[PETOSS-829] Add codegen testing and replace linters #757

ryanNexus · 2025-10-23T02:25:56Z

Description

New check to validate that codegen via Xero internal repo succeeds.
New way to create GitHub Release.
Swapped spectral and yamllint checks for MegaLinter.

Release Notes

Screenshots (if appropriate):

Types of Changes

Bug fix (non-breaking change that fixes an issue)
New feature (non-breaking change that adds functionality)
Breaking change (fix or feature that would cause existing functionality to not work as expected)
Other

github-actions · 2025-10-23T02:26:15Z

PETOSS-832

github-actions · 2025-10-23T02:26:16Z

Thanks for raising an issue, a ticket has been created to track your request

- Added .npmrc to force use of registry.npmjs.org - Regenerated package-lock.json with public registry URLs - Updated workflow to explicitly set registry for GitHub Actions - Added timeout to prevent hanging on npm install

… which the other work flow in the code gen repo cant handle

README.md

.github/workflows/pr-health-check.yml

.github/octokit/package.json

.github/get-access-token/index.js

.github/workflows/create-github-release.yml

.github/workflows/OAS-release.yml

.github/workflows/update-OAS-version.yml

.github/workflows/pr-validation.yml

And remove commitlint

.github/workflows/pr-validation.yml

+    runs-on: ubuntu-latest
+    name: MegaLinter Validation
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: MegaLinter
+        uses: oxsecurity/megalinter@v9
+        env:
+          ENABLE_LINTERS: YAML_YAMLLINT,ACTION_ACTIONLINT,API_SPECTRAL
+          YAML_YAMLLINT_CONFIG_FILE: .yamllint.yml
+          API_SPECTRAL_FILTER_REGEX_INCLUDE: xero.*\.yaml
+          API_SPECTRAL_RULES_PATH: .spectral/
+          APPLY_FIXES: none
+          LOG_LEVEL: INFO
+
+  codegen-validation:


The fix is to add an explicit permissions block to the linting job in .github/workflows/pr-validation.yml. Since the job only performs a lint using checked out code, it only needs read access to the repository contents. Therefore, a permissions block should be added at line 13 (immediately after name: MegaLinter Validation) with contents: read. No further privileges are needed; do not change existing functionality or any other steps. No new dependencies or imports are required.

… PETOSS-829-add-GHA-healthcheck

ryanNexus · 2025-10-28T04:16:07Z

I Approve this Change, LGTM 🔥

github-actions · 2025-10-30T21:42:19Z

🎉 This PR is included in version 9.2.0 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀

github-actions · 2025-10-30T23:32:18Z

🎉 This PR is included in version 9.2.0 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀

xero-public-bot · 2025-11-02T20:46:25Z

🎉 This PR is included in version 9.2.0 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀

[PETOSS-829] added OAS-release actions and PR- Health check

4f30dd6

ryanNexus added 14 commits October 23, 2025 15:28

fix: change npm ci to npm install and add package-lock.json

27ddddf

[PETOSS-829] use npm ci not install as its faster

a07f371

[PETOSS-829] use latest version of npm

4f15215

[PETOSS-829] gha fixes

a950752

[PETOSS-829] gha fixes +1

8a7e8c0

[PETOSS-829] gha fixes +2

d046385

[PETOSS-829] gha fixes +3

87c005e

[PETOSS-829] gha fixes +4

3ae3ee1

fix: use public npm registry instead of Xero Artifactory

9492985

- Added .npmrc to force use of registry.npmjs.org - Regenerated package-lock.json with public registry URLs - Updated workflow to explicitly set registry for GitHub Actions - Added timeout to prevent hanging on npm install

[PETOSS-829] removed linter as its now a seperate action

92c753e

[PETOSS-829] gha fixes +5

fd4f976

[PETOSS-829] rolledback to v1 of dispatch as v2 creates a distinct id…

4d31438

… which the other work flow in the code gen repo cant handle

[PETOSS-829] updated how the sdk generation is called

baf70ab

[PETOSS-829] increase timeout

f9bf5b2