CI/CD Integration¶
Use odcs or pyodcs in continuous integration to block merges when data contracts are invalid.
Exit codes¶
| Code | Meaning | CI action |
|---|---|---|
0 |
Valid | Pass |
1 |
Validation errors | Fail |
2 |
Parse or I/O failure | Fail |
Cross-file and FQN relationships¶
Important: Single-file odcs validate contract.yaml does not resolve fully-qualified relationship endpoints (provider-contract/schema/property) against other contracts. For consumers with FQN references, use one of:
# Explicit dependency
odcs validate consumer.yaml --dep provider.yaml
# Include directory (non-recursive scan)
odcs validate consumer.yaml --include ./contracts/
# Local registry (recommended for monorepos)
odcs registry index ./contracts/
odcs validate consumer.yaml --registry ./contracts/
See examples/registry/ and Local registry.
Untrusted input (PR validation)¶
Treat pull-request YAML as potentially hostile:
- Prefer JSON for untrusted contributions when possible
- Enforce a 16 MiB file size limit at ingress (before
odcs validate) - Run validation in an isolated CI job with memory limits
- YAML anchors/aliases are not fully bounded — see SECURITY.md
# Example: cap wall time for large registry index jobs
timeout 300 odcs registry index ./contracts/
Set ODCS_VERBOSE=1 for per-file index progress on stderr (does not affect stdout JSON).
Validate a single contract¶
odcs validate contracts/customer.yaml || exit 1
JSON output for structured logging:
odcs validate contracts/customer.yaml --json
Validate all contracts in a directory¶
#!/bin/sh
set -e
failed=0
for f in contracts/*.{yaml,yml,json}; do
[ -f "$f" ] || continue
if ! odcs validate "$f" --json > /dev/null; then
echo "INVALID: $f"
odcs diagnostics "$f"
failed=1
fi
done
exit $failed
GitHub Actions¶
name: Validate ODCS contracts
on:
pull_request:
paths:
- 'contracts/**'
push:
branches: [main]
jobs:
validate:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Install odcs
run: cargo install odcs --version 0.9.1 --locked
- name: Index contract registry
run: odcs registry index ./contracts/
- name: Validate contracts
run: |
for f in contracts/*.{yaml,yml,json}; do
[ -f "$f" ] || continue
echo "Validating $f"
odcs validate "$f" --registry ./contracts/ --json
done
Python alternative¶
- uses: actions/setup-python@v5
with:
python-version: '3.12'
- run: pip install pyodcs==0.9.1
- run: pyodcs validate contracts/customer.yaml
Pre-commit hook¶
Add to .pre-commit-config.yaml:
repos:
- repo: local
hooks:
- id: odcs-validate
name: Validate ODCS contracts
entry: odcs validate
language: system
files: \.(yaml|yml|json)$
pass_filenames: true
Requires odcs on PATH (cargo install odcs).
Notes¶
- Pin the tool version in CI for reproducibility:
cargo install odcs --version 0.9.1 --lockedandpip install pyodcs==0.9.1. - Do not run
odcs registry indexin parallel against the same directory — index writes are atomic but concurrent jobs can race. - See Release status for current published versions.
- See diagnostics.md for routing on
odcs:*error codes.