name: OpenAPI Bundle on: push: branches: ["main"] paths: - ".github/workflows/openapi-bundle.yml" - "docs/openapi/**" - "!docs/openapi/openapi.json" pull_request: paths: - "docs/openapi/**" - "!docs/openapi/openapi.json" permissions: contents: write jobs: bundle-openapi: name: Bundle OpenAPI Spec runs-on: ubuntu-latest steps: - name: Harden Runner uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0 with: egress-policy: block allowed-endpoints: > files.pythonhosted.org:443 github.com:443 pypi.org:443 - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: token: ${{ secrets.GH_TOKEN }} - name: Set up Python uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0 with: python-version: "3.11" - name: Configure Git run: | git config user.name "GitHub Actions Bot" git config user.email "github-actions[bot]@users.noreply.github.com" - name: Install dependencies run: pip install pyyaml - name: Bundle OpenAPI spec working-directory: ./docs/openapi run: python bundle.py - name: Commit and push changes if: github.event_name == 'push' run: | CURRENT_BRANCH="${GITHUB_REF_NAME:-main}" git add docs/openapi/openapi.json if git diff --staged --quiet; then echo "No changes to commit" exit 0 fi git commit -m "chore: regenerate openapi.json --skip-ci" git push origin "$CURRENT_BRANCH"