Check OAS for Drift #6
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Check OAS for Drift | |
| on: | |
| schedule: | |
| # runs at midnight every day | |
| - cron: '0 0 * * *' | |
| workflow_dispatch: | |
| workflow_call: | |
| secrets: | |
| WALLET_STS_BACK_DEPLOY_KEY: | |
| required: true | |
| GH_WORKFLOW_FAILURE_BOT_SLACK_WEBHOOK_URL: | |
| required: true | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| check-oas-for-drift: | |
| name: Check STS OAS for Drift | |
| runs-on: ubuntu-24.04 | |
| timeout-minutes: 15 | |
| permissions: | |
| contents: read | |
| env: | |
| STS_BACK_CHECKOUT_PATH: sts-back | |
| STS_BACK_OAS_PATH: backend-api/openapi/sts-backend.yaml | |
| LOCAL_OAS_PATH: sts-mock/sts.yaml | |
| steps: | |
| - name: Check out OP Mocks repo | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - name: Checkout STS Backed repo | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| repository: govuk-one-login/sts-back | |
| path: ${{ env.STS_BACK_CHECKOUT_PATH }} | |
| ref: 'main' | |
| ssh-key: ${{ secrets.WALLET_STS_BACK_DEPLOY_KEY }} | |
| # oasdiff cannot parse YAML files with duplicate merge keys (<<) | |
| # explode(.) resolves all anchors, aliases and merge keys inline | |
| - name: Normalise base spec | |
| run: yq eval 'explode(.)' ${{ env.STS_BACK_CHECKOUT_PATH }}/${{ env.STS_BACK_OAS_PATH }} > sts-backend-normalised.yaml | |
| - name: Normalise local spec | |
| run: yq eval 'explode(.)' ${{ env.LOCAL_OAS_PATH }} > sts-mock-normalised.yaml | |
| - name: Check OAS for drift | |
| uses: oasdiff/oasdiff-action/diff@c002f996c3d084acf62ea6dd4f2e7a57b7bc2a35 # v0.0.43 | |
| with: | |
| base: sts-backend-normalised.yaml | |
| revision: sts-mock-normalised.yaml | |
| fail-on-diff: true | |
| notify-slack-on-failure: | |
| name: Notify Slack on Failure | |
| runs-on: ubuntu-24.04 | |
| needs: [ check-oas-for-drift ] | |
| permissions: {} | |
| if: failure() | |
| steps: | |
| - name: Send Slack alert | |
| uses: slackapi/slack-github-action@03ea5433c137af7c0495bc0cad1af10403fc800c # v3.0.2 | |
| with: | |
| webhook: ${{ secrets.GH_WORKFLOW_FAILURE_BOT_SLACK_WEBHOOK_URL }} | |
| webhook-type: incoming-webhook | |
| payload: | | |
| "repository": "${{ github.repository }}" | |
| "run": ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} |