fix: Map inputs to environment variables and Add input validation for workflow parameters #757
Conversation
… workflow parameters
Vamshi-Microsoft
requested review from
Avijit-Microsoft,
Fr4nc3,
Prajwal-Microsoft,
Roopan-Microsoft,
Vinay-Microsoft,
aniaroramsft,
dgp10801,
marktayl1,
nchandhi and
toherman-msft
as code owners
|
@Vamshi-Microsoft I've opened a new pull request, #758, to work on those changes. Once the pull request is ready, I'll request review from you. |
There was a problem hiding this comment.
Pull request overview
This PR adds comprehensive input parameter validation to GitHub Actions deployment workflows and migrates from direct input references (${{ inputs.* }}) to environment variables for improved consistency and reliability. The changes introduce early failure detection with clear error messages and standardize parameter handling across Linux and Windows deployment jobs.
Key changes:
- Added "Validate Workflow Input Parameters" steps with regex-based validation for all inputs (resource names, regions, boolean flags, URLs, and Azure Resource IDs)
- Converted workflow steps to use environment variables (e.g.,
INPUT_RESOURCE_GROUP_NAME) instead of direct input context references - Maintained consistency across three workflow files with platform-specific adaptations (bash for Linux, PowerShell for Windows)
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 9 comments.
| File | Description |
|---|---|
.github/workflows/job-deploy.yml |
Added validation step for workflow inputs and converted subsequent steps to use environment variables for parameter references |
.github/workflows/job-deploy-linux.yml |
Added validation for Linux-specific deployment inputs and updated deployment and post-deployment steps to use environment variables |
.github/workflows/job-deploy-windows.yml |
Added validation for Windows-specific deployment inputs and updated PowerShell deployment steps to use environment variables |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| # Validate AZURE_EXISTING_AI_PROJECT_RESOURCE_ID (optional, if provided must be valid Resource ID) | ||
| if [[ -n "$INPUT_AZURE_EXISTING_AI_PROJECT_RESOURCE_ID" ]]; then | ||
| if [[ ! "$INPUT_AZURE_EXISTING_AI_PROJECT_RESOURCE_ID" =~ ^/subscriptions/[a-fA-F0-9-]+/resourceGroups/[^/]+/providers/Microsoft\.MachineLearningServices/(workspaces|projects)/[^/]+$ ]]; then | ||
| echo "❌ ERROR: AZURE_EXISTING_AI_PROJECT_RESOURCE_ID is invalid. Must be a valid Azure Resource ID format" |
There was a problem hiding this comment.
The error message only mentions "workspaces/{workspaceName}" but the regex pattern accepts both "workspaces" and "projects" (as indicated by (workspaces|projects) in the pattern). The error message should be updated to reflect both valid options, for example: "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.MachineLearningServices/workspaces|projects/{name}".
| echo "❌ ERROR: AZURE_EXISTING_AI_PROJECT_RESOURCE_ID is invalid. Must be a valid Azure Resource ID format" | |
| echo "❌ ERROR: AZURE_EXISTING_AI_PROJECT_RESOURCE_ID is invalid. Must match /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.MachineLearningServices/(workspaces|projects)/{name}" |
| echo "| **Job Status** | ${{ job.status == 'success' && '✅ Success' || '❌ Failed' }} |" >> $GITHUB_STEP_SUMMARY | ||
| echo "| **Resource Group** | \`${{ inputs.RESOURCE_GROUP_NAME }}\` |" >> $GITHUB_STEP_SUMMARY | ||
| echo "| **Resource Group** | \`$INPUT_RESOURCE_GROUP_NAME\` |" >> $GITHUB_STEP_SUMMARY | ||
| echo "| **Configuration Type** | \`${{ inputs.WAF_ENABLED == 'true' && inputs.EXP == 'true' && 'WAF + EXP' || inputs.WAF_ENABLED == 'true' && inputs.EXP != 'true' && 'WAF + Non-EXP' || inputs.WAF_ENABLED != 'true' && inputs.EXP == 'true' && 'Non-WAF + EXP' || 'Non-WAF + Non-EXP' }}\` |" >> $GITHUB_STEP_SUMMARY |
There was a problem hiding this comment.
The Configuration Type display still uses direct input references (${{ inputs.WAF_ENABLED }} and ${{ inputs.EXP }}) instead of environment variables. This is inconsistent with the PR's goal to use environment variables throughout. The logic should be refactored to use $INPUT_WAF_ENABLED and $INPUT_EXP for consistency with the rest of the changes in this PR.
| echo "| **Configuration Type** | \`${{ inputs.WAF_ENABLED == 'true' && inputs.EXP == 'true' && 'WAF + EXP' || inputs.WAF_ENABLED == 'true' && inputs.EXP != 'true' && 'WAF + Non-EXP' || inputs.WAF_ENABLED != 'true' && inputs.EXP == 'true' && 'Non-WAF + EXP' || 'Non-WAF + Non-EXP' }}\` |" >> $GITHUB_STEP_SUMMARY | |
| CONFIG_TYPE="" | |
| if [[ "$INPUT_WAF_ENABLED" == "true" && "$INPUT_EXP" == "true" ]]; then | |
| CONFIG_TYPE="WAF + EXP" | |
| elif [[ "$INPUT_WAF_ENABLED" == "true" && "$INPUT_EXP" != "true" ]]; then | |
| CONFIG_TYPE="WAF + Non-EXP" | |
| elif [[ "$INPUT_WAF_ENABLED" != "true" && "$INPUT_EXP" == "true" ]]; then | |
| CONFIG_TYPE="Non-WAF + EXP" | |
| else | |
| CONFIG_TYPE="Non-WAF + Non-EXP" | |
| fi | |
| echo "| **Configuration Type** | \`$CONFIG_TYPE\` |" >> $GITHUB_STEP_SUMMARY |
| echo "| **Job Status** | ${{ job.status == 'success' && '✅ Success' || '❌ Failed' }} |" >> $GITHUB_STEP_SUMMARY | ||
| echo "| **Resource Group** | \`${{ inputs.RESOURCE_GROUP_NAME }}\` |" >> $GITHUB_STEP_SUMMARY | ||
| echo "| **Resource Group** | \`$INPUT_RESOURCE_GROUP_NAME\` |" >> $GITHUB_STEP_SUMMARY | ||
| echo "| **Configuration Type** | \`${{ inputs.WAF_ENABLED == 'true' && inputs.EXP == 'true' && 'WAF + EXP' || inputs.WAF_ENABLED == 'true' && inputs.EXP != 'true' && 'WAF + Non-EXP' || inputs.WAF_ENABLED != 'true' && inputs.EXP == 'true' && 'Non-WAF + EXP' || 'Non-WAF + Non-EXP' }}\` |" >> $GITHUB_STEP_SUMMARY |
There was a problem hiding this comment.
The Configuration Type display still uses direct input references (${{ inputs.WAF_ENABLED }} and ${{ inputs.EXP }}) instead of environment variables. This is inconsistent with the PR's goal to use environment variables throughout. The logic should be refactored to use $INPUT_WAF_ENABLED and $INPUT_EXP for consistency with the rest of the changes in this PR.
| echo "| **Configuration Type** | \`${{ inputs.WAF_ENABLED == 'true' && inputs.EXP == 'true' && 'WAF + EXP' || inputs.WAF_ENABLED == 'true' && inputs.EXP != 'true' && 'WAF + Non-EXP' || inputs.WAF_ENABLED != 'true' && inputs.EXP == 'true' && 'Non-WAF + EXP' || 'Non-WAF + Non-EXP' }}\` |" >> $GITHUB_STEP_SUMMARY | |
| config_type="Non-WAF + Non-EXP" | |
| if [[ "$INPUT_WAF_ENABLED" == "true" && "$INPUT_EXP" == "true" ]]; then | |
| config_type="WAF + EXP" | |
| elif [[ "$INPUT_WAF_ENABLED" == "true" && "$INPUT_EXP" != "true" ]]; then | |
| config_type="WAF + Non-EXP" | |
| elif [[ "$INPUT_WAF_ENABLED" != "true" && "$INPUT_EXP" == "true" ]]; then | |
| config_type="Non-WAF + EXP" | |
| fi | |
| echo "| **Configuration Type** | \`$config_type\` |" >> $GITHUB_STEP_SUMMARY |
| echo "| **Azure OpenAI Region** | \`$INPUT_AZURE_ENV_OPENAI_LOCATION\` |" >> $GITHUB_STEP_SUMMARY | ||
| echo "| **Docker Image Tag** | \`$INPUT_IMAGE_TAG\` |" >> $GITHUB_STEP_SUMMARY | ||
| echo "" >> $GITHUB_STEP_SUMMARY | ||
| if [[ "${{ job.status }}" == "success" ]]; then |
There was a problem hiding this comment.
The job status comparison still uses direct GitHub Actions context (${{ job.status }}) instead of the environment variable $JOB_STATUS that was defined. For consistency with the PR's goal of using environment variables throughout the workflow, this should be changed to use the $JOB_STATUS environment variable.
| if [[ "${{ job.status }}" == "success" ]]; then | |
| if [[ "$JOB_STATUS" == "success" ]]; then |
.github/workflows/job-deploy.yml
Outdated
| # Validate run_e2e_tests (specific allowed values) | ||
| if [[ -n "$INPUT_RUN_E2E_TESTS" ]]; then | ||
| ALLOWED_VALUES=("None" "GoldenPath-Testing" "Smoke-Testing" "") |
There was a problem hiding this comment.
The ALLOWED_VALUES array includes an empty string (""), but the validation only happens if INPUT_RUN_E2E_TESTS is non-empty (due to the [[ -n "$INPUT_RUN_E2E_TESTS" ]] check). This means an empty string will pass validation by skipping it entirely, rather than explicitly matching the empty string in the array. While this may be the intended behavior, the empty string in the ALLOWED_VALUES array is misleading since it will never be compared. Consider either removing the empty string from the array or adjusting the validation logic to handle empty strings explicitly.
| ALLOWED_VALUES=("None" "GoldenPath-Testing" "Smoke-Testing" "") | |
| ALLOWED_VALUES=("None" "GoldenPath-Testing" "Smoke-Testing") |
| # Validate EXP (boolean) | ||
| if [[ "$INPUT_EXP" != "true" && "$INPUT_EXP" != "false" ]]; then | ||
| echo "❌ ERROR: EXP must be 'true' or 'false', got: '$INPUT_EXP'" | ||
| VALIDATION_FAILED=true | ||
| else | ||
| echo "✅ EXP: '$INPUT_EXP' is valid" |
There was a problem hiding this comment.
The EXP validation in the "Validate and Auto-Configure EXP" step checks $INPUT_EXP before it could potentially be overridden by the auto-enable logic. However, the subsequent "Validate Workflow Input Parameters" step validates $INPUT_EXP again, which will still be the original input value (not the auto-enabled value from GITHUB_ENV). This creates a potential inconsistency where EXP could be auto-enabled to "true" in GITHUB_ENV, but the validation step validates the original input value which might be "false". Consider reordering these steps or adjusting the validation to check the GITHUB_ENV value after auto-configuration.
| # Validate EXP (boolean) | |
| if [[ "$INPUT_EXP" != "true" && "$INPUT_EXP" != "false" ]]; then | |
| echo "❌ ERROR: EXP must be 'true' or 'false', got: '$INPUT_EXP'" | |
| VALIDATION_FAILED=true | |
| else | |
| echo "✅ EXP: '$INPUT_EXP' is valid" | |
| # Validate EXP (boolean, prefer auto-configured value from GITHUB_ENV if present) | |
| EXP_VALUE="${EXP:-$INPUT_EXP}" | |
| if [[ "$EXP_VALUE" != "true" && "$EXP_VALUE" != "false" ]]; then | |
| echo "❌ ERROR: EXP must be 'true' or 'false', got: '$EXP_VALUE'" | |
| VALIDATION_FAILED=true | |
| else | |
| echo "✅ EXP: '$EXP_VALUE' is valid" |
| # Validate AZURE_EXISTING_AI_PROJECT_RESOURCE_ID (optional, if provided must be valid Resource ID) | ||
| if [[ -n "$INPUT_AZURE_EXISTING_AI_PROJECT_RESOURCE_ID" ]]; then | ||
| if [[ ! "$INPUT_AZURE_EXISTING_AI_PROJECT_RESOURCE_ID" =~ ^/subscriptions/[a-fA-F0-9-]+/resourceGroups/[^/]+/providers/Microsoft\.MachineLearningServices/(workspaces|projects)/[^/]+$ ]]; then | ||
| echo "❌ ERROR: AZURE_EXISTING_AI_PROJECT_RESOURCE_ID is invalid. Must be a valid Azure Resource ID format" |
There was a problem hiding this comment.
The error message only mentions "workspaces/{workspaceName}" but the regex pattern accepts both "workspaces" and "projects" (as indicated by (workspaces|projects) in the pattern). The error message should be updated to reflect both valid options, for example: "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.MachineLearningServices/workspaces|projects/{name}".
| echo "❌ ERROR: AZURE_EXISTING_AI_PROJECT_RESOURCE_ID is invalid. Must be a valid Azure Resource ID format" | |
| echo "❌ ERROR: AZURE_EXISTING_AI_PROJECT_RESOURCE_ID is invalid. Must match:" | |
| echo " /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.MachineLearningServices/(workspaces|projects)/{name}" |
| echo "| **Azure OpenAI Region** | \`$INPUT_AZURE_ENV_OPENAI_LOCATION\` |" >> $GITHUB_STEP_SUMMARY | ||
| echo "| **Docker Image Tag** | \`$INPUT_IMAGE_TAG\` |" >> $GITHUB_STEP_SUMMARY | ||
| echo "" >> $GITHUB_STEP_SUMMARY | ||
| if [[ "${{ job.status }}" == "success" ]]; then |
There was a problem hiding this comment.
The job status comparison still uses direct GitHub Actions context (${{ job.status }}) instead of the environment variable $JOB_STATUS that was defined. For consistency with the PR's goal of using environment variables throughout the workflow, this should be changed to use the $JOB_STATUS environment variable.
.github/workflows/job-deploy.yml
Outdated
| if [[ -n "$INPUT_AZURE_EXISTING_AI_PROJECT_RESOURCE_ID" ]]; then | ||
| if [[ ! "$INPUT_AZURE_EXISTING_AI_PROJECT_RESOURCE_ID" =~ ^/subscriptions/[a-fA-F0-9-]+/resourceGroups/[^/]+/providers/Microsoft\.MachineLearningServices/(workspaces|projects)/[^/]+$ ]]; then | ||
| echo "❌ ERROR: AZURE_EXISTING_AI_PROJECT_RESOURCE_ID is invalid. Must be a valid Azure Resource ID format:" | ||
| echo " /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.MachineLearningServices/workspaces/{workspaceName}" |
There was a problem hiding this comment.
The error message only mentions "workspaces/{workspaceName}" but the regex pattern accepts both "workspaces" and "projects" (as indicated by (workspaces|projects) in the pattern). The error message should be updated to reflect both valid options, for example: "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.MachineLearningServices/workspaces|projects/{name}".
| echo " /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.MachineLearningServices/workspaces/{workspaceName}" | |
| echo " /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.MachineLearningServices/workspaces|projects/{name}" |
Prajwal-Microsoft
left a comment
Prajwal-Microsoft
left a comment
There was a problem hiding this comment.
Need to update other YAML files as well
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 5 out of 5 changed files in this pull request and generated 1 comment.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 5 out of 5 changed files in this pull request and generated 5 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| if [[ ! "$INPUT_AZURE_ENV_LOG_ANALYTICS_WORKSPACE_ID" =~ ^/[Ss]ubscriptions/[a-fA-F0-9-]+/[Rr]esource[Gg]roups/[^/]+/[Pp]roviders/[Mm]icrosoft\.([Oo]perational[Ii]nsights|[Ii]nsights)/[Ww]orkspaces/[^/]+$ ]]; then | ||
| echo "❌ ERROR: AZURE_ENV_LOG_ANALYTICS_WORKSPACE_ID is invalid. Must be a valid Azure Resource ID format:" | ||
| echo " /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}" |
There was a problem hiding this comment.
The Azure Resource ID regex pattern for Log Analytics allows case-insensitive variations, but Azure Resource IDs are case-sensitive and should use lowercase. The pattern should enforce the correct Azure format: /subscriptions/{guid}/resourceGroups/{name}/providers/microsoft.operationalinsights/workspaces/{name}.
| if [[ ! "$INPUT_AZURE_ENV_LOG_ANALYTICS_WORKSPACE_ID" =~ ^/[Ss]ubscriptions/[a-fA-F0-9-]+/[Rr]esource[Gg]roups/[^/]+/[Pp]roviders/[Mm]icrosoft\.([Oo]perational[Ii]nsights|[Ii]nsights)/[Ww]orkspaces/[^/]+$ ]]; then | |
| echo "❌ ERROR: AZURE_ENV_LOG_ANALYTICS_WORKSPACE_ID is invalid. Must be a valid Azure Resource ID format:" | |
| echo " /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}" | |
| if [[ ! "$INPUT_AZURE_ENV_LOG_ANALYTICS_WORKSPACE_ID" =~ ^/subscriptions/[0-9a-f-]+/resourceGroups/[^/]+/providers/microsoft\.operationalinsights/workspaces/[^/]+$ ]]; then | |
| echo "❌ ERROR: AZURE_ENV_LOG_ANALYTICS_WORKSPACE_ID is invalid. Must be a valid Azure Resource ID format:" | |
| echo " /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/microsoft.operationalinsights/workspaces/{workspaceName}" |
| echo "| **Azure OpenAI Region** | \`${{ inputs.AZURE_ENV_OPENAI_LOCATION }}\` |" >> $GITHUB_STEP_SUMMARY | ||
| echo "| **Docker Image Tag** | \`${{ inputs.IMAGE_TAG }}\` |" >> $GITHUB_STEP_SUMMARY | ||
| echo "| **Resource Group** | \`$INPUT_RESOURCE_GROUP_NAME\` |" >> $GITHUB_STEP_SUMMARY | ||
| CONFIG_TYPE="" |
There was a problem hiding this comment.
The variable initialization on line 354 sets CONFIG_TYPE to an empty string, but this is immediately overwritten by the conditional logic. Consider initializing it to the default value "Non-WAF + Non-EXP" directly to make the code clearer and avoid an unnecessary assignment.
| CONFIG_TYPE="" | |
| CONFIG_TYPE="Non-WAF + Non-EXP" |
| [[ -n "$INPUT_AI_PROJECT_RESOURCE_ID" ]] && echo " - Azure AI Project Resource ID: '$INPUT_AI_PROJECT_RESOURCE_ID'" | ||
| echo "" | ||
| echo "✅ Automatically enabling EXP to use these values." | ||
| echo "EXP=true" >> $GITHUB_ENV |
There was a problem hiding this comment.
The echo statement at line 273 was removed but it provided useful feedback about EXP being automatically enabled. Consider keeping this message for better user visibility and debugging, as it helps users understand that EXP was auto-configured.
| echo "EXP=true" >> $GITHUB_ENV | |
| echo "EXP=true" >> $GITHUB_ENV | |
| echo "ℹ️ EXP has been automatically enabled (EXP=true) for this workflow run." |
.github/workflows/job-deploy.yml
Outdated
| # Validate AZURE_ENV_LOG_ANALYTICS_WORKSPACE_ID (Azure Resource ID format) | ||
| if [[ -n "$INPUT_AZURE_ENV_LOG_ANALYTICS_WORKSPACE_ID" ]]; then | ||
| if [[ ! "$INPUT_AZURE_ENV_LOG_ANALYTICS_WORKSPACE_ID" =~ ^/[Ss]ubscriptions/[a-fA-F0-9-]+/[Rr]esource[Gg]roups/[^/]+/[Pp]roviders/[Mm]icrosoft\.([Oo]perational[Ii]nsights|[Ii]nsights)/[Ww]orkspaces/[^/]+$ ]]; then |
There was a problem hiding this comment.
The Azure Resource ID regex pattern for Log Analytics allows case-insensitive variations (e.g., [Ss]ubscriptions, [Rr]esource[Gg]roups), but Azure Resource IDs are typically case-sensitive. The pattern should enforce lowercase to match Azure's actual format: /subscriptions/{guid}/resourceGroups/{name}/providers/microsoft.operationalinsights/workspaces/{name}. This prevents validation from accepting incorrectly cased resource IDs that might fail during deployment.
| if [[ ! "$INPUT_AZURE_ENV_LOG_ANALYTICS_WORKSPACE_ID" =~ ^/[Ss]ubscriptions/[a-fA-F0-9-]+/[Rr]esource[Gg]roups/[^/]+/[Pp]roviders/[Mm]icrosoft\.([Oo]perational[Ii]nsights|[Ii]nsights)/[Ww]orkspaces/[^/]+$ ]]; then | |
| if [[ ! "$INPUT_AZURE_ENV_LOG_ANALYTICS_WORKSPACE_ID" =~ ^/subscriptions/[0-9a-f-]+/resourceGroups/[^/]+/providers/microsoft\.operationalinsights/workspaces/[^/]+$ ]]; then |
| # Validate AZURE_ENV_LOG_ANALYTICS_WORKSPACE_ID (optional, if provided must be valid Resource ID) | ||
| if [[ -n "$INPUT_AZURE_ENV_LOG_ANALYTICS_WORKSPACE_ID" ]]; then | ||
| if [[ ! "$INPUT_AZURE_ENV_LOG_ANALYTICS_WORKSPACE_ID" =~ ^/[Ss]ubscriptions/[a-fA-F0-9-]+/[Rr]esource[Gg]roups/[^/]+/[Pp]roviders/[Mm]icrosoft\.([Oo]perational[Ii]nsights|[Ii]nsights)/[Ww]orkspaces/[^/]+$ ]]; then |
There was a problem hiding this comment.
The Azure Resource ID regex pattern for Log Analytics allows case-insensitive variations (e.g., [Ss]ubscriptions), but Azure Resource IDs are case-sensitive and should use lowercase. The pattern should enforce the correct Azure format: /subscriptions/{guid}/resourceGroups/{name}/providers/microsoft.operationalinsights/workspaces/{name}.
| if [[ ! "$INPUT_AZURE_ENV_LOG_ANALYTICS_WORKSPACE_ID" =~ ^/[Ss]ubscriptions/[a-fA-F0-9-]+/[Rr]esource[Gg]roups/[^/]+/[Pp]roviders/[Mm]icrosoft\.([Oo]perational[Ii]nsights|[Ii]nsights)/[Ww]orkspaces/[^/]+$ ]]; then | |
| if [[ ! "$INPUT_AZURE_ENV_LOG_ANALYTICS_WORKSPACE_ID" =~ ^/subscriptions/[a-fA-F0-9-]+/resourceGroups/[^/]+/providers/microsoft\.operationalinsights/workspaces/[^/]+$ ]]; then |
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 5 out of 5 changed files in this pull request and generated 1 comment.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
|
🎉 This PR is included in version 4.0.2 🎉 The release is available on GitHub release Your semantic-release bot 📦🚀 |
Purpose
This pull request introduces robust input parameter validation and improved environment variable management for both Linux and Windows deployment GitHub Actions workflows. The main goal is to ensure that all required workflow inputs are present and correctly formatted before proceeding with deployment, reducing the risk of misconfiguration and deployment failures. Additionally, the PR standardizes the way environment variables are passed and referenced throughout the workflows, leading to more maintainable and reliable deployment scripts.
Key changes include:
Input Parameter Validation
.github/workflows/job-deploy-linux.ymland.github/workflows/job-deploy-windows.yml. This step checks all required inputs (such asENV_NAME,AZURE_LOCATION,RESOURCE_GROUP_NAME, etc.) for presence and correct format, and validates optional resource IDs if provided. The workflow fails early if any validation fails, with clear error messages for the user. [1] [2]Environment Variable Management
INPUT_RESOURCE_GROUP_NAME,INPUT_WAF_ENABLED, etc.) instead of referencing${{ inputs.* }}directly. This change improves consistency and reduces the risk of referencing unset or incorrect values. [1] [2] [3]Deployment and Summary Steps
These improvements significantly increase the reliability and maintainability of the deployment workflows by catching misconfigurations early and enforcing consistent parameter usage throughout the process.
Does this introduce a breaking change?
How to Test
What to Check
Verify that the following are valid
Other Information