Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add OpenAPI Specification to Release Assets #9054

Merged
merged 5 commits into from
Dec 13, 2023
Merged

Add OpenAPI Specification to Release Assets #9054

merged 5 commits into from
Dec 13, 2023

Conversation

kiblik
Copy link
Contributor

@kiblik kiblik commented Nov 27, 2023

In the future, I would like to add API changes to release notes. As preparation, I would like to release OpenAPI Specifications with each release as assets.

@dryrunsecurity DryRunSecurity
Copy link

dryrunsecurity bot commented Nov 27, 2023
edited
Loading

Contextual Security Analysis

As DryRun Security performs checks, we’ll summarize them here. You can always dive into the detailed results in the section below for checks.

Status DryRun Security Check
AI-powered Sensitive Function Check
Configured Sensitive Files Check
AI-powered Sensitive Files Check

Chat with your AI-powered Security Buddy by typing @dryrunsecurity followed by your question into a comment.
Example: @dryrunsecurity What are common security issues with web application cookies?

Install and configure more repositories at DryRun Security

@kiblik kiblik force-pushed the api_release_assets branch 3 times, most recently from 1c4c13d to 441e95e Compare November 27, 2023 14:32
@kiblik kiblik force-pushed the api_release_assets branch from 441e95e to 8b99500 Compare November 27, 2023 14:34
@kiblik kiblik marked this pull request as ready for review November 27, 2023 21:23
@mtesauro
Copy link
Contributor

mtesauro commented Nov 27, 2023
edited
Loading

@kiblik FYI: I've been working on this from the other side - aka creating way to diff spec files from DefectDojo's API. That's about 80% done and will show changes / breaking changes between any 2 versions of the API spec files.

@mtesauro
Copy link
Contributor

I'm using this library - https://github.com/Tufin/oasdiff and am aiming towards a GH action which runs the tools and produces the needed output

@kiblik
Copy link
Contributor Author

kiblik commented Nov 27, 2023

I'm using this library - https://github.com/Tufin/oasdiff and am aiming towards a GH action which runs the tools and produces the needed output

I was planning to use the exact tool :)
But you still need some base. How did you plan to generate the previous version OpenAPI definition?
My plan was to store it as part of a release and just fetch it during the following release.

@mtesauro
Copy link
Contributor

mtesauro commented Dec 3, 2023

@kiblik TBH, I was focusing on making the tool do what I wanted it to using two spec files I pulled from locally running instances of DefectDojo.

I think your idea of storing them with a release makes perfect sense to me. Like I said, I'd not thought about that yet but that sounds perfectly fine to me.

@mtesauro
Copy link
Contributor

@kiblik Is this ready to review/approve?

@kiblik
Copy link
Contributor Author

kiblik commented Dec 12, 2023

@kiblik Is this ready to review/approve?

Yes, it is :)

cneill
cneill reviewed Dec 12, 2023
View reviewed changes
.github/workflows/release-drafter.yml Outdated

- name: Upload Release Asset - OpenAPI Specification - YAML
id: upload-release-asset-yaml
uses: sekwah41/upload-release-assets@v1
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there a reason to use this fork over actions/upload-release-asset? I know the official one is archived but I'm a little hesitant to use a random fork here..

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there a reason to use this fork over actions/upload-release-asset? I know the official one is archived but I'm a little hesitant to use a random fork here..

As I remember, there is no other reason (only stopped maintenance).
If you prefer, I can run a local test with the original official one.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not sure if I'm doing sth wrong but I'm not able to make it work with actions/upload-release-assets

Any help is welcome

@kiblik kiblik force-pushed the api_release_assets branch from e621912 to 2edc4af Compare December 12, 2023 22:36
@kiblik kiblik force-pushed the api_release_assets branch from 2edc4af to 25e9b9e Compare December 12, 2023 22:50
mtesauro
mtesauro approved these changes Dec 13, 2023
View reviewed changes
Copy link
Contributor

@mtesauro mtesauro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved

@mtesauro mtesauro merged commit 8b671bf into DefectDojo:dev Dec 13, 2023
120 checks passed
@kiblik kiblik deleted the api_release_assets branch January 31, 2024 09:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cneill cneill cneill left review comments

@blakeaowens blakeaowens blakeaowens approved these changes

@Maffooch Maffooch Maffooch approved these changes

@devGregA devGregA devGregA approved these changes

@mtesauro mtesauro mtesauro approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@kiblik @mtesauro @cneill @devGregA @Maffooch @blakeaowens