Skip to content

ci: trigger Python client model regeneration on OpenAPI spec changes#2305

Draft
vdusek wants to merge 1 commit intomasterfrom
fix/openapi-specs-pydantic-models
Draft

ci: trigger Python client model regeneration on OpenAPI spec changes#2305
vdusek wants to merge 1 commit intomasterfrom
fix/openapi-specs-pydantic-models

Conversation

@vdusek
Copy link
Contributor

@vdusek vdusek commented Mar 3, 2026
edited by cursor bot
Loading

Summary

  • Add a trigger-client-model-regeneration job to openapi-ci.yaml
  • Detects OpenAPI file changes in PRs using dorny/paths-filter (path: apify-api/openapi/**)
  • Triggers regenerate_models.yaml workflow in apify/apify-client-python via gh workflow run
  • Uses APIFY_SERVICE_ACCOUNT_GITHUB_TOKEN for cross-repo trigger (existing pattern)

How it works

PR in apify-docs (changes openapi specs)
  → openapi-ci.yaml: lint → build → validate → trigger-client-model-regeneration
    → gh workflow run regenerate_models.yaml in apify-client-python
      → Build spec from PR branch → datamodel-codegen → PR + comment on docs PR

Related

Test plan

  • Merge the apify-client-python counterpart first (workflow must exist on default branch)
  • Then merge this PR
  • Create a test PR that changes files in apify-api/openapi/
  • Verify the trigger fires and creates a PR in apify-client-python

🤖 Generated with Claude Code

Note

Cursor Bugbot is generating a summary for commit 9dac315. Configure here.

@vdusek vdusek added adhoc Ad-hoc unplanned task added during the sprint. t-tooling Issues with this label are in the ownership of the tooling team. labels Mar 3, 2026
@vdusek vdusek self-assigned this Mar 3, 2026
@github-actions github-actions bot added this to the 135th sprint - Tooling team milestone Mar 3, 2026
cursor[bot]
cursor bot reviewed Mar 3, 2026
View reviewed changes
Copy link

@cursor cursor bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cursor Bugbot has reviewed your changes and found 1 potential issue.

Bugbot Free Tier Details

Your team is on the Bugbot Free tier. On this plan, Bugbot will review limited PRs each billing cycle for each member of your team.

To receive Bugbot reviews on all of your PRs, visit the Cursor dashboard to activate Pro and start your 14-day free trial.

Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.

Comment @cursor review or bugbot run to trigger another review on this PR

.github/workflows/openapi-ci.yaml
gh workflow run regenerate_models.yaml \
--repo apify/apify-client-python \
--field docs_pr_number=${{ github.event.pull_request.number }} \
--field docs_pr_branch=${{ github.head_ref }}
Copy link

@cursor cursor bot Mar 3, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Script injection via unsanitized github.head_ref in shell

High Severity

${{ github.head_ref }} is directly interpolated into a run shell script, creating a script injection vulnerability. An attacker can craft a malicious branch name containing shell metacharacters (e.g., embedding $(curl ...)) that will execute arbitrary commands. This is especially dangerous here because the APIFY_SERVICE_ACCOUNT_GITHUB_TOKEN cross-repo secret is exposed in the environment and could be exfiltrated. The value needs to be passed via an environment variable instead of inline ${{ }} interpolation.

Fix in Cursor Fix in Web

@apify-service-account
Copy link

apify-service-account commented Mar 3, 2026

Preview for this PR was built for commit 9dac315f and is ready at https://pr-2305.preview.docs.apify.com!

@vdusek vdusek removed request for fnesveda and janbuchar March 3, 2026 10:56
@vdusek vdusek marked this pull request as draft March 3, 2026 10:56
@vdusek @claude
ci: trigger Python client model regeneration on OpenAPI spec changes
91cbdd6 
Add a job to openapi-ci.yaml that detects OpenAPI file changes in PRs
using dorny/paths-filter and triggers the regenerate_models workflow in
apify-client-python via gh workflow run.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@vdusek vdusek force-pushed the fix/openapi-specs-pydantic-models branch from 9dac315 to 91cbdd6 Compare March 3, 2026 10:57
@apify-service-account
Copy link

apify-service-account commented Mar 3, 2026

Preview for this PR was built for commit 91cbdd64 and is ready at https://pr-2305.preview.docs.apify.com!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cursor cursor[bot] cursor[bot] left review comments

At least 1 approving review is required to merge this pull request.

Assignees

@vdusek vdusek

Labels

adhoc Ad-hoc unplanned task added during the sprint. t-tooling Issues with this label are in the ownership of the tooling team.

Projects

None yet

Milestone

135th sprint - Tooling team

Development

Successfully merging this pull request may close these issues.

2 participants

@vdusek @apify-service-account