Merge pull request #21 from authzed/feat/import-spec

feat:add OpenApi spec automatic update workflow

Author: Verónica López

.github/workflows/update-openapi-spec.yml

@@ -0,0 +1,95 @@
+name: Update OpenAPI Spec
+
+on:
+  # Run once daily at 00:00 UTC
+  schedule:
+    - cron: '0 0 * * *'
+  
+  # Run when PRs are opened or synchronized
+  pull_request:
+    types: [opened, synchronize]
+    paths:
+      - 'openapi-spec.yaml'
+      - '.github/workflows/update-openapi-spec.yml'
+  
+  # Allow manual triggering
+  workflow_dispatch:
+  
+  # Add a repository_dispatch event for external triggers if needed
+  repository_dispatch:
+    types: [openapi_spec_updated]
+
+jobs:
+  update-openapi-spec:
+    name: Update OpenAPI Spec
+    # Don't run this job on PR events if the PR is from the update-openapi-spec branch (to avoid loops)
+    if: github.event_name != 'pull_request' || github.head_ref != 'update-openapi-spec'
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      pull-requests: write
+    
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+        with:
+          # For PRs, check out the head of the PR
+          ref: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.ref || '' }}
+
+      - name: Set up Go
+        uses: actions/setup-go@v4
+        with:
+          go-version: '1.24.3'
+          check-latest: true
+
+      - name: Install mage
+        run: go install github.com/magefile/mage@latest
+
+      - name: Update OpenAPI spec
+        id: update-spec
+        run: |
+          mage openapi:update
+          # Check if there are changes
+          if [[ -n "$(git status --porcelain openapi-spec.yaml)" ]]; then
+            echo "changes=true" >> $GITHUB_OUTPUT
+          else
+            echo "changes=false" >> $GITHUB_OUTPUT
+          fi
+
+      # When not in a PR, create a new PR with changes
+      - name: Create Pull Request
+        if: steps.update-spec.outputs.changes == 'true' && github.event_name != 'pull_request'
+        uses: peter-evans/create-pull-request@v5
+        with:
+          commit-message: 'chore: update OpenAPI spec'
+          title: 'chore: update OpenAPI spec'
+          body: |
+            This PR updates the OpenAPI spec to the latest version.
+            
+            This is an automated PR created by the GitHub Actions workflow.
+          branch: update-openapi-spec
+          base: main
+          labels: dependencies,automated
+      
+      # When in a PR context, update the PR with the latest spec
+      - name: Commit changes to PR
+        if: steps.update-spec.outputs.changes == 'true' && github.event_name == 'pull_request'
+        run: |
+          git config --global user.name 'GitHub Actions'
+          git config --global user.email 'github-actions[bot]@users.noreply.github.com'
+          git add openapi-spec.yaml
+          git commit -m "chore: update OpenAPI spec to latest version"
+          git push
+          
+      # Also add a comment to the PR about the update
+      - name: Comment on PR
+        if: steps.update-spec.outputs.changes == 'true' && github.event_name == 'pull_request'
+        uses: actions/github-script@v6
+        with:
+          script: |
+            github.rest.issues.createComment({
+              issue_number: context.issue.number,
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              body: '✅ The OpenAPI spec in this PR has been automatically updated to the latest version.'
+            }) 

magefiles/openapi.go

@@ -0,0 +1,65 @@
+package main
+
+import (
+	"fmt"
+	"io"
+	"net/http"
+	"os"
+
+	"github.com/magefile/mage/mg"
+	"github.com/magefile/mage/sh"
+)
+
+type OpenAPI mg.Namespace
+
+// Update fetches the latest OpenAPI specification from the API
+func (OpenAPI) Update() error {
+	apiURL := "https://api.admin.stage.aws.authzed.net/openapi-spec"
+	outputFile := "openapi-spec.yaml"
+
+	fmt.Printf("Fetching latest OpenAPI spec from %s...\n", apiURL)
+
+	client := &http.Client{}
+
+	req, err := http.NewRequest("GET", apiURL, nil)
+	if err != nil {
+		return fmt.Errorf("failed to create request: %w", err)
+	}
+
+	// Set headers (User-Agent, Accept, etc.)
+	req.Header.Set("User-Agent", "AuthZed-Terraform-Provider-Builder")
+	req.Header.Set("Accept", "application/yaml, text/yaml, application/json")
+
+	resp, err := client.Do(req)
+	if err != nil {
+		return fmt.Errorf("failed to fetch OpenAPI spec: %w", err)
+	}
+	defer resp.Body.Close()
+
+	// Check response status
+	if resp.StatusCode != http.StatusOK {
+		return fmt.Errorf("failed to fetch OpenAPI spec, status code: %d", resp.StatusCode)
+	}
+
+	file, err := os.Create(outputFile)
+	if err != nil {
+		return fmt.Errorf("failed to create output file: %w", err)
+	}
+	defer file.Close()
+
+	_, err = io.Copy(file, resp.Body)
+	if err != nil {
+		return fmt.Errorf("failed to write OpenAPI spec to file: %w", err)
+	}
+
+	fmt.Printf("OpenAPI spec successfully updated to %s\n", outputFile)
+
+	// Check for changes if git is available
+	if _, err := sh.Exec(nil, os.Stdout, os.Stderr, "git", "diff", "--quiet", outputFile); err != nil {
+		fmt.Println("Changes detected in the OpenAPI spec.")
+	} else {
+		fmt.Println("No changes detected in the OpenAPI spec.")
+	}
+
+	return nil
+}

openapi-spec.yaml

@@ -5,10 +5,12 @@ info:
   description: Cloud API for AuthZed Dedicated
   termsOfService: https://authzed.com/terms-conditions
   title: AuthZed Cloud API
-  version: 25r1
+  version: ""
 externalDocs:
   description: Find out more at the official Authzed Docs site
   url: https://authzed.com/docs
+servers:
+- url: https://api.admin.stage.aws.authzed.net
 tags:
 - description: A permissions system defines a managed SpiceDB instance
   externalDocs:
@@ -2367,4 +2369,4 @@ components:
       bearerFormat: Bearer token
       description: Token used for authentication.
       scheme: bearer
-      type: http
+      type: http