Add Stainless CI for SDK codegen

[monadoid]

why

Add Stainless CI for SDK codegen Keep all client SDKs in sync with packages/server/openapi.v3.yaml automatically, with safe previews before merge.

what changed

Adds the Stainless-recommended GitHub Actions workflow: run preview@v1 on PR updates and merge@v1 when the PR is merged, using OIDC via the Stainless GitHub App.

test plan

---

Summary by cubic

Sets up Stainless CI in GitHub Actions to auto-sync SDKs from packages/server/openapi.v3.yaml. Shows preview builds on PRs and runs a merge build when PRs are merged.

• New Features

  • Added .github/workflows/stainless.yml using Stainless preview@v1 on PR updates and merge@v1 on PR merge.
  • Validates STAINLESS_ORG, STAINLESS_PROJECT, and OpenAPI path before running.
  • Uses OIDC via the Stainless GitHub App with least-privilege permissions and run cancelation.
  • Triggers only on changes to the spec or this workflow.

• Migration

  • Create Actions Variables: STAINLESS_ORG and STAINLESS_PROJECT.
  • Install/configure the Stainless GitHub App with OIDC.
  • Ensure the spec lives at packages/server/openapi.v3.yaml.

^{Written for commit 7533d03. Summary will update automatically on new commits.}

[changeset-bot]

⚠️ No Changeset found

Latest commit: 7533d03

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[greptile-apps]

Greptile Summary

Added GitHub Actions workflow to automate SDK codegen via Stainless CI. The workflow runs preview builds on PR updates and merge builds when PRs are merged, using OIDC authentication via the Stainless GitHub App.

• Properly configured with two jobs: preview (for PR updates) and merge (for merged PRs)
• Includes validation steps to check for required Actions variables (STAINLESS_ORG, STAINLESS_PROJECT)
• Correctly filters on OpenAPI spec file (packages/server/openapi.v3.yaml) and the workflow file itself
• Uses appropriate permissions (contents: read, pull-requests: write, id-token: write) for OIDC
• Implements concurrency control to cancel in-progress runs when new changes are pushed

Confidence Score: 5/5

• This PR is safe to merge with minimal risk
• The workflow follows GitHub Actions and Stainless best practices with proper validation, secure OIDC authentication, appropriate permissions, and correct job conditionals. The implementation is straightforward with no logical errors or security concerns.
• No files require special attention

Important Files Changed

Filename	Overview
.github/workflows/stainless.yml	Added Stainless CI workflow for automatic SDK codegen with preview and merge jobs

Sequence Diagram

sequenceDiagram
    participant Dev as Developer
    participant GH as GitHub PR
    participant Preview as Preview Job
    participant Merge as Merge Job
    participant Stainless as Stainless API
    participant SDK as SDK Repos

    Dev->>GH: Opens/updates PR with OpenAPI changes
    GH->>Preview: Triggers preview job
    Preview->>Preview: Validates STAINLESS_ORG & STAINLESS_PROJECT vars
    Preview->>Preview: Checks OpenAPI file exists
    Preview->>Stainless: Uploads OpenAPI spec (OIDC auth)
    Stainless->>Preview: Returns preview build status
    Preview->>GH: Posts preview comment on PR

    Dev->>GH: Merges PR
    GH->>Merge: Triggers merge job
    Merge->>Merge: Validates STAINLESS_ORG & STAINLESS_PROJECT vars
    Merge->>Merge: Checks OpenAPI file exists
    Merge->>Stainless: Uploads OpenAPI spec (OIDC auth)
    Stainless->>SDK: Updates all client SDKs
    Merge->>GH: Posts merge status

Loading

[cubic-dev-ai]

No issues found across 1 file

Architecture diagram

sequenceDiagram
    participant Dev as Developer
    participant GHA as GitHub Actions
    participant Stainless as Stainless API

    Note over Dev,Stainless: NEW: Stainless CI Workflow

    alt PR Opened / Updated (Preview Flow)
        Dev->>GHA: Push changes to openapi.v3.yaml
        GHA->>GHA: NEW: Validate Config (ORG, PROJECT vars)
        
        alt Config Missing / Spec Missing
            GHA-->>Dev: Fail Job (Exit 1)
        else Config Valid
            GHA->>Stainless: NEW: Authenticate (OIDC)
            GHA->>Stainless: NEW: Upload Spec (preview@v1)
            Note right of Stainless: Generates SDK previews<br/>without publishing
            Stainless-->>GHA: Return Preview Result
            GHA-->>Dev: Update PR Status
        end

    else PR Merged (Publish Flow)
        Dev->>GHA: Merge Pull Request
        GHA->>GHA: NEW: Validate Config
        
        GHA->>Stainless: NEW: Authenticate (OIDC)
        GHA->>Stainless: NEW: Upload Spec (merge@v1)
        Note right of Stainless: Updates internal state<br/>Triggers SDK generation
        Stainless-->>GHA: Success
    end

Loading