infisical/.github/workflows/check-api-for-breaking-changes.yml

name: "Check API For Breaking Changes"

on:
  pull_request:
    types: [opened, synchronize]
    paths:
      - "backend/src/server/routes/**"
      - "backend/src/ee/routes/**"

jobs:
  check-be-api-changes:
    name: Check API Changes
    runs-on: ubuntu-latest
    timeout-minutes: 15
    steps:
      - name: Checkout source
        uses: actions/checkout@v3
      # - name: Setup Node 20
      #   uses: actions/setup-node@v3
      #   with:
      #     node-version: "20"
      # uncomment this when testing locally using nektos/act
      - uses: KengoTODA/actions-setup-docker-compose@v1
        if: ${{ env.ACT }}
        name: Install `docker compose` for local simulations
        with:
          version: "2.14.2"
      - name: 📦Build the latest image
        run: docker build --tag infisical-api .
        working-directory: backend
      - name: Start postgres and redis
        run: touch .env && docker compose -f docker-compose.dev.yml up -d db redis
      - name: Start the server
        run: |
          echo "SECRET_SCANNING_GIT_APP_ID=793712" >> .env
          echo "SECRET_SCANNING_PRIVATE_KEY=some-random" >> .env
          echo "SECRET_SCANNING_WEBHOOK_SECRET=some-random" >> .env

          echo "Examining built image:"
          docker image inspect infisical-api | grep -A 5 "Entrypoint"
          
          docker run --name infisical-api -d -p 4000:4000 \
            -e DB_CONNECTION_URI=$DB_CONNECTION_URI \
            -e REDIS_URL=$REDIS_URL \
            -e JWT_AUTH_SECRET=$JWT_AUTH_SECRET \
            -e ENCRYPTION_KEY=$ENCRYPTION_KEY \
            --env-file .env \
            infisical-api
          
          echo "Container status right after creation:"
          docker ps -a | grep infisical-api
        env:
          REDIS_URL: redis://172.17.0.1:6379
          DB_CONNECTION_URI: postgres://infisical:infisical@172.17.0.1:5432/infisical?sslmode=disable
          JWT_AUTH_SECRET: something-random
          ENCRYPTION_KEY: 4bnfe4e407b8921c104518903515b218
      - uses: actions/setup-go@v5
        with:
          go-version: "1.21.5"
      - name: Wait for container to be stable and check logs
        run: |
          SECONDS=0
          HEALTHY=0
          while [ $SECONDS -lt 60 ]; do
            # Check if container is running
            if docker ps | grep infisical-api; then
              # Try to access the API endpoint
              if curl -s -f http://localhost:4000/api/docs/json > /dev/null 2>&1; then
                echo "API endpoint is responding. Container seems healthy."
                HEALTHY=1
                break
              fi
            else
              echo "Container is not running!"
              docker ps -a | grep infisical-api
              break
            fi
            
            echo "Waiting for container to be healthy... ($SECONDS seconds elapsed)"
            sleep 5
            SECONDS=$((SECONDS+5))
          done
          
          if [ $HEALTHY -ne 1 ]; then
            echo "Container did not become healthy in time"
            echo "Container status:"
            docker ps -a | grep infisical-api
            echo "Container logs (if any):"
            docker logs infisical-api || echo "No logs available"
            echo "Container inspection:"
            docker inspect infisical-api | grep -A 5 "State"
            exit 1
          fi
      - name: Install openapi-diff
        run: go install github.com/oasdiff/oasdiff@latest
      - name: Running OpenAPI Spec diff action
        run: oasdiff breaking https://app.infisical.com/api/docs/json http://localhost:4000/api/docs/json --fail-on ERR
      - name: cleanup
        if: always()
        run: |
          docker compose -f "docker-compose.dev.yml" down
          docker stop infisical-api || true
          docker rm infisical-api || true