Skip to content

Commit 4f8ba8b

Browse files
hkad98hkad98
committed
feat: enable api client generation from workflow
Add manual GH workflow for api client generation. JIRA: TRIVIAL risk: low
1 parent 323103c commit 4f8ba8b

File tree

1 file changed

+178
-0
lines changed

1 file changed

+178
-0
lines changed

.github/workflows/regenerate-api-client.yaml

Lines changed: 178 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,178 @@
1+
# (C) 2026 GoodData Corporation
2+
# This workflow regenerates the API client from the latest OpenAPI schema and updates VCR cassettes.
3+
# It creates a PR with the updated API client and cassettes.
4+
5+
name: Regenerate API Client
6+
7+
on:
8+
workflow_dispatch:
9+
inputs:
10+
branch_name:
11+
description: 'Branch name for the PR'
12+
required: false
13+
default: 'chore/regenerate-api-client'
14+
pr_title:
15+
description: 'PR title'
16+
required: false
17+
default: 'chore: Regenerate API client'
18+
19+
# Security: Only allow running on protected branches to prevent secret exfiltration
20+
# via malicious Makefile modifications on feature branches
21+
env:
22+
ALLOWED_BRANCHES: 'refs/heads/master refs/heads/main'
23+
24+
permissions:
25+
contents: write
26+
pull-requests: write
27+
28+
jobs:
29+
regenerate-api-client:
30+
name: Regenerate API Client
31+
runs-on:
32+
group: infra1-runners-arc
33+
labels: runners-cxa-xlarge
34+
timeout-minutes: 30
35+
36+
steps:
37+
- name: Verify branch is allowed
38+
run: |
39+
echo "Current ref: ${{ github.ref }}"
40+
if [[ ! " ${{ env.ALLOWED_BRANCHES }} " =~ " ${{ github.ref }} " ]]; then
41+
echo "::error::This workflow can only be run on protected branches (master/main) to prevent credential hijacking."
42+
echo "::error::Current branch '${{ github.ref }}' is not in the allowed list."
43+
exit 1
44+
fi
45+
echo "Branch verification passed."
46+
47+
- name: Checkout
48+
uses: actions/checkout@v4
49+
with:
50+
fetch-depth: 0
51+
52+
- name: Get AWS ECR Vault Secrets
53+
id: secrets
54+
uses: hashicorp/vault-action@v3
55+
with:
56+
url: ${{ vars.VAULT_URL }}
57+
method: jwt
58+
path: jwt/github
59+
role: ecr-pull
60+
secrets: |
61+
secret/data/v2/data-special/infra1-user-ecr-rw aws_ecr_access_key | AWS_ACCESS_KEY ;
62+
secret/data/v2/data-special/infra1-user-ecr-rw aws_ecr_secret_key | AWS_SECRET_KEY ;
63+
64+
- name: Configure AWS Credentials
65+
uses: aws-actions/configure-aws-credentials@v4
66+
with:
67+
aws-access-key-id: ${{ env.AWS_ACCESS_KEY }}
68+
aws-secret-access-key: ${{ env.AWS_SECRET_KEY }}
69+
aws-region: us-east-1
70+
71+
- name: Login to Amazon ECR
72+
id: login-ecr
73+
uses: aws-actions/amazon-ecr-login@v2
74+
75+
- name: Create license file
76+
run: |
77+
mkdir -p build
78+
echo "${{ secrets.GOODDATA_LICENSE_KEY }}" > build/license
79+
80+
- name: Install jq
81+
run: sudo apt-get update && sudo apt-get install -y jq
82+
83+
- name: Start Docker Compose services
84+
run: |
85+
docker compose up -d
86+
echo "Docker Compose services started"
87+
88+
- name: Wait for all services to be ready
89+
run: |
90+
echo "Waiting for bootstrap services to complete..."
91+
92+
# Wait for layout-uploader to complete (last bootstrap step)
93+
echo "Waiting for layout-uploader to complete..."
94+
timeout 600 bash -c '
95+
while true; do
96+
status=$(docker compose ps layout-uploader --format json 2>/dev/null | jq -r ".State" 2>/dev/null || echo "unknown")
97+
exit_code=$(docker compose ps layout-uploader --format json 2>/dev/null | jq -r ".ExitCode" 2>/dev/null || echo "-1")
98+
99+
if [ "$status" = "exited" ] && [ "$exit_code" = "0" ]; then
100+
echo "layout-uploader completed successfully!"
101+
break
102+
elif [ "$status" = "exited" ] && [ "$exit_code" != "0" ]; then
103+
echo "layout-uploader failed with exit code $exit_code"
104+
docker compose logs layout-uploader
105+
exit 1
106+
fi
107+
108+
echo "layout-uploader status: $status, waiting..."
109+
sleep 10
110+
done
111+
'
112+
113+
# Verify api-gw is healthy
114+
echo "Verifying api-gw is ready..."
115+
timeout 60 bash -c '
116+
while ! curl -sf http://localhost:3000/api/v1/entities/admin/organizations 2>/dev/null; do
117+
echo "Waiting for api-gw to respond..."
118+
sleep 5
119+
done
120+
'
121+
echo "All services are ready!"
122+
123+
- name: Set up Python
124+
uses: astral-sh/setup-uv@v6
125+
with:
126+
python-version: "3.14"
127+
128+
- name: Generate API client
129+
run: make api-client
130+
131+
- name: Remove existing cassettes
132+
run: make remove-cassettes
133+
134+
- name: Install development dependencies
135+
run: make dev
136+
137+
- name: Run tests to regenerate cassettes
138+
run: make test
139+
env:
140+
HOST: "http://localhost:3000"
141+
TOKEN: "YWRtaW46Ym9vdHN0cmFwOmFkbWluMTIz"
142+
143+
- name: Show Docker Compose logs on failure
144+
if: failure()
145+
run: |
146+
echo "=== Docker Compose Status ==="
147+
docker compose ps
148+
echo ""
149+
echo "=== Docker Compose Logs ==="
150+
docker compose logs --tail=100
151+
152+
- name: Stop Docker Compose services
153+
if: always()
154+
run: docker compose down -v
155+
156+
- name: Create Pull Request
157+
uses: peter-evans/create-pull-request@v7
158+
with:
159+
token: ${{ secrets.GITHUB_TOKEN }}
160+
commit-message: "chore: Regenerate API client"
161+
branch: ${{ inputs.branch_name }}
162+
delete-branch: true
163+
title: ${{ inputs.pr_title }}
164+
body: |
165+
## Summary
166+
This PR regenerates the API client from the latest OpenAPI schema and updates VCR cassettes.
167+
168+
## Changes
169+
- Regenerated API client from latest OpenAPI schema
170+
- Updated VCR cassette fixtures to match current API responses
171+
172+
## Test Plan
173+
- [x] Tests passed against live GoodData instance
174+
- [ ] Review API client changes
175+
- [ ] Review cassette changes for expected API modifications
176+
labels: |
177+
automated
178+
api-client

0 commit comments

Comments
 (0)