search

Azure / azure-dev

A developer CLI that reduces the time it takes for you to get started on Azure. The Azure Developer CLI (azd) provides a set of developer-friendly commands that map to key stages in your workflow - code, build, deploy, monitor, repeat.
https://aka.ms/azd
MIT License
393 stars 187 forks source link

[Feature] Offer a Github Action for verifying/linting templates #913

Open tonybaloney opened 1 year ago

tonybaloney commented 1 year ago

We're developing a number of AZD templates and need a way to statically analyse the templates (without deploying them) so that we can check regressions.

This would involve the following steps:

  1. Checking the bicep templates using bicep linter
  2. Checking the azure.yaml against the YML schema using a schema validator

I'd expect a GitHub Actions template like this:


...

jobs:
  build:
    runs-on: ubuntu-latest
    container:
      image: mcr.microsoft.com/azure-dev-cli-apps:latest
    steps:
      - name: Checkout
         uses: actions/checkout@v2
      - name: Verify AZD Template
         uses: azure/verify-azd@latest
tonybaloney commented 1 year ago

I'm also happy to build + publish this if nobody else is available

puicchan commented 1 year ago

We should have a command to do this using the CLI without going through GH Action. And we have heard from multiple customers asking for this. @jongio @ellismg

jongio commented 1 year ago

@tonybaloney - Def open to a PR if you'd like

tonybaloney commented 1 year ago 
name: Validate bicep scripts
on:
  workflow_dispatch:
  push:
    branches:
      - main
      - master
  pull_request:
    branches:
      - main
      - master

jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v2

      - name: Azure CLI script
        uses: azure/CLI@v1
        with:
          inlineScript: az bicep build -f infra/main.bicep

This is the simple workflow I've been using. Tried raising a PR with an invalid attribute and an invalid value. It fails for both :+1:

screenshot 2022-11-18 at 15 50 50
tonybaloney commented 1 year ago

@jongio @puicchan

Pros

Cons

jongio commented 1 year ago

I'd like to hear what @danieljurek thinks about this...

danieljurek commented 1 year ago

We do have a facility in place to scan bicep files similar to what you are proposing, however it was not including "hidden" files (in Linux that means files whose directory tree includes a name that starts with .).

I've opened a PR to fix that: https://github.com/Azure/azure-dev/pull/1241

We don't presently lint the azure.yaml file though I think we should. In CI we'd probably want to judge the YAML by the schema in the repo at the time of linting as opposed to the centrally published version... These wouldn't differ much but we'd want to cover the scenario where we update the schema and azure.yaml files in templates at the same time.

As far as validating when running azd I think that there is some value in doing so... but we'd want to package up the schema with the version of azd that's currently running... Otherwise, if there's a breaking change to the latest version of the schema but I'm pinned to an earlier version of azd then my tool will start complaining at me that my schema is invalid when a deployment with the current version of azd would succeed.

I've opened https://github.com/Azure/azure-dev/issues/1242 to track discussion of an azd lint command @puicchan