Swagger Json Automation

[DurgaPrasad-54]

Summary by CodeRabbit

• Documentation

  • Added an extra project badge to the README.
  • Added automation to sync the generated API specification into the docs repository.

• Chores

  • Added runtime support for an embedded database for local/runtime use.
  • Added a comprehensive Swagger configuration template with placeholder values for integrations and app settings.

[coderabbitai]

Warning

Rate limit exceeded

@DurgaPrasad-54 has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 6 minutes and 46 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

📝 Walkthrough

Walkthrough

Adds a DeepWiki badge to README, adds a runtime-scoped H2 dependency to the Maven POM, introduces a new application-swagger.properties with many placeholder Swagger-related settings, and adds a GitHub Actions workflow that builds the API, runs it to fetch Swagger JSON, and opens a PR to update docs in a separate repository.

Changes

Cohort / File(s)	Summary
Documentation & Badges README.md	Inserted a DeepWiki badge line immediately after the GPL badge.
Dependency Management pom.xml	Added com.h2database:h2 dependency with scope set to runtime.
Swagger Configuration src/main/resources/application-swagger.properties	Added a new Swagger profile properties file containing many placeholder settings (H2, Redis, Mongo, Quartz, auth, CORS, logging, external endpoints).
CI / Automation Workflow .github/workflows/swagger-json.yml	New GitHub Actions workflow that builds the API with Java 17, runs it (profile=swagger) on port 9090, polls /v3/api-docs to save fhir-api.json, checks out the docs repo, copies the JSON, and creates a pull request to update docs.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  participant GH as "GitHub Actions\nRunner"
  participant Build as "Maven Build\n(Java 17)"
  participant API as "Local API\n(server:9090)"
  participant Poll as "Poller\n(/v3/api-docs)"
  participant Docs as "amrit-docs\nRepository"
  participant PR as "Create Pull Request\nAction"

  GH->>Build: checkout repo & setup JDK\nmvn -DskipTests package
  GH->>API: start app (profile=swagger)\njava -jar ... (port 9090)
  GH->>Poll: poll http://localhost:9090/v3/api-docs\n(retry up to 30 times)
  Poll-->>GH: 200 + valid JSON (fhir-api.json)
  GH->>API: stop server (kill PID)
  GH->>Docs: checkout amrit-docs repo
  GH->>Docs: copy fhir-api.json -> docs/swagger/
  GH->>PR: create pull request to main\n(branch auto/swagger-update-...)
  PR-->>GH: PR created

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Poem

🐰 I nibble badges, launch H2 at dawn,
I chase Swagger JSON across the lawn.
I pack the file, hop to push a PR,
Docs updated quick — a hopping star! 🌿

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'Swagger Json Automation' directly describes the main change—adding automated Swagger JSON generation via GitHub Actions workflow.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🤖 Fix all issues with AI agents

In `@src/main/resources/application-swagger.properties`:
- Around line 52-57: Change the actuator exposure in the swagger profile so you
no longer expose all endpoints via management.endpoints.web.exposure.include;
replace the wildcard with an explicit allow-list (for example only "health" and
"info") or alternatively bind the management port to localhost by setting
management.server.address to 127.0.0.1 and/or a dedicated management.server.port
so sensitive endpoints like env and configprops are not publicly reachable;
update the entry for management.endpoints.web.exposure.include and add the
management.server.address/management.server.port properties around where
server.port and logging.level.* are defined.
- Around line 85-145: Multiple properties are defined twice (e.g.,
cors.allowed-origins, jwt.secret, eaushadhiStoreStockDetailsUrl,
eaushadhiStoreStockAckUrl, eAushadhiDummy, benSearchByBenIDURL, userAuthURL,
fhirUserName, fhirPassword, abhaMode, clientID, clientSecret,
ndhmuserAuthenticate, generateABDM_NotifySMS, atomsFeedStartPage,
feedAuthUserName, feedAuthPassword, parentUrl, atomFeedURLPatientDemographic,
atomFeedURLPatientEncounter, atomFeedURLPatientClinical), causing silent "last
wins" overrides; consolidate by removing the duplicate/earlier definitions and
keeping a single authoritative block (or merge values into one set) so each
property appears only once in application-swagger.properties, and if you
intended environment-specific overrides use Spring profiles or placeholders
instead.

🧹 Nitpick comments (1)

pom.xml (1)

271-275: Scope H2 to a Swagger-only Maven profile to reduce production artifact size.

H2 is configured only in application-swagger.properties for the Swagger profile. Moving this dependency to a dedicated Maven profile (activated only during development/documentation builds) will keep the production WAR lean and eliminate an unnecessary runtime dependency.

♻️ Example Maven profile-based scoping

-        <dependency>
-            <groupId>com.h2database</groupId>
-            <artifactId>h2</artifactId>
-            <scope>runtime</scope>
-        </dependency>
+        <!-- moved to swagger profile -->
+    </dependencies>
+
+    <profiles>
+        <profile>
+            <id>swagger</id>
+            <dependencies>
+                <dependency>
+                    <groupId>com.h2database</groupId>
+                    <artifactId>h2</artifactId>
+                    <scope>runtime</scope>
+                </dependency>
+            </dependencies>
+        </profile>
+    </profiles>

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In @.github/workflows/swagger-json.yml:
- Around line 13-20: The workflow currently uses version tags for third‑party
actions (uses: actions/checkout@v4 and uses: actions/setup-java@v4); update
those "uses:" entries to pin each action to its corresponding commit SHA instead
of a floating tag (replace `@v4` with the full SHA for actions/checkout and
actions/setup-java), and apply the same SHA‑pinning to the other action usages
referenced around the file (the block noted at lines 65-78) so all third‑party
actions are pinned to immutable SHAs; also ensure you document/update your
repo’s process for keeping those SHAs current since Dependabot won’t alert on
SHA‑pinned actions.

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In @.github/workflows/swagger-json.yml:
- Around line 1-11: The workflow "Sync Swagger to AMRIT-Docs" currently relies
on default token permissions; add an explicit permissions block at the top-level
of the workflow to grant least-privilege scopes required by the "swagger-sync"
job (for example: contents: read or write only if needed, pull-requests: write
if the job opens PRs, id-token: none, packages: none, checks: none); update the
workflow to include the minimal permissions mapping so the job uses those
explicit permissions instead of broad defaults.

🧹 Nitpick comments (1)

.github/workflows/swagger-json.yml (1)

1-6: Prevent overlapping runs from spamming docs PRs.

Multiple pushes to main can trigger concurrent runs and open multiple docs PRs. Consider adding a concurrency group to cancel in‑progress runs when a new commit arrives.

♻️ Suggested change

 on:
   push:
     branches: [ main ]
   workflow_dispatch:

+concurrency:
+  group: swagger-sync-${{ github.ref }}
+  cancel-in-progress: true

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[DurgaPrasad-54]

@coderabbitai full review

[coderabbitai]

✅ Actions performed

Full review triggered.