Skip to content

chore(ci): add scheduled workflow to auto-update vendored OpenAPI specs#248

Draft
marythought wants to merge 5 commits intomainfrom
chore/ci-automated-spec-updates
Draft

chore(ci): add scheduled workflow to auto-update vendored OpenAPI specs#248
marythought wants to merge 5 commits intomainfrom
chore/ci-automated-spec-updates

Conversation

@marythought
Copy link
Copy Markdown
Contributor

@marythought marythought commented Mar 17, 2026
edited by coderabbitai bot
Loading

Summary

Adds a daily workflow that runs npm run update-vendored-yaml and opens a PR if specs have drifted from upstream opentdf/platform. Also supports manual workflow_dispatch.

  • Runs daily at 01:42 UTC
  • If specs changed, creates or updates a chore/update-vendored-specs branch and opens a PR
  • If a PR already exists, force-pushes to the existing branch (no duplicate PRs)
  • If specs are already up to date, no-ops cleanly

Closes #247

Test plan

  • Manual dispatch: triggers the workflow, opens a PR if specs are stale
  • Re-run when PR already exists: updates the branch, doesn't create a duplicate PR
  • No changes: workflow exits cleanly with "No spec changes detected"

🤖 Generated with Claude Code

Summary by CodeRabbit

  • Chores
    • Added an automated workflow to refresh vendored OpenAPI specifications on a daily schedule and via manual trigger.
    • When spec changes are detected, the workflow prepares branch updates and opens or updates a pull request so updates can be reviewed and merged.

@marythought @claude
chore(ci): add scheduled workflow to auto-update vendored OpenAPI specs
39e3c07 
Runs daily at 01:42 UTC (+ manual dispatch). When upstream specs in
opentdf/platform have changed, opens a PR on chore/update-vendored-specs
(or updates the existing branch if a PR is already open).

Closes #247

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@marythought marythought requested review from a team as code owners March 17, 2026 23:40
@gemini-code-assist
Copy link
Copy Markdown
Contributor

gemini-code-assist bot commented Mar 17, 2026

Note

Gemini is unable to generate a summary for this pull request due to the file types involved not being currently supported.

@coderabbitai
Copy link
Copy Markdown

coderabbitai bot commented Mar 23, 2026
edited
Loading

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 4af8d81d-8c1c-46b1-827a-355a8d098c37

📥 Commits

Reviewing files that changed from the base of the PR and between b498bed and 84ce513.

📒 Files selected for processing (1)
  • .github/workflows/update-vendored-specs.yaml
✅ Files skipped from review due to trivial changes (1)
  • .github/workflows/update-vendored-specs.yaml
📝 Walkthrough

Walkthrough

A new GitHub Actions workflow adds a scheduled (daily) and manual job to run npm run update-vendored-yaml, detect changes under specs/, and either update or create a PR on the chore/update-vendored-specs branch to keep vendored OpenAPI YAML files fresh.

Changes

Cohort / File(s) Summary
Automated Spec Update Workflow
.github/workflows/update-vendored-specs.yaml		 Adds a new GitHub Actions workflow that runs daily and on manual dispatch, checks out the repo, sets up Node.js v22, runs npm ci and npm run update-vendored-yaml, detects specs/ changes, rebases/force-updates the chore/update-vendored-specs branch, and creates or updates a PR via gh CLI.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  participant Scheduler as GitHub Cron / Manual
  participant Runner as Actions Runner
  participant Repo as Repository (git)
  participant Node as Node/npm
  participant GH as GitHub (gh CLI / PRs)

  Scheduler->>Runner: trigger workflow
  Runner->>Repo: checkout code
  Runner->>Node: setup Node v22, npm ci
  Runner->>Node: run `npm run update-vendored-yaml`
  Node->>Repo: update files under `specs/`
  Runner->>Repo: run `git status --porcelain specs/`
  alt specs changed
    Runner->>GH: query existing PR from `chore/update-vendored-specs`
    Runner->>Repo: rebase/force-update branch `chore/update-vendored-specs` from main
    Runner->>Node: re-run update, commit changes to `specs/`
    Runner->>Repo: force-push branch
    GH-->>Runner: update or create PR targeting `main`
  else no changes
    Runner->>Runner: exit without PR changes
  end
Loading

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

Suggested reviewers

  • dmihalcik-virtru

Poem

🐰 I hop through cron at break of day,

I run the script and sweep old specs away,
A branch I nudge, a PR I send,
Fresh YAML lands — the workflow's friend,
Hooray for automated tending! 🥕

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed Title clearly summarizes the main change: adding a scheduled GitHub Actions workflow to auto-update vendored OpenAPI specs.
Linked Issues check ✅ Passed The workflow implementation meets all issue #247 objectives: runs on cron + manual dispatch, executes the update command, creates/updates a PR on a dedicated branch, and prevents duplicate PRs.
Out of Scope Changes check ✅ Passed All changes are directly scoped to issue #247: the workflow file implements the exact automation required without introducing unrelated modifications.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch chore/ci-automated-spec-updates

Comment @coderabbitai help to get the list of available commands and usage tips.

coderabbitai[bot]
coderabbitai bot reviewed Mar 23, 2026
View reviewed changes
Copy link
Copy Markdown

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🧹 Nitpick comments (1)
.github/workflows/update-vendored-specs.yaml (1)

8-10: Add workflow concurrency to prevent branch update races.

Scheduled and manual runs can overlap and contend on force-push to the same branch. A concurrency group makes this predictable.

Proposed fix 
 jobs:
   update-specs:
+    concurrency:
+      group: update-vendored-specs
+      cancel-in-progress: true
     runs-on: ubuntu-latest
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In @.github/workflows/update-vendored-specs.yaml around lines 8 - 10, Add a
top-level concurrency stanza to the workflow to prevent overlapping runs for the
update-specs job: define a concurrency group (e.g., "update-vendored-specs" or
include the workflow name/ref like "update-vendored-specs-${{ github.ref }}")
and set cancel-in-progress: true so scheduled and manual runs don’t race when
force-pushing; update the .github/workflows/update-vendored-specs.yaml workflow
(affecting the update-specs job) to include this concurrency configuration at
the workflow root.
🤖 Prompt for all review comments with AI agents 
Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.github/workflows/update-vendored-specs.yaml:
- Line 65: The current command string 'git fetch origin "$BRANCH" 2>/dev/null &&
git checkout "$BRANCH" && git merge origin/main --no-edit || git checkout -b
"$BRANCH"' can run the branch-creation fallback when the merge fails; change the
flow to deterministically detect whether the branch exists before attempting
merge. Replace with a two-step guarded sequence: first fetch, then test for the
branch (e.g., use 'git rev-parse --verify --quiet "refs/heads/$BRANCH"' or 'git
show-ref --quiet refs/heads/"$BRANCH"') and if it exists run 'git checkout
"$BRANCH" && git merge origin/main --no-edit', otherwise run 'git checkout -b
"$BRANCH"'. Ensure the test is used instead of relying on shell &&/|| chaining
so a failed merge will not trigger branch creation.

---

Nitpick comments:
In @.github/workflows/update-vendored-specs.yaml:
- Around line 8-10: Add a top-level concurrency stanza to the workflow to
prevent overlapping runs for the update-specs job: define a concurrency group
(e.g., "update-vendored-specs" or include the workflow name/ref like
"update-vendored-specs-${{ github.ref }}") and set cancel-in-progress: true so
scheduled and manual runs don’t race when force-pushing; update the
.github/workflows/update-vendored-specs.yaml workflow (affecting the
update-specs job) to include this concurrency configuration at the workflow
root.
ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 25fd1f09-1be3-43be-8e5f-c1f79d813e27

📥 Commits

Reviewing files that changed from the base of the PR and between 7ff5427 and b498bed.

📒 Files selected for processing (1)
  • .github/workflows/update-vendored-specs.yaml

marythought and others added 2 commits March 23, 2026 09:58
@marythought
Merge branch 'main' into chore/ci-automated-spec-updates
5e5c22f
@marythought @claude
fix(ci): deterministic branch handling and concurrency guard
84ce513 
- Replace fragile &&/|| chain with `git checkout -B` from origin/main
  to avoid merge-conflict fallback creating a new branch
- Add workflow concurrency group to prevent overlapping runs from racing

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@marythought marythought marked this pull request as draft March 31, 2026 15:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

chore(ci): automate vendored OpenAPI spec updates via scheduled workflow

1 participant

@marythought