Gitea · API Governance Rules

Gitea API Rules

Spectral linting rules defining API design standards and conventions for Gitea.

16 Rules error 4 warn 9
View Rules File View on GitHub

Rule Categories

gitea

Rules

error
gitea-info-contact
API contact information must be present.
$.info
warn
gitea-info-license
API license must be declared (Gitea is MIT).
$.info
error
gitea-server-https
Production servers must use HTTPS.
$.servers[*].url
warn
gitea-base-path-versioned
Base path must include /api/v1 to match Gitea's documented API surface.
$.servers[*].url
error
gitea-auth-required
Security schemes must be declared (Gitea supports BasicAuth, Token, AccessToken, AuthorizationHeaderToken, TOTPHeader, SudoHeader, SudoParam).
$.components.securitySchemes
error
gitea-operation-id
Every operation must declare a unique operationId (camelCase).
$.paths[*][get,post,put,patch,delete]
warn
gitea-operation-id-camelcase
operationId must be camelCase.
$.paths[*][get,post,put,patch,delete].operationId
warn
gitea-operation-tags
Every operation must declare at least one tag (admin, repository, issue, organization, user, package, notification, miscellaneous, settings).
$.paths[*][get,post,put,patch,delete]
warn
gitea-operation-summary
Every operation must include a Title Case summary.
$.paths[*][get,post,put,patch,delete]
hint
gitea-summary-title-case
Operation summaries should be Title Case.
$.paths[*][get,post,put,patch,delete].summary
warn
gitea-error-responses
Mutating operations should declare 4xx error responses.
$.paths[*][post,put,patch,delete].responses
hint
gitea-list-pagination
List operations should support page and limit query parameters (Gitea pagination convention).
$.paths[*].get.parameters[?(@.in == 'query')].name
warn
gitea-path-naming
Path segments must be lowercase and use snake_case for static segments and {camelCase} for parameters; Gitea uses lowercase REST resources (e.g. /repos, /orgs, /users).
$.paths
warn
gitea-no-trailing-slash
Paths must not end with a trailing slash.
$.paths
warn
gitea-schema-required
Definition / schema fields with required arrays should reference real properties only.
$.components.schemas[*]
hint
gitea-deprecated-marked
Deprecated operations should be flagged with x-deprecated or deprecated:true and have a replacement note in description.
$.paths[*][get,post,put,patch,delete][?(@.deprecated == true)]

Spectral Ruleset

Raw ↑ 
extends:
  - spectral:oas

# Spectral linting rules for the Gitea REST API.
# Captures conventions observed in the Gitea Swagger 2.0 / OpenAPI 3.0
# specification and Gitea's documented best practices.
rules:
  gitea-info-contact:
    description: API contact information must be present.
    severity: error
    given: "$.info"
    then:
      field: contact
      function: truthy

  gitea-info-license:
    description: API license must be declared (Gitea is MIT).
    severity: warn
    given: "$.info"
    then:
      field: license
      function: truthy

  gitea-server-https:
    description: Production servers must use HTTPS.
    severity: error
    given: "$.servers[*].url"
    then:
      function: pattern
      functionOptions:
        match: "^https://"

  gitea-base-path-versioned:
    description: Base path must include /api/v1 to match Gitea's documented API surface.
    severity: warn
    given: "$.servers[*].url"
    then:
      function: pattern
      functionOptions:
        match: "/api/v1"

  gitea-auth-required:
    description: Security schemes must be declared (Gitea supports BasicAuth, Token, AccessToken, AuthorizationHeaderToken, TOTPHeader, SudoHeader, SudoParam).
    severity: error
    given: "$.components.securitySchemes"
    then:
      function: truthy

  gitea-operation-id:
    description: Every operation must declare a unique operationId (camelCase).
    severity: error
    given: "$.paths[*][get,post,put,patch,delete]"
    then:
      field: operationId
      function: truthy

  gitea-operation-id-camelcase:
    description: operationId must be camelCase.
    severity: warn
    given: "$.paths[*][get,post,put,patch,delete].operationId"
    then:
      function: pattern
      functionOptions:
        match: "^[a-z][a-zA-Z0-9]*$"

  gitea-operation-tags:
    description: Every operation must declare at least one tag (admin, repository, issue, organization, user, package, notification, miscellaneous, settings).
    severity: warn
    given: "$.paths[*][get,post,put,patch,delete]"
    then:
      field: tags
      function: schema
      functionOptions:
        schema:
          type: array
          minItems: 1

  gitea-operation-summary:
    description: Every operation must include a Title Case summary.
    severity: warn
    given: "$.paths[*][get,post,put,patch,delete]"
    then:
      field: summary
      function: truthy

  gitea-summary-title-case:
    description: Operation summaries should be Title Case.
    severity: hint
    given: "$.paths[*][get,post,put,patch,delete].summary"
    then:
      function: pattern
      functionOptions:
        match: "^[A-Z]"

  gitea-error-responses:
    description: Mutating operations should declare 4xx error responses.
    severity: warn
    given: "$.paths[*][post,put,patch,delete].responses"
    then:
      function: schema
      functionOptions:
        schema:
          type: object
          anyOf:
            - required: [ "400" ]
            - required: [ "401" ]
            - required: [ "403" ]
            - required: [ "404" ]
            - required: [ "422" ]

  gitea-list-pagination:
    description: List operations should support page and limit query parameters (Gitea pagination convention).
    severity: hint
    given: "$.paths[*].get.parameters[?(@.in == 'query')].name"
    then:
      function: enumeration
      functionOptions:
        values:
          - page
          - limit
          - q
          - state
          - type
          - sort
          - order
          - since
          - before
          - owner
          - repo
          - org
          - user
          - team
          - kind
          - mode
          - access_token
          - sudo
          - private
          - includeDesc
          - all
          - tags
          - exclusive
          - include
          - milestones
          - keyword
          - first_only

  gitea-path-naming:
    description: Path segments must be lowercase and use snake_case for static segments and {camelCase} for parameters; Gitea uses lowercase REST resources (e.g. /repos, /orgs, /users).
    severity: warn
    given: "$.paths"
    then:
      function: pattern
      functionOptions:
        match: "^/.*"

  gitea-no-trailing-slash:
    description: Paths must not end with a trailing slash.
    severity: warn
    given: "$.paths"
    then:
      function: pattern
      functionOptions:
        notMatch: ".+/$"

  gitea-schema-required:
    description: Definition / schema fields with required arrays should reference real properties only.
    severity: warn
    given: "$.components.schemas[*]"
    then:
      function: truthy
      field: type

  gitea-deprecated-marked:
    description: Deprecated operations should be flagged with x-deprecated or deprecated:true and have a replacement note in description.
    severity: hint
    given: "$.paths[*][get,post,put,patch,delete][?(@.deprecated == true)]"
    then:
      field: description
      function: truthy