Sourced from oasdiff/oasdiff-action's releases.

v0.1.1

Highlights

Upgraded to oasdiff v1.19.1

Every action now runs on oasdiff v1.19.1.

Fixes

The free side-by-side review that the breaking and changelog actions generate gets several reliability fixes in this release:

• Review links survive the v1.19.1 output change. v1.19.1 moved the Opening <url> line from stdout to stderr so it can no longer corrupt piped JSON or YAML output. The action now captures the review URL from either stream, so on v1.19.1 your PRs keep getting the side-by-side review comment instead of a misleading "couldn't upload, re-run the job" warning and no comment at all (#165).
• No more spurious review links on clean PRs. No-change detection no longer depends on the format you set. An empty changelog renders differently per format ([] for json and yaml, a header plus "No changes detected" for markup), and those slipped past the old text-only check, so every clean PR got a review link and an uploaded comparison. Detection now uses a format-independent JSON probe (#164).
• Composed mode skips the review upload cleanly. In composed mode (-c) the encrypted review can't represent a glob of many specs, so the action no longer attempts --open. Instead of the generic "couldn't upload, re-run" warning, it emits a single notice explaining the review isn't available in composed mode (#164).
• A nudge when the PR comment isn't wired up. If a review link is produced on a pull request but no github-token is set, the action now emits a notice (with a docs link) showing how to get the review posted as a PR comment, rather than leaving it silently on the job summary. It stays quiet on no-change runs and non-PR events (#163).
• Aligned the verify action onto the same oasdiff v1.19.0 release base image as the other five actions (#162).

Full Changelog: oasdiff/oasdiff-action@v0.1.0...v0.1.1

v0.1.0

Highlights

New: free side-by-side review link, now posted as a PR comment

The breaking and changelog actions can now find a review link on the PR itself instead of burying it in the job summary. When changes are detected, the action encrypts both specs in CI, uploads only the ciphertext, and posts (then auto-updates) a single PR comment with the side-by-side review link. The decryption key lives only in the URL fragment and never reaches a server.

- uses: oasdiff/oasdiff-action/breaking@v0.1.0
  with:
    base: 'main/openapi.yaml'
    revision: 'openapi.yaml'
    github-token: ${{ github.token }}
permissions:
  pull-requests: write

Two new inputs drive this (#152, #156):

• review (default true): emit the encrypted review link when changes are found. Set review: false to opt out entirely, no spec leaves CI, and detection plus inline annotations are unaffected.
• github-token: pass ${{ github.token }} (and grant pull-requests: write) to get the PR comment. Omit it to keep the previous behavior, link in the job summary only. No oasdiff account or token is required; github.token is GitHub's built-in token.

The comment is best-effort and never fatal: the action posts it before exiting non-zero, so it survives a fail-on gate, and on fork PRs (where GITHUB_TOKEN is read-only) it falls back to the always-written job summary. It updates one marker comment rather than spamming per push, and rewrites itself to a "no changes" note when a later push clears the changes.

Upgraded to oasdiff v1.19.0

All six actions (breaking, changelog, diff, validate, pr-comment, verify) now run on the oasdiff v1.19.0 base image (#161, #162).

Fixes

• The review link now actually posts from breaking and changelog. Both images now install curl (and ca-certificates), which the new PR-comment and review-link calls need. Without it the API call returned HTTP 000 and silently fell back to the job summary (#157).

... (truncated)

• 5fbe96e bump: oasdiff v1.19.1 (#166)
• 4e89893 fix(review): read the --open review URL from stderr (oasdiff >= v1.19.1) (#165)
• c9dbb73 fix(review): format-independent no-change detection; skip --open in composed ...
• dc68976 feat: nudge users to enable the PR comment when github-token is missing (#163)
• c4792cf bump: verify action base image to oasdiff v1.19.0 (#162)
• 19d14ca bump: oasdiff v1.19.0 (#161)
• 7a68678 docs: point the comment 'How it works' link at /docs/free-review#privacy (#160)
• 8b687bd docs: rework the free-review PR comment copy (#159)
• 07c3ed7 feat: add a 'learn more' link to the review PR comment (#158)
• d2c8d46 fix: install curl in the breaking/changelog images for the PR comment (#157)
• Additional commits viewable in compare view