latest fix

Author: Vemarthula-Microsoft

.github/workflows/azure-dev-validation.yml

@@ -1,139 +1,34 @@
-name: Azure Template Validation
-on:
-  workflow_dispatch:
-  push:
-    branches:
-      - main
-      - vee-pipeline-fixes
+name: Azure Template Validation 
+on: 
+#  workflow_dispatch:
+    push:
+        branches:
+            - main
 permissions: 
   contents: read 
   id-token: write 
   pull-requests: write 
-jobs:
-  template_validation_job:
-    runs-on: ubuntu-latest
-    environment: validation
-    name: Template validation
-    env:
-      AZURE_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }}
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v4
-
-      - name: Pre-flight secret check
-        id: secret_check
-        run: |
-          # GitHub Actions expressions are evaluated before the shell loop runs, so we cannot
-          # index into secrets dynamically like secrets[format('{0}', var)]. Instead, check each explicitly.
-          missing=0
-          if [ -z "${{ secrets.AZURE_CLIENT_ID }}" ]; then echo "::error::Required secret AZURE_CLIENT_ID is missing." >&2; missing=1; fi
-          if [ -z "${{ secrets.AZURE_TENANT_ID }}" ]; then echo "::error::Required secret AZURE_TENANT_ID is missing." >&2; missing=1; fi
-          if [ -z "${{ secrets.AZURE_SUBSCRIPTION_ID }}" ]; then echo "::error::Required secret AZURE_SUBSCRIPTION_ID is missing." >&2; missing=1; fi
-          if [ -z "${{ secrets.AZURE_LOCATION }}" ]; then echo "::warning::AZURE_LOCATION not set; defaulting to eastus for validation context."; echo "AZURE_LOCATION=eastus" >> $GITHUB_ENV; else echo "AZURE_LOCATION=${{ secrets.AZURE_LOCATION }}" >> $GITHUB_ENV; fi
-          if [ "$missing" -eq 1 ]; then
-            echo "Missing required secrets. Failing early." >&2
-            exit 1
-          fi
-          echo "All required auth secrets present (client secret not required for OIDC)."
-
-      - name: Ensure Bicep CLI installed
-        run: |
-          az bicep install || true
-      - name: Azure Login (Service Principal Client Secret)
-        if: ${{ env.AZURE_CLIENT_SECRET != '' }}
-        run: |
-          echo "Using service principal client secret authentication path." 
-          az login --service-principal \
-            -u ${{ secrets.AZURE_CLIENT_ID }} \
-            -p ${{ secrets.AZURE_CLIENT_SECRET }} \
-            --tenant ${{ secrets.AZURE_TENANT_ID }}
-          az account set --subscription ${{ secrets.AZURE_SUBSCRIPTION_ID }}
-            --tenant ${{ secrets.AZURE_TENANT_ID }}
-      - name: Azure Login (OIDC) (no client secret present)
-        if: ${{ env.AZURE_CLIENT_SECRET == '' }}
-        uses: azure/login@v1
-        with:
-            client-id: ${{ secrets.AZURE_CLIENT_ID }}
-            tenant-id: ${{ secrets.AZURE_TENANT_ID }}
-            subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
-        continue-on-error: false
-
-      - name: Auth Mode Announcement
-        run: |
-          if [ -n "${{ secrets.AZURE_CLIENT_SECRET }}" ]; then
-            echo "Auth mode: client secret (SP). OIDC skipped."
-          else
-            echo "Auth mode: OIDC (no client secret set). Ensure federated credential exists for environment 'validation'."
-          fi
-
-      - name: Post-login diagnostics
-        if: always()
-        run: |
-          echo "Login diagnostics:"
-          az account show || echo "Account show failed" >&2
-          echo "Listing subscriptions (top 5):"; az account list --query '[].{name:name,id:id}' -o table | head -n 7 || true
-          echo "Active tenant: ${{ secrets.AZURE_TENANT_ID }}"
-          echo "Client ID suffix: $(echo '${{ secrets.AZURE_CLIENT_ID }}' | tail -c 6)"
-
-      - name: Debug Azure context
-        run: |
-          az account show || echo "Could not show account (ensure privileges)" >&2
-          echo "Listing bicep version:"; az bicep version || true
-          echo "Listing repo root:"; ls -1 . || true
-          echo "Infra directory content:"; ls -1 infra || true
-          echo "Resolved AZURE_LOCATION: ${AZURE_LOCATION:-unset}" 
-
-      - name: Validate Azure Template
-        id: validation
-        uses: microsoft/template-validation-action@main
-        env:
-          AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
-          AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
-          AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
-          AZURE_LOCATION: ${{ secrets.AZURE_LOCATION }}
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        continue-on-error: true
-
-      - name: Capture validation output
-        id: capture
-        run: |
-          out="${{ steps.validation.outputs.resultFile }}"
-            if [ -n "$out" ] && [ -f "$out" ]; then
-              cp "$out" validation-result.json
-            else
-              echo '{"warning":"No resultFile produced by action"}' > validation-result.json
-            fi
-          echo "result_path=validation-result.json" >> $GITHUB_OUTPUT
-
-      - name: Print validation result
-        if: always()
-        run: |
-          echo "--- validation-result.json ---"
-          cat validation-result.json || echo "No validation-result.json present" >&2
-
-      - name: Upload validation result artifact
-        if: always()
-        uses: actions/upload-artifact@v4
-        with:
-          name: validation-result
-          path: validation-result.json
-          retention-days: 7
-
-      - name: Fail if validation errors detected
-        run: |
-          file='validation-result.json'
-          if [ ! -f "$file" ]; then
-            echo "No validation result file produced; failing." >&2
-            exit 1
-          fi
-          if grep -Ei '"(status|level)" *: *"error"' "$file" || grep -Ei '\b(error|failed)\b' "$file"; then
-            echo "Errors detected in template validation output." >&2
-            cat "$file"
-            exit 1
-          fi
-          # Also treat underlying action non-zero exit as failure even if heuristic passes.
-          if [ "${{ steps.validation.outcome }}" = "failure" ]; then
-            echo "Underlying validation action reported failure (steps.validation.outcome)." >&2
-            exit 1
-          fi
-          echo "No blocking errors detected in validation output."
+jobs: 
+  template_validation_job: 
+    runs-on: ubuntu-latest 
+    environment: dev
+    name: Template validation 
+    steps: 
+      # Step 1: Checkout the code from your repository 
+      - name: Checkout code 
+        uses: actions/checkout@v4 
+      # Step 2: Validate the Azure template using microsoft/template-validation-action 
+      - name: Validate Azure Template 
+        uses: microsoft/template-validation-action@v0.3.5 
+        id: validation 
+        env: 
+          AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} 
+          AZURE_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }} 
+          AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} 
+          AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} 
+          AZURE_ENV_NAME: ${{ secrets.AZURE_ENV_NAME }} 
+          AZURE_LOCATION: ${{ secrets.AZURE_LOCATION }} 
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} 
+      # Step 3: Print the result of the validation 
+      - name: Print result 
+        run: cat ${{ steps.validation.outputs.resultFile }}