azure-dev icon indicating copy to clipboard operation
azure-dev copied to clipboard
verified publisher icon Azure

[Feature] Offer a Github Action for verifying/linting templates

Open tonybaloney opened this issue 3 years ago • 2 comments

We're developing a number of AZD templates and need a way to statically analyse the templates (without deploying them) so that we can check regressions.

This would involve the following steps:

  1. Checking the bicep templates using bicep linter
  2. Checking the azure.yaml against the YML schema using a schema validator

I'd expect a GitHub Actions template like this:


...

jobs:
  build:
    runs-on: ubuntu-latest
    container:
      image: mcr.microsoft.com/azure-dev-cli-apps:latest
    steps:
      - name: Checkout
         uses: actions/checkout@v2
      - name: Verify AZD Template
         uses: azure/verify-azd@latest

tonybaloney avatar Oct 19 '22 01:10 tonybaloney

I'm also happy to build + publish this if nobody else is available

tonybaloney avatar Oct 19 '22 01:10 tonybaloney

We should have a command to do this using the CLI without going through GH Action. And we have heard from multiple customers asking for this. @jongio @ellismg

puicchan avatar Oct 20 '22 15:10 puicchan

@tonybaloney - Def open to a PR if you'd like

jongio avatar Nov 08 '22 23:11 jongio 

name: Validate bicep scripts
on:
  workflow_dispatch:
  push:
    branches:
      - main
      - master
  pull_request:
    branches:
      - main
      - master

jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v2

      - name: Azure CLI script
        uses: azure/CLI@v1
        with:
          inlineScript: az bicep build -f infra/main.bicep

This is the simple workflow I've been using. Tried raising a PR with an invalid attribute and an invalid value. It fails for both :+1:

screenshot 2022-11-18 at 15 50 50

tonybaloney avatar Nov 18 '22 04:11 tonybaloney

@jongio @puicchan

Pros

  • Azure CLI action is already actively maintained
  • Single action can be used in a workflow with other steps like "run tests" and language-specific linters
  • Verifies bicep against the spec.

Cons

  • Dependency on Azure CLI, albeit through the
  • Does not discover what the root bicep file is (assumes infra/main.bicep)

tonybaloney avatar Nov 18 '22 05:11 tonybaloney

I'd like to hear what @danieljurek thinks about this...

jongio avatar Dec 06 '22 23:12 jongio

We do have a facility in place to scan bicep files similar to what you are proposing, however it was not including "hidden" files (in Linux that means files whose directory tree includes a name that starts with .).

I've opened a PR to fix that: https://github.com/Azure/azure-dev/pull/1241

We don't presently lint the azure.yaml file though I think we should. In CI we'd probably want to judge the YAML by the schema in the repo at the time of linting as opposed to the centrally published version... These wouldn't differ much but we'd want to cover the scenario where we update the schema and azure.yaml files in templates at the same time.

As far as validating when running azd I think that there is some value in doing so... but we'd want to package up the schema with the version of azd that's currently running... Otherwise, if there's a breaking change to the latest version of the schema but I'm pinned to an earlier version of azd then my tool will start complaining at me that my schema is invalid when a deployment with the current version of azd would succeed.

I've opened https://github.com/Azure/azure-dev/issues/1242 to track discussion of an azd lint command @puicchan

danieljurek avatar Dec 07 '22 16:12 danieljurek