Add OpenAPI v3 schema validation to lefthook and CI
Context
The OpenAPI v3 validate rake task had a Rails.env.development? guard that prevented it from running in CI or test environments. This was unnecessary because validation just runs swagger-cli on a static YAML file; it doesn't load Rails or touch the database.
Meanwhile, lefthook and CI only ran check_docs (staleness check) but never validated that the OpenAPI spec was actually valid. This meant an up-to-date but schema-invalid spec could pass all checks undetected.
What's in this MR?
1- Remove the environment guard from the validate task in v3.rake
2- Add a check_if_latest_and_valid composite task (runs check_docs then validate) for v3
3- Update lefthook, scripts/static-analysis, and documentation to use the new composite task for v3
Considerations
1- The validate task is read-only and side-effect-free — removing the guard has no risk even if someone runs it in production
2- The generate task retains its environment guard since it actually loads Rails
3- If yarn / swagger-cli is unavailable, the task fails with a clear abort message
4- check_docs runs first in the composite task, so validation is skipped if the doc is stale (correct behavior — no point validating an outdated spec)
5- The OpenAPI v2 specification does not receive updates because the generated spec in the latest master is invalid, and AFAIU since the plan is to eventually stop generating it, the time investment in fixing it is not justified
How to set up and validate locally
bundle exec rake gitlab:openapi:v3:check_if_latest_and_validMR acceptance checklist
Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Related to #591007 (closed)