SpecVault Docs

GitHub Actions

Automatically publish your OpenAPI spec to SpecVault on every successful deployment using GitHub Actions.

Prerequisites

  • A SpecVault API token (see API Tokens)
  • The service ID for the API you want to publish (found in the service Settings tab)
  • Your SpecVault instance URL (e.g. https://specvault.sentinelflux.in)

Store secrets in GitHub

In your GitHub repository, go to Settings → Secrets and variables → Actions and add:

  • SPECVAULT_TOKEN — your SpecVault API token
  • SPECVAULT_SERVICE_ID — the service ID (or hardcode it in the workflow)

Complete workflow example

This workflow runs on every push to main, builds your application, runs tests, and — on success — publishes the OpenAPI spec to SpecVault:

name: Deploy and publish spec

on:
  push:
    branches: [main]

jobs:
  deploy:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Set up Python
        uses: actions/setup-python@v5
        with:
          python-version: '3.12'

      - name: Install dependencies
        run: pip install -r requirements.txt

      - name: Run tests
        run: pytest

      - name: Deploy application
        run: ./scripts/deploy.sh
        env:
          DEPLOY_KEY: ${{ secrets.DEPLOY_KEY }}

      - name: Publish spec to SpecVault
        run: |
          curl -sf -X POST \
            "${{ vars.SPECVAULT_URL }}/api/services/${{ secrets.SPECVAULT_SERVICE_ID }}/specs" \
            -H "Authorization: Bearer ${{ secrets.SPECVAULT_TOKEN }}" \
            -H "Content-Type: application/json" \
            -d '{"spec_url": "${{ vars.API_BASE_URL }}/openapi.json"}'

Uploading a spec file instead of a URL

If your spec is generated as a file during the build (rather than served at a URL), upload it directly:

      - name: Publish spec to SpecVault
        run: |
          curl -sf -X POST \
            "${{ vars.SPECVAULT_URL }}/api/services/${{ secrets.SPECVAULT_SERVICE_ID }}/specs" \
            -H "Authorization: Bearer ${{ secrets.SPECVAULT_TOKEN }}" \
            -F "file=@openapi.yaml"

Tip: Use curl -sf (silent + fail-on-error). The -f flag causes curl to exit with a non-zero code on HTTP 4xx/5xx responses, which will fail the workflow step if SpecVault rejects the upload.

Publishing only on tag releases

If you want to publish specs only on versioned releases rather than every push:

on:
  push:
    tags:
      - 'v*'

jobs:
  publish-spec:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Publish spec
        run: |
          curl -sf -X POST \
            "https://specvault.sentinelflux.in/api/services/${{ secrets.SPECVAULT_SERVICE_ID }}/specs" \
            -H "Authorization: Bearer ${{ secrets.SPECVAULT_TOKEN }}" \
            -H "Content-Type: application/json" \
            -d "{\"spec_url\": \"https://api.yourcompany.com/openapi.json\", \"version_label\": \"${{ github.ref_name }}\"}"

Verifying the publish

After the workflow runs, check the SpecVault dashboard for your service. The new version should appear in the Versions tab within a few seconds. If breaking changes were detected, subscriber alerts are sent automatically at that point.

A 200 OK response from the publish endpoint means the spec was accepted, stored, and diffed. A 201 Created is returned for the very first version (no diff possible yet).