diff --git a/.github/workflows/pr-backend-code-checks.yml b/.github/workflows/pr-backend-code-checks.yml index 37073dc28c4..f9b0b6eeecc 100644 --- a/.github/workflows/pr-backend-code-checks.yml +++ b/.github/workflows/pr-backend-code-checks.yml @@ -10,6 +10,7 @@ on: permissions: contents: read + id-token: write jobs: validate-configs: @@ -21,7 +22,10 @@ jobs: - name: Setup Go uses: actions/setup-go@v5 with: - go-version-file: go.mod + # Explicitly set Go version to 1.24.1 to ensure consistent OpenAPI spec generation + # The crypto/x509 package has additional fields in Go 1.24.1 that affect the generated specs + # This ensures the GHAs environment matches what we use in the Drone pipeline + go-version: 1.24.1 cache: true - name: Verify code generation @@ -32,6 +36,31 @@ jobs: - name: Validate go.mod run: go run scripts/modowners/modowners.go check go.mod + # Enterprise setup is needed for complete OpenAPI spec generation + # We only do this for internal PRs + - name: Setup Grafana Enterprise + if: github.event.pull_request.head.repo.fork == false + uses: ./.github/actions/setup-enterprise + - name: Generate and Validate OpenAPI Specs run: | - make swagger-gen + # For forks, we'll just run the basic swagger-gen without validation + if [[ "${{ github.event.pull_request.head.repo.fork }}" == "true" ]]; then + echo "PR is from a fork, skipping enterprise-based validation" + make swagger-gen + exit 0 + fi + + # Clean and regenerate OpenAPI specs + make swagger-clean && make openapi3-gen + + # Check if the generated specs differ from what's in the PR + for f in public/api-merged.json public/openapi3.json; do git add $f; done + if [ -z "$(git diff --name-only --cached)" ]; then + echo "OpenAPI specs are up to date!" + else + echo "OpenAPI specs are OUT OF DATE!" + git diff --cached + echo "Please ensure the branch is up-to-date, then regenerate the specification by running make swagger-clean && make openapi3-gen" + exit 1 + fi