From 36685e6c8f7ec72756c49a44c039466dd6e64be2 Mon Sep 17 00:00:00 2001 From: rikard Date: Wed, 15 Apr 2026 08:35:46 +0200 Subject: [PATCH 1/8] fix: ETU-70728: Merged jobs "evaluate-input" and "validate-spec" into single job "validate-spec" --- .github/workflows/validate.yml | 60 ++++++++++++---------------------- 1 file changed, 21 insertions(+), 39 deletions(-) diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index b84d102..b51125e 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -15,17 +15,17 @@ env: SPECTRAL_VERSION: "6.15.0" jobs: - evaluate-input: - name: Evaluate input + validate-spec: + name: OpenAPI Validate runs-on: ubuntu-latest permissions: contents: read actions: read - outputs: - spec_path: ${{ steps.resolve-spec-path.outputs.spec_path }} + id-token: write env: GHA_API_ARTIFACT: ${{ inputs.artifact }} GHA_API_PATH: ${{ inputs.path }} + CLOUD_RUN_ENDPOINT: https://europe-west1-ent-apidata-prd.cloudfunctions.net/publish-spec steps: - name: Checkout repository (if spec provided) if: ${{ inputs.artifact == '' }} @@ -55,38 +55,13 @@ jobs: fi echo "Path to spec resolved to $spec_path" - + if [ ! -f $spec_path ]; then echo "File $spec_path not found." exit 1 fi - - echo "spec_path=$spec_path" >> "$GITHUB_OUTPUT" - - name: Send analytics - if: always() - uses: entur/gha-api/.github/actions/posthog@main - with: - workflow_name: validate - workflow_inputs: ${{ toJSON(inputs) }} - api_key: "phc_yhR5iXxjC2n6J7tqznFQURld147kruAy4HuYgjbyEyk" - validate-spec: - name: OpenAPI Validate - needs: evaluate-input - runs-on: ubuntu-latest - permissions: - contents: read - id-token: write - env: - CLOUD_RUN_ENDPOINT: https://europe-west1-ent-apidata-prd.cloudfunctions.net/publish-spec - steps: - - uses: actions/checkout@v6 - if: ${{ inputs.artifact == '' }} - - uses: actions/download-artifact@v8 - if: ${{ inputs.artifact != '' }} - with: - name: ${{ inputs.artifact }} - path: /tmp/artifact + echo "spec_path=$spec_path" >> "$GITHUB_OUTPUT" - uses: actions/setup-node@v6 with: node-version: 24 @@ -115,12 +90,12 @@ jobs: - name: Validate shell: bash env: - GHA_API_PATH: ${{ needs.evaluate-input.outputs.spec_path }} + GHA_API_PATH: ${{ steps.resolve-spec-path.outputs.spec_path }} ID_TOKEN: ${{ steps.auth.outputs.id_token }} run: | set -o errexit set -o nounset - set -o pipefail + set -o pipefail shopt -s globstar echo "Validating spec: $GHA_API_PATH" @@ -135,15 +110,15 @@ jobs: filename=$(basename $GHA_API_PATH) mkdir -p /tmp/specs npx --ignore-scripts @redocly/cli@$REDOCLY_VERSION bundle -o /tmp/specs/$filename $GHA_API_PATH - + # Extract repository name (without owner) REPO_NAME="${GITHUB_REPOSITORY#*/}" - + # Create metadata JSON METADATA="{\"repository\": \"$REPO_NAME\"}" - + echo "Uploading to api-spec-registry with dryRun=true..." - + RESPONSE=$(curl --fail-with-body -sS \ -X PUT \ -H "Authorization: Bearer $ID_TOKEN" \ @@ -153,7 +128,14 @@ jobs: DETAIL=$(echo "$RESPONSE" | jq -r '.detail') echo "::error file=$GHA_API_PATH,line=1::$DETAIL" exit 1 - } - + } + echo "Successfully validated: $GHA_API_PATH" + - name: Send analytics + if: always() + uses: entur/gha-api/.github/actions/posthog@main + with: + workflow_name: validate + workflow_inputs: ${{ toJSON(inputs) }} + api_key: "phc_yhR5iXxjC2n6J7tqznFQURld147kruAy4HuYgjbyEyk" From cdf49620e47333d4644554492bd641b57c0e8140 Mon Sep 17 00:00:00 2001 From: rikard Date: Wed, 15 Apr 2026 08:51:37 +0200 Subject: [PATCH 2/8] fix: ETU-70728: Merged jobs into single job. --- .github/workflows/publish.yml | 68 ++++++++--------------------------- 1 file changed, 14 insertions(+), 54 deletions(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index c4ff6cd..f555bfe 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -15,17 +15,17 @@ env: SPECTRAL_VERSION: "6.15.0" jobs: - evaluate-input: - name: Evaluate input + publish: + name: Publish spec runs-on: ubuntu-latest permissions: contents: read actions: read - outputs: - spec_path: ${{ steps.resolve-spec-path.outputs.spec_path }} + id-token: write env: GHA_API_ARTIFACT: ${{ inputs.artifact }} GHA_API_PATH: ${{ inputs.path }} + CLOUD_RUN_ENDPOINT: https://europe-west1-ent-apidata-prd.cloudfunctions.net/publish-spec steps: - name: Checkout repository (if spec provided) if: ${{ inputs.artifact == '' }} @@ -62,29 +62,6 @@ jobs: fi echo "spec_path=$spec_path" >> "$GITHUB_OUTPUT" - - name: Send analytics - if: always() - uses: entur/gha-api/.github/actions/posthog@main - with: - workflow_name: publish - workflow_inputs: ${{ toJSON(inputs) }} - api_key: "phc_yhR5iXxjC2n6J7tqznFQURld147kruAy4HuYgjbyEyk" - validate-spec: - needs: evaluate-input - name: Validate spec - runs-on: ubuntu-latest - permissions: - contents: read - steps: - - name: Checkout repository (if spec provided) - if: ${{ inputs.artifact == '' }} - uses: actions/checkout@v6 - - name: Download artifact (if artifact provided) - if: ${{ inputs.artifact != '' }} - uses: actions/download-artifact@v8 - with: - name: ${{ inputs.artifact }} - path: /tmp/artifact - uses: actions/setup-node@v6 with: node-version: 24 @@ -100,7 +77,7 @@ jobs: - name: Validate spec shell: bash env: - GHA_API_PATH: ${{ needs.evaluate-input.outputs.spec_path }} + GHA_API_PATH: ${{ steps.resolve-spec-path.outputs.spec_path }} run: | set -o errexit set -o nounset @@ -116,29 +93,6 @@ jobs: echo "::error::Spec bundling failed. Failing workflow." exit 1 fi - - upload: - name: Upload spec - needs: [evaluate-input, validate-spec] - permissions: - contents: read - id-token: write - runs-on: ubuntu-latest - env: - CLOUD_RUN_ENDPOINT: https://europe-west1-ent-apidata-prd.cloudfunctions.net/publish-spec - steps: - - name: Checkout repository (if spec provided) - if: ${{ inputs.artifact == '' }} - uses: actions/checkout@v6 - - name: Download artifact (if artifact provided) - if: ${{ inputs.artifact != '' }} - uses: actions/download-artifact@v8 - with: - name: ${{ inputs.artifact }} - path: /tmp/artifact - - uses: actions/setup-node@v6 - with: - node-version: 24 - name: Authenticate with Google Cloud id: auth uses: google-github-actions/auth@7c6bc770dae815cd3e89ee6cdf493a5fab2cc093 # v3.0.0 @@ -149,10 +103,9 @@ jobs: id_token_audience: ${{ env.CLOUD_RUN_ENDPOINT }} id_token_include_email: true create_credentials_file: false - - name: Upload env: - GHA_API_PATH: ${{ needs.evaluate-input.outputs.spec_path }} + GHA_API_PATH: ${{ steps.resolve-spec-path.outputs.spec_path }} ID_TOKEN: ${{ steps.auth.outputs.id_token }} shell: bash run: | @@ -178,11 +131,18 @@ jobs: -H "Authorization: Bearer $ID_TOKEN" \ -F "metadata=$METADATA;type=application/json" \ -F "spec=@/tmp/specs/$filename" \ - "$CLOUD_RUN_ENDPOINT") || { + "$CLOUD_RUN_ENDPOINT?dryRun=true"") || { DETAIL=$(echo "$RESPONSE" | jq -r '.detail') echo "::error file=$GHA_API_PATH,line=1::$DETAIL" exit 1 } echo "Successfully published: $GHA_API_PATH" + - name: Send analytics + if: always() + uses: entur/gha-api/.github/actions/posthog@main + with: + workflow_name: publish + workflow_inputs: ${{ toJSON(inputs) }} + api_key: "phc_yhR5iXxjC2n6J7tqznFQURld147kruAy4HuYgjbyEyk" From 8e0842bd87cd82a91499239217dd348c0148d52c Mon Sep 17 00:00:00 2001 From: rikard Date: Wed, 15 Apr 2026 08:52:50 +0200 Subject: [PATCH 3/8] fix: ETU-70728: Testing publish. --- .github/workflows/ci.yml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 4d4f16c..d534e95 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -81,4 +81,9 @@ jobs: artifact: "specs" path: "openapi-good.json" upload_to_bucket: false - fail_threshold: warn \ No newline at end of file + fail_threshold: warn + + test-publish-file-external-refs: + uses: ./.github/workflows/publish.yml + with: + path: fixture/external-refs/openapi.yaml \ No newline at end of file From 70376476c0ac5701182bb2c9745872d69fc63b8d Mon Sep 17 00:00:00 2001 From: rikard Date: Wed, 15 Apr 2026 08:56:31 +0200 Subject: [PATCH 4/8] fix: ETU-70728: Testing publish. --- .github/workflows/publish.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index f555bfe..0c03bb6 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -131,7 +131,7 @@ jobs: -H "Authorization: Bearer $ID_TOKEN" \ -F "metadata=$METADATA;type=application/json" \ -F "spec=@/tmp/specs/$filename" \ - "$CLOUD_RUN_ENDPOINT?dryRun=true"") || { + "$CLOUD_RUN_ENDPOINT?dryRun=true") || { DETAIL=$(echo "$RESPONSE" | jq -r '.detail') echo "::error file=$GHA_API_PATH,line=1::$DETAIL" exit 1 From b1a152aa9ae1fdff10726f4f8769998f113e639c Mon Sep 17 00:00:00 2001 From: rikard Date: Wed, 15 Apr 2026 08:58:20 +0200 Subject: [PATCH 5/8] Revert "fix: ETU-70728: Testing publish." This reverts commit 8e0842bd87cd82a91499239217dd348c0148d52c. --- .github/workflows/ci.yml | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index d534e95..4d4f16c 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -81,9 +81,4 @@ jobs: artifact: "specs" path: "openapi-good.json" upload_to_bucket: false - fail_threshold: warn - - test-publish-file-external-refs: - uses: ./.github/workflows/publish.yml - with: - path: fixture/external-refs/openapi.yaml \ No newline at end of file + fail_threshold: warn \ No newline at end of file From bd5814cfb9b0354d3c95a40cec5f714b8a3b5e8f Mon Sep 17 00:00:00 2001 From: rikard Date: Wed, 15 Apr 2026 08:58:41 +0200 Subject: [PATCH 6/8] fix: ETU-70728: Removed dryRun --- .github/workflows/publish.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 0c03bb6..94b2006 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -131,7 +131,7 @@ jobs: -H "Authorization: Bearer $ID_TOKEN" \ -F "metadata=$METADATA;type=application/json" \ -F "spec=@/tmp/specs/$filename" \ - "$CLOUD_RUN_ENDPOINT?dryRun=true") || { + "$CLOUD_RUN_ENDPOINT") || { DETAIL=$(echo "$RESPONSE" | jq -r '.detail') echo "::error file=$GHA_API_PATH,line=1::$DETAIL" exit 1 From 93d1d4d9fe65c4e8439346f7ba0b29240e78f55f Mon Sep 17 00:00:00 2001 From: rikard Date: Wed, 15 Apr 2026 11:03:29 +0200 Subject: [PATCH 7/8] fix: ETU-70728: Merged jobs into steps. --- .github/workflows/lint.yml | 86 +++++++++++++------------------------- 1 file changed, 29 insertions(+), 57 deletions(-) diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index e8ec45b..43024b9 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -23,18 +23,28 @@ env: SPECTRAL_VERSION: "6.15.0" jobs: - evaluate-input: - name: Evaluate input + lint: + name: Lint runs-on: ubuntu-latest permissions: contents: read actions: read - outputs: - spec_path: ${{ steps.resolve-spec-path.outputs.spec_path }} + id-token: write env: GHA_API_FAIL_THRESHOLD: ${{ inputs.fail_threshold }} GHA_API_ARTIFACT: ${{ inputs.artifact }} GHA_API_PATH: ${{ inputs.path }} + SHOULD_UPLOAD: >- + ${{ + inputs.upload_to_bucket == true + && ( + (github.event_name == 'push' && github.ref_name == github.event.repository.default_branch) || + (github.event_name == 'pull_request' && + github.event.action == 'closed' && + github.event.pull_request.merged == true && + github.event.pull_request.base.ref == github.event.repository.default_branch) + ) + }} steps: - name: Checkout repository (if spec provided) if: ${{ inputs.artifact == '' }} @@ -86,29 +96,6 @@ jobs: fi echo "spec_path=$spec_path" >> "$GITHUB_OUTPUT" - - name: Send analytics - if: always() - uses: entur/gha-api/.github/actions/posthog@main - with: - workflow_name: lint - workflow_inputs: ${{ toJSON(inputs) }} - api_key: "phc_yhR5iXxjC2n6J7tqznFQURld147kruAy4HuYgjbyEyk" - lint: - name: OpenAPI Lint - runs-on: ubuntu-latest - needs: evaluate-input - permissions: - contents: read - steps: - - name: Checkout repository (if spec provided) - if: ${{ inputs.artifact == '' }} - uses: actions/checkout@v6 - - name: Download artifact (if artifact provided) - if: ${{ inputs.artifact != '' }} - uses: actions/download-artifact@v8 - with: - pattern: ${{ inputs.artifact }} - path: /tmp/artifacts - name: Checkout linting rulesets uses: actions/checkout@v6 with: @@ -122,7 +109,7 @@ jobs: - name: Lint OpenAPI shell: bash env: - GHA_API_PATH: ${{ needs.evaluate-input.outputs.spec_path }} + GHA_API_PATH: ${{ steps.resolve-spec-path.outputs.spec_path }} GHA_API_FAIL_THRESHOLD: ${{ inputs.fail_threshold }} run: | set -o errexit @@ -156,35 +143,8 @@ jobs: fi fi fi - - - upload-to-bucket: - name: Upload to bucket - if: | - inputs.upload_to_bucket == true - && ( - (github.event_name == 'push' && github.ref_name == github.event.repository.default_branch) || - (github.event_name == 'pull_request' && - github.event.action == 'closed' && - github.event.pull_request.merged == true && - github.event.pull_request.base.ref == github.event.repository.default_branch) - ) - needs: evaluate-input - permissions: - contents: read - id-token: write - runs-on: ubuntu-latest - steps: - - name: Checkout repository (if spec provided) - if: ${{ inputs.artifact == '' }} - uses: actions/checkout@v6 - - name: Download artifact (if artifact provided) - if: ${{ inputs.artifact != '' }} - uses: actions/download-artifact@v8 - with: - pattern: ${{ inputs.artifact }} - path: /tmp/artifacts - name: Check ENTUR_API_DATA_SA secret exists + if: ${{ env.SHOULD_UPLOAD == 'true' }} env: ENTUR_API_DATA_SA: ${{ secrets.ENTUR_API_DATA_SA }} REPO_VISIBILITY: ${{ github.event.repository.visibility }} @@ -199,17 +159,21 @@ jobs: exit 1 fi - uses: actions/setup-node@v6 + if: ${{ env.SHOULD_UPLOAD == 'true' }} with: node-version: 24 - name: Authenticate with Google Cloud + if: ${{ env.SHOULD_UPLOAD == 'true' }} uses: google-github-actions/auth@7c6bc770dae815cd3e89ee6cdf493a5fab2cc093 # v3.0.0 with: credentials_json: "${{ secrets.ENTUR_API_DATA_SA }}" - name: Set up Cloud SDK + if: ${{ env.SHOULD_UPLOAD == 'true' }} uses: google-github-actions/setup-gcloud@aa5489c8933f4cc7a4f7d45035b3b1440c9c10db # v3.0.1 - name: Bundle spec + if: ${{ env.SHOULD_UPLOAD == 'true' }} env: - GHA_API_PATH: ${{ needs.evaluate-input.outputs.spec_path }} + GHA_API_PATH: ${{ steps.resolve-spec-path.outputs.spec_path }} run: | set -o errexit set -o nounset @@ -222,9 +186,17 @@ jobs: cp $GHA_API_PATH /tmp/specs - name: Upload specs to GCS + if: ${{ env.SHOULD_UPLOAD == 'true' }} run: | set -o errexit set -o nounset set -o pipefail echo "Starting to sync files in /tmp/specs/ to GCS Bucket to path /${GITHUB_REPOSITORY#*/}" gcloud storage rsync /tmp/specs/ "gs://ent-gcs-api-specs-prd-001/${GITHUB_REPOSITORY#*/}" + - name: Send analytics + if: always() + uses: entur/gha-api/.github/actions/posthog@main + with: + workflow_name: lint + workflow_inputs: ${{ toJSON(inputs) }} + api_key: "phc_yhR5iXxjC2n6J7tqznFQURld147kruAy4HuYgjbyEyk" From d2679029e3ec853b7c8ba40918f091092169b7e0 Mon Sep 17 00:00:00 2001 From: rikard Date: Thu, 16 Apr 2026 08:58:52 +0200 Subject: [PATCH 8/8] fix: ETU-70728: Fixed names of jobs --- .github/workflows/lint.yml | 2 +- .github/workflows/publish.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 43024b9..33c03c1 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -24,7 +24,7 @@ env: jobs: lint: - name: Lint + name: OpenAPI Lint runs-on: ubuntu-latest permissions: contents: read diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 94b2006..73e3fa2 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -16,7 +16,7 @@ env: jobs: publish: - name: Publish spec + name: OpenAPI Publish runs-on: ubuntu-latest permissions: contents: read