feat: Implement comprehensive API compliance verification in CI

.github/workflows/validate-models.yml

@@ -0,0 +1,51 @@
+name: Validate API Compliance
+
+on:
+  push:
+    branches: ["main"]
+  pull_request:
+    branches: ["main"]
+  workflow_dispatch:
+
+permissions:
+  contents: read
+
+jobs:
+  check-models:
+    runs-on: ubuntu-latest
+
+    env:
+      OPENAPI_URL: https://raw.githubusercontent.com/CIRFMF/ksef-docs/main/open-api.json
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up Python 3.12
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.12"
+
+      - name: Download official open-api.json
+        run: |
+          curl -L -o open-api.json "${{ env.OPENAPI_URL }}"
+
+      - name: Generate models
+        run: |
+          # Use the downloaded open-api.json as input
+          python tools/generate_openapi_models.py --input open-api.json --output src/ksef_client/openapi_models.py
+
+      - name: Verify no changes in models
+        run: |
+          # Check if the generated file differs from the committed file
+          if ! git diff --exit-code src/ksef_client/openapi_models.py; then
+            echo "::group::Diff"
+            git diff src/ksef_client/openapi_models.py
+            echo "::endgroup::"
+            echo "::error::Generated models do not match the official open-api.json from ${{ env.OPENAPI_URL }}. Please run generation locally with the latest spec and commit changes."
+            exit 1
+          fi
+
+      - name: Check API Coverage
+        run: |
+          # Verify that all OpenAPI endpoints are implemented in the client code
+          python tools/check_coverage.py --openapi open-api.json --src src/ksef_client/clients

src/ksef_client/clients/certificates.py

@@ -67,6 +67,7 @@ def revoke_certificate(
             f"/certificates/{certificate_serial_number}/revoke",
             json=request_payload,
             access_token=access_token,
+            expected_status={204},
         )
 
 
@@ -134,4 +135,5 @@ async def revoke_certificate(
             f"/certificates/{certificate_serial_number}/revoke",
             json=request_payload,
             access_token=access_token,
+            expected_status={204},
         )

src/ksef_client/clients/security.py

@@ -9,27 +9,7 @@ class SecurityClient(BaseApiClient):
     def get_public_key_certificates(self) -> Any:
         return self._request_json("GET", "/security/public-key-certificates", skip_auth=True)
 
-    def get_public_key_pem(self) -> str:
-        content = self._request_bytes(
-            "GET",
-            "/public-keys/publicKey.pem",
-            headers={"Accept": "application/x-pem-file"},
-            skip_auth=True,
-            expected_status={200},
-        )
-        return content.decode("utf-8")
-
 
 class AsyncSecurityClient(AsyncBaseApiClient):
     async def get_public_key_certificates(self) -> Any:
         return await self._request_json("GET", "/security/public-key-certificates", skip_auth=True)
-
-    async def get_public_key_pem(self) -> str:
-        content = await self._request_bytes(
-            "GET",
-            "/public-keys/publicKey.pem",
-            headers={"Accept": "application/x-pem-file"},
-            skip_auth=True,
-            expected_status={200},
-        )
-        return content.decode("utf-8")