ci: Add Bicep Parameter Validation Workflow and Script#499
ci: Add Bicep Parameter Validation Workflow and Script#499Harsh-Microsoft wants to merge 4 commits intodevfrom
Conversation
Harsh-Microsoft
requested review from
Avijit-Microsoft,
Prajwal-Microsoft,
Roopan-Microsoft,
Vinay-Microsoft,
aniaroramsft,
dgp10801,
nchandhi and
toherman-msft
as code owners
…-bicep-params.yml
There was a problem hiding this comment.
Pull request overview
Introduces an automated CI workflow to validate that infra/**/*.parameters.json parameter names match their corresponding Bicep param declarations, with artifacts and scheduled email notifications to surface issues early.
Changes:
- Added
infra/scripts/validate_bicep_params.pyto discover Bicep/parameter-file pairs and validate mapping/casing/whitespace and some conventions. - Added
.github/workflows/validate-bicep-params.ymlto run the validator on PRs, on a weekly schedule, and via manual dispatch; publish results and (on schedule) notify via Logic App.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 4 comments.
| File | Description |
|---|---|
| infra/scripts/validate_bicep_params.py | New Python validator for Bicep ↔ parameters.json mapping checks, reporting, and JSON output for CI artifacts. |
| .github/workflows/validate-bicep-params.yml | New GitHub Actions workflow to run the validator (standard + strict), upload artifacts, and send scheduled notifications. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
…andling and notifications
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 2 out of 2 changed files in this pull request and generated 3 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| workflow_dispatch: | ||
| push: | ||
| branches: | ||
| - hb-psl-38859 | ||
|
|
There was a problem hiding this comment.
The workflow includes a push trigger limited to the feature branch hb-psl-38859, which doesn’t match the PR description (schedule/PR/manual) and will likely be stale after merge. Recommend removing this push trigger (or switching it to the intended long-lived branches) so the workflow behavior is consistent and maintainable.
| - name: Send schedule notification on failure | ||
| if: steps.result.outputs.status == 'failure' | ||
| env: | ||
| LOGICAPP_URL: ${{ secrets.EMAILNOTIFICATION_LOGICAPP_URL_TA }} | ||
| GITHUB_REPOSITORY: ${{ github.repository }} | ||
| GITHUB_RUN_ID: ${{ github.run_id }} | ||
| ACCELERATOR_NAME: ${{ env.accelerator_name }} | ||
| run: | | ||
| RUN_URL="https://github.com/${GITHUB_REPOSITORY}/actions/runs/${GITHUB_RUN_ID}" | ||
| INFRA_OUTPUT=$(sed 's/&/\&/g; s/</\</g; s/>/\>/g' infra_output.txt) | ||
|
|
||
| jq -n \ | ||
| --arg name "${ACCELERATOR_NAME}" \ | ||
| --arg infra "$INFRA_OUTPUT" \ | ||
| --arg url "$RUN_URL" \ | ||
| '{subject: ("Bicep Parameter Validation Report - " + $name + " - Issues Detected"), body: ("<p>Dear Team,</p><p>The scheduled <strong>Bicep Parameter Validation</strong> for <strong>" + $name + "</strong> has detected parameter mapping errors.</p><p><strong>infra/ Results:</strong></p><pre>" + $infra + "</pre><p><strong>Run URL:</strong> <a href=\"" + $url + "\">" + $url + "</a></p><p>Please fix the parameter mapping issues at your earliest convenience.</p><p>Best regards,<br>Your Automation Team</p>")}' \ | ||
| | curl -X POST "${LOGICAPP_URL}" \ | ||
| -H "Content-Type: application/json" \ | ||
| -d @- || echo "Failed to send notification" | ||
|
|
||
| - name: Send schedule notification on success | ||
| if: steps.result.outputs.status == 'success' | ||
| env: |
There was a problem hiding this comment.
The email notification steps run for all event types (pull_request, workflow_dispatch, and schedule) whenever validation succeeds/fails. This can create noise on PRs and can also invoke an external endpoint with repository secrets in PR contexts. If notifications are intended only for scheduled runs (as the step names/PR description suggest), gate these steps with github.event_name == 'schedule' (and optionally keep artifacts/step summary for PRs).
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Purpose
This pull request introduces a new GitHub Actions workflow to automate and improve the validation of Bicep parameter files in the repository. The workflow is triggered on a schedule, on pull requests to key branches, and can also be run manually. It validates parameter files, summarizes results, uploads artifacts, and sends notification emails based on the outcome.
New CI/CD workflow for Bicep parameter validation:
.github/workflows/validate-bicep-params.ymlto automatically validate all Bicep parameter files in theinfra/directory on a schedule, on PRs tomainanddev, and via manual dispatch.Automated notifications and failure handling:
Does this introduce a breaking change?
Golden Path Validation
Deployment Validation
What to Check
Verify that the following are valid
Other Information