Skip to content

Add CI step to detect openapi.json drift#656

Merged
mvillmow merged 5 commits into
mainfrom
431-auto-impl
Jun 29, 2026
Merged

Add CI step to detect openapi.json drift#656
mvillmow merged 5 commits into
mainfrom
431-auto-impl

Conversation

@mvillmow

@mvillmow mvillmow commented Jun 4, 2026

Copy link
Copy Markdown
Contributor

Summary

Add a required CI job that re-exports the FastAPI OpenAPI schema and diffs it byte-for-byte against the committed openapi.json, failing the merge when they differ. To guarantee the diff is deterministic, also harden scripts/export-openapi.py to emit sorted keys (sort_keys=True in both JSON and YAML branches), eliminating the false-positive risk from FastAPI/Python dict insertion-order changes.

Changes

  • scripts/export-openapi.py: Add sort_keys=True to both json.dump() and yaml.safe_dump() calls for deterministic output
  • openapi.json: Regenerated with sorted keys to capture real schema changes (new fields in HealthResponse model)
  • .github/workflows/_required.yml: Add openapi-drift job that:
    • Re-exports the OpenAPI spec to a temp file
    • Confirms the export is deterministic (exports twice, diffs them)
    • Diffs the fresh export against the committed file, failing if they differ
  • justfile: Add check-openapi recipe so developers can reproduce the CI check locally

Verification

All acceptance criteria from the issue are met:

  • ✓ CI job runs python scripts/export-openapi.py --output /tmp/openapi-ci.json && diff openapi.json /tmp/openapi-ci.json
  • ✓ Export is deterministic (same input produces byte-identical output)
  • ✓ CI blocks merge on mismatch (exits non-zero when schema drifts)
  • ✓ Developer local-check parity with CI (just check-openapi)
  • ✓ Workflow YAML validates against schema
  • ✓ justfile still parses

Closes #431

Co-Authored-By: Claude Haiku 4.5 noreply@anthropic.com

mvillmow
mvillmow commented Jun 19, 2026
View reviewed changes

@mvillmow mvillmow left a comment

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Correct, complete drift-detection impl; openapi.json regenerated under sort_keys=True. NOGO: new job pins pixi v0.68.0 vs v0.67.2 everywhere else — risks false-drift failures.

Comment thread .github/workflows/_required.yml
mvillmow
mvillmow commented Jun 19, 2026
View reviewed changes

@mvillmow mvillmow left a comment

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Feature (sort_keys determinism + openapi-drift job + check-openapi recipe) is correct and complete; but stray generated coverage.xml with machine-local path must be removed/gitignored first.

Comment thread coverage.xml Outdated
mvillmow
mvillmow commented Jun 21, 2026
View reviewed changes

@mvillmow mvillmow left a comment

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

openapi-drift impl correct (sort_keys, regenerated json, pixi v0.67.2 consistent). NOGO: unrelated generated coverage.xml with machine-local path still committed.

Comment thread coverage.xml Outdated
@mvillmow mvillmow enabled auto-merge (squash) June 28, 2026 18:48
mvillmow and others added 5 commits June 28, 2026 17:37
@mvillmow @claude
feat: add CI step to detect openapi.json drift
02a42ef 
Add deterministic OpenAPI export and a required CI job that re-exports
the FastAPI schema and diffs it byte-for-byte against the committed
openapi.json, failing the merge when they differ. Also hardens
export-openapi.py to emit sorted keys (sort_keys=True) so the diff is
deterministic across FastAPI/Python upgrades.

Regenerate openapi.json under the new sorted-key invariant to capture
real schema changes (new fields in HealthResponse). The CI job includes
a determinism sub-step that exports twice and diffs the two outputs,
so any future regression that reintroduces non-determinism fails CI
directly rather than producing intermittent false positives.

Closes #431

Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
Signed-off-by: mvillmow <4211002+mvillmow@users.noreply.github.com>
@mvillmow @claude
fix(ci): align openapi-drift pixi-version with rest of _required.yml
fd493d8 
All six other pixi jobs pin v0.67.2; the new openapi-drift job mistakenly
used v0.68.0. A divergent pixi version could resolve a different environment
and produce a different app.openapi() export, causing false drift failures.

Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
Signed-off-by: mvillmow <4211002+mvillmow@users.noreply.github.com>
@mvillmow @claude
feat: Implement #431
c56b73c 
Add CI step to detect openapi.json drift

Closes #431

Implemented-By: claude-sonnet-4-6
Co-Authored-By: Claude Code <noreply@anthropic.com>
Signed-off-by: mvillmow <4211002+mvillmow@users.noreply.github.com>
@mvillmow
chore: regenerate openapi.json + remove coverage.xml artifact
2ebc90e 
Signed-off-by: mvillmow <4211002+mvillmow@users.noreply.github.com>
@mvillmow
ci(openapi-drift): pin setup-pixi/checkout to repo-standard SHAs
421a18b 
Signed-off-by: mvillmow <4211002+mvillmow@users.noreply.github.com>
@mvillmow mvillmow merged commit 50a2e5c into main Jun 29, 2026
21 of 22 checks passed
@mvillmow mvillmow deleted the 431-auto-impl branch June 29, 2026 00:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

state:implementation-no-go

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Add CI step to detect openapi.json drift

1 participant

@mvillmow