You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
docs: document the current Pro workflow (changelog + oasdiff-token)
The Pro section showed the legacy pr-comment action. The current Pro
model is the changelog action with an oasdiff-token: same workflow as
the free changelog, plus the token and statuses: write, which turns the
review into approve/reject + an `oasdiff` commit-status gate.
- Replace "Pro: Rich PR comment" with "Pro: Approve and gate changes",
leading with the upgrade story (you already run changelog; add your
token). Matches the workflow w3 generates on /setup.
- Repoint the verify example's review job from pr-comment to changelog,
add the permissions block, bump checkout to v7.
- Update the table of contents.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Copy file name to clipboardExpand all lines: README.md
+17-75Lines changed: 17 additions & 75 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -19,8 +19,7 @@ GitHub Actions that check your OpenAPI specs for breaking changes on every pull
19
19
-[Validate a single spec](#validate-a-single-spec)
20
20
-[Configuring with `.oasdiff.yaml`](#configuring-with-oasdiffyaml)
21
21
-[Spec paths](#spec-paths)
22
-
-[Pro: Rich PR comment](#pro-rich-pr-comment)
23
-
-[Pro: Verify your setup](#pro-verify-your-setup)
22
+
-[Pro: Approve and gate changes](#pro-approve-and-gate-changes)
24
23
25
24
## Quick start
26
25
@@ -284,101 +283,44 @@ When using git refs, you need to check out the repo and fetch the base branch:
284
283
285
284
---
286
285
287
-
## Pro: Rich PR comment
286
+
## Pro: Approve and gate changes
288
287
289
-
`oasdiff/oasdiff-action/pr-comment`posts a single auto-updating comment on every PR that touches your API spec.
288
+
oasdiff Pro adds a sign-off step to the review, so a breaking change can't merge until your team approves it. It's the **same `changelog` action** as above, with your `oasdiff-token` added.
290
289
291
-
**Getting started:** [Sign up for oasdiff Pro](https://www.oasdiff.com/pricing) to get your token, then follow the setup instructions to install the GitHub App, add your repo secret, and create the workflow.
290
+
On every pull request, oasdiff posts the encrypted side-by-side review and gives each change **Approve / Reject** buttons. A commit status check named `oasdiff` blocks the merge until every breaking change is approved. Approvals are tied to the change fingerprint and carry forward across commits, with a record of who approved what and when.
291
+
292
+
[Start a free trial](https://www.oasdiff.com/start-trial) (no credit card) to get your token, then add it as an `OASDIFF_TOKEN` repository secret.
292
293
293
294
```yaml
294
295
name: oasdiff
295
296
on:
296
297
pull_request:
297
298
branches: [ "main" ]
299
+
permissions:
300
+
pull-requests: write # post the review comment
301
+
statuses: write # set the merge-gate commit status
The only difference from the free [changelog workflow](#generate-a-changelog) is the `oasdiff-token` secret and the `statuses: write` permission. Your specs are still encrypted in CI before upload, so the server can't read them.
318
317
319
-
Each **Review** link opens a hosted page with a side-by-side spec diff and **Approve / Reject** buttons. Approvals are tied to the change fingerprint and carry forward automatically when the branch is updated. A commit status check blocks the merge until every breaking change has been reviewed.
318
+
This is the `changelog` action [documented above](#generate-a-changelog); the one added input is:
| `base` | — (required) | Path to the base (old) OpenAPI spec | file path, URL, git ref |
324
-
| `revision` | — (required) | Path to the revised (new) OpenAPI spec | file path, URL, git ref |
325
-
| `oasdiff-token` | — (required) | oasdiff API token — [sign up at oasdiff.com](https://www.oasdiff.com/pricing) | — |
326
-
| `include-path-params` | `false` | Include path parameter names in endpoint matching | `true`, `false` |
327
-
| `exclude-elements` | `''` | Exclude certain kinds of changes from the output | `endpoints`, `request`, `response` (comma-separated) |
328
-
| `composed` | `false` | Run in composed mode | `true`, `false` |
329
-
| `allow-external-refs` | `false` | Resolve external `$ref`s. Defaults to `false` to prevent SSRF on untrusted pull requests. Set `true` if your spec references external URLs or loads split files by file path | `true`, `false` |
330
-
331
-
[Get oasdiff Pro →](https://www.oasdiff.com/pricing)
332
-
333
-
## Pro: Verify your setup
334
-
335
-
`oasdiff/oasdiff-action/verify`is a read-only check that confirms your setup works end to end. It posts no PR comment and sets no commit status. Run it on demand from the **Actions** tab (the "Run workflow" button).
336
-
337
-
Add it to the same workflow as `pr-comment`, guarded by event type, so one file handles both: `pr-comment`on pull requests, and `verify` when you click "Run workflow".
The verify run renders a checklist in the workflow **Step Summary**:
371
-
372
-
- ✅ GitHub Actions workflow is running
373
-
- ✅ Connected to oasdiff (your `OASDIFF_TOKEN` secret)
374
-
- ✅ oasdiff GitHub App installed on the repo
375
-
- ✅ OpenAPI spec found and compared
322
+
| `oasdiff-token` | `''` | Your oasdiff Pro token (the `OASDIFF_TOKEN` secret). When set, the action uploads an authenticated review, posts the approve/reject comment, and sets the `oasdiff` commit status check that gates the merge. Requires `pull-requests: write` and `statuses: write` | — |
376
323
377
-
It exits non-zero with a one-line hint for any check that fails, so a verify run is a clear pass/fail. (Reviewer access is checked separately on your setup page.)
324
+
**Optional:** install the [oasdiff GitHub App](https://github.com/apps/oasdiff/installations/new) for an instant gate (the status updates the moment a change is approved, instead of on the next CI run) and for reviews on pull requests from forks. The workflow above already posts the review and sets the gate without it.
0 commit comments