OpenAPI Contract Update Workflow¶
Canonical checklist for keeping the AstraDesk Admin API specification, generated client code, and CI guardrails in sync.
When to use this workflow¶
Run this procedure every time you:
- add, rename, or remove endpoints in
openapi/astradesk-admin.v1.yaml - adjust schemas or parameters that affect the admin portal client
- change security requirements on Admin API operations (e.g. add/remove a
security:block or editcomponents.securitySchemes, as NEW-SEC did when adding theBearerAuthrequirement to previously-unprotected operations) - regenerate OpenAPI-driven TypeScript helpers
This is the single source of truth for contract updates—link to it in pull requests whenever an API change ships.
Prerequisites¶
- Node.js ≥ 22 with
npmavailable locally (or Docker access to run the Node toolchain). - Admin portal dependencies installed (
npm ciinsideservices/admin-portal). - CI configured with the API contract sync job (already enforced via
.github/workflows/ci.yml).
Optional but recommended:
- Python +
uvfor backend tests. - Docker if you need to rebuild containers before merging.
Step-by-step procedure¶
-
Edit the OpenAPI spec
Keep descriptions and tags updated; they drive generated metadata. -
Regenerate client artifacts
This rewrites: src/api/types.gen.tssrc/api/spec-operations.gen.ts-
any additional files emitted by the generator script
-
Verify drift guard passes
The command fails if artifacts are stale or missing. -
Verify the contract version/shape guard
Confirmsopenapi.version(3.1.0) andinfo.version(1.2.0) are unchanged, and thatservices/admin-portal/openapi/OpenAPI.yaml(if present as a real file rather than a symlink) matches the canonical spec. Run this whenever the spec changes, including security-only changes that don't touch schemas. -
Run quality gates locally
Tip: Without a local Node install you can use Docker: -
Stage and commit related changes together
Include any other touched files (e.g., UI updates) in the same changeset to keep history cohesive. -
Push and open a pull request
- Reference this workflow in the PR description.
- Ensure branch protection requires the API contract sync job to pass on CI.
Environment & tooling notes¶
- Node provisioning: use
nvm,asdf, or the project-provided Docker image to matchNODE_VERSION=22defined in CI. Do not rely on older runtimes. - Admin portal scripts: both
scripts/openapi-generate.tsandscripts/check-openapi-sync.tslocate the repo root automatically—run them only from withinservices/admin-portal. - CI enforcement:
.github/workflows/ci.ymlcontains an explicit “API contract sync” step. Merges intomainare blocked if generated files differ from the specification.
Troubleshooting¶
| Symptom | Resolution |
|---|---|
npm run openapi:gen fails with “spec not found” |
Ensure ASTRA_OPENAPI_SPEC is unset or points to openapi/astradesk-admin.v1.yaml. |
npm run openapi:check reports stale files after regeneration |
Re-run openapi:gen, then confirm git staged the regenerated files. |
| CI contract job fails on PR | Pull the latest main branch, re-run steps 2–4 locally, and recommit the regenerated artifacts. |
Following this checklist keeps the admin portal, API specification, and CI guardrails aligned, preventing contract drift from reaching production. Save this document as the authoritative reference for contract updates. 💼