Skip to content

Moving validate logic to Typescript #422

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
parthasaradhie wants to merge 3 commits into
base: main
Choose a base branch
from
Open

Moving validate logic to Typescript #422

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
78852e7
itnMoving validate logic to Typescript
parthasaradhie Dec 5, 2025
6ed18d5
Merge branch 'main' into ps/ts-install
parthasaradhie Dec 15, 2025
fbe420a
chore: Rename `validate_inputs.ts` to `validate-inputs.ts` and adjust…
parthasaradhie Dec 15, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -68,3 +68,4 @@ gha-creds-*.json

# Ignore local secrets file for act
.secrets
junit.xml
99 changes: 25 additions & 74 deletions action.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -103,77 +103,35 @@ outputs:
runs:
using: 'composite'
steps:
- name: 'Validate Inputs'
id: 'validate_inputs'
- name: 'Install pnpm'
Copy link
Contributor

@galz10 galz10 Dec 12, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This adds network and I/O overhead to every workflow using this action, which was previously a near-instantaneous shell script. Consider bundling the TypeScript code into a single JavaScript file and committing it to the repository (e.g., dist/validate_inputs.js). This would allow you to run node dist/validate_inputs.js directly without needing to install dependencies at runtime.

Copy link
Collaborator Author

@parthasaradhie parthasaradhie Dec 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You're right— The dist/*.js approach is good and migration to this is planned soon. Once #373 is resolved, I’ll open a new issue to migrate the composite action in action.yml to a Node.js action (using: 'node20'). This will have the logic to run the js file directly from dist folder and it also streamline input parsing and improve control. I’m targeting this for the v0.18 release. In the meantime, the overhead is minimal; a clean install takes only about 2–3 seconds locally and might take less in CI environments.

computer-name$ npm cache clean -f
npm warn using --force Recommended protections disabled.
computer-name$ rm -rf node_modules/
computer-name$ npm i

> run-gemini-cli@0.1.16 prepare
> husky


added 134 packages, and audited 135 packages in 2s

40 packages are looking for funding
  run `npm fund` for details

found 0 vulnerabilities

if: |-
${{ inputs.use_pnpm == 'true' }}
uses: 'pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061' # ratchet:pnpm/action-setup@v4
with:
version: 10
cache: true
- name: 'Install node dependencies'
shell: 'bash'
run: |-
set -exuo pipefail

# Emit a clear warning in three places without failing the step
warn() {
local msg="$1"
echo "WARNING: ${msg}" >&2
echo "::warning title=Input validation::${msg}"
if [[ -n "${GITHUB_STEP_SUMMARY:-}" ]]; then
{
echo "### Input validation warnings"
echo
echo "- ${msg}"
} >> "${GITHUB_STEP_SUMMARY}"
fi
}

# Validate the count of authentication methods
auth_methods=0
if [[ "${INPUT_GEMINI_API_KEY_PRESENT:-false}" == "true" ]]; then ((++auth_methods)); fi
if [[ "${INPUT_GOOGLE_API_KEY_PRESENT:-false}" == "true" ]]; then ((++auth_methods)); fi
if [[ "${INPUT_GCP_WORKLOAD_IDENTITY_PROVIDER_PRESENT:-false}" == "true" ]]; then ((++auth_methods)); fi

if [[ ${auth_methods} -eq 0 ]]; then
warn "No authentication method provided. Please provide one of 'gemini_api_key', 'google_api_key', or 'gcp_workload_identity_provider'."
fi

if [[ ${auth_methods} -gt 1 ]]; then
warn "Multiple authentication methods provided. Please use only one of 'gemini_api_key', 'google_api_key', or 'gcp_workload_identity_provider'."
fi

# Validate Workload Identity Federation inputs
if [[ "${INPUT_GCP_WORKLOAD_IDENTITY_PROVIDER_PRESENT:-false}" == "true" ]]; then
if [[ "${INPUT_GCP_PROJECT_ID_PRESENT:-false}" != "true" ]]; then
warn "When using Workload Identity Federation ('gcp_workload_identity_provider'), you must also provide 'gcp_project_id'."
fi
# Service account is required when using token_format (default behavior)
# Only optional when explicitly set to empty for direct WIF
if [[ "${INPUT_GCP_TOKEN_FORMAT}" != "" && "${INPUT_GCP_SERVICE_ACCOUNT_PRESENT:-false}" != "true" ]]; then
warn "When using Workload Identity Federation with token generation ('gcp_token_format'), you must also provide 'gcp_service_account'. To use direct WIF without a service account, explicitly set 'gcp_token_format' to an empty string."
fi
if [[ "${INPUT_USE_VERTEX_AI:-false}" == "${INPUT_USE_GEMINI_CODE_ASSIST:-false}" ]]; then
warn "When using Workload Identity Federation, you must set exactly one of 'use_vertex_ai' or 'use_gemini_code_assist' to 'true'."
fi
fi

# Validate Vertex AI API Key
if [[ "${INPUT_GOOGLE_API_KEY_PRESENT:-false}" == "true" ]]; then
if [[ "${INPUT_USE_VERTEX_AI:-false}" != "true" ]]; then
warn "When using 'google_api_key', you must set 'use_vertex_ai' to 'true'."
fi
if [[ "${INPUT_USE_GEMINI_CODE_ASSIST:-false}" == "true" ]]; then
warn "When using 'google_api_key', 'use_gemini_code_assist' cannot be 'true'."
fi
working-directory: '${{ github.action_path }}'
run: |
if [[ "${{ inputs.use_pnpm }}" == "true" ]]; then
pnpm install --silent --no-audit --prefer-offline
else
npm ci --silent --no-audit
fi

# Validate Gemini API Key
if [[ "${INPUT_GEMINI_API_KEY_PRESENT:-false}" == "true" ]]; then
if [[ "${INPUT_USE_VERTEX_AI:-false}" == "true" || "${INPUT_USE_GEMINI_CODE_ASSIST:-false}" == "true" ]]; then
warn "When using 'gemini_api_key', both 'use_vertex_ai' and 'use_gemini_code_assist' must be 'false'."
fi
fi
- name: 'Validate Inputs'
id: 'validate_inputs'
working-directory: '${{ github.action_path }}'
shell: 'bash'
run: |
npx ts-node src/validate-inputs.ts
env:
INPUT_GEMINI_API_KEY_PRESENT: "${{ inputs.gemini_api_key != '' }}"
INPUT_GOOGLE_API_KEY_PRESENT: "${{ inputs.google_api_key != '' }}"
INPUT_GCP_WORKLOAD_IDENTITY_PROVIDER_PRESENT: "${{ inputs.gcp_workload_identity_provider != '' }}"
INPUT_GCP_PROJECT_ID_PRESENT: "${{ inputs.gcp_project_id != '' }}"
INPUT_GCP_SERVICE_ACCOUNT_PRESENT: "${{ inputs.gcp_service_account != '' }}"
INPUT_GEMINI_API_KEY: '${{ inputs.gemini_api_key }}'
INPUT_GOOGLE_API_KEY: '${{ inputs.google_api_key }}'
INPUT_GCP_WORKLOAD_IDENTITY_PROVIDER: '${{ inputs.gcp_workload_identity_provider }}'
INPUT_GCP_PROJECT_ID: '${{ inputs.gcp_project_id }}'
INPUT_GCP_SERVICE_ACCOUNT: '${{ inputs.gcp_service_account }}'
INPUT_GCP_TOKEN_FORMAT: '${{ inputs.gcp_token_format }}'
INPUT_USE_VERTEX_AI: '${{ inputs.use_vertex_ai }}'
INPUT_USE_GEMINI_CODE_ASSIST: '${{ inputs.use_gemini_code_assist }}'
Expand Down Expand Up @@ -218,13 +176,6 @@ runs:
token_format: '${{ inputs.gcp_token_format }}'
access_token_scopes: '${{ inputs.gcp_access_token_scopes }}'

- name: 'Install pnpm'
if: |-
${{ inputs.use_pnpm == 'true' }}
uses: 'pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061' # ratchet:pnpm/action-setup@v4
with:
version: 10

- name: 'Install Gemini CLI'
id: 'install'
env:
Expand Down
Loading
Loading