_ENABLED" >> $GITHUB_OUTPUT |
| 243 | + echo "build_docker_image=$BUILD_DOCKER" >> $GITHUB_OUTPUT |
| 244 | + echo "cleanup_resources=$CLEANUP_RESOURCES" >> $GITHUB_OUTPUT |
| 245 | + echo "run_e2e_tests=$TEST_OPTION" >> $GITHUB_OUTPUT |
| 246 | + echo "azure_env_log_analytics_workspace_id=$INPUT_AZURE_ENV_LOG_ANALYTICS_WORKSPACE_ID" >> $GITHUB_OUTPUT |
| 247 | + echo "azure_existing_ai_project_resource_id=$INPUT_AZURE_EXISTING_AI_PROJECT_RESOURCE_ID" >> $GITHUB_OUTPUT |
| 248 | + echo "existing_webapp_url=$INPUT_EXISTING_WEBAPP_URL" >> $GITHUB_OUTPUT |
| 249 | +
|
81 | 250 | Run: |
| 251 | + needs: validate-inputs |
| 252 | + if: needs.validate-inputs.outputs.validation_passed == 'true' |
82 | 253 | uses: ./.github/workflows/deploy-orchestrator.yml |
83 | 254 | with: |
84 | 255 | runner_os: ubuntu-latest |
85 | | - azure_location: ${{ github.event.inputs.azure_location || 'australiaeast' }} |
86 | | - resource_group_name: ${{ github.event.inputs.resource_group_name || '' }} |
87 | | - waf_enabled: ${{ github.event.inputs.waf_enabled == 'true' }} |
88 | | - EXP: ${{ github.event.inputs.EXP == 'true' }} |
89 | | - build_docker_image: ${{ github.event.inputs.build_docker_image == 'true' }} |
90 | | - cleanup_resources: ${{ github.event.inputs.cleanup_resources == 'true' }} |
91 | | - run_e2e_tests: ${{ github.event.inputs.run_e2e_tests || 'GoldenPath-Testing' }} |
92 | | - AZURE_ENV_LOG_ANALYTICS_WORKSPACE_ID: ${{ github.event.inputs.AZURE_ENV_LOG_ANALYTICS_WORKSPACE_ID || '' }} |
93 | | - AZURE_EXISTING_AI_PROJECT_RESOURCE_ID: ${{ github.event.inputs.AZURE_EXISTING_AI_PROJECT_RESOURCE_ID || '' }} |
94 | | - existing_webapp_url: ${{ github.event.inputs.existing_webapp_url || '' }} |
| 256 | + azure_location: ${{ needs.validate-inputs.outputs.azure_location || 'australiaeast' }} |
| 257 | + resource_group_name: ${{ needs.validate-inputs.outputs.resource_group_name || '' }} |
| 258 | + waf_enabled: ${{ needs.validate-inputs.outputs.waf_enabled == 'true' }} |
| 259 | + EXP: ${{ needs.validate-inputs.outputs.exp == 'true' }} |
| 260 | + build_docker_image: ${{ needs.validate-inputs.outputs.build_docker_image == 'true' }} |
| 261 | + cleanup_resources: ${{ needs.validate-inputs.outputs.cleanup_resources == 'true' }} |
| 262 | + run_e2e_tests: ${{ needs.validate-inputs.outputs.run_e2e_tests || 'GoldenPath-Testing' }} |
| 263 | + AZURE_ENV_LOG_ANALYTICS_WORKSPACE_ID: ${{ needs.validate-inputs.outputs.azure_env_log_analytics_workspace_id || '' }} |
| 264 | + AZURE_EXISTING_AI_PROJECT_RESOURCE_ID: ${{ needs.validate-inputs.outputs.azure_existing_ai_project_resource_id || '' }} |
| 265 | + existing_webapp_url: ${{ needs.validate-inputs.outputs.existing_webapp_url || '' }} |
95 | 266 | trigger_type: ${{ github.event_name }} |
96 | 267 | secrets: inherit |
0 commit comments