Skip to content

ci: automate openapi artifact regeneration on release PRs #967

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
gildesmarais merged 1 commit into from
May 1, 2026
+33 −1
Merged

ci: automate openapi artifact regeneration on release PRs #967

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 13 additions & 1 deletion .github/release-please-config.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,19 @@
"release-type": "ruby",
"package-name": "html2rss-web",
"version-file": "config/version.rb",
"changelog-path": "CHANGELOG.md"
"changelog-path": "CHANGELOG.md",
"extra-files": [
{
"type": "json",
"path": "frontend/package.json",
"jsonpath": "$.version"
},
"public/openapi.yaml",
"frontend/src/api/generated/client.gen.ts",
"frontend/src/api/generated/sdk.gen.ts",
"frontend/src/api/generated/types.gen.ts",
"frontend/src/api/generated/index.ts"
Comment on lines +14 to +18
Copy link

Copilot AI May 1, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

extra-files is intended for release-please to update version strings, but the listed generated TS files currently don't contain the app version (e.g., 1.0.0 does not appear in client.gen.ts). This makes these entries ineffective at best and can be confusing to maintain; consider removing the TS files here (or adding a version marker/updater that actually matches something in those files).

Suggested change
"public/openapi.yaml",
"frontend/src/api/generated/client.gen.ts",
"frontend/src/api/generated/sdk.gen.ts",
"frontend/src/api/generated/types.gen.ts",
"frontend/src/api/generated/index.ts"
"public/openapi.yaml"

Copilot uses AI. Check for mistakes.
]
}
}
}
20 changes: 20 additions & 0 deletions .github/workflows/ci.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,8 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
with:
token: ${{ secrets.RELEASE_PLEASE_TOKEN || github.token }}
Copy link

Copilot AI May 1, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

On pull_request events, actions/checkout defaults to checking out a detached merge commit (refs/pull/*/merge). The later git commit/git push step will fail from a detached HEAD ("not currently on a branch") or push to an unexpected ref. Check out the PR head branch explicitly (e.g., set ref to the PR head ref/sha, and consider fetch-depth: 0) so commits can be pushed back to the release-please branch.

Suggested change
token: ${{ secrets.RELEASE_PLEASE_TOKEN || github.token }}
token: ${{ secrets.RELEASE_PLEASE_TOKEN || github.token }}
ref: ${{ github.head_ref || github.ref_name }}
fetch-depth: 0

Copilot uses AI. Check for mistakes.

- uses: ruby/setup-ruby@v1
with:
Expand All @@ -71,7 +73,25 @@ jobs:
working-directory: frontend

- name: Verify generated OpenAPI spec and client are up to date
id: verify
run: make openapi-verify
continue-on-error: ${{ startsWith(github.head_ref, 'release-please--') }}

- name: Regenerate and commit OpenAPI artifacts on release PRs
if: steps.verify.outcome == 'failure' && startsWith(github.head_ref, 'release-please--')
Copy link

Copilot AI May 1, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The regeneration path is gated only by the branch name prefix. A forked PR could use the same release-please--* branch name; in that case the workflow would attempt to commit/push back to a repository it doesn't have access to, causing CI failures. Mirror the safety guard used in .github/workflows/release_artifacts.yml by additionally checking the PR head repo matches github.repository (and/or event type is pull_request).

Suggested change
if: steps.verify.outcome == 'failure' && startsWith(github.head_ref, 'release-please--')
if: steps.verify.outcome == 'failure' && github.event_name == 'pull_request' && startsWith(github.head_ref, 'release-please--') && github.event.pull_request.head.repo.full_name == github.repository

Copilot uses AI. Check for mistakes.
run: |
Comment on lines +80 to +82
Copy link

Copilot AI May 1, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This regeneration+push behavior largely overlaps with the existing .github/workflows/release_artifacts.yml automation that refreshes OpenAPI artifacts for release-please branches. Keeping both paths increases the chance of redundant commits and harder-to-debug CI behavior; consider consolidating to a single workflow/trigger (or ensuring they can't both act on the same branch).

Copilot uses AI. Check for mistakes.
git config --global user.name "github-actions[bot]"
git config --global user.email "github-actions[bot]@users.noreply.github.com"

make openapi
make openapi-client

git add public/openapi.yaml frontend/src/api/generated/
git commit -m "chore: regenerate openapi spec and client for version bump"
git push

echo "## OpenAPI artifacts regenerated" >> "$GITHUB_STEP_SUMMARY"
echo "Version bump detected; OpenAPI spec and frontend client have been regenerated and committed." >> "$GITHUB_STEP_SUMMARY"
Comment on lines +90 to +94
Copy link

Copilot AI May 1, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

git commit will fail the step if there are no staged changes (e.g., if openapi-verify failed for a reason other than generated file drift). Add a guard (like a git diff --quiet check) before committing/pushing so the workflow doesn't error out unnecessarily.

Suggested change
git commit -m "chore: regenerate openapi spec and client for version bump"
git push
echo "## OpenAPI artifacts regenerated" >> "$GITHUB_STEP_SUMMARY"
echo "Version bump detected; OpenAPI spec and frontend client have been regenerated and committed." >> "$GITHUB_STEP_SUMMARY"
if ! git diff --cached --quiet; then
git commit -m "chore: regenerate openapi spec and client for version bump"
git push
echo "## OpenAPI artifacts regenerated" >> "$GITHUB_STEP_SUMMARY"
echo "Version bump detected; OpenAPI spec and frontend client have been regenerated and committed." >> "$GITHUB_STEP_SUMMARY"
else
echo "## OpenAPI artifacts unchanged" >> "$GITHUB_STEP_SUMMARY"
echo "OpenAPI verification failed, but regenerating the tracked OpenAPI spec and frontend client produced no staged changes." >> "$GITHUB_STEP_SUMMARY"
fi

Copilot uses AI. Check for mistakes.

- name: Lint OpenAPI contract
run: make openapi-lint
Expand Down
Loading