mobile-wallet-onboarding-products-mocks/.github/workflows/check-oas-for-drift.yml at 0e9928731c06b10d3c958bc090201a52b8d70f58 · govuk-one-login/mobile-wallet-onboarding-products-mocks · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
name: Check OAS for Drift
on:
  schedule:
    # runs at midnight every day
    - cron: '0 0 * * *'
  workflow_dispatch:
  workflow_call:
    secrets:
      WALLET_STS_BACK_DEPLOY_KEY:
        required: true
      GH_WORKFLOW_FAILURE_BOT_SLACK_WEBHOOK_URL:
        required: true

concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true

jobs:
  check-oas-for-drift:
    name: Check STS OAS for Drift
    runs-on: ubuntu-24.04
    timeout-minutes: 15
    permissions:
      contents: read
    env:
      STS_BACK_CHECKOUT_PATH: sts-back
      STS_BACK_OAS_PATH: backend-api/openapi/sts-backend.yaml
      LOCAL_OAS_PATH: sts-mock/sts.yaml

    steps:
      - name: Check out OP Mocks repo
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2

      - name: Checkout STS Backed repo
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          repository: govuk-one-login/sts-back
          path: ${{ env.STS_BACK_CHECKOUT_PATH }}
          ref: 'main'
          ssh-key: ${{ secrets.WALLET_STS_BACK_DEPLOY_KEY }}

      # oasdiff cannot parse YAML files with duplicate merge keys (<<)
      # explode(.) resolves all anchors, aliases and merge keys inline
      - name: Normalise base spec
        run: yq eval 'explode(.)' ${{ env.STS_BACK_CHECKOUT_PATH }}/${{ env.STS_BACK_OAS_PATH }} > sts-backend-normalised.yaml

      - name: Normalise local spec
        run: yq eval 'explode(.)' ${{ env.LOCAL_OAS_PATH }} > sts-mock-normalised.yaml

      - name: Check OAS for drift
        uses: oasdiff/oasdiff-action/diff@6147a58e5d1249a12f42fc864ab791d571a30015 # v0.0.47
        with:
          base: sts-backend-normalised.yaml
          revision: sts-mock-normalised.yaml
          fail-on-diff: true

  notify-slack-on-failure:
    name: Notify Slack on Failure
    runs-on: ubuntu-24.04
    needs: [ check-oas-for-drift ]
    permissions: {}
    if: failure()
    steps:
      - name: Send Slack alert
        uses: slackapi/slack-github-action@45a88b9581bfab2566dc881e2cd66d334e621e2c # v3.0.3
        with:
          webhook: ${{ secrets.GH_WORKFLOW_FAILURE_BOT_SLACK_WEBHOOK_URL }}
          webhook-type: incoming-webhook
          payload: |
            "repository": "${{ github.repository }}"
            "run": ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}