feat(dashboard): add OpenAPI spec generation and Swagger UI#161
Merged
coopernetes merged 3 commits intomainfrom Apr 15, 2026
Merged
feat(dashboard): add OpenAPI spec generation and Swagger UI#161coopernetes merged 3 commits intomainfrom
coopernetes merged 3 commits intomainfrom
Conversation
Adds /api/openapi.json and /api/openapi.yaml endpoints generated from Spring MVC route metadata at startup, plus a Swagger UI browser at /swagger-ui backed by a custom HTML page that bypasses swagger-initializer.js. Uses swagger-core-jakarta (no JAX-RS dep) + RequestMappingHandlerMapping to build the OAS3 spec without springdoc or Spring Boot. WebJar paths are versioned and injected via Gradle token expansion at build time. All controllers annotated with @tag and @operation for a clean spec grouped by System, Auth, Users, Repos, Push, Providers, Profile, Admin. closes #121
… docs link Adds a public /api endpoint (no auth) that returns the app version and the path to the OpenAPI spec. Useful as a quick sanity-check that the API is reachable. SecurityConfig updated to permit /api alongside the other public endpoints.
coopernetes
force-pushed
the
feat/openapi-spec
branch
from
97aa4b4 to
6da63c8
Compare
…scanning OWASP dependency-check is failing due to a breaking NVD API change (nanosecond-precision timestamps not handled by the Jackson deserializer; dependency-check/DependencyCheck#8425). No fix is available yet. Replaces the depcheck job with: - org.cyclonedx.bom 3.2.4 plugin generating a CycloneDX SBOM at build time - anchore/scan-action scanning the SBOM with Grype (same scanner used for npm and container image scans) Also adds failOnError=false to the dependencyCheck config so local runs with the OWASP plugin don't abort when NVD is unavailable. Renames CI job display names to be tool-agnostic: - 'CVE / Dependency Check (Gradle)' -> 'CVE / Gradle' - 'CVE / Grype (npm)' -> 'CVE / npm' - 'Grype / Container Scan' -> 'Container Scan' Branch protection and release gate rulesets updated to match new names.
|
You are seeing this message because GitHub Code Scanning has recently been set up for this repository, or this pull request contains the workflow file for the Code Scanning tool. What Enabling Code Scanning Means:
For more information about GitHub Code Scanning, check out the documentation. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
/api/openapi.jsonand/api/openapi.yamlendpoints generated at startup from Spring MVC route metadata (RequestMappingHandlerMapping)/swagger-ui(redirects to/swagger-ui.html) backed by a custom HTML page that bypassesswagger-initializer.js(no petstore)swagger-core-jakarta+ Spring's own routing introspection — no springdoc, no Spring Boot, no JAX-RS dependencyversion.properties(also Gradle-expanded)@Tagand@Operationfor a clean spec grouped by: System, Auth, Users, Repos, Push, Providers, Profile, AdminAPI
GET/apiGET/api/openapi.jsonGET/api/openapi.yamlGET/swagger-uiTest plan
./gradlew :git-proxy-java-dashboard:compileJava -PskipFrontendpassesGET /apireturns{"version":"...","apiDocs":"/api/openapi.json"}GET /api/openapi.jsonreturns a valid OAS3 document with all expected pathsGET /swagger-uiredirects to/swagger-ui.html; Swagger UI loads the git-proxy-java spec (not the petstore)defaultValuequery params (e.g.sectionon/api/config/reload) are not markedrequired: truecloses #121