Update HA validation and configuration (#163)

Author: devanshjainms

.github/workflows/codeql.yml

@@ -43,17 +43,17 @@ jobs:
           egress-policy: audit
 
       - name: Checkout repository
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
 
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@07bb2b932c90fc1ec97637495e4072a0966fa74c # v3.28.20
+        uses: github/codeql-action/init@fe4161a26a8629af62121b670040955b330f9af2 # v4.31.6
         with:
           languages: ${{ matrix.language }}
 
       - name: Autobuild
-        uses: github/codeql-action/autobuild@07bb2b932c90fc1ec97637495e4072a0966fa74c # v3.28.20
+        uses: github/codeql-action/autobuild@fe4161a26a8629af62121b670040955b330f9af2 # v4.31.6
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@07bb2b932c90fc1ec97637495e4072a0966fa74c # v3.28.20
+        uses: github/codeql-action/analyze@fe4161a26a8629af62121b670040955b330f9af2 # v4.31.6
         with:
           category: "/language:${{matrix.language}}"

.github/workflows/dependency-review.yml

@@ -22,6 +22,6 @@ jobs:
           egress-policy: audit
 
       - name: 'Checkout Repository'
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
       - name: 'Dependency Review'
         uses: actions/dependency-review-action@3b139cfc5fae8b618d3eae3675e383bb1769c019 # v4.5.0

.github/workflows/github-actions-ansible-lint.yml

@@ -14,7 +14,7 @@ jobs:
           egress-policy: audit
 
       - name: Checkout the code
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
 
       - name: Setup Python
         uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 #v5.4.0

.github/workflows/github-actions-code-coverage.yml

@@ -14,7 +14,7 @@ jobs:
           egress-policy: audit
 
       - name: Checkout the code
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 #v6.0.1
 
       - name: Setup Python
         uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 #v5.4.0

.github/workflows/ossf-scoreboard.yml

@@ -31,7 +31,7 @@ jobs:
           egress-policy: audit
 
       - name: "Checkout code"
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
         with:
           persist-credentials: false
 
@@ -52,6 +52,6 @@ jobs:
       # Upload the results to GitHub's code scanning dashboard (optional).
       # Commenting out will disable upload of results to your repo's Code Scanning dashboard
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@0499de31b99561a6d14a36a5f662c2a54f91beee # v4.31.2
+        uses: github/codeql-action/upload-sarif@fe4161a26a8629af62121b670040955b330f9af2 # v4.31.6
         with:
           sarif_file: results.sarif

.github/workflows/trivy.yml

@@ -23,7 +23,7 @@ jobs:
         egress-policy: audit
 
     - name: Checkout code
-      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
 
     - name: Run Trivy vulnerability scanner (file system)
       uses: aquasecurity/trivy-action@18f2510ee396bbf400402947b394f2dd8c87dbb0 # 0.29.0
@@ -36,7 +36,7 @@ jobs:
         output: report-fs.sarif
 
     - name: Upload Trivy report (fs) GitHub Security
-      uses: github/codeql-action/upload-sarif@07bb2b932c90fc1ec97637495e4072a0966fa74c # v3.28.20
+      uses: github/codeql-action/upload-sarif@fe4161a26a8629af62121b670040955b330f9af2 # v4.31.6
       with:
         sarif_file: report-fs.sarif
         category: 'fs'

VERSION

@@ -1 +1 @@
-1.0.0
+1.0.1

docs/CHANGELOG.md

@@ -2,6 +2,11 @@
 
 All notable changes to this project will be documented in this file.
 
+## 1.0.1
+Release Date: 12-09-2025
+1. CI/CD Workflow Upgrades:
+2. HA constants, validation logic updates and validation enhancements
+3. SAP Automation Script Improvements
 
 ## 1.0.0
 Release Date: 11-04-2025

requirements.txt

@@ -2,20 +2,20 @@
 # This file is autogenerated by pip-compile with Python 3.10
 # by the following command:
 #
-#    pip-compile requirements.in
+#    pip-compile ./requirements.in
 #
-ansible-compat==25.8.2
+ansible-compat==25.12.0
     # via ansible-lint
 ansible-core==2.17.14
     # via
     #   -r requirements.in
     #   ansible-compat
     #   ansible-lint
-ansible-lint==25.9.2
+ansible-lint==25.12.0
     # via -r requirements.in
 ansible-runner==2.4.2
     # via -r requirements.in
-astroid==4.0.1
+astroid==4.0.2
     # via pylint
 attrs==25.4.0
     # via
@@ -33,35 +33,35 @@ azure-identity==1.25.1
     # via
     #   -r requirements.in
     #   azure-kusto-data
-azure-kusto-data==5.0.5
+azure-kusto-data==6.0.0
     # via
     #   -r requirements.in
     #   azure-kusto-ingest
-azure-kusto-ingest==5.0.5
+azure-kusto-ingest==6.0.0
     # via -r requirements.in
-azure-mgmt-compute==37.0.1
+azure-mgmt-compute==37.1.0
     # via -r requirements.in
 azure-mgmt-core==1.6.0
     # via
     #   azure-mgmt-compute
     #   azure-mgmt-network
-azure-mgmt-network==30.0.0
+azure-mgmt-network==30.1.0
     # via -r requirements.in
-azure-storage-blob==12.23.0
+azure-storage-blob==12.26.0
     # via
     #   -r requirements.in
     #   azure-kusto-ingest
-azure-storage-queue==12.12.0
+azure-storage-queue==12.13.0
     # via
     #   -r requirements.in
     #   azure-kusto-ingest
-black==25.9.0
+black==25.12.0
     # via
     #   -r requirements.in
     #   ansible-lint
 bracex==2.6
     # via wcmatch
-certifi==2025.10.5
+certifi==2025.11.12
     # via
     #   msrest
     #   requests
@@ -71,11 +71,11 @@ cffi==2.0.0
     #   cryptography
 charset-normalizer==3.4.4
     # via requests
-click==8.3.0
+click==8.3.1
     # via
     #   -r requirements.in
     #   black
-coverage[toml]==7.11.0
+coverage[toml]==7.13.0
     # via
     #   -r requirements.in
     #   pytest-cov
@@ -92,16 +92,14 @@ dill==0.4.0
     # via pylint
 distro==1.9.0
     # via ansible-lint
-exceptiongroup==1.3.0
+exceptiongroup==1.3.1
     # via pytest
 filelock==3.20.0
     # via ansible-lint
 idna==3.11
     # via requests
 ijson==3.4.0.post0
     # via azure-kusto-data
-importlib-metadata==8.7.0
-    # via ansible-lint
 iniconfig==2.3.0
     # via pytest
 isodate==0.7.2
@@ -169,7 +167,7 @@ pathspec==0.12.1
     #   yamllint
 pexpect==4.9.0
     # via ansible-runner
-platformdirs==4.5.0
+platformdirs==4.5.1
     # via
     #   black
     #   pylint
@@ -189,9 +187,9 @@ pyjwt[crypto]==2.10.1
     # via
     #   msal
     #   pyjwt
-pylint==4.0.2
+pylint==4.0.4
     # via -r requirements.in
-pytest==8.4.2
+pytest==9.0.2
     # via
     #   -r requirements.in
     #   pytest-cov
@@ -206,7 +204,7 @@ python-dateutil==2.9.0.post0
     # via
     #   azure-kusto-data
     #   pandas
-pytokens==0.2.0
+pytokens==0.3.0
     # via black
 pytz==2025.2
     # via pandas
@@ -237,13 +235,13 @@ resolvelib==1.0.1
     # via ansible-core
 rich==14.2.0
     # via -r requirements.in
-rpds-py==0.28.0
+rpds-py==0.30.0
     # via
     #   jsonschema
     #   referencing
 ruamel-yaml==0.18.16
     # via ansible-lint
-ruamel-yaml-clib==0.2.14
+ruamel-yaml-clib==0.2.15
     # via
     #   ansible-lint
     #   ruamel-yaml
@@ -278,11 +276,9 @@ typing-extensions==4.15.0
     #   referencing
 tzdata==2025.2
     # via pandas
-urllib3==2.5.0
+urllib3==2.6.1
     # via requests
 wcmatch==10.1
     # via ansible-lint
 yamllint==1.37.1
     # via ansible-lint
-zipp==3.23.0
-    # via importlib-metadata

scripts/sap_automation_qa.sh

@@ -178,6 +178,15 @@ validate_params() {
         log "ERROR" "Error: The following parameters cannot be empty: ${missing_params[*]}"
         exit 1
     fi
+
+    WORKSPACES_DIR=$(grep "^WORKSPACES_DIR:" "$VARS_FILE" | awk '{split($0,a,": "); print a[2]}' | xargs)
+    if [[ -z "$WORKSPACES_DIR" ]]; then
+        WORKSPACES_DIR="WORKSPACES"
+        log "INFO" "WORKSPACES_DIR not set in vars.yaml, using default: $WORKSPACES_DIR"
+    else
+        log "INFO" "WORKSPACES_DIR: $WORKSPACES_DIR"
+    fi
+    export WORKSPACES_DIR
 }
 
 # Extract the error message from a command's output.
@@ -403,7 +412,7 @@ run_ansible_playbook() {
                 command="ansible-playbook ${cmd_dir}/../src/$playbook_name.yml -i $system_hosts --private-key $temp_file \
                     -e @$VARS_FILE -e @$system_params -e '_workspace_directory=$system_config_folder' $extra_vars"
             else
-                local ssh_key_dir="${cmd_dir}/../WORKSPACES/SYSTEM/$SYSTEM_CONFIG_NAME"
+                local ssh_key_dir="${cmd_dir}/../$WORKSPACES_DIR/SYSTEM/$SYSTEM_CONFIG_NAME"
                 local ssh_key=""
                 local extensions=("ppk" "pem" "key" "private" "rsa" "ed25519" "ecdsa" "dsa" "")
 
@@ -429,7 +438,7 @@ run_ansible_playbook() {
                 fi
 
                 check_file_exists "$ssh_key" \
-                    "SSH key file not found in WORKSPACES/SYSTEM/$SYSTEM_CONFIG_NAME directory. Looked for files with patterns: ssh_key.*, *ssh_key*"
+                    "SSH key file not found in $WORKSPACES_DIR/SYSTEM/$SYSTEM_CONFIG_NAME directory. Looked for files with patterns: ssh_key.*, *ssh_key*"
 
                 chmod 600 "$ssh_key"
                 command="ansible-playbook ${cmd_dir}/../src/$playbook_name.yml -i $system_hosts --private-key $ssh_key \
@@ -449,9 +458,9 @@ run_ansible_playbook() {
                     --extra-vars 'ansible_ssh_pass=$(cat $temp_file)' --extra-vars @$VARS_FILE -e @$system_params \
                     -e '_workspace_directory=$system_config_folder' $extra_vars"
             else
-                local password_file="${cmd_dir}/../WORKSPACES/SYSTEM/$SYSTEM_CONFIG_NAME/password"
+                local password_file="${cmd_dir}/../$WORKSPACES_DIR/SYSTEM/$SYSTEM_CONFIG_NAME/password"
                 check_file_exists "$password_file" \
-                    "password file not found in WORKSPACES/SYSTEM/$SYSTEM_CONFIG_NAME directory."
+                    "password file not found in $WORKSPACES_DIR/SYSTEM/$SYSTEM_CONFIG_NAME directory."
                 command="ansible-playbook ${cmd_dir}/../src/$playbook_name.yml -i $system_hosts \
                     --extra-vars 'ansible_ssh_pass=$(cat $password_file)' --extra-vars @$VARS_FILE -e @$system_params \
                     -e '_workspace_directory=$system_config_folder' $extra_vars"
@@ -509,7 +518,7 @@ main() {
     validate_params
 
     # Check if the SYSTEM_HOSTS and SYSTEM_PARAMS directory exists inside WORKSPACES/SYSTEM folder
-    SYSTEM_CONFIG_FOLDER="${cmd_dir}/../WORKSPACES/SYSTEM/$SYSTEM_CONFIG_NAME"
+    SYSTEM_CONFIG_FOLDER="${cmd_dir}/../$WORKSPACES_DIR/SYSTEM/$SYSTEM_CONFIG_NAME"
     SYSTEM_HOSTS="$SYSTEM_CONFIG_FOLDER/hosts.yaml"
     SYSTEM_PARAMS="$SYSTEM_CONFIG_FOLDER/sap-parameters.yaml"
     TEST_TIER=$(echo "$TEST_TIER" | tr '[:upper:]' '[:lower:]')
@@ -519,9 +528,9 @@ main() {
     log "INFO" "Using Authentication Type: $AUTHENTICATION_TYPE."
 
     check_file_exists "$SYSTEM_HOSTS" \
-        "hosts.yaml not found in WORKSPACES/SYSTEM/$SYSTEM_CONFIG_NAME directory."
+        "hosts.yaml not found in $WORKSPACES_DIR/SYSTEM/$SYSTEM_CONFIG_NAME directory."
     check_file_exists "$SYSTEM_PARAMS" \
-        "sap-parameters.yaml not found in WORKSPACES/SYSTEM/$SYSTEM_CONFIG_NAME directory."
+        "sap-parameters.yaml not found in $WORKSPACES_DIR/SYSTEM/$SYSTEM_CONFIG_NAME directory."
 
 		if [[ "$OFFLINE_MODE" == "true" ]]; then
         local crm_report_dir="$SYSTEM_CONFIG_FOLDER/offline_validation"