Moving validate logic to Typescript

related to #373
related to #375

Author: parthasaradhie

.gitignore

@@ -68,3 +68,4 @@ gha-creds-*.json
 
 # Ignore local secrets file for act
 .secrets
+junit.xml

action.yml

@@ -103,77 +103,34 @@ outputs:
 runs:
   using: 'composite'
   steps:
-    - name: 'Validate Inputs'
-      id: 'validate_inputs'
+    - name: 'Install pnpm'
+      if: ${{ inputs.use_pnpm == 'true' }}
+      uses: 'pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061' # ratchet:pnpm/action-setup@v4
+      with:
+        version: 10
+        cache: true
+    - name: 'Install node dependencies'
       shell: 'bash'
-      run: |-
-        set -exuo pipefail
-
-        # Emit a clear warning in three places without failing the step
-        warn() {
-          local msg="$1"
-          echo "WARNING: ${msg}" >&2
-          echo "::warning title=Input validation::${msg}"
-          if [[ -n "${GITHUB_STEP_SUMMARY:-}" ]]; then
-            {
-              echo "### Input validation warnings"
-              echo
-              echo "- ${msg}"
-            } >> "${GITHUB_STEP_SUMMARY}"
-          fi
-        }
-
-        # Validate the count of authentication methods
-        auth_methods=0
-        if [[ "${INPUT_GEMINI_API_KEY_PRESENT:-false}" == "true" ]]; then ((++auth_methods)); fi
-        if [[ "${INPUT_GOOGLE_API_KEY_PRESENT:-false}" == "true" ]]; then ((++auth_methods)); fi
-        if [[ "${INPUT_GCP_WORKLOAD_IDENTITY_PROVIDER_PRESENT:-false}" == "true" ]]; then ((++auth_methods)); fi
-
-        if [[ ${auth_methods} -eq 0 ]]; then
-          warn "No authentication method provided. Please provide one of 'gemini_api_key', 'google_api_key', or 'gcp_workload_identity_provider'."
-        fi
-
-        if [[ ${auth_methods} -gt 1 ]]; then
-          warn "Multiple authentication methods provided. Please use only one of 'gemini_api_key', 'google_api_key', or 'gcp_workload_identity_provider'."
-        fi
-
-        # Validate Workload Identity Federation inputs
-        if [[ "${INPUT_GCP_WORKLOAD_IDENTITY_PROVIDER_PRESENT:-false}" == "true" ]]; then
-          if [[ "${INPUT_GCP_PROJECT_ID_PRESENT:-false}" != "true" ]]; then
-            warn "When using Workload Identity Federation ('gcp_workload_identity_provider'), you must also provide 'gcp_project_id'."
-          fi
-          # Service account is required when using token_format (default behavior)
-          # Only optional when explicitly set to empty for direct WIF
-          if [[ "${INPUT_GCP_TOKEN_FORMAT}" != "" && "${INPUT_GCP_SERVICE_ACCOUNT_PRESENT:-false}" != "true" ]]; then
-            warn "When using Workload Identity Federation with token generation ('gcp_token_format'), you must also provide 'gcp_service_account'. To use direct WIF without a service account, explicitly set 'gcp_token_format' to an empty string."
-          fi
-          if [[ "${INPUT_USE_VERTEX_AI:-false}" == "${INPUT_USE_GEMINI_CODE_ASSIST:-false}" ]]; then
-            warn "When using Workload Identity Federation, you must set exactly one of 'use_vertex_ai' or 'use_gemini_code_assist' to 'true'."
-          fi
-        fi
-
-        # Validate Vertex AI API Key
-        if [[ "${INPUT_GOOGLE_API_KEY_PRESENT:-false}" == "true" ]]; then
-          if [[ "${INPUT_USE_VERTEX_AI:-false}" != "true" ]]; then
-            warn "When using 'google_api_key', you must set 'use_vertex_ai' to 'true'."
-          fi
-          if [[ "${INPUT_USE_GEMINI_CODE_ASSIST:-false}" == "true" ]]; then
-            warn "When using 'google_api_key', 'use_gemini_code_assist' cannot be 'true'."
-          fi
+      working-directory: '${{ github.action_path }}'
+      run: |
+        if [[ "${{ inputs.use_pnpm }}" == "true" ]]; then
+          pnpm install --silent --no-audit --prefer-offline
+        else
+          npm ci --silent --no-audit
         fi
 
-        # Validate Gemini API Key
-        if [[ "${INPUT_GEMINI_API_KEY_PRESENT:-false}" == "true" ]]; then
-          if [[ "${INPUT_USE_VERTEX_AI:-false}" == "true" || "${INPUT_USE_GEMINI_CODE_ASSIST:-false}" == "true" ]]; then
-            warn "When using 'gemini_api_key', both 'use_vertex_ai' and 'use_gemini_code_assist' must be 'false'."
-          fi
-        fi
+    - name: 'Validate Inputs'
+      id: 'validate_inputs'
+      working-directory: '${{ github.action_path }}'
+      shell: 'bash'
+      run: |
+        npx ts-node src/validate_inputs.ts
       env:
-        INPUT_GEMINI_API_KEY_PRESENT: "${{ inputs.gemini_api_key != '' }}"
-        INPUT_GOOGLE_API_KEY_PRESENT: "${{ inputs.google_api_key != '' }}"
-        INPUT_GCP_WORKLOAD_IDENTITY_PROVIDER_PRESENT: "${{ inputs.gcp_workload_identity_provider != '' }}"
-        INPUT_GCP_PROJECT_ID_PRESENT: "${{ inputs.gcp_project_id != '' }}"
-        INPUT_GCP_SERVICE_ACCOUNT_PRESENT: "${{ inputs.gcp_service_account != '' }}"
+        INPUT_GEMINI_API_KEY: '${{ inputs.gemini_api_key }}'
+        INPUT_GOOGLE_API_KEY: '${{ inputs.google_api_key }}'
+        INPUT_GCP_WORKLOAD_IDENTITY_PROVIDER: '${{ inputs.gcp_workload_identity_provider }}'
+        INPUT_GCP_PROJECT_ID: '${{ inputs.gcp_project_id }}'
+        INPUT_GCP_SERVICE_ACCOUNT: '${{ inputs.gcp_service_account }}'
         INPUT_GCP_TOKEN_FORMAT: '${{ inputs.gcp_token_format }}'
         INPUT_USE_VERTEX_AI: '${{ inputs.use_vertex_ai }}'
         INPUT_USE_GEMINI_CODE_ASSIST: '${{ inputs.use_gemini_code_assist }}'
@@ -218,13 +175,6 @@ runs:
         token_format: '${{ inputs.gcp_token_format }}'
         access_token_scopes: '${{ inputs.gcp_access_token_scopes }}'
 
-    - name: 'Install pnpm'
-      if: |-
-        ${{ inputs.use_pnpm == 'true' }}
-      uses: 'pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061' # ratchet:pnpm/action-setup@v4
-      with:
-        version: 10
-
     - name: 'Install Gemini CLI'
       id: 'install'
       env:
@@ -294,14 +244,14 @@ runs:
         if [[ "${GEMINI_DEBUG}" = true ]]; then
           echo "::warning::Gemini CLI debug logging is enabled. This will stream responses, which could reveal sensitive information if processed with untrusted inputs."
           echo "::: Start Gemini CLI STDOUT :::"
-          if ! gemini --debug --yolo --prompt "${PROMPT}" --output-format json 2> >(tee "${TEMP_STDERR}" >&2) | tee "${TEMP_STDOUT}"; then
+          if ! gemini --debug --yolo --prompt "${PROMPT}"  2> >(tee "${TEMP_STDERR}" >&2) | tee "${TEMP_STDOUT}"; then
             FAILED=true
           fi
           # Wait for async stderr logging to complete. This is because process substitution in Bash is async so let tee finish writing to ${TEMP_STDERR}
           sleep 1
           echo "::: End Gemini CLI STDOUT :::"
         else
-          if ! gemini --yolo --prompt "${PROMPT}" --output-format json 2> "${TEMP_STDERR}" 1> "${TEMP_STDOUT}"; then
+          if ! gemini --yolo --prompt "${PROMPT}"  2> "${TEMP_STDERR}" 1> "${TEMP_STDOUT}"; then
             FAILED=true
           fi
         fi