Skip to content

Releases: oasdiff/oasdiff-action

v0.1.4

Choose a tag to compare

@reuvenharrison reuvenharrison released this 28 Jun 16:21
ae5ef64

What's Changed

This release updates the GitHub Action to oasdiff v1.21.0. See the oasdiff v1.21.0 release notes for the detection and output improvements it brings: response type widening vs narrowing, a crash fix for schema-less media types, more response-side checks, and clearer change messages.

Full Changelog: v0.1.3...v0.1.4

v0.1.3

Choose a tag to compare

@reuvenharrison reuvenharrison released this 21 Jun 22:03
ccc2442

Highlights

Pro review mode in the changelog action

Given an oasdiff-token, the changelog action now posts an encrypted Pro review on your pull requests. The specs are encrypted client-side in CI and only ciphertext is uploaded, so oasdiff cannot read them; the decryption key lives only in the review link's URL fragment. The action posts a PR comment linking to a side-by-side review where your team approves or rejects each change, and the oasdiff commit status gates merge until every breaking change is approved.

- uses: oasdiff/oasdiff-action/changelog@v0.1.3
  with:
    base: main:openapi.yaml
    revision: openapi.yaml
    oasdiff-token: ${{ secrets.OASDIFF_TOKEN }}
    github-token: ${{ github.token }}

(needs permissions: pull-requests: write and statuses: write)

Upgraded to oasdiff v1.20.0

The action images now run oasdiff v1.20.0.

Fixes

  • Graceful message when a trial or subscription expires. When a plan lapses, the pr-comment and Pro changelog actions now surface a clear "your plan has expired, renew here" message and keep the workflow green, instead of failing with an opaque HTTP 402 error.

Full Changelog: v0.1.2...v0.1.3

v0.1.2

Choose a tag to compare

@reuvenharrison reuvenharrison released this 16 Jun 13:33
e245290

Highlights

The PR comment now posts by default

The breaking and changelog actions now default github-token to ${{ github.token }}, so the review/changelog comment posts to the PR automatically on any repo whose job GITHUB_TOKEN already has write access, with no workflow edit (#167). Previously most repos only ever saw the review link in the job summary, which almost nobody opens. If your org forces a read-only default token you still need to add permissions: pull-requests: write, and fork PRs are unchanged (read-only token). The comment copy is also clearer about the capability-by-URL model and how specs stay encrypted in CI, plus an explicit opt-out: set review: false to stop posting.

New @v0 moving major tag

A v0 tag is now published and re-pointed on every stable release, so you can pin to @v0 and pick up later patches and minors (like the comment improvements above) automatically, with no workflow change (#168).

- uses: oasdiff/oasdiff-action/breaking@v0

A new Versioning section in the README covers @v0 (recommended), exact pins like @v0.1.1 (reproducible CI), and @main (unreleased tip). README examples now use @v0.

Upgraded to oasdiff v1.19.1

Every action now runs on oasdiff v1.19.1.

Full Changelog: v0.1.1...v0.1.2

v0.1.1

Choose a tag to compare

@reuvenharrison reuvenharrison released this 14 Jun 21:05
5fbe96e

Highlights

Upgraded to oasdiff v1.19.1

Every action now runs on oasdiff v1.19.1.

Fixes

The free side-by-side review that the breaking and changelog actions generate gets several reliability fixes in this release:

  • Review links survive the v1.19.1 output change. v1.19.1 moved the Opening <url> line from stdout to stderr so it can no longer corrupt piped JSON or YAML output. The action now captures the review URL from either stream, so on v1.19.1 your PRs keep getting the side-by-side review comment instead of a misleading "couldn't upload, re-run the job" warning and no comment at all (#165).
  • No more spurious review links on clean PRs. No-change detection no longer depends on the format you set. An empty changelog renders differently per format ([] for json and yaml, a header plus "No changes detected" for markup), and those slipped past the old text-only check, so every clean PR got a review link and an uploaded comparison. Detection now uses a format-independent JSON probe (#164).
  • Composed mode skips the review upload cleanly. In composed mode (-c) the encrypted review can't represent a glob of many specs, so the action no longer attempts --open. Instead of the generic "couldn't upload, re-run" warning, it emits a single notice explaining the review isn't available in composed mode (#164).
  • A nudge when the PR comment isn't wired up. If a review link is produced on a pull request but no github-token is set, the action now emits a notice (with a docs link) showing how to get the review posted as a PR comment, rather than leaving it silently on the job summary. It stays quiet on no-change runs and non-PR events (#163).
  • Aligned the verify action onto the same oasdiff v1.19.0 release base image as the other five actions (#162).

Full Changelog: v0.1.0...v0.1.1

v0.1.0

Choose a tag to compare

@reuvenharrison reuvenharrison released this 13 Jun 21:06
c4792cf

Highlights

New: free side-by-side review link, now posted as a PR comment

The breaking and changelog actions can now find a review link on the PR itself instead of burying it in the job summary. When changes are detected, the action encrypts both specs in CI, uploads only the ciphertext, and posts (then auto-updates) a single PR comment with the side-by-side review link. The decryption key lives only in the URL fragment and never reaches a server.

- uses: oasdiff/oasdiff-action/breaking@v0.1.0
  with:
    base: 'main/openapi.yaml'
    revision: 'openapi.yaml'
    github-token: ${{ github.token }}
permissions:
  pull-requests: write

Two new inputs drive this (#152, #156):

  • review (default true): emit the encrypted review link when changes are found. Set review: false to opt out entirely, no spec leaves CI, and detection plus inline annotations are unaffected.
  • github-token: pass ${{ github.token }} (and grant pull-requests: write) to get the PR comment. Omit it to keep the previous behavior, link in the job summary only. No oasdiff account or token is required; github.token is GitHub's built-in token.

The comment is best-effort and never fatal: the action posts it before exiting non-zero, so it survives a fail-on gate, and on fork PRs (where GITHUB_TOKEN is read-only) it falls back to the always-written job summary. It updates one marker comment rather than spamming per push, and rewrites itself to a "no changes" note when a later push clears the changes.

Upgraded to oasdiff v1.19.0

All six actions (breaking, changelog, diff, validate, pr-comment, verify) now run on the oasdiff v1.19.0 base image (#161, #162).

Fixes

  • The review link now actually posts from breaking and changelog. Both images now install curl (and ca-certificates), which the new PR-comment and review-link calls need. Without it the API call returned HTTP 000 and silently fell back to the job summary (#157).
  • Clearer free-action docs and PR-comment copy. The breaking and changelog descriptions now mention the encrypted review link and correct where annotations land (the Files changed tab, not the summary). The PR comment itself was reworked to lead with opening and sharing the review with your team, with privacy collapsed to one line, and its "How it works" link now points straight at the privacy section (#155, #158, #159, #160).

Full Changelog: v0.0.57...v0.1.0

v0.0.57

Choose a tag to compare

@reuvenharrison reuvenharrison released this 08 Jun 13:03
3530478

Highlights

Upgraded to oasdiff v1.18.5

The breaking, changelog, diff, pr-comment, and validate actions now run oasdiff v1.18.5. For workflow authors this brings:

  • No more crashes on certain spec changes. A change that dropped a single-valued sub-schema on one side (for example an array property removing its items, or a removed not / if / then / else) previously crashed the action with a panic. The actions now handle these diffs cleanly. (oasdiff #998)
  • not sub-schemas are now checked. Property changes nested inside a not schema (a removed property, a tightened constraint, a newly required field) are now reported by the breaking and changelog actions instead of being skipped. (oasdiff #994)

Full Changelog: v0.0.56...v0.0.57

v0.0.56

Choose a tag to compare

@reuvenharrison reuvenharrison released this 06 Jun 11:08
5ffbc91

What's Changed

Full Changelog: v0.0.55...v0.0.56

v0.0.55

Choose a tag to compare

@reuvenharrison reuvenharrison released this 06 Jun 08:32
840501f

What's changed

  • The free breaking/changelog step summary is now a single link to the side-by-side review on oasdiff.com, instead of a baked CLI command. The command, install help, and any guidance now live on that page, so they can be improved without you needing to upgrade the action. Removed the duplicate (non-clickable) ::notice:: review link; the per-change ::error:: annotations are unchanged (#144).
  • Added a workflow URL parameter (from GITHUB_WORKFLOW_REF) so the review page can link back to the exact workflow file (#144).
  • Docs: examples bumped to v0.0.55 (#145).

Full Changelog: v0.0.54...v0.0.55

v0.0.54

Choose a tag to compare

@reuvenharrison reuvenharrison released this 06 Jun 06:39
4e031f2

What's changed

  • The local-review command now self-recovers. The breaking and changelog step summaries print git fetch origin <base> <head> && oasdiff ..., and the base image is bumped to oasdiff v1.18.4, which prints an actionable git fetch origin <sha> hint (instead of a terse git error) when a reviewer's clone is missing the commit. So a reviewer on a fresh or shallow clone reaches the review without manual fixups (#138, #143).
  • Action version is now recorded for diagnostics. Service-calling actions (pr-comment, verify) send User-Agent: oasdiff-action/<ref>, and the free /review URL carries action_version=<ref>, so a run's version is visible in the logs (#142).
  • Base image bumped to oasdiff v1.18.4 across all actions, including verify/ (was v1.18.1) (#143).
  • Internal: removed an internal doc-path reference from step-summary comments (#137).

Full Changelog: v0.0.53...v0.0.54

v0.0.53

Choose a tag to compare

@reuvenharrison reuvenharrison released this 04 Jun 15:42
a8c7f0e

Highlights

Upgraded to oasdiff v1.18.2

Every action now runs on oasdiff v1.18.2, which completes and polishes the breaking-change rule catalog: all 474 rules now have a real description (29 were previously missing), the mitigation texts are clearer, and descriptions are localized across English, Spanish, Brazilian Portuguese, and Russian. See the oasdiff v1.18.2 release for details.

Full Changelog: v0.0.52...v0.0.53