{"id":30237871,"url":"https://github.com/stainless-api/upload-openapi-spec-action","last_synced_at":"2026-03-16T21:06:43.049Z","repository":{"id":43361828,"uuid":"508750878","full_name":"stainless-api/upload-openapi-spec-action","owner":"stainless-api","description":"A GitHub action to build Stainless SDKs.","archived":false,"fork":false,"pushed_at":"2026-01-23T22:19:29.000Z","size":7446,"stargazers_count":35,"open_issues_count":2,"forks_count":16,"subscribers_count":6,"default_branch":"main","last_synced_at":"2026-01-24T10:33:16.202Z","etag":null,"topics":["actions","api","api-rest","github-actions","openapi","readme","sdk"],"latest_commit_sha":null,"homepage":"https://stainless.com","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/stainless-api.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2022-06-29T15:38:03.000Z","updated_at":"2026-01-23T22:19:55.000Z","dependencies_parsed_at":"2025-12-20T04:02:29.451Z","dependency_job_id":null,"html_url":"https://github.com/stainless-api/upload-openapi-spec-action","commit_stats":{"total_commits":84,"total_committers":5,"mean_commits":16.8,"dds":"0.13095238095238093","last_synced_commit":"b5d80845912e52b52d55109970c03a36ee25287d"},"previous_names":[],"tags_count":49,"template":false,"template_full_name":null,"purl":"pkg:github/stainless-api/upload-openapi-spec-action","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/stainless-api%2Fupload-openapi-spec-action","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/stainless-api%2Fupload-openapi-spec-action/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/stainless-api%2Fupload-openapi-spec-action/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/stainless-api%2Fupload-openapi-spec-action/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/stainless-api","download_url":"https://codeload.github.com/stainless-api/upload-openapi-spec-action/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/stainless-api%2Fupload-openapi-spec-action/sbom","scorecard":{"id":58584,"data":{"date":"2025-08-04","repo":{"name":"github.com/stainless-api/upload-openapi-spec-action","commit":"caaf31fca3ed970e0a2d80b8f0242d4e1feb6a2c"},"scorecard":{"version":"v5.2.1-28-gc1d103a9","commit":"c1d103a9bb9f635ec7260bf9aa0699466fa4be0e"},"score":4.9,"checks":[{"name":"Code-Review","score":4,"reason":"Found 9/22 approved changesets -- score normalized to 4","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#code-review"}},{"name":"Maintained","score":10,"reason":"30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#maintained"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#dangerous-workflow"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#packaging"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/build.yml:1","Warn: no topLevel permission defined: .github/workflows/release.yml:1","Warn: no topLevel permission defined: .github/workflows/test.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#token-permissions"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#binary-artifacts"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#cii-best-practices"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:9: update your workflow using https://app.stepsecurity.io/secureworkflow/stainless-api/upload-openapi-spec-action/build.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/stainless-api/upload-openapi-spec-action/build.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/stainless-api/upload-openapi-spec-action/release.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/stainless-api/upload-openapi-spec-action/release.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:9: update your workflow using https://app.stepsecurity.io/secureworkflow/stainless-api/upload-openapi-spec-action/test.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/stainless-api/upload-openapi-spec-action/test.yml/main?enable=pin","Warn: npmCommand not pinned by hash: .github/workflows/build.yml:19","Warn: npmCommand not pinned by hash: .github/workflows/test.yml:16","Info:   0 out of   5 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   1 third-party GitHubAction dependencies pinned","Info:   0 out of   2 npmCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#pinned-dependencies"}},{"name":"License","score":0,"reason":"license file not detected","details":["Warn: project does not have a license file"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#license"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#fuzzing"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#branch-protection"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#signed-releases"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#security-policy"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 25 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-15T01:14:03.686Z","repository_id":43361828,"created_at":"2025-08-15T01:14:03.689Z","updated_at":"2025-08-15T01:14:03.689Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28787221,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-26T13:55:28.044Z","status":"ssl_error","status_checked_at":"2026-01-26T13:55:26.068Z","response_time":59,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["actions","api","api-rest","github-actions","openapi","readme","sdk"],"created_at":"2025-08-15T02:57:37.931Z","updated_at":"2026-03-16T21:06:43.024Z","avatar_url":"https://github.com/stainless-api.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Build Stainless SDKs from GitHub Actions\n\nGitHub Actions for building [Stainless](https://stainless.com/) SDKs and\npreviewing changes to an SDK from a pull request. Refer to [our\ndocs on automating builds](https://www.stainless.com/docs/guides/automate-updates) for more information.\n\nSupport for GitLab CI is available. See the [GitLab example](./examples/merge_request_gitlab.yml).\n\n## Authentication\n\nThe action supports two authentication methods:\n\n**GitHub OIDC (recommended):** [Install the Stainless GitHub\nApp](https://www.stainless.com/docs/guides/publish/#install-the-stainless-github-app) in your GitHub organization and\nlink it to your Stainless organization. The app doesn't need access to the repository containing the workflow — just the\norg-level installation is enough. The action will authenticate automatically using GitHub OIDC. This is the default\nmethod shown in our examples.\n\nWith OIDC (short for OpenID Connect), there's no secret to set up or rotate — GitHub mints a short-lived, cryptographically signed token for each\nworkflow run that can be validated by Stainless.\n\n\u003e [!NOTE]\n\u003e OIDC authentication requires the GitHub organization running the workflow is the same GitHub organization that is linked to your Stainless organization. If your spec is in a different GitHub organization, you must use API key authentication instead.\n\n**API keys:** Generate an API key from your Stainless organization dashboard and add it as a `STAINLESS_API_KEY` secret. This works well for getting started or when you don't have admin permissions to install the GitHub App. See [pull_request_api_key.yml](./examples/pull_request_api_key.yml) for the workflow setup.\n\n\u003e [!NOTE]\n\u003e **GitLab CI:** OIDC isn't yet supported. Use the API key method and set the `STAINLESS_API_KEY` environment variable. See the template files in `build/gitlab-ci.yml`.\n\n## Usage\n\nAdd a workflow file to the repository that contains your OpenAPI spec:\n\n\u003cdetails\u003e\n\u003csummary\u003e\u003ccode\u003e.github/workflows/stainless.yml\u003c/code\u003e\u003c/summary\u003e\n\n```yml\nname: Build Stainless SDKs\n\non:\n  pull_request:\n    types: [opened, synchronize, reopened]\n  push:\n    branches: [main]\n  workflow_dispatch:\n\nconcurrency:\n  group: ${{ github.workflow }}-${{ github.ref }}\n  cancel-in-progress: true\n\nenv:\n  STAINLESS_ORG: YOUR_ORG\n  STAINLESS_PROJECT: YOUR_PROJECT\n  OAS_PATH: YOUR_OAS_PATH\n\njobs:\n  build:\n    runs-on: ubuntu-latest\n    permissions:\n      contents: read\n      pull-requests: write\n      id-token: write\n    steps:\n      - name: Checkout repository\n        uses: actions/checkout@v6\n        with:\n          fetch-depth: 2\n\n      - name: Run builds\n        uses: stainless-api/upload-openapi-spec-action/build@v1\n        with:\n          org: ${{ env.STAINLESS_ORG }}\n          project: ${{ env.STAINLESS_PROJECT }}\n          oas_path: ${{ env.OAS_PATH }}\n```\n\n\u003c/details\u003e\n\nThen, pull requests to your GitHub repository that update OpenAPI spec or\nStainless config will build your SDKs and make a comment with the results.\n\nFor more details about the input parameters, see the\n[example workflow](./examples/push.yml) file.\n\nFor more examples of usage, including push-based workflows, using code samples,\nintegration with docs platforms, and testing preview builds, see the [examples\ndirectory](./examples).\n\n\u003cdetails\u003e\n\u003csummary\u003e\u003cb\u003eWorkflow permissions\u003c/b\u003e\u003c/summary\u003e\n\nThe workflows require the following [permissions](https://docs.github.com/en/actions/writing-workflows/workflow-syntax-for-github-actions#jobsjob_idpermissions):\n\n- **`contents: read`** - Required for checking out the repository code to read the OpenAPI spec and config files.\n\n- **`pull-requests: write`** - Required for posting comments on pull requests with build results. If you don't need comments, you can set `make_comment: false` and set the permission to `pull-requests: read`.\n\n- **`id-token: write`** - Required for GitHub OIDC authentication. Allows the workflow to request an OIDC token from GitHub.\n\n\u003c/details\u003e\n\n## Security\n\nIf your GitHub repository is public, require approval for workflows from fork PRs to prevent untrusted contributors from accessing OIDC tokens or secrets.\n\nGo to **Settings** → **Actions** → **General**, then under \"Fork pull request workflows from outside collaborators\", select **\"Require approval for all outside collaborators\"**.\n\nSee [GitHub's docs](https://docs.github.com/en/actions/managing-workflow-runs/approving-workflow-runs-from-public-forks) for more details.\n\nIn order to improve our service, Stainless collects information about whether an action run succeeded or failed. To disable this telemetry collection, set the `STAINLESS_DISABLE_TELEMETRY=1` environment variable in your configuration.\n\n## Actions reference\n\nThis repository provides several GitHub actions:\n\n### Core Actions\n\n- `stainless-api/upload-openapi-spec-action/build` - Build SDKs for a Stainless project. See the [action definition](./build/action.yml) for input parameters.\n\n- `stainless-api/upload-openapi-spec-action/checkout-pr-ref` - Checkout the base or head commit for previewing changes. See the [action definition](./checkout-pr-ref/action.yml) for input parameters.\n\n### Preparation Tools\n\n- `stainless-api/upload-openapi-spec-action/prepare/combine` - Combine multiple OpenAPI spec files into one. See the [action definition](./prepare/combine/action.yml) for input parameters and the [example workflow](./examples/prepare_combine.yml).\n\n- `stainless-api/upload-openapi-spec-action/prepare/swagger` - Convert Swagger 2.0 specs to OpenAPI 3.x. See the [action definition](./prepare/swagger/action.yml) for input parameters and the [example workflow](./examples/prepare_swagger.yml).\n\nAll except `checkout-pr-ref` work in GitLab CI.\n\nThe `build` action outputs an `install_url` for each SDK language. You can use this to test builds directly from the Stainless package server before merging. See the [SDK usage example](./examples/pull_request_sdk_usage.yml).\n\n## Versioning\n\nThese actions use [semantic versioning](https://semver.org/), and you can pin\nyour action to a major (`v1`), minor (`v1.0`), or patch (`v1.0.0`) version.\nThe public API includes:\n\n- The inputs to each action, and their expected format.\n\n- The format of pull request comments.\n\n- The name and format of the file written to `documented_spec_path`.\n\nThe public API does not include:\n\n- The format of the `outcomes` and `base_outcomes` outputs.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fstainless-api%2Fupload-openapi-spec-action","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fstainless-api%2Fupload-openapi-spec-action","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fstainless-api%2Fupload-openapi-spec-action/lists"}