Meta tags:
description= OpenAPI breaking change detection CLI API contract testing prevent API breaking changes in CI/CD - specshield26/specshield-cli;
Headings (most frequently used words):
the, bdct, consumer, provider, spec, specshield, contract, to, step, publish, cli, har, your, ci, navigation, it, vs, run, all, options, best, for, uh, oh, code, pull, saved, searches, testing, from, turn, real, into, verify, does, live, actually, github, use, and, files, history, breaking, in, local, compare, comparison, checks, file, gate, this, before, init, license, footer, json, compatibility, deploy, contracts, service, load, what, on, search, repositories, users, issues, requests, provide, feedback, specshield26, commands, bi, directional, capture, traffic, match, its, cd, actions, menu, filter, results, more, quickly, folders, latest, commit, repository, contents, never, ship, change, api, consumers, problem, solution, see, action, quick, start, world, story, cases, cloud, remote, share, app, pr, record, operational, concerns, read, going, why, is, most, valuable, piece, of, alternatives, pricing, first, setup, wizard, login, authentication, config, exit, codes, support, about, releases, packages, contributors, languages, how, works, openapi, subset, or, pact, can, matrix, list, specs, verifications, full, workflow, output, mental, model, 1a, chrome, firefox, edge, devtools, zero, frontend, 1b, playwright, teams, with, ui, tests, 1c, cypress, 1d, mitmproxy, backend, 1e, postman, insomnia, bruno, 1f, k6, test, bonus, recording, while, engine, scrubbing, auth, tokens, cookies, pii, multi, host, filtering, talks, several, backends, keeping, fresh, common, pitfalls, safe, by, default, path, parameter, resolution, validator, per, response, request, catch, changes, merge, push, nightly, production, conformance, example, yml, non, interactive, scriptable, mode, flags, topics, resources, stars, watchers, forks,
Text of the page (most frequently used words):
the (200), specshield (127), #provider (98), consumer (94), bdct (87), har (79), #contract (72), yaml (72), api (63), your (62), openapi (60), spec (60), and (55), service (53), json (50), from (48), run (46), for (42), name (40), github (39), env (38), version (37), deploy (37), with (37), payment (36), can (34), breaking (34), path (34), publish (34), acme (33), base (32), every (32), compare (32), org (29), url (28), checkout (28), you (27), code (27), file (27), verify (26), pact (25), key (25), format (24), capture (24), that (23), cli (23), staging (23), this (21), all (21), production (21), test (21), one (20), traffic (20), list (19), fail (19), error (18), changes (18), config (18), tests (18), status (17), change (17), required (17), step (17), get (17), store (17), testing (16), out (16), https (16), share (15), output (15), history (15), compatibility (15), only (15), payments (15), pass (14), yml (14), contracts (14), actions (14), team (14), gate (14), install (14), token (13), default (13), never (13), target (13), use (13), specshield_api_key (13), type (13), per (12), its (12), app (12), uses (12), what (12), conformance (12), com (12), field (12), playwright (12), not (11), into (11), request (11), remote (11), security (10), free (10), account (10), exit (10), consumers (10), flags (10), options (10), true (10), are (10), local (10), any (10), when (10), post (10), mitmproxy (10), cypress (10), compatible (10), comparison (10), 2026 (9), diff (9), users (9), view (9), npm (9), support (9), hosted (9), commands (9), keep (9), login (9), dashboard (9), enterprise (9), checks (9), dsl (9), before (9), response (9), string (9), see (9), same (9), time (8), page (8), published (8), open (8), branch (8), stored (8), flag (8), running (8), matches (8), project (8), init (8), they (8), command (8), endpoint (8), already (8), vars (8), paymentid (8), actually (8), browser (8), entries (8), integration (8), record (8), reload (7), license (7), detection (7), header (7), include (7), matrix (7), subcommand (7), check (7), specs (7), safe (7), number (7), main (7), environment (7), pay (7), write (7), against (7), works (7), workflow (7), once (7), broker (7), secrets (7), schema (7), 200 (7), engine (7), just (7), recorder (7), publishes (7), create (6), probes (6), repeatable (6), timeout (6), params (6), non (6), providers (6), ver (6), override (6), server (6), subset (6), failonbreaking (6), set (6), files (6), var (6), two (6), export (6), also (6), skip (6), kind (6), without (6), must (6), workflows (6), package (6), email (6), staging_token (6), node (6), pull (6), catch (6), via (6), amount (6), does (6), have (6), context (6), right (6), host (6), endpoints (6), full (6), saved (6), action (5), navigation (5), deployable (5), codes (5), title (5), read (5), turn (5), link (5), info (5), ignore (5), save (5), result (5), defaults (5), each (5), paths (5), match (5), generate (5), own (5), first (5), both (5), why (5), fields (5), example (5), git (5), public (5), partial (5), authorization (5), runs (5), sha (5), merge (5), examples (5), orders (5), teams (5), backend (5), npx (5), produces (5), load (5), click (5), content (5), tab (5), incompatible (5), issues (5), search (5), community (4), was (4), while (4), readme (4), devtools (4), missing (4), more (4), mutating (4), filters (4), filter (4), machine (4), readable (4), purpose (4), description (4), expires (4), option (4), mode (4), github_sha (4), delete (4), removed (4), values (4), names (4), need (4), customer (4), plan (4), sign (4), commit (4), talks (4), everything (4), interactive (4), optional (4), writes (4), specshield26 (4), asks (4), signed (4), detects (4), wizard (4), setup (4), registry (4), latest (4), specshield_org (4), uuid (4), date (4), object (4), 123 (4), them (4), userid (4), methods (4), live (4), trust (4), existing (4), their (4), close (4), recordhar (4), prefix (4), captured (4), scrub (4), zero (4), session (4), real (4), orderid (4), recording (4), then (4), http (4), another (4), start (4), exercised (4), new (4), platform (4), mcp (4), cookies (3), docs (3), there (3), loading (3), please (3), report (3), repository (3), stars (3), mit (3), resources (3), topics (3), admin (3), runtime (3), self (3), recorded (3), verification (3), across (3), days (3), comparisons (3), warning (3), severity (3), commentonpr (3), specpath (3), hand (3), root (3), directory (3), always (3), require (3), resolution (3), secret (3), written (3), starter (3), stdout (3), auto (3), toml (3), repo (3), cloud (3), advanced (3), rbac (3), audit (3), slack (3), pricing (3), oss (3), paid (3), requires (3), directional (3), bearer (3), steps (3), ubuntu (3), jobs (3), branches (3), exact (3), 4xx (3), documented (3), integer (3), automatically (3), like (3), parameter (3), off (3), but (3), most (3), source (3), accurate (3), loop (3), body (3), would (3), break (3), language (3), sdk (3), single (3), entry (3), want (3), fix (3), ops (3), inventory (3), calls (3), scrubbed (3), input (3), tool (3), quick (3), bodies (3), reference (3), html (3), return (3), postman (3), add (3), 8080 (3), available (3), best (3), generator (3), safari (3), menu (3), frontend (3), mobile (3), partner (3), application (3), 482 (3), user (3), last (3), changed (3), cases (3), incident (3), services (3), changelog (3), insights (3), requests (3), settings (3), window (3), refresh (3), documentation (3), feedback (3), grade (3), features (3), copilot (3), solutions (3), explore (3), manage (2), footer (2), releases (2), fork (2), governance (2), swagger (2), microservices (2), prevent (2), about (2), stop (2), star (2), issue (2), software (2), private (2), limited (2), failed (2), method (2), verbs (2), size (2), overrides (2), organization (2), common (2), manually (2), make (2), limit (2), specific (2), collapse (2), relative (2), used (2), false (2), schemaversion (2), invocation (2), reads (2), entirely (2), nothing (2), auth (2), built (2), order (2), ss_your_token_here (2), copy (2), seconds (2), authentication (2), fmt (2), print (2), come (2), resolved (2), optionally (2), using (2), whether (2), mod (2), pom (2), xml (2), pyproject (2), under (2), started (2), saml (2), sso (2), scim (2), prem (2), log (2), workspace (2), priority (2), included (2), dredd (2), native (2), ingest (2), gating (2), pactflow (2), alternatives (2), push (2), tmp (2), actual (2), coverage (2), null (2), parameters (2), declare (2), repeat (2), reason (2), parsing (2), resolve (2), side (2), health (2), thingid (2), data (2), opt (2), things (2), says (2), sometimes (2), returns (2), numeric (2), usually (2), validating (2), derived (2), tax (2), deployed (2), other (2), instrument (2), piece (2), cert (2), above (2), import (2), tls (2), explicitly (2), end (2), await (2), chromium (2), didn (2), templated (2), segment (2), literal (2), multiple (2), hosts (2), doesn (2), identical (2), pattern (2), circleci (2), syntax (2), service_name (2), whole (2), keeping (2), different (2), multi (2), backends (2), emits (2), types (2), sanitizer (2), patterns (2), headers (2), cookie (2), contain (2), pii (2), operational (2), concerns (2), blocked (2), git_sha (2), sample (2), alongside (2), shapes (2), samples (2), seen (2), passes (2), images (2), schemas (2), will (2), omitted (2), wrote (2), expected (2), regardless (2), which (2), runner (2), either (2), insomnia (2), bruno (2), jvm (2), environments (2), hardump (2), brew (2), mitmdump (2), https_proxy (2), localhost (2), done (2), pointing (2), proxy (2), point (2), through (2), e2e (2), exports (2), module (2), neuralegion (2), const (2), call (2), paste (2), during (2), network (2), note (2), clear (2), chrome (2), firefox (2), edge (2), jump (2), how (2), agnostic (2), between (2), something (2), feature (2), work (2), verifications (2), properties (2), currency (2), verifies (2), comment (2), gets (2), links (2), billing (2), useful (2), drift (2), over (2), cross (2), notifications (2), track (2), expect (2), pipeline (2), broken (2), build (2), 2am (2), paymentstatus (2), too (2), blocks (2), breaks (2), solution (2), review (2), find (2), apis (2), problem (2), agent (2), agents (2), ship (2), lock (2), npmignore (2), gitignore (2), src (2), scripts (2), fixtures (2), demo (2), bin (2), commits (2), message (2), quality (2), projects (2), appearance (2), cancel (2), searches (2), repositories (2), business (2), developer (2), devops (2), perform, personal, information, contact, privacy, terms, inc, 100, javascript, languages, contributors, packages, forks, watching, watchers, activity, finding, breakage, found, clean, meaning, accepts, these, pairs, trigger, pair, expire, after, reportid, level, allow, informational, tag, 10000, enabled, substring, parent, win, locally, uploaded, don, were, newer, reserved, concept, unifies, subcommands, variable, recommended, logged, successfully, authenticate, ss_, keys, google, committed, operations, overwrite, confirmation, exists, force, detect, proposed, prompts, scriptable, subdirectory, present, validates, stores, autocompletes, suggests, otherwise, master, cargo, looks, credit, card, sales, dedicated, onboarding, sla, talk, enforced, trail, alerts, annual, web, day, forever, price, tier, readyapi, microcks, specmatic, oasdiff, smartbear, workflow_dispatch, daily, utc, cron, schedule, nightly, show, origin, fetch, depth, pull_request, wildcard, undocumented, properly, allows, oas, isms, handled, nullable, outside, enum, enums, plus, ajv, formats, array, boolean, validator, neither, resolves, skipped, param, wins, templates, 8000, extra, send, kvlist, probe, put, patch, effects, ref, least, unconfigured, unresolved, head, effect, catches, contains, partially_refunded, pending, refunded, truth, closes, firing, active, style, removes, converts, turns, folder, merges, measurable, enforcement, product, market, adopt, should, doing, aren, valuable, jks, trusted, rejects, newcontext, launch, empty, segments, differ, stays, looked, got, succeeds, document, drop, cause, symptom, pitfalls, gitlab, jenkins, injection, provider_name, provider_base_url, mvnw, whatever, typical, fresh, doubles, filtering, several, carries, words, ssn, creditcard, supports, redaction, allowlists, etc, heavier, del, select, ascii_downcase, deps, raw, publishing, scrubbing, tokens, going, section, promoting, dropped, ends, 404, documents, handles, happy, uuids, rfc, 3339, times, addresses, three, slightly, emitted, stay, become, widens, conflict, falls, back, some, merger, merging, becomes, preceding, noun, generic, resulting, likely, accountid, abc, templating, binary, inferred, appear, comma, separated, keeps, matching, critical, below, summary, means, survived, exactly, total, produced, metrics, script, bonus, collection, separate, many, cacerts, curl_ca_bundle, requests_ca_bundle, node_extra_ca_certs, listen, port, http_proxy, ctrl, disk, terminal, tell, dump, macos, pip, apt, lands, outdir, savehar, aftereach, beforeeach, setupnodeevents, flushed, runnable, lives, clone, jsonplaceholder, sandbox, toolchain, made, noise, onlyjson, usual, embed, __dirname, baseurl, testdir, develop, entire, byte, anywhere, button, flows, cmd, f12, reading, recipes, follow, exploratory, caller, plugin, spa, driven, effort, pick, almost, yourself, happens, saving, inference, mental, model, drifts, moment, forget, reflects, difference, proved, called, learn, universal, framework, makes, normal, incompatiblecount, compatiblecount, consumerversion, consumername, deployment, update, release, unknown, verified, checked, response_field_missing, expects, type_mismatch, pacts, supported, 201, responses, requestbody, describing, stamped, correlate, came, compares, presence, sides, relies, satisfied, gates, overhead, configure, configurable, sticky, highlighted, visible, choose, repos, touches, automatic, 256, bit, random, unguessable, enumeration, revoke, ready, _ru8ovubxy3r9zhosylesaulphcqbyh5jtpyldsmu88, 16t12, 56z, usage, jira, ticket, anyone, recent, 481, updated, 480, shows, drill, down, tracking, members, machines, straight, saves, includes, still, isn, historyid, sends, heavy, basic, needed, text, leaves, infrastructure, class, urls, timeline, human, writing, line, sure, paper, know, whom, deliver, surprises, safety, stops, validation, returned, affected, missing_field, created, ran, mismatch, caught, immediately, reached, triggered, merged, renamed, wasn, notified, world, story, welcome, banner, skips, silence, workstation, specshield_no_banner, tf_build, travis, jenkins_url, gitlab_ci, buildkite, github_actions, quiet, docker, seeds, subsequent, again, drifting, detected, modifications, additions, surprise, 3am, anything, proves, satisfies, those, expectations, deploying, think, unit, manual, late, enforces, angry, integrations, logs, rename, crashes, 000, silently, feel, brings, claude, cursor, clients, ask, inside, job, points, coding, uploads, prove, block, four, reach, known, bidirectional, overview, contents, items, folders, tags, additional, notification, dismiss, alert, switched, accounts, resetting, focus, qualifiers, our, query, results, quickly, submit, address, contacted, take, very, seriously, provide, tips, premium, ons, powered, collections, trending, archive, program, accelerator, maintainer, lab, programs, fund, developers, sponsors, partners, center, forum, skills, ebooks, reports, events, webinars, stories, development, topic, industries, government, manufacturing, financial, healthcare, industry, devsecops, modernization, case, nonprofits, startups, small, medium, enterprises, company, marketplace, blog, leaks, protection, secure, vulnerabilities, instant, dev, codespaces, automate, integrate, external, tools, direct, better, creation, toggle,
Text of the page (random words):
recorder that matches how the consumer is exercised in your project you almost never have to write recorder code yourself recorder use when the consumer is effort browser devtools chrome firefox edge safari a frontend spa a swagger ui or any browser driven app zero code playwright with recordhar exercised by playwright ui integration tests one config field cypress cypress har generator exercised by cypress ui tests one plugin mitmproxy a backend service to service caller in a test env one brew install no consumer changes postman insomnia bruno manually exercised during exploratory testing right click export k6 load tests already running k6 against the provider one out har flag recipes follow keep reading for the exact commands per tool then jump to step 2 the capture command which is identical regardless of recorder 1a chrome firefox edge devtools zero code best for frontend open the page that calls your api in the browser open devtools f12 cmd opt i network tab click the button to clear then reload the page and click through the flows you want to record right click anywhere in the request list save all as har with content save as traffic har that s the entire recording the file is byte compatible with everything specshield does safari note safari s export har is under the develop menu export in the network tab it produces the same format 1b playwright best for teams with ui tests add one option to your playwright config js playwright config js const path require path module exports testdir tests use baseurl https staging acme com recordhar path path resolve __dirname traffic har mode full content embed run your tests as usual npx playwright test writes traffic har on context close the har will contain every http call the browser made during the test html js images and the api json the onlyjson default in step 2 filters out the noise automatically need the har file flushed per test create the context explicitly in your test and call await context close at the end a runnable copy paste starter lives in examples playwright har of this repo clone npm install npx playwright install chromium npm test produces traffic har against the public jsonplaceholder sandbox so you can verify the toolchain works before pointing it at your own provider 1c cypress npm i d neuralegion cypress har generator cypress config js const install require neuralegion cypress har generator module exports e2e setupnodeevents on config install on return config cypress support e2e js beforeeach cy recordhar aftereach cy savehar outdir har out run npx cypress run and the har for each spec lands in har out 1d mitmproxy best for backend service to service when the consumer is a backend service no browser point it through mitmproxy in your integration test env no consumer code change install once brew install mitmproxy macos also available via pip and apt start the proxy and tell it to dump har mitmdump set hardump traffic har listen port 8080 in another terminal run your tests with https_proxy pointing at it https_proxy http localhost 8080 http_proxy http localhost 8080 run integration tests sh ctrl c mitmdump when done traffic har is on disk the hardump add on is built into mitmproxy 9 0 for tls hosts you ll need to trust mitmproxy s ca in your test jvm runtime see the mitmproxy ca docs in many test environments it s a single env var node_extra_ca_certs requests_ca_bundle curl_ca_bundle or a jvm cacerts import 1e postman insomnia bruno run the request or a whole collection runner right click the response save response as har repeat for each request you want included then either keep them as separate har files pass in once per file via a loop in ci or merge them with any har merge tool 1f k6 load test bonus recording while load testing k6 run out har traffic har script js k6 emits a har alongside its load metrics same file works with bdct capture from har step 2 turn the har into a consumer contract this is the one cli command the same command works regardless of which recorder produced the har specshield bdct capture from har in traffic har base url https api acme com out consumer contract yaml expected output wrote consumer contract yaml 4 endpoints 6 ops from 23 41 entries the 23 41 summary means 23 entries survived the filters right host json body out of 41 total the recorder captured open the yaml to see exactly what your code talks to endpoint by endpoint field by field all options flag purpose default in path required input har file har 1 2 out path output file if omitted writes to stdout stdout base url url keep only entries matching this url prefix critical when the consumer talks to multiple backends see multi host below no filter keeps every host method verbs comma separated methods to include e g get post all methods title title openapi info title captured consumer contract version ver openapi info version usually your git sha in ci 0 1 0 format fmt yaml or json yaml include non json keep entries with non json bodies html images binary schemas can t be inferred but the endpoints will appear off what the engine actually does for every har entry that passes the filters path templating users 123 orders abc 2026 becomes users userid orders orderid parameter names come from the preceding noun in the url not a generic id so the resulting openapi matches the parameter names your provider likely already uses userid orderid accountid per status schema merging if three get users userid samples return slightly different shapes the emitted schema is the merger fields seen in every sample stay required fields seen in some samples become optional integer number widens to number a type conflict falls back to string format detection uuids rfc 3339 date times and email addresses get format uuid format date time format email status code coverage a 404 sample produces its own response schema alongside the 200 so the contract documents the error shapes your code handles not just the happy path json only by default entries with non json bodies are dropped the html page load from a playwright test never ends up in the contract step 3 publish gate 1 publish the captured contract run on every consumer pr specshield bdct publish consumer org acme store consumer checkout ui provider payment service version git_sha format openapi contract consumer contract yaml 2 gate the deploy run before promoting the consumer specshield bdct can i deploy org acme store service checkout ui version git_sha env staging exit 0 safe exit 1 a verification says no and the deploy is blocked full bdct command reference is in the bi directional contract testing section above operational concerns read this before going live scrubbing auth tokens cookies and pii a raw har can contain authorization headers session cookies and real pii in request response bodies scrub before publishing two patterns quick scrub with jq zero deps if you already have jq jq del headers select name ascii_downcase in authorization cookie set cookie x api key traffic har scrubbed har heavier scrub via har sanitizer npm tool supports body redaction patterns allowlists etc npx har sanitizer input traffic har output scrubbed har scrub words email ssn creditcard the contract that bdct capture from har emits only carries field names and types not values so once the har is scrubbed of secrets the published contract is safe to share with the provider team multi host filtering consumer talks to several backends base url is a prefix match so it doubles as a host filter keep only calls to the payment service specshield bdct capture from har in traffic har base url https payment acme com out contracts checkout ui payment yaml same har different provider keep only calls to inventory specshield bdct capture from har in traffic har base url https inventory acme com out contracts checkout ui inventory yaml one test run one har n consumer contracts one per provider keeping contracts fresh in ci the whole pattern is record from your existing tests publish from ci a typical github workflows contract test yml name run integration tests produces traffic har run npx playwright test or mvnw verify or whatever you use name har consumer contract run specshield bdct capture from har in traffic har base url vars provider_base_url out consumer contract yaml name publish contract env specshield_api_key secrets specshield_api_key run specshield bdct publish consumer org vars specshield_org consumer vars service_name provider vars provider_name version github sha format openapi contract consumer contract yaml name gate the deploy env specshield_api_key secrets specshield_api_key run specshield bdct can i deploy org vars specshield_org service vars service_name version github sha env staging identical pattern on gitlab circleci jenkins only the secret injection syntax changes common pitfalls symptom cause fix 0 endpoints 0 ops from 0 n entries base url doesn t match any host in the har drop base url to see what hosts are in the har re run with the right prefix contract is missing your post recorder captured a 4xx for that post fix the test so the post succeeds or keep the 4xx it ll document the error path path got templated when you didn t want it to a literal path segment looked like a numeric uuid id path segments are templated when multiple entries share a prefix but differ on that segment a single entry stays literal playwright har file is empty not written context close didn t run create the context explicitly with chromium launch browser newcontext recordhar and await context close at the end of the test backend rejects post when mitmproxy is in the path tls cert not trusted by the consumer see the mitmproxy ca cert link above one env var or one jks import why this is the most valuable piece of the cli every other contract testing product on the market asks the consumer team to change their code adopt a dsl instrument their tests run a broker that tax is why most teams that should be doing contract testing aren t bdct capture from har removes the tax your team s existing test run is already the contract the cli just converts the format the har capture publish can i deploy loop is what turns we have openapi specs in a folder into no provider pr merges if it would break a deployed consumer with measurable enforcement in one ci step and no per language sdk bdct verify provider does your live provider actually match its spec active spec vs production conformance dredd style in ci most teams trust the provider s openapi as the source of truth and never check whether the running service actually matches it specshield s compatibility engine for bdct is only as accurate as that trust so verify provider closes the loop by firing probes derived from the spec at a running endpoint staging usually and validating every response body against the spec s schema for its status code catches things like the spec says status paid pending refunded but the live api sometimes returns partially_refunded or a field documented as required is sometimes missing or a format uuid field actually contains a numeric id safe by default by default verify provider only probes safe methods get head options it must never side effect your staging data mutating methods are opt in with include mutating run it specshield bdct verify provider spec api openapi yaml base url https staging payments acme com provider conformance spec vs https staging payments acme com pass get health 200 fail get payments paymentid 200 amount must be number pass get orders 200 skip get unconfigured thingid unresolved path params no path params or spec example thingid 2 pass 1 fail 0 error 1 skip 4 probes exit codes 0 all pass 1 at least one fail error 2 config spec error options flag purpose spec path required provider openapi spec yaml or json ref s are resolved base url url required base url of the running provider e g https staging payments acme com include mutating also probe post put patch delete off by default never side effects staging path params kvlist resolve path params paymentid pay 123 userid u 7 overrides spec examples repeatable header header extra request header to send e g header authorization bearer token repeatable timeout ms ms per request timeout default 8000 json machine readable json output for ci parsing path parameter resolution for path templates like payments paymentid the resolution priority is path params paymentid pay 123 on the cli always wins the spec s parameters example for that param skipped with a reason if neither resolves so you can declare examples in the spec once and never repeat them on the cli paths payments paymentid get parameters name paymentid in path required true schema type string example pay 123 verify provider uses this automatically what the validator checks per response type format string integer number boolean array object plus format uuid date time email via ajv formats required fields flags any required field that s missing enums flags values outside the documented enum set nullable true properly allows null values oas 3 0 isms handled status code coverage actual status must match an exact code a wildcard 4xx or the default response an undocumented status is a fail run it from ci name verify production matches spec env staging_token secrets staging_token run specshield bdct verify provider spec api openapi yaml base url https staging payments acme com header authorization bearer staging_token json conformance json ci cd github actions on pull request catch breaking spec changes before merge name api contract check on pull_request branches main jobs check api contract runs on ubuntu latest steps uses actions checkout v4 with fetch depth 0 uses actions setup node v4 with node version 20 run npm install g specshield run git show origin main api openapi yaml tmp base yaml run specshield compare tmp base yaml api openapi yaml fail on breaking on push publish provider spec gate the deploy name bdct publish deploy gate on push branches main paths api openapi yaml jobs publish bdct runs on ubuntu latest steps uses actions checkout v4 uses actions setup node v4 with node version 20 run npm install g specshield name publish provider spec env specshield_api_key secrets specshield_api_key run specshield bdct publish provider org vars specshield_org provider payment service version github sha spec api openapi yaml env production name gate the deploy env specshield_api_key secrets specshield_api_key run specshield bdct can i deploy org vars specshield_org service payment service version github sha env production nightly spec vs production conformance name provider conformance on schedule cron 0 7 daily 07 00 utc workflow_dispatch jobs conformance runs on ubuntu latest steps uses actions checkout v4 uses actions setup node v4 with node version 20 run npm install g specshield name verify production matches its spec env staging_token secrets staging_token run specshield bdct verify provider spec api openapi yaml base url https staging payments acme com header a...
|