socket-sdk-js/.github/workflows/generate.yml at 6a1bb1162ce13275f509ccac4f4b2fa55f6cff7c · SocketDev/socket-sdk-js · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
name: 🔄 Generate SDK

on:
  push:
    branches:
      - main
    paths:
      - '.github/workflows/generate.yml'
      - 'scripts/generate-sdk.mts'
      - 'scripts/generate-types.mts'
      - 'scripts/generate-strict-types.mts'
  schedule:
    # At 07:23 on every day-of-week from Monday through Friday.
    - cron: '23 7 * * 1-5'
  workflow_dispatch:
    inputs:
      force:
        description: 'Force regeneration even if no changes detected'
        required: false
        default: false
        type: boolean

concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true

permissions: {}


jobs:
  fetch_and_update:
    name: Sync OpenAPI definition
    runs-on: ubuntu-latest
    permissions:
      actions: write # To trigger CI workflow via workflow_dispatch
      contents: write # To push generated SDK code
      pull-requests: write # To create PRs for review
    outputs:
      has_changes: ${{ steps.check.outputs.has_changes }}
    steps:
      - name: Random delay
        if: github.event_name == 'schedule'
        run: |
          # Add random delay between 0-10 minutes for scheduled runs
          delay=$((RANDOM % 600))
          echo "Sleeping for $delay seconds..."
          sleep $delay

      - uses: SocketDev/socket-registry/.github/actions/setup-and-install@85a2fc0d33af6304246620365de3e7f053035a8d # main

      - name: Configure push credentials
        env:
          GH_TOKEN: ${{ github.token }}
        run: git remote set-url origin "https://x-access-token:${GH_TOKEN}@github.com/${{ github.repository }}.git"

      - uses: SocketDev/socket-registry/.github/actions/setup-git-signing@85a2fc0d33af6304246620365de3e7f053035a8d # main
        with:
          gpg-private-key: ${{ secrets.BOT_GPG_PRIVATE_KEY }}

      - name: Generate SDK
        # Fetches OpenAPI, generates types/api.d.ts and src/types-strict.ts
        run: pnpm run generate-sdk

      - name: Check for changes
        id: check
        run: |
          if [ -n "$(git status --porcelain)" ]; then
            echo "has_changes=true" >> $GITHUB_OUTPUT
          else
            echo "has_changes=false" >> $GITHUB_OUTPUT
          fi

      - name: Commit and push changes
        if: steps.check.outputs.has_changes == 'true'
        run: |
          # Branch from main~1 so the PR is behind main, making the
          # "Update branch" button available to trigger enterprise checks.
          git stash
          git checkout -b automated/open-api HEAD~1
          git stash pop
          git add .
          git commit -m "fix(openapi): sync with openapi definition"
          git push origin automated/open-api -fu

      - name: Create Pull Request
        if: steps.check.outputs.has_changes == 'true'
        env:
          GH_TOKEN: ${{ github.token }}
        run: |
          # Check if PR already exists
          existing_pr=$(gh pr list --head automated/open-api --json number --jq '.[0].number' || echo "")

          if [ -z "$existing_pr" ]; then
            gh pr create \
              --head automated/open-api \
              --base main \
              --title "Sync with OpenAPI definition" \
              --body "## OpenAPI Sync

          The OpenAPI definition in the API has been updated. This PR automatically:
          - Downloads the latest OpenAPI specification
          - Regenerates TypeScript types (types/api.d.ts)
          - Regenerates strict TypeScript types (src/types-strict.ts)
          - Updates SDK method signatures if needed

          ### What's Changed
          See the file changes below for specific updates to the API types, strict types, and methods.

          **Please review carefully for any breaking changes in the API.**" \
              --label "dependencies" \
              --label "automated"
          else
            echo "PR #$existing_pr already exists, skipping creation"
          fi

      # Pushes made with GITHUB_TOKEN don't trigger other workflows.
      # Use workflow_dispatch to directly trigger CI on the PR branch.
      - name: Trigger CI checks
        if: steps.check.outputs.has_changes == 'true'
        env:
          GH_TOKEN: ${{ github.token }}
        run: gh workflow run ci.yml --ref automated/open-api

      - name: Add job summary
        if: steps.check.outputs.has_changes == 'true'
        env:
          GH_TOKEN: ${{ github.token }}
        run: |
          pr_number=$(gh pr list --head automated/open-api --json number --jq '.[0].number' || echo "")
          pr_url="https://github.com/${{ github.repository }}/pull/${pr_number}"

          cat >> "$GITHUB_STEP_SUMMARY" <<EOF
          ## OpenAPI Sync Complete

          **PR:** [#${pr_number}](${pr_url})

          > **Note:** Enterprise required workflows (e.g. Audit GHA Workflows) won't trigger
          > automatically on bot PRs. Click **"Update branch"** on the PR to trigger them,
          > or push an empty commit to the branch:
          >
          > \`\`\`sh
          > git fetch origin automated/open-api && git checkout automated/open-api
          > git commit --allow-empty -m "chore: trigger enterprise checks"
          > git push origin automated/open-api
          > \`\`\`
          EOF

      - uses: SocketDev/socket-registry/.github/actions/cleanup-git-signing@85a2fc0d33af6304246620365de3e7f053035a8d # main
        if: always()