Percona-Lab · BupycHuk · Oct 11, 2024 · Apr 19, 2023 · Apr 22, 2023 · Mar 6, 2023
diff --git a/.github/dependabot.yaml b/.github/dependabot.yaml
@@ -0,0 +1,52 @@
+version: 2
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+      day: "friday"
+    open-pull-requests-limit: 2          # <- default is 5
+    groups:                              # <- group all github actions updates in a single PR
+      # 1. development-dependencies are auto-merged
+      development-dependencies:
+        patterns:
+          - '*'
+
+  - package-ecosystem: "gomod"
+    # We define 4 groups of dependencies to regroup update pull requests:
+    # - development (e.g. test dependencies)
+    # - go-openapi updates
+    # - golang.org (e.g. golang.org/x/... packages)
+    # - other dependencies (direct or indirect)
+    #
+    # * All groups are checked once a week and each produce at most 1 PR.
+    # * All dependabot PRs are auto-approved
+    #
+    # Auto-merging policy, when requirements are met:
+    # 1. development-dependencies are auto-merged
+    # 2. golang.org-dependencies are auto-merged
+    # 3. go-openapi patch updates are auto-merged. Minor/major version updates require a manual merge.
+    # 4. other dependencies require a manual merge
+    directory: "/"
+    schedule:
+      interval: "weekly"
+      day: "friday"
+    open-pull-requests-limit: 4
+    groups:
+      development-dependencies:
+        patterns:
+          - "github.com/stretchr/testify"
+
+      golang.org-dependencies:
+        patterns:
+          - "golang.org/*"
+
+      go-openapi-dependencies:
+        patterns:
+          - "github.com/go-openapi/*"
+
+      other-dependencies:
+        exclude-patterns:
+          - "github.com/go-openapi/*"
+          - "github.com/stretchr/testify"
+          - "golang.org/*"
diff --git a/.github/workflows/auto-merge.yml b/.github/workflows/auto-merge.yml
@@ -0,0 +1,43 @@
+name: Dependabot auto-merge
+on: pull_request
+
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  dependabot:
+    runs-on: ubuntu-latest
+    if: github.actor == 'dependabot[bot]'
+    steps:
+      - name: Dependabot metadata
+        id: metadata
+        uses: dependabot/fetch-metadata@v1
+
+      - name: Auto-approve all dependabot PRs
+        run: gh pr review --approve "$PR_URL"
+        env:
+          PR_URL: ${{github.event.pull_request.html_url}}
+          GH_TOKEN: ${{secrets.GITHUB_TOKEN}}
+
+      - name: Auto-merge dependabot PRs for development dependencies
+        if: contains(steps.metadata.outputs.dependency-group, 'development-dependencies')
+        run: gh pr merge --auto --rebase "$PR_URL"
+        env:
+          PR_URL: ${{github.event.pull_request.html_url}}
+          GH_TOKEN: ${{secrets.GITHUB_TOKEN}}
+
+      - name: Auto-merge dependabot PRs for go-openapi patches
+        if: contains(steps.metadata.outputs.dependency-group, 'go-openapi-dependencies') && (steps.metadata.outputs.update-type == 'version-update:semver-minor' || steps.metadata.outputs.update-type == 'version-update:semver-patch')
+        run: gh pr merge --auto --rebase "$PR_URL"
+        env:
+          PR_URL: ${{github.event.pull_request.html_url}}
+          GH_TOKEN: ${{secrets.GITHUB_TOKEN}}
+
+      - name: Auto-merge dependabot PRs for golang.org updates
+        if: contains(steps.metadata.outputs.dependency-group, 'golang.org-dependencies')
+        run: gh pr merge --auto --rebase "$PR_URL"
+        env:
+          PR_URL: ${{github.event.pull_request.html_url}}
+          GH_TOKEN: ${{secrets.GITHUB_TOKEN}}
+
diff --git a/.github/workflows/go-test.yml b/.github/workflows/go-test.yml
@@ -1,23 +1,58 @@
-name: Go Test
+name: go test
 
-on: [push, pull_request]
+on:
+  push:
+    tags:
+      - v*
+    branches:
+      - master
+
+  pull_request:
 
 jobs:
+  lint:
+    name: Lint
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-go@v5
+        with:
+          go-version: stable
+          check-latest: true
+          cache: true
+      - name: golangci-lint
+        uses: golangci/golangci-lint-action@v4
+        with:
+          version: latest
+          only-new-issues: true
+          skip-cache: true
 
   test:
-
-    name: Test
+    name: Unit tests
     runs-on: ${{ matrix.os }}
 
     strategy:
       matrix:
         os: [ ubuntu-latest, macos-latest, windows-latest ]
-    steps:
+        go_version: ['oldstable', 'stable' ]
 
-    - uses: actions/setup-go@v2
+    steps:
+    - name: Run unit tests
+      uses: actions/setup-go@v5
       with:
-        go-version: 1.x
+        go-version: '${{ matrix.go_version }}'
+        check-latest: true
+        cache: true
+
+    - uses: actions/checkout@v4
 
-    - uses: actions/checkout@v2
+    - run: go test -v -race -coverprofile="coverage-${{ matrix.os }}.${{ matrix.go_version }}.out" -covermode=atomic -coverpkg=$(go list)/... ./...
 
-    - run: go test
+    - name: Upload coverage to codecov
+      uses: codecov/codecov-action@v4
+      with:
+        files: './coverage-${{ matrix.os }}.${{ matrix.go_version }}.out'
+        flags: '${{ matrix.go_version }}'
+        os: '${{ matrix.os }}'
+        fail_ci_if_error: false
+        verbose: true
diff --git a/.gitignore b/.gitignore
@@ -1,2 +1 @@
-secrets.yml
-coverage.out
+*.out
diff --git a/.golangci.yml b/.golangci.yml
@@ -11,7 +11,7 @@ linters-settings:
     threshold: 200
   goconst:
     min-len: 2
-    min-occurrences: 2
+    min-occurrences: 3
 
 linters:
   enable-all: true
@@ -40,3 +40,22 @@ linters:
     - tparallel
     - thelper
     - ifshort
+    - exhaustruct
+    - varnamelen
+    - gci
+    - depguard
+    - errchkjson
+    - inamedparam
+    - nonamedreturns
+    - musttag
+    - ireturn
+    - forcetypeassert
+    - cyclop
+    # deprecated linters
+    - deadcode
+    - interfacer
+    - scopelint
+    - varcheck
+    - structcheck
+    - golint
+    - nosnakecase
diff --git a/README.md b/README.md
@@ -1,8 +1,5 @@
-# OAI object model
+# OpenAPI v2 object model [![Build Status](https://github.com/go-openapi/spec/actions/workflows/go-test.yml/badge.svg)](https://github.com/go-openapi/spec/actions?query=workflow%3A"go+test") [![codecov](https://codecov.io/gh/go-openapi/spec/branch/master/graph/badge.svg)](https://codecov.io/gh/go-openapi/spec)
 
-[![Build Status](https://travis-ci.org/go-openapi/spec.svg?branch=master)](https://travis-ci.org/go-openapi/spec)
-<!-- [![Build status](https://ci.appveyor.com/api/projects/status/x377t5o9ennm847o/branch/master?svg=true)](https://ci.appveyor.com/project/casualjim/go-openapi/spec/branch/master) -->
-[![codecov](https://codecov.io/gh/go-openapi/spec/branch/master/graph/badge.svg)](https://codecov.io/gh/go-openapi/spec)
 [![Slack Status](https://slackin.goswagger.io/badge.svg)](https://slackin.goswagger.io)
 [![license](http://img.shields.io/badge/license-Apache%20v2-orange.svg)](https://raw.githubusercontent.com/go-openapi/spec/master/LICENSE)
 [![Go Reference](https://pkg.go.dev/badge/github.com/go-openapi/spec.svg)](https://pkg.go.dev/github.com/go-openapi/spec)
@@ -32,3 +29,26 @@ The object model for OpenAPI specification documents.
 > This [discussion thread](https://github.com/go-openapi/spec/issues/21) relates the full story.
 >
 > An early attempt to support Swagger 3 may be found at: https://github.com/go-openapi/spec3
+
+* Does the unmarshaling support YAML?
+
+> Not directly. The exposed types know only how to unmarshal from JSON.
+>
+> In order to load a YAML document as a Swagger spec, you need to use the loaders provided by
+> github.com/go-openapi/loads
+>
+> Take a look at the example there: https://pkg.go.dev/github.com/go-openapi/loads#example-Spec
+>
+> See also https://github.com/go-openapi/spec/issues/164
+
+* How can I validate a spec?
+
+> Validation is provided by [the validate package](http://github.com/go-openapi/validate)
+
+* Why do we have an `ID` field for `Schema` which is not part of the swagger spec?
+
+> We found jsonschema compatibility more important: since `id` in jsonschema influences
+> how `$ref` are resolved.
+> This `id` does not conflict with any property named `id`.
+>
+> See also https://github.com/go-openapi/spec/issues/23
diff --git a/appveyor.yml b/appveyor.yml
diff --git a/bindata.go b/bindata.go
diff --git a/circular_test.go b/circular_test.go
@@ -2,9 +2,9 @@ package spec
 
 import (
 	"encoding/json"
-	"io/ioutil"
 	"net/http"
 	"net/http/httptest"
+	"os"
 	"path/filepath"
 	"testing"
 	"time"
@@ -175,7 +175,7 @@ func TestExpandCircular_Bitbucket(t *testing.T) {
 
 func TestExpandCircular_ResponseWithRoot(t *testing.T) {
 	rootDoc := new(Swagger)
-	b, err := ioutil.ReadFile(filepath.Join("fixtures", "more_circulars", "resp.json"))
+	b, err := os.ReadFile(filepath.Join("fixtures", "more_circulars", "resp.json"))
 	require.NoError(t, err)
 
 	require.NoError(t, json.Unmarshal(b, rootDoc))
@@ -219,7 +219,7 @@ func TestExpandCircular_SpecExpansion(t *testing.T) {
 
 func TestExpandCircular_RemoteCircularID(t *testing.T) {
 	go func() {
-		err := http.ListenAndServe("localhost:1234", http.FileServer(http.Dir("fixtures/more_circulars/remote")))
+		err := http.ListenAndServe("localhost:1234", http.FileServer(http.Dir("fixtures/more_circulars/remote"))) //#nosec
 		if err != nil {
 			panic(err.Error())
 		}
@@ -232,7 +232,7 @@ func TestExpandCircular_RemoteCircularID(t *testing.T) {
 	assertRefResolve(t, jazon, "", root, &ExpandOptions{RelativeBase: fixturePath})
 	assertRefExpand(t, jazon, "", root, &ExpandOptions{RelativeBase: fixturePath})
 
-	assert.NoError(t, ExpandSchemaWithBasePath(root, nil, &ExpandOptions{}))
+	require.NoError(t, ExpandSchemaWithBasePath(root, nil, &ExpandOptions{}))
 
 	jazon = asJSON(t, root)
 

diff --git a/contact_info_test.go b/contact_info_test.go
@@ -19,6 +19,7 @@ import (
 	"testing"
 
 	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
 )
 
 const contactInfoJSON = `{
@@ -36,13 +37,11 @@ var contactInfo = ContactInfo{ContactInfoProps: ContactInfoProps{
 
 func TestIntegrationContactInfo(t *testing.T) {
 	b, err := json.MarshalIndent(contactInfo, "", "\t")
-	if assert.NoError(t, err) {
-		assert.Equal(t, contactInfoJSON, string(b))
-	}
+	require.NoError(t, err)
+	assert.Equal(t, contactInfoJSON, string(b))
 
 	actual := ContactInfo{}
 	err = json.Unmarshal([]byte(contactInfoJSON), &actual)
-	if assert.NoError(t, err) {
-		assert.EqualValues(t, contactInfo, actual)
-	}
+	require.NoError(t, err)
+	assert.EqualValues(t, contactInfo, actual)
 }
diff --git a/debug_test.go b/debug_test.go
@@ -15,7 +15,6 @@
 package spec
 
 import (
-	"io/ioutil"
 	"os"
 	"sync"
 	"testing"
@@ -28,7 +27,7 @@ var (
 )
 
 func TestDebug(t *testing.T) {
-	tmpFile, _ := ioutil.TempFile("", "debug-test")
+	tmpFile, _ := os.CreateTemp("", "debug-test")
 	tmpName := tmpFile.Name()
 	defer func() {
 		Debug = false

diff --git a/embed.go b/embed.go
@@ -0,0 +1,17 @@
+package spec
+
+import (
+	"embed"
+	"path"
+)
+
+//go:embed schemas/*.json schemas/*/*.json
+var assets embed.FS
+
+func jsonschemaDraft04JSONBytes() ([]byte, error) {
+	return assets.ReadFile(path.Join("schemas", "jsonschema-draft-04.json"))
+}
+
+func v2SchemaJSONBytes() ([]byte, error) {
+	return assets.ReadFile(path.Join("schemas", "v2", "schema.json"))
+}