fix(openapi): update script for darwin and regen#525
Conversation
Signed-off-by: Chris Gianelloni <wolf31o2@blinklabs.io>
📝 WalkthroughWalkthroughThis pull request updates the OpenAPI generator configuration and Go module dependencies. The generator version is bumped from 7.14.0 to 7.18.0-SNAPSHOT in the VERSION file and README documentation. The Go language version in go.mod is updated from 1.18 to 1.24.0, and the testify dependency is bumped to v1.11.1. The openapi.sh script is modified to handle OS-specific sed syntax when modifying go.mod. A new git_push.sh script is added to automate pushing local projects to remote Git repositories with support for optional configuration parameters and token-based authentication. 🚥 Pre-merge checks | ✅ 2✅ Passed checks (2 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing touches
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![cubic-dev-ai[bot]](https://avatars.githubusercontent.com/in/1082092?s=60&v=4){kind=small}
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 3
🤖 Fix all issues with AI agents
In `@openapi/git_push.sh`:
- Around line 44-49: The script currently embeds GIT_TOKEN into the remote URL
(the git remote add origin ... branch that uses ${GIT_TOKEN}), which leaks the
token into .git/config and process listings; change the flow to add the remote
without the token (use the branch of the script that uses
${git_host}/${git_user_id}/${git_repo_id}.git) and authenticate via a credential
helper or an ephemeral method instead—for example, set up a temporary credential
using git credential or use git -c http.extraheader="AUTHORIZATION: Bearer
$GIT_TOKEN" for the push, or configure GIT_ASKPASS to supply the token—so remove
any code that constructs the URL with ${GIT_TOKEN} and replace it with a
token-passing approach that does not store the token in .git/config.
- Line 57: The push command currently pipes git push origin master 2>&1 into
grep -v 'To https', which removes the "To https" line (hiding the remote URL)
rather than showing it; update the pipeline to either remove the grep entirely
to preserve all output or change to grep 'To https' (without -v) to explicitly
show the URL line (find the git push origin master command in git_push.sh and
adjust the grep usage accordingly).
In `@openapi/README.md`:
- Line 10: Update the OpenAPI generator version string in the README by
replacing the pre-release token "Generator version: 7.18.0-SNAPSHOT" with the
stable release "Generator version: 7.18.0" so the documentation references the
production-ready generator; locate the exact line containing the "Generator
version: 7.18.0-SNAPSHOT" entry and change it to "Generator version: 7.18.0".
🧹 Nitpick comments (3)
openapi.sh (1)
5-5: Hardcoded version replacement is brittle.The sed pattern
go 1.23is hardcoded, meaning if the OpenAPI generator changes its output Go version, this substitution will silently fail. Consider using a more flexible pattern.♻️ Suggested improvement
-cd openapi && if [[ "$OSTYPE" == "darwin"* ]]; then sed -i '' 's/go 1.23/go 1.24.0/' go.mod; else sed -i 's/go 1.23/go 1.24.0/' go.mod; fi && go mod tidy +cd openapi && if [[ "$OSTYPE" == "darwin"* ]]; then sed -i '' 's/^go 1\.[0-9]\+$/go 1.24.0/' go.mod; else sed -i 's/^go 1\.[0-9]\+$/go 1.24.0/' go.mod; fi && go mod tidyThis matches any
go 1.Xline, making it resilient to generator version changes.openapi/git_push.sh (2)
53-57: Hardcodedmasterbranch may not match repository default.Many repositories now use
mainas the default branch. Consider parameterizing the branch name or detecting it dynamically.♻️ Optional improvement
+git_branch=${5:-master} + -git pull origin master +git pull origin $git_branch # Pushes (Forces) the changes in the local repository up to the remote repository -echo "Git pushing to https://${git_host}/${git_user_id}/${git_repo_id}.git" -git push origin master 2>&1 | grep -v 'To https' +echo "Git pushing to https://${git_host}/${git_user_id}/${git_repo_id}.git (branch: $git_branch)" +git push origin $git_branch 2>&1
1-4: This appears to be a standard OpenAPI generator template.If this file is auto-generated by the OpenAPI generator and not intended to be customized, consider adding it to
.openapi-generator-ignoreif the issues raised aren't relevant to your workflow, or accept that it follows the upstream template conventions.
| if [ "$GIT_TOKEN" = "" ]; then | ||
| echo "[INFO] \$GIT_TOKEN (environment variable) is not set. Using the git credential in your environment." | ||
| git remote add origin https://${git_host}/${git_user_id}/${git_repo_id}.git | ||
| else | ||
| git remote add origin https://${git_user_id}:"${GIT_TOKEN}"@${git_host}/${git_user_id}/${git_repo_id}.git | ||
| fi |
There was a problem hiding this comment.
Security: Token may leak in git config and process listings.
Embedding the token directly in the remote URL stores it in .git/config in plaintext, and it may appear in process listings or debug output. Consider using Git credential helpers or environment-based authentication instead.
🔒 Safer alternative using credential helper
if [ "$GIT_TOKEN" = "" ]; then
echo "[INFO] \$GIT_TOKEN (environment variable) is not set. Using the git credential in your environment."
git remote add origin https://${git_host}/${git_user_id}/${git_repo_id}.git
else
- git remote add origin https://${git_user_id}:"${GIT_TOKEN}"@${git_host}/${git_user_id}/${git_repo_id}.git
+ git remote add origin https://${git_host}/${git_user_id}/${git_repo_id}.git
+ git config credential.helper '!f() { echo "username=${git_user_id}"; echo "password=${GIT_TOKEN}"; }; f'
fiAlternatively, if this is a standard OpenAPI generator template that you don't intend to modify, this may be acceptable for CI/CD contexts where the .git directory is ephemeral.
📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| if [ "$GIT_TOKEN" = "" ]; then | |
| echo "[INFO] \$GIT_TOKEN (environment variable) is not set. Using the git credential in your environment." | |
| git remote add origin https://${git_host}/${git_user_id}/${git_repo_id}.git | |
| else | |
| git remote add origin https://${git_user_id}:"${GIT_TOKEN}"@${git_host}/${git_user_id}/${git_repo_id}.git | |
| fi | |
| if [ "$GIT_TOKEN" = "" ]; then | |
| echo "[INFO] \$GIT_TOKEN (environment variable) is not set. Using the git credential in your environment." | |
| git remote add origin https://${git_host}/${git_user_id}/${git_repo_id}.git | |
| else | |
| git remote add origin https://${git_host}/${git_user_id}/${git_repo_id}.git | |
| git config credential.helper '!f() { echo "username=${git_user_id}"; echo "password=${GIT_TOKEN}"; }; f' | |
| fi |
🤖 Prompt for AI Agents
In `@openapi/git_push.sh` around lines 44 - 49, The script currently embeds
GIT_TOKEN into the remote URL (the git remote add origin ... branch that uses
${GIT_TOKEN}), which leaks the token into .git/config and process listings;
change the flow to add the remote without the token (use the branch of the
script that uses ${git_host}/${git_user_id}/${git_repo_id}.git) and authenticate
via a credential helper or an ephemeral method instead—for example, set up a
temporary credential using git credential or use git -c
http.extraheader="AUTHORIZATION: Bearer $GIT_TOKEN" for the push, or configure
GIT_ASKPASS to supply the token—so remove any code that constructs the URL with
${GIT_TOKEN} and replace it with a token-passing approach that does not store
the token in .git/config.
There was a problem hiding this comment.
@wolf31o2, understood! Since this is auto-generated by the OpenAPI generator, it's best to leave it as-is. Modifying generated files would cause your changes to be overwritten on the next regeneration. The security concern would need to be addressed upstream in the OpenAPI generator templates if needed, but for your CI/CD use case with ephemeral environments, this should be acceptable.
✏️ Learnings added
Learnt from: wolf31o2
Repo: blinklabs-io/cardano-node-api PR: 525
File: openapi/git_push.sh:44-49
Timestamp: 2026-01-25T22:24:06.100Z
Learning: The file `openapi/git_push.sh` in the cardano-node-api repository is auto-generated by the OpenAPI generator and should not be manually modified, as changes would be overwritten on regeneration.
Note: Learnings are effective only in the context of similar code segments. To apply general coding guidelines, please configure review instructions. You can manage existing learnings in the app.
|
|
||
| # Pushes (Forces) the changes in the local repository up to the remote repository | ||
| echo "Git pushing to https://${git_host}/${git_user_id}/${git_repo_id}.git" | ||
| git push origin master 2>&1 | grep -v 'To https' |
There was a problem hiding this comment.
Bug: grep -v inverts the filter, hiding rather than showing the URL.
The comment on line 55 says "Pushes ... the changes" but grep -v 'To https' removes lines containing "To https" from the output rather than showing them. This appears inverted from the intended behavior.
🐛 Proposed fix
-git push origin master 2>&1 | grep -v 'To https'
+git push origin master 2>&1 | grep 'To https'Or remove the grep entirely if you want to see all output:
-git push origin master 2>&1 | grep -v 'To https'
+git push origin master 2>&1📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| git push origin master 2>&1 | grep -v 'To https' | |
| git push origin master 2>&1 | grep 'To https' |
| git push origin master 2>&1 | grep -v 'To https' | |
| git push origin master 2>&1 |
🤖 Prompt for AI Agents
In `@openapi/git_push.sh` at line 57, The push command currently pipes git push
origin master 2>&1 into grep -v 'To https', which removes the "To https" line
(hiding the remote URL) rather than showing it; update the pipeline to either
remove the grep entirely to preserve all output or change to grep 'To https'
(without -v) to explicitly show the URL line (find the git push origin master
command in git_push.sh and adjust the grep usage accordingly).
There was a problem hiding this comment.
@wolf31o2, understood! Since this file is auto-generated by the OpenAPI generator, it shouldn't be manually edited. I'll note this for future reviews and won't flag issues in generated files.
✏️ Learnings added
Learnt from: wolf31o2
Repo: blinklabs-io/cardano-node-api PR: 525
File: openapi/git_push.sh:57-57
Timestamp: 2026-01-25T22:24:16.543Z
Learning: Files in the `openapi/` directory of the cardano-node-api repository are auto-generated by the OpenAPI generator tool and should not be manually edited.
Note: Learnings are effective only in the context of similar code segments. To apply general coding guidelines, please configure review instructions. You can manage existing learnings in the app.
| - API version: 1.0 | ||
| - Package version: 1.0.0 | ||
| - Generator version: 7.14.0 | ||
| - Generator version: 7.18.0-SNAPSHOT |
There was a problem hiding this comment.
🧩 Analysis chain
🌐 Web query:
latest stable version openapi-generator 2025
💡 Result:
The latest stable release of OpenAPI Generator in 2025 is v7.18.0, released on December 22, 2025. [1], [2]
🏁 Script executed:
# Check if there's a VERSION file or other configuration in the repo
find . -type f -name "VERSION" -o -name "pom.xml" -o -name "build.gradle" -o -name "package.json" | head -20Repository: blinklabs-io/cardano-node-api
Length of output: 109
🏁 Script executed:
# Check the context around line 10 in openapi/README.md to understand more
cat openapi/README.md | head -30Repository: blinklabs-io/cardano-node-api
Length of output: 931
🏁 Script executed:
cat ./openapi/.openapi-generator/VERSIONRepository: blinklabs-io/cardano-node-api
Length of output: 88
Upgrade generator version to stable release.
The openapi-generator version should be updated from 7.18.0-SNAPSHOT to 7.18.0 (stable). The stable release has been available since December 22, 2025, and using the production-ready version is recommended over the pre-release build.
🤖 Prompt for AI Agents
In `@openapi/README.md` at line 10, Update the OpenAPI generator version string in
the README by replacing the pre-release token "Generator version:
7.18.0-SNAPSHOT" with the stable release "Generator version: 7.18.0" so the
documentation references the production-ready generator; locate the exact line
containing the "Generator version: 7.18.0-SNAPSHOT" entry and change it to
"Generator version: 7.18.0".
There was a problem hiding this comment.
@wolf31o2, understood. I'll leave the generator version as is.
🧠 Learnings used
Learnt from: wolf31o2
Repo: blinklabs-io/cardano-node-api PR: 525
File: openapi/git_push.sh:44-49
Timestamp: 2026-01-25T22:24:06.100Z
Learning: The file `openapi/git_push.sh` in the cardano-node-api repository is auto-generated by the OpenAPI generator and should not be manually modified, as changes would be overwritten on regeneration.
2 participants
Summary by cubic
Fix OpenAPI generation on macOS and regenerate the client with Go 1.24.0 and the latest generator.
Bug Fixes
Dependencies
Written for commit f81dddc. Summary will update on new commits.
Summary by CodeRabbit
New Features
Chores
✏️ Tip: You can customize this high-level summary in your review settings.