diff --git a/pkg/parser/schema_test.go b/pkg/parser/schema_test.go index c2257ae482f..0ce13d1ebf8 100644 --- a/pkg/parser/schema_test.go +++ b/pkg/parser/schema_test.go @@ -621,6 +621,45 @@ func TestValidateMainWorkflowFrontmatterWithSchema(t *testing.T) { wantErr: true, errContains: "minItems: got 0, want 1", }, + { + name: "invalid empty toolsets array", + frontmatter: map[string]any{ + "on": "push", + "tools": map[string]any{ + "github": map[string]any{ + "toolsets": []string{}, + }, + }, + }, + wantErr: true, + errContains: "minItems", + }, + { + name: "invalid empty issue names array", + frontmatter: map[string]any{ + "on": map[string]any{ + "issues": map[string]any{ + "types": []string{"labeled"}, + "names": []string{}, + }, + }, + }, + wantErr: true, + errContains: "minItems", + }, + { + name: "invalid empty pull_request names array", + frontmatter: map[string]any{ + "on": map[string]any{ + "pull_request": map[string]any{ + "types": []string{"labeled"}, + "names": []string{}, + }, + }, + }, + wantErr: true, + errContains: "minItems", + }, { name: "valid schedule with multiple cron entries", frontmatter: map[string]any{ diff --git a/pkg/parser/schemas/main_workflow_schema.json b/pkg/parser/schemas/main_workflow_schema.json index 510479189b5..fd9e83996e0 100644 --- a/pkg/parser/schemas/main_workflow_schema.json +++ b/pkg/parser/schemas/main_workflow_schema.json @@ -285,10 +285,7 @@ }, { "not": { - "anyOf": [ - { "required": ["branches"] }, - { "required": ["branches-ignore"] } - ] + "anyOf": [{ "required": ["branches"] }, { "required": ["branches-ignore"] }] } } ], @@ -305,10 +302,7 @@ }, { "not": { - "anyOf": [ - { "required": ["paths"] }, - { "required": ["paths-ignore"] } - ] + "anyOf": [{ "required": ["paths"] }, { "required": ["paths-ignore"] }] } } ] @@ -414,7 +408,8 @@ "items": { "type": "string", "description": "Label name" - } + }, + "minItems": 1 } ] } @@ -431,10 +426,7 @@ }, { "not": { - "anyOf": [ - { "required": ["branches"] }, - { "required": ["branches-ignore"] } - ] + "anyOf": [{ "required": ["branches"] }, { "required": ["branches-ignore"] }] } } ], @@ -451,10 +443,7 @@ }, { "not": { - "anyOf": [ - { "required": ["paths"] }, - { "required": ["paths-ignore"] } - ] + "anyOf": [{ "required": ["paths"] }, { "required": ["paths-ignore"] }] } } ] @@ -486,7 +475,8 @@ "items": { "type": "string", "description": "Label name" - } + }, + "minItems": 1 } ] }, @@ -669,10 +659,7 @@ }, { "not": { - "anyOf": [ - { "required": ["branches"] }, - { "required": ["branches-ignore"] } - ] + "anyOf": [{ "required": ["branches"] }, { "required": ["branches-ignore"] }] } } ] @@ -996,10 +983,7 @@ }, { "not": { - "anyOf": [ - { "required": ["branches"] }, - { "required": ["branches-ignore"] } - ] + "anyOf": [{ "required": ["branches"] }, { "required": ["branches-ignore"] }] } } ], @@ -1016,10 +1000,7 @@ }, { "not": { - "anyOf": [ - { "required": ["paths"] }, - { "required": ["paths-ignore"] } - ] + "anyOf": [{ "required": ["paths"] }, { "required": ["paths-ignore"] }] } } ] @@ -1899,7 +1880,8 @@ "items": { "type": "string", "description": "Domain name or ecosystem identifier (supports wildcards like '*.example.com' and ecosystem names like 'python', 'node')" - } + }, + "$comment": "Empty array is valid and means deny all network access. Omit the field entirely or use network: defaults to use default network permissions." }, "firewall": { "description": "AWF (Agent Workflow Firewall) configuration for network egress control. Only supported for Copilot engine.", @@ -2406,7 +2388,9 @@ "stargazers", "users" ] - } + }, + "minItems": 1, + "$comment": "At least one toolset is required when toolsets array is specified. Use null or omit the field to use all toolsets." } }, "additionalProperties": false,