apisec-bolt-code-discovery-action/
├── .github/
│ └── workflows/
│ ├── test-action.yml # Test workflow for the action
│ └── publish.yml # Publishing workflow
├── action.yml # Main action definition (REQUIRED)
├── README.md # Documentation
├── LICENSE # MIT License
├── .gitignore # Git ignore rules
└── IMPLEMENTATION_SUMMARY.md # This file
- Required:
api-endpoint,api-token - Optional:
repo-path,config-path,pr-title,pr-body,dry-run - Removed:
output-path,output-format,commit-spec,create-pr,cli-version
- Output Path:
apisec-bolt-code-discovery/openapi_spec.yaml - Output Format: Always YAML
- CLI Version: Pinned to
0.2.0 - PR Creation: Always enabled (never direct commit)
- State file location:
apisec-bolt-code-discovery/state.yaml - Same directory as OpenAPI spec (no extra folders)
- Automatically committed in PR
- Non-blocking: Uses
continue-on-error: true - Warnings don't fail workflow
- Graceful degradation
- Creates new branch:
code-discovery/update-openapi-{timestamp} - Commits generated files
- Pushes branch
- Creates PR using
ghCLI - Handles existing PRs (reuses if branch exists)
-
Install Code Discovery CLI
- Upgrades pip
- Installs
code-discovery==0.2.0
-
Configure API Credentials
- Creates
~/.apisecfile - Sets permissions (600)
- Creates
-
Run API Discovery
- Executes CLI with proper arguments
- Extracts outputs from state file
- Sets GitHub outputs
-
Create Pull Request
- Only runs if discovery succeeded and not dry-run
- Creates branch, commits, pushes, creates PR
- Handles edge cases (existing PRs, no changes, etc.)
spec-path: Path to OpenAPI specapplication-id: From state fileinstance-id: From state filepr-url: Created PR URLsuccess: Boolean
permissions:
contents: write # To commit files
pull-requests: write # To create PRs-
Initialize Git Repository
cd /Users/mohsinniyazi/apisec-bolt-code-discovery-action git init git add . git commit -m "Initial commit: Code Discovery GitHub Action"
-
Create GitHub Repository
- Create public repository:
apisec-bolt/code-discovery-action - Push code
- Create public repository:
-
Create First Release
- Tag:
v1.0.0 - This makes the action available as
@v1or@v1.0.0
- Tag:
-
Publish to Marketplace
- Go to repository Settings → Marketplace
- Click "Publish to GitHub Marketplace"
- Fill in details:
- Category: Security
- Icon: search
- Color: blue
- Submit for review
The action includes a test workflow (.github/workflows/test-action.yml) that can be used to test the action locally or in CI.
name: API Discovery
on:
push:
branches: [main]
jobs:
discover:
runs-on: ubuntu-latest
permissions:
contents: write
pull-requests: write
steps:
- uses: actions/checkout@v4
- uses: apisec-bolt/code-discovery-action@v1
with:
api-endpoint: ${{ secrets.API_DISCOVERY_ENDPOINT }}
api-token: ${{ secrets.API_DISCOVERY_TOKEN }}- Action name:
apisec-bolt-code-discovery-action - Marketplace category: Security
- All files are in the same directory:
apisec-bolt-code-discovery/ - State management is automatic and default behavior