GitHub Action to create snapshots of your OpenAPI schema at explore-openapi.dev
- π€ Send OpenAPI schema to explore-openapi.dev
- π·οΈ Automatic snapshot naming (PR number or branch name)
- π Project-based organization
- π OIDC Authentication: Secure, no secrets needed
- π΄ Fork-friendly: Works seamlessly with external contributor PRs
- π¬ Automatic PR comment creation/update with snapshot results
- β° Smart snapshot retention: Permanent snapshots for branches/tags, temporary for PRs (30-day retention)
- π Dual URLs: Direct snapshot view + compare URLs for easy diff visualization
- β‘ Built with modern TypeScript tools (tsdown, vitest, oxlint)
- π― Node 20+ support
First, install the Explore OpenAPI GitHub App to your repository. This app is required to post PR comments, especially for fork PRs.
Create or update your workflow file (e.g., .github/workflows/openapi-snapshot.yml):
name: OpenAPI Snapshot
on:
pull_request:
push:
branches: [main]
jobs:
snapshot:
runs-on: ubuntu-latest
permissions:
id-token: write # Required for OIDC authentication
steps:
- uses: actions/checkout@v4
- name: Create OpenAPI Snapshot
uses: patzick/explore-openapi-snapshot@v2
with:
schema-file: "./openapi.json"
project: "my-api-project"That's it! The action will:
- β Authenticate using OIDC (no secrets needed)
- β Create snapshots for every PR and push
- β Post comments on PRs with snapshot links (via GitHub App)
- β Work perfectly with external contributor PRs from forks
The action uses OIDC (OpenID Connect) for secure, token-based authentication:
- GitHub Actions generates a short-lived OIDC token
- The token is sent to the Explore OpenAPI backend
- Backend validates the token and creates the snapshot
- No secrets or API keys needed!
Required Permission: Your workflow must have id-token: write permission.
PR comments are posted by the Explore OpenAPI GitHub App, not by the action itself. This architecture enables:
- β Comments on PRs from forks (external contributors)
- β
No need for
GITHUB_TOKENorpull-requests: writepermission - β Consistent comment format across all PRs
Important: You must install the GitHub App for PR comments to work.
Snapshots are automatically managed based on context:
| Context | Retention | Use Case |
|---|---|---|
| Pull Request | 30 days | Temporary snapshots for review |
| Branch Push | Permanent | Development branch history |
| Tag Push | Permanent | Release snapshots |
| Input | Description | Required | Default |
|---|---|---|---|
schema-file |
Path to the JSON schema file | Yes | - |
project |
Project name or project ID | Yes | - |
snapshot-name |
Custom snapshot name | No | PR number or branch name |
The action automatically generates snapshot names:
- Pull Requests: Uses PR number (e.g.,
123for PR #123) - Branch Pushes: Uses branch name (e.g.,
feature/new-endpoint) - Tag Pushes: Uses tag name (e.g.,
v1.0.0) - Custom: Override with
snapshot-nameinput
| Output | Description |
|---|---|
snapshot-url |
URL to view the created snapshot |
response |
Full API response as JSON string |
- name: Create OpenAPI Snapshot
id: snapshot
uses: patzick/explore-openapi-snapshot@v2
with:
schema-file: "./openapi.json"
project: "my-api-project"
- name: Use snapshot URL
run: echo "Snapshot created at ${{ steps.snapshot.outputs.snapshot-url }}"The action fully supports external contributor PRs thanks to OIDC authentication and the GitHub App:
How it works:
- Fork PR triggers the workflow
- Action obtains OIDC token (no secrets needed)
- Backend validates token and creates snapshot
- GitHub App posts comment (has permissions even for forks)
Result: External contributors see the same snapshot comments as repository members! π
- name: Create OpenAPI Snapshot
uses: patzick/explore-openapi-snapshot@v2
with:
schema-file: "./api/openapi.json"
project: "my-api-project"
snapshot-name: "v2.1.0-beta"- name: Snapshot Public API
uses: patzick/explore-openapi-snapshot@v2
with:
schema-file: "./public-api.json"
project: "my-project-public"
- name: Snapshot Internal API
uses: patzick/explore-openapi-snapshot@v2
with:
schema-file: "./internal-api.json"
project: "my-project-internal"Cause: Missing id-token: write permission.
Solution: Add to your workflow:
permissions:
id-token: writeCause: GitHub App not installed.
Solution: Install the Explore OpenAPI GitHub App to your repository.
Cause: Project doesn't exist or isn't authorized for your repository.
Solution: Contact the Explore OpenAPI team to set up your project.
If you're upgrading from v1, see the Migration Guide for detailed instructions.
Key changes in v2:
- β OIDC is now the only authentication method (simpler!)
- β
No more
use-oidc,auth-token, orgithub-tokeninputs - β Requires GitHub App installation
- Node.js 24 or higher
- pnpm
# Install dependencies
pnpm install
# Run tests
pnpm test
# Lint code
pnpm run lint
# Type check
pnpm run typecheck
# Build action
pnpm run build# Run tests once
pnpm test
# Run tests in watch mode
pnpm run test:watch
# Run end-to-end tests (requires .env file)
pnpm run test:e2e.
βββ src/
β βββ index.ts # Main entry point
β βββ api.ts # API communication
β βββ oidc.ts # OIDC token handling
β βββ types.ts # Type definitions
β βββ __tests__/ # Test files
βββ .github/workflows/ # GitHub Actions workflows
βββ action.yml # Action metadata
βββ example-schema.json # Example OpenAPI schema
βββ MIGRATION_GUIDE.md # v1 to v2 migration guide
- OIDC Authentication: Uses GitHub's native OIDC provider for secure, short-lived tokens
- No Secrets: No API keys or tokens to manage or rotate
- Minimal Permissions: Only requires
id-token: write - GitHub App: Comments posted via official GitHub App with minimal permissions
- π Documentation
- π Report Issues
- π¬ Discussions
MIT