feat: add input validation patterns (#39)

Author: DerekRoberts

action.yml

@@ -13,19 +13,23 @@ inputs:
   dir:
     description: App/package directory
     required: true
+    pattern: "^[a-zA-Z0-9._/-]+$"
 
   java-version:
     description: Java version, defaults to 17 (LTS)
     required: true
+    pattern: '^[0-9]+(\.[0-9]+)*$'
 
   ### Typical / recommended
   java-cache:
     description: Java package manager cache, defaults to maven
     default: maven
+    pattern: "^(maven|gradle)$"
 
   java-distribution:
     description: Java distribution, defaults to temurin
     default: temurin
+    pattern: "^(temurin|corretto|openjdk|zulu)$"
 
   sonar_args:
     # https://docs.sonarcloud.io/advanced-setup/analysis-parameters/
@@ -36,6 +40,7 @@ inputs:
 
   sonar_token:
     description: Sonar token, provide unpopulated token for pre-setup (will skip)
+    pattern: "^[a-zA-Z0-9]{20,}$"
 
   triggers:
     description: Paths (array) used to trigger a build; e.g. ('./backend/' './frontend/)
@@ -44,14 +49,17 @@ inputs:
   diff_branch:
     description: Branch to diff against
     default: ${{ github.event.repository.default_branch }}
+    pattern: "^[a-zA-Z0-9._/-]+$"
 
   repository:
     description: Non-default repository to clone (used for testing this action)
     default: ${{ github.repository }}
+    pattern: "^[a-zA-Z0-9-_]+/[a-zA-Z0-9-_]+$"
 
   branch:
     description: Non-default branch to clone (used for testing this action)
     default: ""
+    pattern: "^[a-zA-Z0-9._/-]*$"
 
 outputs:
   triggered: