feat: verify action — read-only setup probe (Slice A)#132
Draft
reuvenharrison wants to merge 2 commits into
Draft
feat: verify action — read-only setup probe (Slice A)#132reuvenharrison wants to merge 2 commits into
reuvenharrison wants to merge 2 commits into
Conversation
Add a dedicated `verify/` action for the activation-gated-trial "verify
installation" step. It's meant to be run manually (workflow_dispatch) and
posts NO PR comment / sets NO commit status. It resolves + diffs the
configured specs (spec check), POSTs the outcome to the service
`/tenants/{id}/verify` endpoint (token + App checks come back in the
response), and renders a progressive checklist in the Step Summary:
workflow running / connected to oasdiff / App installed / spec found.
Reviewer-access (OAuth) is checked separately on the setup page.
Exits 0 only when all bot-chain checks pass; otherwise exits 1 with a
targeted hint + annotation per red check. Named "verify", distinct from
the oasdiff `validate` command. Pairs with oasdiff-service #212.
Adds test-verify.yaml (all-green → exit 0; app-not-installed → exit 1 +
annotation) and wires verify/Dockerfile into release.sh's pin list.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
The spec check resolves in-repo / relative $refs via git (a broken one fails the load → red, as intended). External $refs are refused by default (allow-external-refs=false), which oasdiff signals with exit 123 — a distinct case from a wrong path. Capture the exit code and, on 123, show "OpenAPI spec found, but an external $ref was blocked" with the allow-external-refs hint (mirroring pr-comment) instead of a misleading path hint. Improves the spec-not-found hint to mention multi-file / git-ref resolution. Adds a CI test for the exit-123 case. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Draft — Slice A of Phase 2 (activation-gated-trial). Pairs with oasdiff-service #212 (the
/tenants/{id}/verifyendpoint).Adds a dedicated
verify/action: a read-only "verify installation" probe for the setup step. Meant to be run manually viaworkflow_dispatch(the user clicks "Run workflow" in the Actions UI). Posts no PR comment, sets no commit status.What it does
base/revisionwith oasdiff (the spec check).{owner, repo, specs_found, ...}to…/tenants/{token}/verify. Reaching a 2xx proves the token authenticated; the response carries App-installed.Exits 0 only when all bot-chain checks pass; otherwise 1, with a targeted hint in the summary and a
::error::annotation per red check — so the manual verify run is a clear red/green signal.Naming
verify, deliberately distinct from the oasdiffvalidatespec-compliance command.Verification
Locally exercised across all-green / app-missing / bad-token (401). CI:
test-verify.yamlstubs oasdiff + curl for all-green (→ exit 0, full-green checklist) and app-not-installed (→ exit 1 + annotation).verify/Dockerfileadded torelease.sh's pin-bump list.Follow-ups (not here)
/setupprogressive checklist polling a stored verify result, the background OAuth check, and armingtrial_ends_aton the bot chain.workflow_dispatchjob that calls this action.