feat: simplify input validation logic

The input validation script has been inlined into `action.yml` to improve the maintainability and readability of the action. This removes the need for a separate script file, making the action more self-contained.

The validation logic itself has also been simplified:
- Redundant local variables have been removed in favor of using environment variables directly.
- Conditional checks for Workload Identity Federation have been made more concise.

Author: jerop

action.yml

@@ -80,9 +80,66 @@ outputs:
 runs:
   using: 'composite'
   steps:
-    - name: 'Validate inputs'
+    - name: 'Validate Inputs'
+      id: 'validate_inputs'
       shell: 'bash'
-      run: '${{ github.action_path }}/scripts/validate-inputs.sh'
+      run: |-
+        set -euo pipefail
+
+        # Emit a clear warning in three places without failing the step
+        warn() {
+          local msg="$1"
+          echo "WARNING: ${msg}" >&2
+          echo "::warning title=Input validation::${msg}"
+          if [[ -n "${GITHUB_STEP_SUMMARY:-}" ]]; then
+            {
+              echo "### Input validation warnings"
+              echo
+              echo "- ${msg}"
+            } >> "${GITHUB_STEP_SUMMARY}"
+          fi
+        }
+
+        # Validate the count of authentication methods
+        auth_methods=0
+        if [[ "${INPUT_GEMINI_API_KEY_PRESENT:-false}" == "true" ]]; then ((auth_methods++)); fi
+        if [[ "${INPUT_GOOGLE_API_KEY_PRESENT:-false}" == "true" ]]; then ((auth_methods++)); fi
+        if [[ "${INPUT_GCP_WORKLOAD_IDENTITY_PROVIDER_PRESENT:-false}" == "true" ]]; then ((auth_methods++)); fi
+
+        if [[ ${auth_methods} -eq 0 ]]; then
+          warn "No authentication method provided. Please provide one of 'gemini_api_key', 'google_api_key', or 'gcp_workload_identity_provider'."
+        fi
+
+        if [[ ${auth_methods} -gt 1 ]]; then
+          warn "Multiple authentication methods provided. Please use only one of 'gemini_api_key', 'google_api_key', or 'gcp_workload_identity_provider'."
+        fi
+
+        # Validate Workload Identity Federation inputs
+        if [[ "${INPUT_GCP_WORKLOAD_IDENTITY_PROVIDER_PRESENT:-false}" == "true" ]]; then
+          if [[ "${INPUT_GCP_PROJECT_ID_PRESENT:-false}" != "true" || "${INPUT_GCP_SERVICE_ACCOUNT_PRESENT:-false}" != "true" ]]; then
+            warn "When using Workload Identity Federation ('gcp_workload_identity_provider'), you must also provide 'gcp_project_id' and 'gcp_service_account'."
+          fi
+          if [[ "${INPUT_USE_VERTEX_AI:-false}" == "${INPUT_USE_GEMINI_CODE_ASSIST:-false}" ]]; then
+            warn "When using Workload Identity Federation, you must set exactly one of 'use_vertex_ai' or 'use_gemini_code_assist' to 'true'."
+          fi
+        fi
+
+        # Validate Vertex AI API Key
+        if [[ "${INPUT_GOOGLE_API_KEY_PRESENT:-false}" == "true" ]]; then
+          if [[ "${INPUT_USE_VERTEX_AI:-false}" != "true" ]]; then
+            warn "When using 'google_api_key', you must set 'use_vertex_ai' to 'true'."
+          fi
+          if [[ "${INPUT_USE_GEMINI_CODE_ASSIST:-false}" == "true" ]]; then
+            warn "When using 'google_api_key', 'use_gemini_code_assist' cannot be 'true'."
+          fi
+        fi
+
+        # Validate Gemini API Key
+        if [[ "${INPUT_GEMINI_API_KEY_PRESENT:-false}" == "true" ]]; then
+          if [[ "${INPUT_USE_VERTEX_AI:-false}" == "true" || "${INPUT_USE_GEMINI_CODE_ASSIST:-false}" == "true" ]]; then
+            warn "When using 'gemini_api_key', both 'use_vertex_ai' and 'use_gemini_code_assist' must be 'false'."
+          fi
+        fi
       env:
         INPUT_GEMINI_API_KEY_PRESENT: "${{ inputs.gemini_api_key != '' }}"
         INPUT_GOOGLE_API_KEY_PRESENT: "${{ inputs.google_api_key != '' }}"