DroneDeploy · API Governance Rules

DroneDeploy API Rules

Spectral linting rules defining API design standards and conventions for DroneDeploy.

5 Rules error 3 warn 2
View Rules File View on GitHub

Rule Categories

dronedeploy

Rules

error
dronedeploy-graphql-single-endpoint
DroneDeploy exposes a single GraphQL endpoint at /graphql; no other REST paths should appear.
$.paths
error
dronedeploy-graphql-post-only
The /graphql endpoint must only support POST.
$.paths['/graphql']
error
dronedeploy-bearer-auth
Security must use BearerAuth (Authorization Bearer API key).
$.components.securitySchemes
warn
dronedeploy-operation-summary-title-case
All operation summaries should be Title Case and begin with "DroneDeploy".
$.paths..post.summary
warn
dronedeploy-request-includes-graphql-query
Every operation's request body should reference the GraphQLRequest schema.
$.paths..post.requestBody.content['application/json'].schema['$ref']

Spectral Ruleset

Raw ↑ 
extends:
  - [spectral:oas, recommended]

documentationUrl: https://github.com/api-evangelist/drone-deploy

rules:
  dronedeploy-graphql-single-endpoint:
    description: DroneDeploy exposes a single GraphQL endpoint at /graphql; no other REST paths should appear.
    severity: error
    given: $.paths
    then:
      function: schema
      functionOptions:
        schema:
          type: object
          required:
            - /graphql
          maxProperties: 1

  dronedeploy-graphql-post-only:
    description: The /graphql endpoint must only support POST.
    severity: error
    given: $.paths['/graphql']
    then:
      function: schema
      functionOptions:
        schema:
          type: object
          required:
            - post
          properties:
            get: { not: {} }
            put: { not: {} }
            delete: { not: {} }
            patch: { not: {} }

  dronedeploy-bearer-auth:
    description: Security must use BearerAuth (Authorization Bearer API key).
    severity: error
    given: $.components.securitySchemes
    then:
      field: BearerAuth
      function: truthy

  dronedeploy-operation-summary-title-case:
    description: All operation summaries should be Title Case and begin with "DroneDeploy".
    severity: warn
    given: $.paths..post.summary
    then:
      function: pattern
      functionOptions:
        match: '^DroneDeploy(\s+[A-Z][a-zA-Z0-9]*)+$|^Execute GraphQL Operation$'

  dronedeploy-request-includes-graphql-query:
    description: Every operation's request body should reference the GraphQLRequest schema.
    severity: warn
    given: $.paths..post.requestBody.content['application/json'].schema['$ref']
    then:
      function: pattern
      functionOptions:
        match: '#/components/schemas/GraphQLRequest$'