fix(sdd): add Spectral ruleset so contract-validate passes
Some checks failed
SDD Gate / Contract Validate (pull_request) Waiting to run
SDD Gate / Constitution Impact (pull_request) Waiting to run
CI / Unit & Component Tests (pull_request) Has been cancelled
CI / OCR Service Tests (pull_request) Has been cancelled
CI / Backend Unit Tests (pull_request) Has been cancelled
CI / fail2ban Regex (pull_request) Has been cancelled
CI / Semgrep Security Scan (pull_request) Has been cancelled
CI / Compose Bucket Idempotency (pull_request) Has been cancelled
SDD Gate / RTM Check (pull_request) Has been cancelled
Some checks failed
SDD Gate / Contract Validate (pull_request) Waiting to run
SDD Gate / Constitution Impact (pull_request) Waiting to run
CI / Unit & Component Tests (pull_request) Has been cancelled
CI / OCR Service Tests (pull_request) Has been cancelled
CI / Backend Unit Tests (pull_request) Has been cancelled
CI / fail2ban Regex (pull_request) Has been cancelled
CI / Semgrep Security Scan (pull_request) Has been cancelled
CI / Compose Bucket Idempotency (pull_request) Has been cancelled
SDD Gate / RTM Check (pull_request) Has been cancelled
Spectral v6 ships no implicit ruleset — the CI job exited 'no ruleset found'. Adds .spectral.yaml (extends spectral:oas, documentation-only warnings relaxed for design-time stubs), adds operation tags to the _example contract so it lints clean (0 results), and aligns the api-contract-stub note. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
Marcel
@@ -45,6 +45,7 @@ paths:
|
|||||||
/api/users/me/avatar:
|
/api/users/me/avatar:
|
||||||
post:
|
post:
|
||||||
summary: Upload or replace the current user's avatar
|
summary: Upload or replace the current user's avatar
|
||||||
|
tags: [Users]
|
||||||
operationId: uploadMyAvatar
|
operationId: uploadMyAvatar
|
||||||
security:
|
security:
|
||||||
- cookieAuth: []
|
- cookieAuth: []
|
||||||
@@ -78,6 +79,7 @@ paths:
|
|||||||
schema: { $ref: '#/components/schemas/ErrorResponse' }
|
schema: { $ref: '#/components/schemas/ErrorResponse' }
|
||||||
delete:
|
delete:
|
||||||
summary: Remove the current user's avatar
|
summary: Remove the current user's avatar
|
||||||
|
tags: [Users]
|
||||||
operationId: deleteMyAvatar
|
operationId: deleteMyAvatar
|
||||||
security:
|
security:
|
||||||
- cookieAuth: []
|
- cookieAuth: []
|
||||||
@@ -95,6 +97,7 @@ paths:
|
|||||||
/api/users/{id}/avatar:
|
/api/users/{id}/avatar:
|
||||||
get:
|
get:
|
||||||
summary: Stream a user's avatar image (authenticated proxy)
|
summary: Stream a user's avatar image (authenticated proxy)
|
||||||
|
tags: [Users]
|
||||||
operationId: getUserAvatar
|
operationId: getUserAvatar
|
||||||
security:
|
security:
|
||||||
- cookieAuth: []
|
- cookieAuth: []
|
||||||
@@ -113,6 +116,7 @@ paths:
|
|||||||
'404': { description: User has no avatar, content: { application/json: { schema: { $ref: '#/components/schemas/ErrorResponse' } } } }
|
'404': { description: User has no avatar, content: { application/json: { schema: { $ref: '#/components/schemas/ErrorResponse' } } } }
|
||||||
delete:
|
delete:
|
||||||
summary: Remove another user's avatar (admin only)
|
summary: Remove another user's avatar (admin only)
|
||||||
|
tags: [Users]
|
||||||
operationId: deleteUserAvatar
|
operationId: deleteUserAvatar
|
||||||
description: Requires Permission.ADMIN_USER (enforced by @RequirePermission on the controller).
|
description: Requires Permission.ADMIN_USER (enforced by @RequirePermission on the controller).
|
||||||
security:
|
security:
|
||||||
|
|||||||
@@ -86,11 +86,12 @@ paths:
|
|||||||
|
|
||||||
## Validating the contract in CI
|
## Validating the contract in CI
|
||||||
|
|
||||||
The `sdd-gate.yml` workflow runs, on PRs that touch a `api-contract.yaml`:
|
The `sdd-gate.yml` `contract-validate` job lints any committed OpenAPI file changed in the PR:
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
npx @stoplight/spectral-cli lint .specify/features/**/api-contract.yaml
|
npx @stoplight/spectral-cli lint <your-contract>.yaml
|
||||||
```
|
```
|
||||||
|
|
||||||
Spectral's default OpenAPI ruleset catches malformed specs, missing `operationId`s, and
|
The ruleset is `.spectral.yaml` at the repo root (extends `spectral:oas`; documentation-only
|
||||||
undefined `$ref`s. Add a `.spectral.yaml` at the repo root to tune rules if needed.
|
warnings relaxed for design-time stubs). Spectral auto-discovers it. It catches malformed
|
||||||
|
specs, undefined `$ref`s, and duplicate `operationId`s; tune `.spectral.yaml` to adjust.
|
||||||
|
|||||||
15
.spectral.yaml
Normal file
15
.spectral.yaml
Normal file
@@ -0,0 +1,15 @@
|
|||||||
|
# Spectral ruleset for OpenAPI contract linting (SDD api-contract files).
|
||||||
|
# Spectral v6 ships no implicit ruleset — this enables the built-in OpenAPI rules.
|
||||||
|
# Used by .gitea/workflows/sdd-gate.yml (contract-validate) and locally:
|
||||||
|
# npx @stoplight/spectral-cli lint <contract>.yaml
|
||||||
|
extends: ["spectral:oas"]
|
||||||
|
|
||||||
|
rules:
|
||||||
|
# Design-time SDD stubs are not full published API docs — relax the documentation-completeness
|
||||||
|
# warnings that would otherwise fire on a focused contract. The structural/correctness rules
|
||||||
|
# (oas3-schema, valid $refs, duplicate operationId, etc.) stay on.
|
||||||
|
info-contact: off
|
||||||
|
info-description: off
|
||||||
|
operation-description: off
|
||||||
|
operation-tag-defined: off
|
||||||
|
oas3-unused-component: off
|
||||||
Reference in New Issue
Block a user