Skip to content

Add CI step to detect openapi.json drift#656

Merged
mvillmow merged 5 commits into
mainfrom
431-auto-impl
Jun 29, 2026
Merged

Add CI step to detect openapi.json drift#656
mvillmow merged 5 commits into
mainfrom
431-auto-impl

Conversation

@mvillmow

@mvillmow mvillmow commented Jun 4, 2026

Copy link
Copy Markdown
Contributor

Summary

Add a required CI job that re-exports the FastAPI OpenAPI schema and diffs it byte-for-byte against the committed openapi.json, failing the merge when they differ. To guarantee the diff is deterministic, also harden scripts/export-openapi.py to emit sorted keys (sort_keys=True in both JSON and YAML branches), eliminating the false-positive risk from FastAPI/Python dict insertion-order changes.

Changes

  • scripts/export-openapi.py: Add sort_keys=True to both json.dump() and yaml.safe_dump() calls for deterministic output
  • openapi.json: Regenerated with sorted keys to capture real schema changes (new fields in HealthResponse model)
  • .github/workflows/_required.yml: Add openapi-drift job that:
    • Re-exports the OpenAPI spec to a temp file
    • Confirms the export is deterministic (exports twice, diffs them)
    • Diffs the fresh export against the committed file, failing if they differ
  • justfile: Add check-openapi recipe so developers can reproduce the CI check locally

Verification

All acceptance criteria from the issue are met:

  • ✓ CI job runs python scripts/export-openapi.py --output /tmp/openapi-ci.json && diff openapi.json /tmp/openapi-ci.json
  • ✓ Export is deterministic (same input produces byte-identical output)
  • ✓ CI blocks merge on mismatch (exits non-zero when schema drifts)
  • ✓ Developer local-check parity with CI (just check-openapi)
  • ✓ Workflow YAML validates against schema
  • ✓ justfile still parses

Closes #431

Co-Authored-By: Claude Haiku 4.5 noreply@anthropic.com

@mvillmow mvillmow left a comment

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Correct, complete drift-detection impl; openapi.json regenerated under sort_keys=True. NOGO: new job pins pixi v0.68.0 vs v0.67.2 everywhere else — risks false-drift failures.

Comment thread .github/workflows/_required.yml

@mvillmow mvillmow left a comment

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Feature (sort_keys determinism + openapi-drift job + check-openapi recipe) is correct and complete; but stray generated coverage.xml with machine-local path must be removed/gitignored first.

Comment thread coverage.xml Outdated

@mvillmow mvillmow left a comment

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

openapi-drift impl correct (sort_keys, regenerated json, pixi v0.67.2 consistent). NOGO: unrelated generated coverage.xml with machine-local path still committed.

Comment thread coverage.xml Outdated
@mvillmow mvillmow enabled auto-merge (squash) June 28, 2026 18:48
mvillmow and others added 5 commits June 28, 2026 17:37
Add deterministic OpenAPI export and a required CI job that re-exports
the FastAPI schema and diffs it byte-for-byte against the committed
openapi.json, failing the merge when they differ. Also hardens
export-openapi.py to emit sorted keys (sort_keys=True) so the diff is
deterministic across FastAPI/Python upgrades.

Regenerate openapi.json under the new sorted-key invariant to capture
real schema changes (new fields in HealthResponse). The CI job includes
a determinism sub-step that exports twice and diffs the two outputs,
so any future regression that reintroduces non-determinism fails CI
directly rather than producing intermittent false positives.

Closes #431

Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
Signed-off-by: mvillmow <4211002+mvillmow@users.noreply.github.com>
All six other pixi jobs pin v0.67.2; the new openapi-drift job mistakenly
used v0.68.0. A divergent pixi version could resolve a different environment
and produce a different app.openapi() export, causing false drift failures.

Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
Signed-off-by: mvillmow <4211002+mvillmow@users.noreply.github.com>
Add CI step to detect openapi.json drift

Closes #431

Implemented-By: claude-sonnet-4-6
Co-Authored-By: Claude Code <noreply@anthropic.com>
Signed-off-by: mvillmow <4211002+mvillmow@users.noreply.github.com>
Signed-off-by: mvillmow <4211002+mvillmow@users.noreply.github.com>
Signed-off-by: mvillmow <4211002+mvillmow@users.noreply.github.com>
@mvillmow mvillmow merged commit 50a2e5c into main Jun 29, 2026
21 of 22 checks passed
@mvillmow mvillmow deleted the 431-auto-impl branch June 29, 2026 00:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Add CI step to detect openapi.json drift

1 participant