OpenStackweb · smarcet · Mar 14, 2026 · coderabbitai · Mar 14, 2026 · coderabbitai
diff --git a/.github/workflows/l5-swagger-generate.yml b/.github/workflows/l5-swagger-generate.yml
@@ -112,3 +112,99 @@ jobs:
             - name: Generate OpenAPI docs
               run: php artisan l5-swagger:generate
 
+            - name: Build Swagger UI preview
+              run: |
+                        mkdir -p swagger-ui
+                        cp storage/api-docs/api-docs.json swagger-ui/api-docs.json
+                        cat > swagger-ui/index.html << 'HTMLEOF'
+                        <!doctype html>
+                        <html lang="en">
+                        <head>
+                         <meta charset="utf-8" />
+                         <title>OpenStackID API - Swagger UI</title>
+                         <link rel="stylesheet" href="https://unpkg.com/swagger-ui-dist/swagger-ui.css" />
+                        </head>
+                        <body>
+                         <div id="swagger-ui"></div>
+                         <script src="https://unpkg.com/swagger-ui-dist/swagger-ui-bundle.js"></script>
+                         <script>
+                           window.onload = () => {
+                             window.ui = SwaggerUIBundle({
+                               url: 'api-docs.json',
+                               dom_id: '#swagger-ui'
+                             });
+                           };
+                         </script>
+                        </body>
+                        </html>
+                        HTMLEOF
+
+            - name: Upload Swagger UI artifact
+              uses: actions/upload-artifact@v4
+              with:
+                  name: swagger-ui
+                  path: swagger-ui/
+                  if-no-files-found: error
+
+    pages-preview:
+        name: Publish Swagger UI to GitHub Pages
+        needs: openapi-generate
+        if: github.event_name == 'pull_request'
+        runs-on: ubuntu-latest
+
+        permissions:
+            contents: write
+            issues: write
+            pull-requests: write
+
+        steps:
+            -   name: Checkout repository
+                uses: actions/checkout@v4
+
+            -   name: Download Swagger UI artifact
+                uses: actions/download-artifact@v4
+                with:
+                    name: swagger-ui
+                    path: swagger-ui
+
+            -   name: Build public directory for GitHub Pages
+                run: |
+                    PR_PATH="openapi/pr-${{ github.event.number }}"
+                    mkdir -p "public/${PR_PATH}"
+                    cp -R swagger-ui/* "public/${PR_PATH}/"
+                    echo "Built GitHub Pages content at public/${PR_PATH}"
+
+            -   name: Publish to GitHub Pages
+                uses: peaceiris/actions-gh-pages@v4
+                with:
+                    github_token: ${{ secrets.GITHUB_TOKEN }}
+                    publish_dir: ./public
+                    keep_files: true
+
+            -   name: Comment preview URL on PR
+                uses: actions/github-script@v7
+                with:
+                    github-token: ${{ secrets.GITHUB_TOKEN }}
+                    script: |
+                        const prNumber = context.payload.pull_request.number;
+                        const owner = context.repo.owner;
+                        const repo = context.repo.repo;
+                        const baseUrl = `https://${owner}.github.io/${repo}`;
+                        const previewPath = `/openapi/pr-${prNumber}/`;
+                        const url = `${baseUrl}${previewPath}`;
+
+                        const body = [
+                          '📘 **OpenAPI / Swagger preview**',
+                          '',
+                          `➡️ ${url}`,
+                          '',
+                          'This page is automatically updated on each push to this PR.'
+                        ].join('\n');
+
+                        await github.rest.issues.createComment({
+                          owner,
+                          repo,
+                          issue_number: prNumber,
+                          body,
+                        });
+
diff --git a/app/Http/Utils/FilterAvailableSummitsStrategy.php b/app/Http/Utils/FilterAvailableSummitsStrategy.php
@@ -27,8 +27,7 @@ final class FilterAvailableSummitsStrategy
      */
     static public function shouldReturnAllSummits(IResourceServerContext $resource_server_ctx){
         $scopes         = $resource_server_ctx->getCurrentScope();
-        $current_realm  = Config::get('app.scope_base_realm');
-        $needed_scope   = sprintf(SummitScopes::ReadAllSummitData, $current_realm);
+        $needed_scope   = SummitScopes::ReadAllSummitData;
         return in_array($needed_scope, $scopes);
     }
 }
diff --git a/app/ModelSerializers/Summit/SummitSerializer.php b/app/ModelSerializers/Summit/SummitSerializer.php
@@ -369,8 +369,7 @@ public function serialize($expand = null, array $fields = [], array $relations =
                             // we had proper scopes
                             if (!$summit->isAvailableOnApi()) {
                                 $scopes = $this->resource_server_context->getCurrentScope();
-                                $current_realm = Config::get('app.url');
-                                $needed_scope = sprintf(SummitScopes::ReadAllSummitData, $current_realm);
+                                $needed_scope = SummitScopes::ReadAllSummitData;
                                 if (!in_array($needed_scope, $scopes))
                                     throw new HTTP403ForbiddenException;
                             }

diff --git a/app/Providers/AppServiceProvider.php b/app/Providers/AppServiceProvider.php
@@ -718,6 +718,10 @@ public function boot()
     public function register()
     {
 
+        if (!defined('SCOPE_BASE_REALM')) {
+            define('SCOPE_BASE_REALM', config('app.scope_base_realm'));
+        }
+
         App::singleton(IResourceServerContext::class, ResourceServerContext::class);
 
         App::bind('resource_server_context', function ($app) {

diff --git a/app/Security/CompanyScopes.php b/app/Security/CompanyScopes.php
@@ -18,6 +18,6 @@
  */
 final class CompanyScopes
 {
-    const Read = '%s/companies/read';
-    const Write = '%s/companies/write';
+    const Read = SCOPE_BASE_REALM.'/companies/read';
+    const Write = SCOPE_BASE_REALM.'/companies/write';
 }
diff --git a/app/Security/GroupsScopes.php b/app/Security/GroupsScopes.php
@@ -14,5 +14,5 @@
 
 class GroupsScopes
 {
-    const ReadData = '%s/groups/read';
+    const ReadData = SCOPE_BASE_REALM.'/groups/read';
 }
diff --git a/app/Security/MemberScopes.php b/app/Security/MemberScopes.php
@@ -18,11 +18,11 @@
  */
 final class MemberScopes
 {
-    const ReadMemberData    = '%s/members/read';
+    const ReadMemberData    = SCOPE_BASE_REALM.'/members/read';
 
-    const ReadMyMemberData    = '%s/members/read/me';
+    const ReadMyMemberData    = SCOPE_BASE_REALM.'/members/read/me';
 
-    const WriteMemberData    = '%s/members/write';
+    const WriteMemberData    = SCOPE_BASE_REALM.'/members/write';
 
-    const WriteMyMemberData    = '%s/members/write/me';
+    const WriteMyMemberData    = SCOPE_BASE_REALM.'/members/write/me';
 }
diff --git a/app/Security/OrganizationScopes.php b/app/Security/OrganizationScopes.php
@@ -18,6 +18,6 @@
  */
 final class OrganizationScopes
 {
-    const ReadOrganizationData     = '%s/organizations/read';
-    const WriteOrganizationData     = '%s/organizations/write';
+    const ReadOrganizationData     = SCOPE_BASE_REALM.'/organizations/read';
+    const WriteOrganizationData     = SCOPE_BASE_REALM.'/organizations/write';
 }
diff --git a/app/Security/SponsoredProjectScope.php b/app/Security/SponsoredProjectScope.php
@@ -18,6 +18,6 @@
  */
 final class SponsoredProjectScope
 {
-    const Read = '%s/sponsored-projects/read';
-    const Write = '%s/sponsored-projects/write';
+    const Read = SCOPE_BASE_REALM.'/sponsored-projects/read';
+    const Write = SCOPE_BASE_REALM.'/sponsored-projects/write';
 }