Skip to content

Validate safe-outputs target field at compile time #11112

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
pelikhan merged 8 commits into from
Jan 22, 2026
Merged

Validate safe-outputs target field at compile time #11112

pelikhan merged 8 commits into from
Jan 22, 2026
+970 −0

Conversation

Copy link
Contributor

Copilot AI commented Jan 21, 2026
edited
Loading

Add compile-time validation for safe-outputs target field

Problem

The compiler previously accepted invalid values for the target field in safe-outputs configuration (e.g., target: event), which failed at runtime instead of during compilation.

Solution

Added compile-time validation in the compiler to catch invalid target values early:

Valid target values:

  • "triggering" (default) - targets the triggering issue/PR/discussion
  • "*" - targets any item specified in the output
  • A positive integer like "123"
  • A GitHub Actions expression like "${{ github.event.issue.number }}"

Invalid values rejected:

  • Random strings (e.g., "event", "invalid")
  • Zero ("0")
  • Negative numbers ("-1")
  • Numbers with leading zeros ("007")
  • Malformed expressions

Implementation Details

  • Created safe_outputs_target_validation.go with validation logic
  • Added IsPositiveInteger utility function to pkg/stringutil package
  • Added comprehensive unit tests in safe_outputs_target_validation_test.go and stringutil_test.go
  • Added integration tests in safe_outputs_target_validation_integration_test.go
  • Integrated validation into compiler flow in compiler.go
  • Merged latest changes from main branch

Example Error Message

error: invalid target value for update-issue: "event"

Valid target values are:
  - "triggering" (default) - targets the triggering issue/PR/discussion
  - "*" - targets any item specified in the output
  - A positive integer (e.g., "123")
  - A GitHub Actions expression (e.g., "${{ github.event.issue.number }}")

Did you mean to use "${{ github.event.issue.number }}" instead of "event"?

This provides clear, actionable guidance to users when they make a mistake.

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.

Copilot AI and others added 4 commits January 21, 2026 22:21
@eaftan
Initial investigation complete - identify validation gap for safe-out…
3b116c2 
…puts target field

Co-authored-by: eaftan <4733401+eaftan@users.noreply.github.com>
@eaftan
Add compile-time validation for safe-outputs target field
5125192 
- Validates target values during compilation to catch errors early
- Valid values: "triggering", "*", positive integers, GitHub expressions
- Rejects invalid values like "event", "0", negative numbers, random strings
- Includes comprehensive unit and integration tests

Co-authored-by: eaftan <4733401+eaftan@users.noreply.github.com>
@eaftan
Clean up unused function and import in validation code
16f6150 
Co-authored-by: eaftan <4733401+eaftan@users.noreply.github.com>
@eaftan
Address code review feedback - improve validation and error messages
eded1a3 
- Make suggestion for "event" conditional (only shown for event-related invalid values)
- Improve GitHub expression validation to check for proper bracket order
- Add comprehensive tests for edge cases in expression validation

Co-authored-by: eaftan <4733401+eaftan@users.noreply.github.com>
Copilot AI changed the title [WIP] Add compiler validation for input frontmatter format Validate safe-outputs target field at compile time Jan 21, 2026
Copilot AI requested a review from eaftan January 21, 2026 22:43
pelikhan
pelikhan reviewed Jan 21, 2026
View reviewed changes
pkg/workflow/safe_outputs_target_validation.go

// isGitHubExpression checks if a string is a valid GitHub Actions expression
// A valid expression must have properly balanced ${{ and }} markers
func isGitHubExpression(s string) bool {
Copy link
Contributor

@pelikhan pelikhan Jan 21, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@copilot use expression parser to validate correct expression, there should be a validator already

@pelikhan
Copy link
Contributor

pelikhan commented Jan 21, 2026

@copilot look for existing isPositiveInteger helper otherwise move to stringutils package, move tests too

Copilot AI requested a review from pelikhan January 21, 2026 22:54
@pelikhan
Copy link
Contributor

pelikhan commented Jan 21, 2026

https://gh.io/copilot-coding-agent-docs look for existing isPositiveInteger helper otherwise move to stringutils package, move tests too

@pelikhan
Copy link
Contributor

pelikhan commented Jan 21, 2026

@copilot look for existing isPositiveInteger helper otherwise move to stringutils package, move tests too

@pelikhan
Move isPositiveInteger to stringutil package
80b3318 
- Moved IsPositiveInteger function from workflow validation to pkg/stringutil
- Moved associated tests to stringutil_test.go
- Updated safe_outputs_target_validation.go to use stringutil.IsPositiveInteger
- Removed strconv import from validation file (no longer needed)

Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Copy link
Contributor Author

Copilot AI commented Jan 21, 2026

@copilot look for existing isPositiveInteger helper otherwise move to stringutils package, move tests too

Moved IsPositiveInteger to pkg/stringutil package along with its tests (commit 80b3318). No existing helper was found in the codebase.

@pelikhan pelikhan added the smoke label Jan 21, 2026
@pelikhan pelikhan marked this pull request as ready for review January 22, 2026 00:11
@pelikhan
Copy link
Contributor

pelikhan commented Jan 22, 2026

@copilot format the code, then merge main, then format and lint.

Copilot AI and others added 2 commits January 22, 2026 00:21
Merge main branch
04bc3e4
@pelikhan
Format code and complete merge of main branch
64f8453 
- Resolved merge conflicts in pkg/stringutil files
- Kept both IsPositiveInteger and StripANSIEscapeCodes functions
- Recompiled all workflows successfully
- All tests passing after merge

Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Copy link
Contributor Author

Copilot AI commented Jan 22, 2026

@copilot look for existing isPositiveInteger helper otherwise move to stringutils package, move tests too

No existing helper found. Moved IsPositiveInteger and its tests to pkg/stringutil package (commit 80b3318). Completed code formatting, main branch merge, and final lint (commit 64f8453). All tests passing.

@pelikhan pelikhan merged commit 3560a28 into main Jan 22, 2026
83 checks passed
@pelikhan pelikhan deleted the copilot/validate-input-frontmatter-format branch January 22, 2026 01:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@eaftan eaftan Awaiting requested review from eaftan

@pelikhan pelikhan Awaiting requested review from pelikhan

Assignees

@eaftan eaftan

Copilot code review Copilot

Labels

smoke

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@pelikhan @eaftan