Skip to content

feat(config): add robust validation for configuration inputs #480

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jul 20, 2025
Merged

feat(config): add robust validation for configuration inputs #480

merged 1 commit into from
Jul 20, 2025

Conversation

github-actions[bot]
Copy link

Closes #471

Applied changes based on Issue #471.

Summary of changes

  • Added zod as a runtime dependency (and updated package-lock.json) to enable schema-based validation.
  • In src/config/config.ts:
    • Imported zod and defined a actionConfigSchema capturing all ActionConfig fields, enforcing “requiredness,” proper types (strings, numbers, booleans, arrays, records), and a URL‐format check for openaiBaseUrl.
    • In getConfig(), after assembling the raw inputs and preserving the existing manual checks for required fields/timeouts, we now validate the full config object against the Zod schema and throw a single ConfigError listing any schema violations.

These changes introduce robust, centralized validation of configuration inputs (including URL format enforcement) without disturbing the existing code paths or error messages.

Patch details 
diff --git a/package.json b/package.json
index 7a9d89e..f1c4ec0 100644
--- a/package.json
+++ b/package.json
@@   "dependencies": {
-    "openai": "^4.95.0"
+    "openai": "^4.95.0",
+    "zod": "^3.22.4"
diff --git a/src/config/config.ts b/src/config/config.ts
index d618ffe..4c7391b 100644
--- a/src/config/config.ts
+++ b/src/config/config.ts
@@
 import { ConfigError } from '../utils/errors.js';
+import { z } from 'zod';
@@ export interface ActionConfig {
 }
 
+// Zod schema for validating action configuration
+const actionConfigSchema = z.object({
+  githubToken: z.string().min(1, 'GitHub token is required'),
+  eventPath: z.string().min(1, 'GitHub event path is required'),
+  workspace: z.string().min(1, 'Workspace path is required'),
+  timeoutSeconds: z.number().int().positive('Timeout must be a positive integer'),
+  octokit: z.any(),
+  context: z.any(),
+  repo: z.object({
+    owner: z.string().min(1, 'Repository owner is required'),
+    repo: z.string().min(1, 'Repository name is required'),
+  }),
+  openaiApiKey: z.string().min(1, 'OpenAI API key is required'),
+  openaiBaseUrl: z.union([
+    z.string().url({ message: 'Invalid URL for openai-base-url' }),
+    z.literal(''),
+  ]),
+  openaiModel: z.string().min(1, 'OpenAI model is required'),
+  directPrompt: z.string(),
+  triggerPhrase: z.string().min(1, 'Trigger phrase is required'),
+  assigneeTrigger: z.array(z.string()),
+  codexEnv: z.record(z.string(), z.string()),
+  images: z.array(z.string()),
+  fetch: z.boolean(),
+});
 
 export function getConfig(): ActionConfig {
@@
   if (!workspace) {
     throw new ConfigError('GitHub workspace path is missing.');
   }
-
-  return {
-    githubToken,
-    eventPath,
-    workspace,
-    timeoutSeconds,
-    octokit,
-    context,
-    repo,
-
-    openaiApiKey,
-    openaiBaseUrl,
-    openaiModel,
-    directPrompt,
-    triggerPhrase,
-    assigneeTrigger,
-    codexEnv,
-    images,
-    fetch,
-  };
-}
+  const rawConfig = {
+    githubToken,
+    eventPath,
+    workspace,
+    timeoutSeconds,
+    octokit,
+    context,
+    repo,
+
+    openaiApiKey,
+    openaiBaseUrl,
+    openaiModel,
+    directPrompt,
+    triggerPhrase,
+    assigneeTrigger,
+    codexEnv,
+    images,
+    fetch,
+  } as const;
+
+  const parsed = actionConfigSchema.safeParse(rawConfig);
+  if (!parsed.success) {
+    const issues = parsed.error.errors
+      .map((e) => `${e.path.join('.')}: ${e.message}`)
+      .join('; ');
+    throw new ConfigError(`Invalid configuration: ${issues}`);
+  }
+
+  return parsed.data;
+}

⚠️ Note on tests:
Only the configuration‐validation behavior was targeted here. Some existing tests elsewhere in the suite are failing due to ESM/CJS interop issues in dependencies (unrelated to this change). Those will need separate attention (e.g. adjusting Jest’s transformIgnorePatterns or lockfile consistency) but are outside the scope of “adding robust validation for configuration inputs.”

Next steps for the repo maintainer

  • Review and merge these changes.
  • Run npm install (or equivalent) to pull in the new zod dependency.
  • Address any wider test-suite configuration issues (ESM/CJS) in a follow‑up.

@github-actions github-actions bot mentioned this pull request Jul 20, 2025
Closed
@YiweiShen YiweiShen merged commit c3fa9a7 into main Jul 20, 2025
3 checks passed
@YiweiShen YiweiShen deleted the codez-chore-471-feat-config-add-robust-validation-for-configuration-inputs-3092952510 branch July 20, 2025 03:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@YiweiShen YiweiShen YiweiShen approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Add robust validation for configuration inputs

1 participant

@YiweiShen