Skip to content

Commit db3d217

Browse files
fix: Map inputs to environment variables and Add input validation for workflow parameters
1 parent 89b8eed commit db3d217

3 files changed

Lines changed: 511 additions & 54 deletions

File tree

.github/workflows/job-deploy-linux.yml

Lines changed: 171 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -54,10 +54,143 @@ jobs:
5454
- name: Checkout Code
5555
uses: actions/checkout@v4
5656

57+
- name: Validate Workflow Input Parameters
58+
shell: bash
59+
env:
60+
INPUT_ENV_NAME: ${{ inputs.ENV_NAME }}
61+
INPUT_AZURE_ENV_OPENAI_LOCATION: ${{ inputs.AZURE_ENV_OPENAI_LOCATION }}
62+
INPUT_AZURE_LOCATION: ${{ inputs.AZURE_LOCATION }}
63+
INPUT_RESOURCE_GROUP_NAME: ${{ inputs.RESOURCE_GROUP_NAME }}
64+
INPUT_IMAGE_TAG: ${{ inputs.IMAGE_TAG }}
65+
INPUT_BUILD_DOCKER_IMAGE: ${{ inputs.BUILD_DOCKER_IMAGE }}
66+
INPUT_EXP: ${{ inputs.EXP }}
67+
INPUT_WAF_ENABLED: ${{ inputs.WAF_ENABLED }}
68+
INPUT_AZURE_ENV_LOG_ANALYTICS_WORKSPACE_ID: ${{ inputs.AZURE_ENV_LOG_ANALYTICS_WORKSPACE_ID }}
69+
INPUT_AZURE_EXISTING_AI_PROJECT_RESOURCE_ID: ${{ inputs.AZURE_EXISTING_AI_PROJECT_RESOURCE_ID }}
70+
run: |
71+
echo "🔍 Validating workflow input parameters..."
72+
VALIDATION_FAILED=false
73+
74+
# Validate ENV_NAME (required, alphanumeric and hyphens)
75+
if [[ -z "$INPUT_ENV_NAME" ]]; then
76+
echo "❌ ERROR: ENV_NAME is required but not provided"
77+
VALIDATION_FAILED=true
78+
elif [[ ! "$INPUT_ENV_NAME" =~ ^[a-zA-Z0-9-]+$ ]]; then
79+
echo "❌ ERROR: ENV_NAME '$INPUT_ENV_NAME' is invalid. Must contain only alphanumerics and hyphens"
80+
VALIDATION_FAILED=true
81+
else
82+
echo "✅ ENV_NAME: '$INPUT_ENV_NAME' is valid"
83+
fi
84+
85+
# Validate AZURE_ENV_OPENAI_LOCATION (required, Azure region format)
86+
if [[ -z "$INPUT_AZURE_ENV_OPENAI_LOCATION" ]]; then
87+
echo "❌ ERROR: AZURE_ENV_OPENAI_LOCATION is required but not provided"
88+
VALIDATION_FAILED=true
89+
elif [[ ! "$INPUT_AZURE_ENV_OPENAI_LOCATION" =~ ^[a-z0-9]+$ ]]; then
90+
echo "❌ ERROR: AZURE_ENV_OPENAI_LOCATION '$INPUT_AZURE_ENV_OPENAI_LOCATION' is invalid. Must contain only lowercase letters and numbers"
91+
VALIDATION_FAILED=true
92+
else
93+
echo "✅ AZURE_ENV_OPENAI_LOCATION: '$INPUT_AZURE_ENV_OPENAI_LOCATION' is valid"
94+
fi
95+
96+
# Validate AZURE_LOCATION (required, Azure region format)
97+
if [[ -z "$INPUT_AZURE_LOCATION" ]]; then
98+
echo "❌ ERROR: AZURE_LOCATION is required but not provided"
99+
VALIDATION_FAILED=true
100+
elif [[ ! "$INPUT_AZURE_LOCATION" =~ ^[a-z0-9]+$ ]]; then
101+
echo "❌ ERROR: AZURE_LOCATION '$INPUT_AZURE_LOCATION' is invalid. Must contain only lowercase letters and numbers"
102+
VALIDATION_FAILED=true
103+
else
104+
echo "✅ AZURE_LOCATION: '$INPUT_AZURE_LOCATION' is valid"
105+
fi
106+
107+
# Validate RESOURCE_GROUP_NAME (required, Azure naming convention)
108+
if [[ -z "$INPUT_RESOURCE_GROUP_NAME" ]]; then
109+
echo "❌ ERROR: RESOURCE_GROUP_NAME is required but not provided"
110+
VALIDATION_FAILED=true
111+
elif [[ ! "$INPUT_RESOURCE_GROUP_NAME" =~ ^[a-zA-Z0-9._\(\)-]+$ ]] || [[ "$INPUT_RESOURCE_GROUP_NAME" =~ \.$ ]]; then
112+
echo "❌ ERROR: RESOURCE_GROUP_NAME '$INPUT_RESOURCE_GROUP_NAME' is invalid. Must contain only alphanumerics, periods, underscores, hyphens, and parentheses. Cannot end with period."
113+
VALIDATION_FAILED=true
114+
elif [[ ${#INPUT_RESOURCE_GROUP_NAME} -gt 90 ]]; then
115+
echo "❌ ERROR: RESOURCE_GROUP_NAME '$INPUT_RESOURCE_GROUP_NAME' exceeds 90 characters"
116+
VALIDATION_FAILED=true
117+
else
118+
echo "✅ RESOURCE_GROUP_NAME: '$INPUT_RESOURCE_GROUP_NAME' is valid"
119+
fi
120+
121+
# Validate IMAGE_TAG (required, Docker tag pattern)
122+
if [[ -z "$INPUT_IMAGE_TAG" ]]; then
123+
echo "❌ ERROR: IMAGE_TAG is required but not provided"
124+
VALIDATION_FAILED=true
125+
elif [[ ! "$INPUT_IMAGE_TAG" =~ ^[a-zA-Z0-9_][a-zA-Z0-9._-]{0,127}$ ]]; then
126+
echo "❌ ERROR: IMAGE_TAG '$INPUT_IMAGE_TAG' is invalid. Must start with alphanumeric or underscore, max 128 characters"
127+
VALIDATION_FAILED=true
128+
else
129+
echo "✅ IMAGE_TAG: '$INPUT_IMAGE_TAG' is valid"
130+
fi
131+
132+
# Validate BUILD_DOCKER_IMAGE (required, must be 'true' or 'false')
133+
if [[ "$INPUT_BUILD_DOCKER_IMAGE" != "true" && "$INPUT_BUILD_DOCKER_IMAGE" != "false" ]]; then
134+
echo "❌ ERROR: BUILD_DOCKER_IMAGE must be 'true' or 'false', got: '$INPUT_BUILD_DOCKER_IMAGE'"
135+
VALIDATION_FAILED=true
136+
else
137+
echo "✅ BUILD_DOCKER_IMAGE: '$INPUT_BUILD_DOCKER_IMAGE' is valid"
138+
fi
139+
140+
# Validate EXP (required, must be 'true' or 'false')
141+
if [[ "$INPUT_EXP" != "true" && "$INPUT_EXP" != "false" ]]; then
142+
echo "❌ ERROR: EXP must be 'true' or 'false', got: '$INPUT_EXP'"
143+
VALIDATION_FAILED=true
144+
else
145+
echo "✅ EXP: '$INPUT_EXP' is valid"
146+
fi
147+
148+
# Validate WAF_ENABLED (must be 'true' or 'false')
149+
if [[ "$INPUT_WAF_ENABLED" != "true" && "$INPUT_WAF_ENABLED" != "false" ]]; then
150+
echo "❌ ERROR: WAF_ENABLED must be 'true' or 'false', got: '$INPUT_WAF_ENABLED'"
151+
VALIDATION_FAILED=true
152+
else
153+
echo "✅ WAF_ENABLED: '$INPUT_WAF_ENABLED' is valid"
154+
fi
155+
156+
# Validate AZURE_ENV_LOG_ANALYTICS_WORKSPACE_ID (optional, if provided must be valid Resource ID)
157+
if [[ -n "$INPUT_AZURE_ENV_LOG_ANALYTICS_WORKSPACE_ID" ]]; then
158+
if [[ ! "$INPUT_AZURE_ENV_LOG_ANALYTICS_WORKSPACE_ID" =~ ^/subscriptions/[a-fA-F0-9-]+/resourceGroups/[^/]+/providers/Microsoft\.(OperationalInsights|Insights)/workspaces/[^/]+$ ]]; then
159+
echo "❌ ERROR: AZURE_ENV_LOG_ANALYTICS_WORKSPACE_ID is invalid. Must be a valid Azure Resource ID format"
160+
echo " Got: '$INPUT_AZURE_ENV_LOG_ANALYTICS_WORKSPACE_ID'"
161+
VALIDATION_FAILED=true
162+
else
163+
echo "✅ AZURE_ENV_LOG_ANALYTICS_WORKSPACE_ID: Valid Resource ID format"
164+
fi
165+
fi
166+
167+
# Validate AZURE_EXISTING_AI_PROJECT_RESOURCE_ID (optional, if provided must be valid Resource ID)
168+
if [[ -n "$INPUT_AZURE_EXISTING_AI_PROJECT_RESOURCE_ID" ]]; then
169+
if [[ ! "$INPUT_AZURE_EXISTING_AI_PROJECT_RESOURCE_ID" =~ ^/subscriptions/[a-fA-F0-9-]+/resourceGroups/[^/]+/providers/Microsoft\.MachineLearningServices/(workspaces|projects)/[^/]+$ ]]; then
170+
echo "❌ ERROR: AZURE_EXISTING_AI_PROJECT_RESOURCE_ID is invalid. Must be a valid Azure Resource ID format"
171+
echo " Got: '$INPUT_AZURE_EXISTING_AI_PROJECT_RESOURCE_ID'"
172+
VALIDATION_FAILED=true
173+
else
174+
echo "✅ AZURE_EXISTING_AI_PROJECT_RESOURCE_ID: Valid Resource ID format"
175+
fi
176+
fi
177+
178+
# Fail workflow if any validation failed
179+
if [[ "$VALIDATION_FAILED" == "true" ]]; then
180+
echo ""
181+
echo "❌ Parameter validation failed. Please correct the errors above and try again."
182+
exit 1
183+
fi
184+
185+
echo ""
186+
echo "✅ All input parameters validated successfully!"
187+
57188
- name: Configure Parameters Based on WAF Setting
58189
shell: bash
190+
env:
191+
INPUT_WAF_ENABLED: ${{ inputs.WAF_ENABLED }}
59192
run: |
60-
if [[ "${{ inputs.WAF_ENABLED }}" == "true" ]]; then
193+
if [[ "$INPUT_WAF_ENABLED" == "true" ]]; then
61194
cp infra/main.waf.parameters.json infra/main.parameters.json
62195
echo "✅ Successfully copied WAF parameters to main parameters file"
63196
else
@@ -87,44 +220,54 @@ jobs:
87220
- name: Deploy using azd up and extract values (Linux)
88221
id: get_output_linux
89222
shell: bash
223+
env:
224+
INPUT_ENV_NAME: ${{ inputs.ENV_NAME }}
225+
INPUT_AZURE_ENV_OPENAI_LOCATION: ${{ inputs.AZURE_ENV_OPENAI_LOCATION }}
226+
INPUT_AZURE_LOCATION: ${{ inputs.AZURE_LOCATION }}
227+
INPUT_RESOURCE_GROUP_NAME: ${{ inputs.RESOURCE_GROUP_NAME }}
228+
INPUT_IMAGE_TAG: ${{ inputs.IMAGE_TAG }}
229+
INPUT_BUILD_DOCKER_IMAGE: ${{ inputs.BUILD_DOCKER_IMAGE }}
230+
INPUT_EXP: ${{ inputs.EXP }}
231+
INPUT_AZURE_ENV_LOG_ANALYTICS_WORKSPACE_ID: ${{ inputs.AZURE_ENV_LOG_ANALYTICS_WORKSPACE_ID }}
232+
INPUT_AZURE_EXISTING_AI_PROJECT_RESOURCE_ID: ${{ inputs.AZURE_EXISTING_AI_PROJECT_RESOURCE_ID }}
90233
run: |
91234
set -e
92235
# Install azd (Azure Developer CLI)
93236
curl -fsSL https://aka.ms/install-azd.sh | bash
94237
95238
echo "Creating environment..."
96-
azd env new ${{ inputs.ENV_NAME }} --no-prompt
97-
echo "Environment created: ${{ inputs.ENV_NAME }}"
239+
azd env new $INPUT_ENV_NAME --no-prompt
240+
echo "Environment created: $INPUT_ENV_NAME"
98241
99242
echo "Setting default subscription..."
100243
azd config set defaults.subscription ${{ secrets.AZURE_SUBSCRIPTION_ID }}
101244
102245
# Set additional parameters
103246
azd env set AZURE_SUBSCRIPTION_ID="${{ secrets.AZURE_SUBSCRIPTION_ID }}"
104-
azd env set AZURE_ENV_OPENAI_LOCATION="${{ inputs.AZURE_ENV_OPENAI_LOCATION }}"
105-
azd env set AZURE_LOCATION="${{ inputs.AZURE_LOCATION }}"
106-
azd env set AZURE_RESOURCE_GROUP="${{ inputs.RESOURCE_GROUP_NAME }}"
107-
azd env set AZURE_ENV_IMAGE_TAG="${{ inputs.IMAGE_TAG }}"
247+
azd env set AZURE_ENV_OPENAI_LOCATION="$INPUT_AZURE_ENV_OPENAI_LOCATION"
248+
azd env set AZURE_LOCATION="$INPUT_AZURE_LOCATION"
249+
azd env set AZURE_RESOURCE_GROUP="$INPUT_RESOURCE_GROUP_NAME"
250+
azd env set AZURE_ENV_IMAGE_TAG="$INPUT_IMAGE_TAG"
108251
109-
if [[ "${{ inputs.BUILD_DOCKER_IMAGE }}" == "true" ]]; then
252+
if [[ "$INPUT_BUILD_DOCKER_IMAGE" == "true" ]]; then
110253
ACR_NAME=$(echo "${{ secrets.ACR_TEST_LOGIN_SERVER }}")
111254
azd env set AZURE_ENV_CONTAINER_REGISTRY_ENDPOINT="$ACR_NAME"
112255
echo "Set ACR name to: $ACR_NAME"
113256
else
114257
echo "Skipping ACR name configuration (using existing image)"
115258
fi
116259
117-
if [[ "${{ inputs.EXP }}" == "true" ]]; then
260+
if [[ "$INPUT_EXP" == "true" ]]; then
118261
echo "✅ EXP ENABLED - Setting EXP parameters..."
119262
120-
if [[ -n "${{ inputs.AZURE_ENV_LOG_ANALYTICS_WORKSPACE_ID }}" ]]; then
121-
EXP_LOG_ANALYTICS_ID="${{ inputs.AZURE_ENV_LOG_ANALYTICS_WORKSPACE_ID }}"
263+
if [[ -n "$INPUT_AZURE_ENV_LOG_ANALYTICS_WORKSPACE_ID" ]]; then
264+
EXP_LOG_ANALYTICS_ID="$INPUT_AZURE_ENV_LOG_ANALYTICS_WORKSPACE_ID"
122265
else
123266
EXP_LOG_ANALYTICS_ID="${{ secrets.AZURE_ENV_LOG_ANALYTICS_WORKSPACE_ID }}"
124267
fi
125268
126-
if [[ -n "${{ inputs.AZURE_EXISTING_AI_PROJECT_RESOURCE_ID }}" ]]; then
127-
EXP_AI_PROJECT_ID="${{ inputs.AZURE_EXISTING_AI_PROJECT_RESOURCE_ID }}"
269+
if [[ -n "$INPUT_AZURE_EXISTING_AI_PROJECT_RESOURCE_ID" ]]; then
270+
EXP_AI_PROJECT_ID="$INPUT_AZURE_EXISTING_AI_PROJECT_RESOURCE_ID"
128271
else
129272
EXP_AI_PROJECT_ID="${{ secrets.AZURE_ENV_FOUNDRY_PROJECT_ID }}"
130273
fi
@@ -169,13 +312,15 @@ jobs:
169312
echo "WEBAPP_URL=$WEBAPP_URL" >> $GITHUB_OUTPUT
170313
171314
- name: Run Post deployment scripts
315+
env:
316+
INPUT_RESOURCE_GROUP_NAME: ${{ inputs.RESOURCE_GROUP_NAME }}
172317
run: |
173318
set -e
174319
az account set --subscription "${{ secrets.AZURE_SUBSCRIPTION_ID }}"
175320
176321
# Set environment variables for selecting_team_config_and_data.sh
177322
export AZURE_SUBSCRIPTION_ID="${{ secrets.AZURE_SUBSCRIPTION_ID }}"
178-
export AZURE_RESOURCE_GROUP="${{ inputs.RESOURCE_GROUP_NAME }}"
323+
export AZURE_RESOURCE_GROUP="$INPUT_RESOURCE_GROUP_NAME"
179324
export BACKEND_URL="${{ steps.get_output_linux.outputs.BACKEND_URL }}"
180325
export AZURE_STORAGE_ACCOUNT_NAME="${{ steps.get_output_linux.outputs.AZURE_STORAGE_ACCOUNT_NAME }}"
181326
export AZURE_STORAGE_CONTAINER_NAME="sample-dataset"
@@ -190,17 +335,25 @@ jobs:
190335
- name: Generate Deployment Summary
191336
if: always()
192337
shell: bash
338+
env:
339+
INPUT_RESOURCE_GROUP_NAME: ${{ inputs.RESOURCE_GROUP_NAME }}
340+
INPUT_WAF_ENABLED: ${{ inputs.WAF_ENABLED }}
341+
INPUT_EXP: ${{ inputs.EXP }}
342+
INPUT_AZURE_LOCATION: ${{ inputs.AZURE_LOCATION }}
343+
INPUT_AZURE_ENV_OPENAI_LOCATION: ${{ inputs.AZURE_ENV_OPENAI_LOCATION }}
344+
INPUT_IMAGE_TAG: ${{ inputs.IMAGE_TAG }}
345+
JOB_STATUS: ${{ job.status }}
193346
run: |
194347
echo "## 🚀 Deploy Job Summary (Linux)" >> $GITHUB_STEP_SUMMARY
195348
echo "" >> $GITHUB_STEP_SUMMARY
196349
echo "| Field | Value |" >> $GITHUB_STEP_SUMMARY
197350
echo "|-------|--------|" >> $GITHUB_STEP_SUMMARY
198351
echo "| **Job Status** | ${{ job.status == 'success' && '✅ Success' || '❌ Failed' }} |" >> $GITHUB_STEP_SUMMARY
199-
echo "| **Resource Group** | \`${{ inputs.RESOURCE_GROUP_NAME }}\` |" >> $GITHUB_STEP_SUMMARY
352+
echo "| **Resource Group** | \`$INPUT_RESOURCE_GROUP_NAME\` |" >> $GITHUB_STEP_SUMMARY
200353
echo "| **Configuration Type** | \`${{ inputs.WAF_ENABLED == 'true' && inputs.EXP == 'true' && 'WAF + EXP' || inputs.WAF_ENABLED == 'true' && inputs.EXP != 'true' && 'WAF + Non-EXP' || inputs.WAF_ENABLED != 'true' && inputs.EXP == 'true' && 'Non-WAF + EXP' || 'Non-WAF + Non-EXP' }}\` |" >> $GITHUB_STEP_SUMMARY
201-
echo "| **Azure Region (Infrastructure)** | \`${{ inputs.AZURE_LOCATION }}\` |" >> $GITHUB_STEP_SUMMARY
202-
echo "| **Azure OpenAI Region** | \`${{ inputs.AZURE_ENV_OPENAI_LOCATION }}\` |" >> $GITHUB_STEP_SUMMARY
203-
echo "| **Docker Image Tag** | \`${{ inputs.IMAGE_TAG }}\` |" >> $GITHUB_STEP_SUMMARY
354+
echo "| **Azure Region (Infrastructure)** | \`$INPUT_AZURE_LOCATION\` |" >> $GITHUB_STEP_SUMMARY
355+
echo "| **Azure OpenAI Region** | \`$INPUT_AZURE_ENV_OPENAI_LOCATION\` |" >> $GITHUB_STEP_SUMMARY
356+
echo "| **Docker Image Tag** | \`$INPUT_IMAGE_TAG\` |" >> $GITHUB_STEP_SUMMARY
204357
echo "" >> $GITHUB_STEP_SUMMARY
205358
if [[ "${{ job.status }}" == "success" ]]; then
206359
echo "### ✅ Deployment Details" >> $GITHUB_STEP_SUMMARY

0 commit comments

Comments
 (0)