arazzo: 1.0.1
info:
  title: GitLab Approve a Pending Project Access Request
  summary: List a project's access requests and approve the first pending requester.
  description: >-
    A membership onboarding flow. The workflow lists the pending access requests
    for a project, picks the first requester, and approves them at the supplied
    access level so they become a project member. Every step spells out its
    request inline so the flow can be read and executed without opening the
    underlying OpenAPI description.
  version: 1.0.0
sourceDescriptions:
- name: gitlabProjectsApi
  url: ../openapi/gitlab-api-v4-projects-openapi-original.yml
  type: openapi
workflows:
- workflowId: approve-project-access-request
  summary: Approve the first pending access request for a project.
  description: >-
    Reads the project's access requests, captures the first requester id, and
    approves them at the requested access level.
  inputs:
    type: object
    required:
    - privateToken
    - projectId
    properties:
      privateToken:
        type: string
        description: GitLab Private-Token used to authenticate the API calls.
      projectId:
        type: string
        description: The ID or URL-encoded path of the project.
      accessLevel:
        type: integer
        description: A valid access level (30 is the Developer role).
        default: 30
  steps:
  - stepId: listAccessRequests
    description: List the pending access requests for the project.
    operationId: getApiV4ProjectsIdAccessRequests
    parameters:
    - name: Private-Token
      in: header
      value: $inputs.privateToken
    - name: id
      in: path
      value: $inputs.projectId
    successCriteria:
    - condition: $statusCode == 200
    outputs:
      requesterId: $response.body#/0/id
      requesterName: $response.body#/0/name
  - stepId: approveRequest
    description: Approve the first requester at the supplied access level.
    operationId: putApiV4ProjectsIdAccessRequestsUserIdApprove
    parameters:
    - name: Private-Token
      in: header
      value: $inputs.privateToken
    - name: id
      in: path
      value: $inputs.projectId
    - name: user_id
      in: path
      value: $steps.listAccessRequests.outputs.requesterId
    requestBody:
      contentType: application/json
      payload:
        access_level: $inputs.accessLevel
    successCriteria:
    - condition: $statusCode == 200
    outputs:
      approvedUserId: $response.body#/id
      approvedUsername: $response.body#/username
      state: $response.body#/state
  outputs:
    approvedUserId: $steps.approveRequest.outputs.approvedUserId
    approvedUsername: $steps.approveRequest.outputs.approvedUsername