diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index e8ec45b..33c03c1 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -23,18 +23,28 @@ env: SPECTRAL_VERSION: "6.15.0" jobs: - evaluate-input: - name: Evaluate input + lint: + name: OpenAPI Lint runs-on: ubuntu-latest permissions: contents: read actions: read - outputs: - spec_path: ${{ steps.resolve-spec-path.outputs.spec_path }} + id-token: write env: GHA_API_FAIL_THRESHOLD: ${{ inputs.fail_threshold }} GHA_API_ARTIFACT: ${{ inputs.artifact }} GHA_API_PATH: ${{ inputs.path }} + SHOULD_UPLOAD: >- + ${{ + inputs.upload_to_bucket == true + && ( + (github.event_name == 'push' && github.ref_name == github.event.repository.default_branch) || + (github.event_name == 'pull_request' && + github.event.action == 'closed' && + github.event.pull_request.merged == true && + github.event.pull_request.base.ref == github.event.repository.default_branch) + ) + }} steps: - name: Checkout repository (if spec provided) if: ${{ inputs.artifact == '' }} @@ -86,29 +96,6 @@ jobs: fi echo "spec_path=$spec_path" >> "$GITHUB_OUTPUT" - - name: Send analytics - if: always() - uses: entur/gha-api/.github/actions/posthog@main - with: - workflow_name: lint - workflow_inputs: ${{ toJSON(inputs) }} - api_key: "phc_yhR5iXxjC2n6J7tqznFQURld147kruAy4HuYgjbyEyk" - lint: - name: OpenAPI Lint - runs-on: ubuntu-latest - needs: evaluate-input - permissions: - contents: read - steps: - - name: Checkout repository (if spec provided) - if: ${{ inputs.artifact == '' }} - uses: actions/checkout@v6 - - name: Download artifact (if artifact provided) - if: ${{ inputs.artifact != '' }} - uses: actions/download-artifact@v8 - with: - pattern: ${{ inputs.artifact }} - path: /tmp/artifacts - name: Checkout linting rulesets uses: actions/checkout@v6 with: @@ -122,7 +109,7 @@ jobs: - name: Lint OpenAPI shell: bash env: - GHA_API_PATH: ${{ needs.evaluate-input.outputs.spec_path }} + GHA_API_PATH: ${{ steps.resolve-spec-path.outputs.spec_path }} GHA_API_FAIL_THRESHOLD: ${{ inputs.fail_threshold }} run: | set -o errexit @@ -156,35 +143,8 @@ jobs: fi fi fi - - - upload-to-bucket: - name: Upload to bucket - if: | - inputs.upload_to_bucket == true - && ( - (github.event_name == 'push' && github.ref_name == github.event.repository.default_branch) || - (github.event_name == 'pull_request' && - github.event.action == 'closed' && - github.event.pull_request.merged == true && - github.event.pull_request.base.ref == github.event.repository.default_branch) - ) - needs: evaluate-input - permissions: - contents: read - id-token: write - runs-on: ubuntu-latest - steps: - - name: Checkout repository (if spec provided) - if: ${{ inputs.artifact == '' }} - uses: actions/checkout@v6 - - name: Download artifact (if artifact provided) - if: ${{ inputs.artifact != '' }} - uses: actions/download-artifact@v8 - with: - pattern: ${{ inputs.artifact }} - path: /tmp/artifacts - name: Check ENTUR_API_DATA_SA secret exists + if: ${{ env.SHOULD_UPLOAD == 'true' }} env: ENTUR_API_DATA_SA: ${{ secrets.ENTUR_API_DATA_SA }} REPO_VISIBILITY: ${{ github.event.repository.visibility }} @@ -199,17 +159,21 @@ jobs: exit 1 fi - uses: actions/setup-node@v6 + if: ${{ env.SHOULD_UPLOAD == 'true' }} with: node-version: 24 - name: Authenticate with Google Cloud + if: ${{ env.SHOULD_UPLOAD == 'true' }} uses: google-github-actions/auth@7c6bc770dae815cd3e89ee6cdf493a5fab2cc093 # v3.0.0 with: credentials_json: "${{ secrets.ENTUR_API_DATA_SA }}" - name: Set up Cloud SDK + if: ${{ env.SHOULD_UPLOAD == 'true' }} uses: google-github-actions/setup-gcloud@aa5489c8933f4cc7a4f7d45035b3b1440c9c10db # v3.0.1 - name: Bundle spec + if: ${{ env.SHOULD_UPLOAD == 'true' }} env: - GHA_API_PATH: ${{ needs.evaluate-input.outputs.spec_path }} + GHA_API_PATH: ${{ steps.resolve-spec-path.outputs.spec_path }} run: | set -o errexit set -o nounset @@ -222,9 +186,17 @@ jobs: cp $GHA_API_PATH /tmp/specs - name: Upload specs to GCS + if: ${{ env.SHOULD_UPLOAD == 'true' }} run: | set -o errexit set -o nounset set -o pipefail echo "Starting to sync files in /tmp/specs/ to GCS Bucket to path /${GITHUB_REPOSITORY#*/}" gcloud storage rsync /tmp/specs/ "gs://ent-gcs-api-specs-prd-001/${GITHUB_REPOSITORY#*/}" + - name: Send analytics + if: always() + uses: entur/gha-api/.github/actions/posthog@main + with: + workflow_name: lint + workflow_inputs: ${{ toJSON(inputs) }} + api_key: "phc_yhR5iXxjC2n6J7tqznFQURld147kruAy4HuYgjbyEyk" diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index c4ff6cd..73e3fa2 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -15,17 +15,17 @@ env: SPECTRAL_VERSION: "6.15.0" jobs: - evaluate-input: - name: Evaluate input + publish: + name: OpenAPI Publish runs-on: ubuntu-latest permissions: contents: read actions: read - outputs: - spec_path: ${{ steps.resolve-spec-path.outputs.spec_path }} + id-token: write env: GHA_API_ARTIFACT: ${{ inputs.artifact }} GHA_API_PATH: ${{ inputs.path }} + CLOUD_RUN_ENDPOINT: https://europe-west1-ent-apidata-prd.cloudfunctions.net/publish-spec steps: - name: Checkout repository (if spec provided) if: ${{ inputs.artifact == '' }} @@ -62,29 +62,6 @@ jobs: fi echo "spec_path=$spec_path" >> "$GITHUB_OUTPUT" - - name: Send analytics - if: always() - uses: entur/gha-api/.github/actions/posthog@main - with: - workflow_name: publish - workflow_inputs: ${{ toJSON(inputs) }} - api_key: "phc_yhR5iXxjC2n6J7tqznFQURld147kruAy4HuYgjbyEyk" - validate-spec: - needs: evaluate-input - name: Validate spec - runs-on: ubuntu-latest - permissions: - contents: read - steps: - - name: Checkout repository (if spec provided) - if: ${{ inputs.artifact == '' }} - uses: actions/checkout@v6 - - name: Download artifact (if artifact provided) - if: ${{ inputs.artifact != '' }} - uses: actions/download-artifact@v8 - with: - name: ${{ inputs.artifact }} - path: /tmp/artifact - uses: actions/setup-node@v6 with: node-version: 24 @@ -100,7 +77,7 @@ jobs: - name: Validate spec shell: bash env: - GHA_API_PATH: ${{ needs.evaluate-input.outputs.spec_path }} + GHA_API_PATH: ${{ steps.resolve-spec-path.outputs.spec_path }} run: | set -o errexit set -o nounset @@ -116,29 +93,6 @@ jobs: echo "::error::Spec bundling failed. Failing workflow." exit 1 fi - - upload: - name: Upload spec - needs: [evaluate-input, validate-spec] - permissions: - contents: read - id-token: write - runs-on: ubuntu-latest - env: - CLOUD_RUN_ENDPOINT: https://europe-west1-ent-apidata-prd.cloudfunctions.net/publish-spec - steps: - - name: Checkout repository (if spec provided) - if: ${{ inputs.artifact == '' }} - uses: actions/checkout@v6 - - name: Download artifact (if artifact provided) - if: ${{ inputs.artifact != '' }} - uses: actions/download-artifact@v8 - with: - name: ${{ inputs.artifact }} - path: /tmp/artifact - - uses: actions/setup-node@v6 - with: - node-version: 24 - name: Authenticate with Google Cloud id: auth uses: google-github-actions/auth@7c6bc770dae815cd3e89ee6cdf493a5fab2cc093 # v3.0.0 @@ -149,10 +103,9 @@ jobs: id_token_audience: ${{ env.CLOUD_RUN_ENDPOINT }} id_token_include_email: true create_credentials_file: false - - name: Upload env: - GHA_API_PATH: ${{ needs.evaluate-input.outputs.spec_path }} + GHA_API_PATH: ${{ steps.resolve-spec-path.outputs.spec_path }} ID_TOKEN: ${{ steps.auth.outputs.id_token }} shell: bash run: | @@ -185,4 +138,11 @@ jobs: } echo "Successfully published: $GHA_API_PATH" + - name: Send analytics + if: always() + uses: entur/gha-api/.github/actions/posthog@main + with: + workflow_name: publish + workflow_inputs: ${{ toJSON(inputs) }} + api_key: "phc_yhR5iXxjC2n6J7tqznFQURld147kruAy4HuYgjbyEyk" diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index 9ab2ff6..b51125e 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -15,17 +15,17 @@ env: SPECTRAL_VERSION: "6.15.0" jobs: - evaluate-input: - name: Evaluate input + validate-spec: + name: OpenAPI Validate runs-on: ubuntu-latest permissions: contents: read actions: read - outputs: - spec_path: ${{ steps.resolve-spec-path.outputs.spec_path }} + id-token: write env: GHA_API_ARTIFACT: ${{ inputs.artifact }} GHA_API_PATH: ${{ inputs.path }} + CLOUD_RUN_ENDPOINT: https://europe-west1-ent-apidata-prd.cloudfunctions.net/publish-spec steps: - name: Checkout repository (if spec provided) if: ${{ inputs.artifact == '' }} @@ -55,38 +55,13 @@ jobs: fi echo "Path to spec resolved to $spec_path" - + if [ ! -f $spec_path ]; then echo "File $spec_path not found." exit 1 fi - - echo "spec_path=$spec_path" >> "$GITHUB_OUTPUT" - - name: Send analytics - if: always() - uses: entur/gha-api/.github/actions/posthog@main - with: - workflow_name: validate - workflow_inputs: ${{ toJSON(inputs) }} - api_key: "phc_yhR5iXxjC2n6J7tqznFQURld147kruAy4HuYgjbyEyk" - validate-spec: - name: OpenAPI Validate - needs: evaluate-input - runs-on: ubuntu-latest - permissions: - contents: read - id-token: write - env: - CLOUD_RUN_ENDPOINT: https://europe-west1-ent-apidata-prd.cloudfunctions.net/publish-spec - steps: - - uses: actions/checkout@v6 - if: ${{ inputs.artifact == '' }} - - uses: actions/download-artifact@v8 - if: ${{ inputs.artifact != '' }} - with: - name: ${{ inputs.artifact }} - path: /tmp/artifacts + echo "spec_path=$spec_path" >> "$GITHUB_OUTPUT" - uses: actions/setup-node@v6 with: node-version: 24 @@ -115,12 +90,12 @@ jobs: - name: Validate shell: bash env: - GHA_API_PATH: ${{ needs.evaluate-input.outputs.spec_path }} + GHA_API_PATH: ${{ steps.resolve-spec-path.outputs.spec_path }} ID_TOKEN: ${{ steps.auth.outputs.id_token }} run: | set -o errexit set -o nounset - set -o pipefail + set -o pipefail shopt -s globstar echo "Validating spec: $GHA_API_PATH" @@ -135,15 +110,15 @@ jobs: filename=$(basename $GHA_API_PATH) mkdir -p /tmp/specs npx --ignore-scripts @redocly/cli@$REDOCLY_VERSION bundle -o /tmp/specs/$filename $GHA_API_PATH - + # Extract repository name (without owner) REPO_NAME="${GITHUB_REPOSITORY#*/}" - + # Create metadata JSON METADATA="{\"repository\": \"$REPO_NAME\"}" - + echo "Uploading to api-spec-registry with dryRun=true..." - + RESPONSE=$(curl --fail-with-body -sS \ -X PUT \ -H "Authorization: Bearer $ID_TOKEN" \ @@ -153,7 +128,14 @@ jobs: DETAIL=$(echo "$RESPONSE" | jq -r '.detail') echo "::error file=$GHA_API_PATH,line=1::$DETAIL" exit 1 - } - + } + echo "Successfully validated: $GHA_API_PATH" + - name: Send analytics + if: always() + uses: entur/gha-api/.github/actions/posthog@main + with: + workflow_name: validate + workflow_inputs: ${{ toJSON(inputs) }} + api_key: "phc_yhR5iXxjC2n6J7tqznFQURld147kruAy4HuYgjbyEyk"