Open
Conversation
📝 WalkthroughWalkthroughAdds a GitHub Actions workflow that builds and runs the API under a swagger profile, polls and extracts the OpenAPI JSON, places it into the AMRIT-Docs repository, and opens a pull request; also adds H2 runtime dependency and a new application-swagger Spring profile. Changes
Sequence Diagram(s)sequenceDiagram
participant Actions as GitHub Actions Runner
participant Maven as Maven/Java Build
participant App as API (swagger profile)
participant Endpoint as /v3/api-docs
participant JQ as jq processor
participant Docs as AMRIT-Docs repo
Actions->>Maven: checkout + mvn -Dspring.profiles.active=swagger package
Maven->>App: start API on port 9090
App->>Endpoint: expose OpenAPI JSON
loop poll (up to 30 tries, 5s)
Actions->>Endpoint: GET /v3/api-docs
Endpoint-->>Actions: JSON or not ready
end
Actions->>JQ: transform payload -> admin-api.json
Actions->>Docs: checkout amrit-docs repo
Actions->>Docs: copy admin-api.json -> docs/swagger/admin-api.json
Actions->>Docs: create branch, commit, push
Actions->>Docs: open PR via PR action
alt failure / timeout
Actions->>App: terminate process, log error
end
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~20 minutes Poem
🚥 Pre-merge checks | ✅ 2 | ❌ 1❌ Failed checks (1 inconclusive)
✅ Passed checks (2 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 3
🤖 Fix all issues with AI agents
In @.github/workflows/swagger-json.yml:
- Around line 38-47: The curl call inside the retry loop (the invocation that
writes swagger_raw.json and sets CODE) can hang indefinitely; update that curl
invocation to include connection and overall timeouts (e.g., add
--connect-timeout and --max-time) so each iteration returns promptly, keep the
existing || true to allow retries, and ensure the rest of the loop that checks
CODE and writes admin-api.json remains unchanged.
In `@src/main/resources/application-swagger.properties`:
- Line 18: Replace the hard-coded jwt.secret value in
application-swagger.properties with a reference to an environment-provided
secret (e.g., use the jwt.secret property to read from an environment variable
or config placeholder) so the repo does not contain a static secret; update code
that loads properties if necessary to resolve the environment variable for the
jwt.secret property and ensure your CI/workflow sets the env var used.
- Around line 12-13: Replace the open CORS wildcard in the swagger profile by
changing the cors.allowed-origins property to use a restricted allowlist driven
by an environment variable (e.g., SWAGGER_CORS_ALLOWED_ORIGINS) and provide a
safe default (localhost/dev-only) instead of "*"; update the property
cors.allowed-origins to reference that env var so operators can override allowed
origins without permitting all origins in non-CI environments.
| # Logging | ||
| logging.level.root=INFO | ||
|
|
||
| jwt.secret=dummy-secret |
There was a problem hiding this comment.
Avoid committing a static JWT secret.
Line 18 hard-codes a secret in repo. Use an environment variable (set in the workflow) to avoid shipping a known secret.
🔒 Suggested change
-jwt.secret=dummy-secret
+jwt.secret=${JWT_SECRET}🤖 Prompt for AI Agents
In `@src/main/resources/application-swagger.properties` at line 18, Replace the
hard-coded jwt.secret value in application-swagger.properties with a reference
to an environment-provided secret (e.g., use the jwt.secret property to read
from an environment variable or config placeholder) so the repo does not contain
a static secret; update code that loads properties if necessary to resolve the
environment variable for the jwt.secret property and ensure your CI/workflow
sets the env var used.
There was a problem hiding this comment.
Actionable comments posted: 2
🤖 Fix all issues with AI agents
In @.github/workflows/swagger-json.yml:
- Around line 68-70: The workflow step "Copy Swagger JSON" can fail if the
destination directory doesn't exist; update that step to create the target
directory before copying by running a command like "mkdir -p
amrit-docs/docs/swagger" prior to the "cp admin-api.json
amrit-docs/docs/swagger/admin-api.json" command so the directory is guaranteed
to exist when the copy runs.
- Around line 41-44: The workflow currently runs `jq . swagger_raw.json` on one
line and then `echo "Swagger generated successfully"` and `exit 0` on the next,
which allows a jq failure to be ignored; update the step so the jq invocation
must succeed before printing success or exiting (e.g., chain commands with && or
check jq's exit code) when CODE == "200" so that failure to parse
swagger_raw.json prevents writing/committing an invalid admin-api.json and
returns a non-zero exit instead of running the success branch; reference the
`jq` invocation, `swagger_raw.json`, `admin-api.json`, the `CODE` check and the
`exit 0` behavior when making this change.
🧹 Nitpick comments (2)
.github/workflows/swagger-json.yml (2)
26-27: Consider removing the jq installation step.
jqis pre-installed on GitHub'subuntu-latestrunners, so this step can be removed to simplify the workflow and save a few seconds.♻️ Suggested change
- - name: Install jq - run: sudo apt-get update && sudo apt-get install -y jq - - name: Run API in swagger profile
23-35: Consider using the packaged JAR instead of rebuilding withspring-boot:run.The workflow packages the application (line 24) but then runs
mvn spring-boot:runwhich rebuilds. This effectively builds the project twice. Using the packaged JAR is more efficient.♻️ Suggested change
- name: Run API in swagger profile run: | - mvn spring-boot:run \ - -Dspring-boot.run.profiles=swagger \ - -Dspring-boot.run.arguments=--server.port=9090 \ + java -jar -Dspring.profiles.active=swagger \ + target/*.jar --server.port=9090 \ > app.log 2>&1 & echo $! > api_pid.txt
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary by CodeRabbit
New Features
Chores