Skip to content

feat: validate action#116

Merged
reuvenharrison merged 6 commits into
mainfrom
feat/validate-action
May 25, 2026
Merged

feat: validate action#116
reuvenharrison merged 6 commits into
mainfrom
feat/validate-action

Conversation

@reuvenharrison
Copy link
Copy Markdown
Contributor

@reuvenharrison reuvenharrison commented May 17, 2026

Summary

  • New validate/ action that runs oasdiff validate against an OpenAPI spec and emits per-finding PR annotations via --format githubactions.
  • Outputs findings (numeric count) so downstream steps can branch on it.
  • When findings are reported, emits a ::notice:: annotation plus a GITHUB_STEP_SUMMARY link to the free review surface on oasdiff.com, mirroring the breaking action.
  • fail-on-finding toggle (default true) lets callers run in visibility-only mode without failing CI.
  • allow-external-refs toggle (default true, matching oasdiff's binary default); set to false when validating untrusted specs to prevent SSRF.

Test plan

  • Run on a valid spec, expect 0 findings, exit 0, no annotations.
  • Run on a spec with a missing info.version, expect 1 finding annotation on info: at the correct line, exit 1.
  • Run with fail-on-finding: false on a spec with findings, expect annotations + step summary link, exit 0.
  • Run with allow-external-refs: false on a spec with an external $ref, expect a finding annotation.
  • Confirm outputs.findings is the numeric count and downstream if: steps.x.outputs.findings == '0' works.

🤖 Generated with Claude Code

@reuvenharrison @claude
feat: validate action wrapping oasdiff validate
a5d65b4 
Per-finding PR annotations via --format githubactions, plus a notice
with a free review-page link when findings are reported. Mirrors the
shape of the breaking action: text run for findings count + step
output, githubactions run for the annotations, fail-on-finding toggle
defaulting to true.

allow-external-refs defaults to true (matches oasdiff's binary
default); set to false when validating untrusted specs to prevent
SSRF.

Outputs `findings` (numeric) so downstream steps can branch on it.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@reuvenharrison reuvenharrison marked this pull request as draft May 17, 2026 21:20
@reuvenharrison
Copy link
Copy Markdown
Contributor Author

reuvenharrison commented May 17, 2026

Holding this PR until oasdiff v1.16.0 ships with the new validate subcommand (oasdiff #894). Once that release is tagged and tufin/oasdiff:v1.16.0 is published, I'll bump validate/Dockerfile to that tag and add CI tests matching the diff/breaking/changelog jobs (output assertion + output-to-file + fail-on-finding toggle + allow-external-refs toggle). As of v1.15.3, oasdiff validate does not exist, so the action would fail with 'unknown command' on every run.

reuvenharrison and others added 5 commits May 24, 2026 20:16
@reuvenharrison @claude
validate action: align with shipped oasdiff validate, add tests and docs
32bf55b 
The wrapper was written against an assumed boolean `fail-on-finding`; the
shipped `oasdiff validate` (oasdiff #894) uses a severity threshold instead.

- action.yml: replace `fail-on-finding` with `fail-on` (ERR/WARN/INFO, like the
  breaking action); expose findings plus error_count/warning_count/info_count.
- entrypoint.sh: pass `--fail-on`, run `-f githubactions` for inline annotations
  (authoritative exit), parse the total for the `findings` output, and emit zero
  counts for a valid spec.
- Dockerfile: FROM tufin/oasdiff:v1.16.0 (the release that ships validate).
- test.yaml: jobs for a valid spec (0 findings), an invalid spec (fails), and
  the severity threshold (a warning passes by default, fails with --fail-on WARN).
- specs: valid.yaml, invalid.yaml, validate-warning.yaml fixtures.
- release.sh: include validate/Dockerfile in the oasdiff-pin bump list.
- README: document the validate action.

CI stays red until tufin/oasdiff:v1.16.0 is published; entrypoint logic verified
locally against a build of oasdiff main.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@reuvenharrison
Merge remote-tracking branch 'origin/main' into feat/validate-action
466e832 
# Conflicts:
#	.github/workflows/test.yaml
@reuvenharrison @claude
validate: drop the /review notice; it has no diff to review
8ba456d 
The validate action checks a single spec, so the free /review link (which
needs a base/revision diff) would just hit the review wall. Remove the
notice + step-summary block and the now-unused jq install. The per-finding
annotations on the Files Changed tab (--format githubactions) and the
findings / error_count / warning_count / info_count outputs are unchanged.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@reuvenharrison
Merge remote-tracking branch 'origin/main' into feat/validate-action
dafd866
@reuvenharrison @claude
validate: reference @v0.0.48 in the README example for consistency
d70e40e 
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@reuvenharrison reuvenharrison marked this pull request as ready for review May 25, 2026 21:12
@reuvenharrison reuvenharrison merged commit 50e6a34 into main May 25, 2026
58 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@reuvenharrison