Skip to content

chore: switch back to reusable docs CI workflow#157

Merged
2bndy5 merged 2 commits intomainfrom
reuse-docs-ci
Sep 7, 2025
Merged

chore: switch back to reusable docs CI workflow#157
2bndy5 merged 2 commits intomainfrom
reuse-docs-ci

Conversation

@2bndy5
Copy link
Contributor

@2bndy5 2bndy5 commented Sep 7, 2025
edited by coderabbitai bot
Loading

now that it uses uv in reusable workflow

see also cpp-linter/.github#52

Summary by CodeRabbit

  • Chores
    • Enabled documentation workflow to run on pull requests targeting main.
    • Consolidated docs build and deploy into a single job that invokes a reusable workflow.
    • Removed separate build and deploy steps to simplify CI.
    • Set explicit job permissions to allow GitHub Pages deployment and OIDC authentication.
    • Preserved docs path configuration while delegating build/deploy logic externally.
    • Scoped pre-commit job token to read repository contents.

@2bndy5
chore: switch back to reusable docs CI workflow
ac4cc45 
now that it uses uv in reusable workflow

see also cpp-linter/.github#52
@2bndy5 2bndy5 added the documentation Improvements or additions to documentation label Sep 7, 2025
@coderabbitai
Copy link
Contributor

coderabbitai bot commented Sep 7, 2025
edited
Loading

Walkthrough

Replaces inline build/deploy jobs in .github/workflows/docs.yml with a single docs job that calls a reusable sphinx.yml workflow, adds pull_request trigger for main, and sets per-job permissions (pages: write, id-token: write). Also adds a per-job contents: read permission to the pre-commit job in .github/workflows/pre-commit.yml.

Changes

Cohort / File(s) Change summary
Docs workflow refactor
\.github/workflows/docs.yml		 - Add pull_request trigger for main
- Remove build and deploy jobs and their steps/conditions
- Add docs job using reusable workflow: uses: cpp-linter/.github/.github/workflows/sphinx.yml@main
- Define per-job permissions: pages: write, id-token: write
- Keep PATH_TO_DOCS env; build/deploy logic delegated to reusable workflow
Pre-commit job permissions
\.github/workflows/pre-commit.yml		 - Add per-job permissions block in the pre-commit job setting contents: read (top-level permissions: {} unchanged)

Sequence Diagram(s)

sequenceDiagram
    autonumber
    actor Dev as Developer
    participant GH as GitHub Actions
    participant WF as docs workflow (.github/workflows/docs.yml)
    participant Reuse as Reusable sphinx.yml
    participant Pages as GitHub Pages

    Dev->>GH: push to main or open PR (main)
    GH->>WF: Trigger workflow (push / pull_request)
    WF->>Reuse: Run docs job via uses: cpp-linter/.../sphinx.yml@main
    note right of WF: Job permissions: pages: write, id-token: write

    Reuse->>Reuse: Build Sphinx docs (uses PATH_TO_DOCS)
    alt branch == main
        Reuse->>Pages: Deploy using Pages + OIDC
    else not main
        Reuse-->>GH: Report build result (no deploy)
    end
Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

✨ Finishing Touches
🧪 Generate unit tests
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch reuse-docs-ci

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

coderabbitai[bot]
coderabbitai bot reviewed Sep 7, 2025
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

🧹 Nitpick comments (2)
.github/workflows/docs.yml (2)

10-13: Confirm PATH_TO_DOCS is actually consumed by the reusable workflow.
Reusable workflows don’t automatically inherit arbitrary env from callers. If the called sphinx.yml expects an input (e.g., path_to_docs), pass it via with:, or drop this env if unused.

If the reusable workflow accepts an input for the path, update like:

 jobs:
   docs:
     permissions:
       pages: write
       id-token: write
-    uses: cpp-linter/.github/.github/workflows/sphinx.yml@main
+    uses: cpp-linter/.github/.github/workflows/sphinx.yml@main
+    with:
+      path_to_docs: docs/_build/html  # adjust to the actual input name

To verify the expected interface, I can look up the workflow’s inputs and adapt this PR accordingly—just confirm the repo/branch you want me to check.

15-21: Optional: add concurrency to auto-cancel superseded runs.
Saves minutes on rapid pushes to the same branch.

You can add at the workflow top level:

 on:
   push:
     branches: [main]
   pull_request:
     branches: [main]
   workflow_dispatch:
 
+concurrency:
+  group: docs-${{ github.ref }}
+  cancel-in-progress: true
📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 5f6473e and ac4cc45.

📒 Files selected for processing (1)
  • .github/workflows/docs.yml (1 hunks)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)
  • GitHub Check: Codacy Static Code Analysis
🔇 Additional comments (1)
.github/workflows/docs.yml (1)

6-7: Nice: CI now runs on PRs targeting main.
This will catch doc build issues before merge.

coderabbitai[bot]
coderabbitai bot reviewed Sep 7, 2025
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 0

🧹 Nitpick comments (1)
.github/workflows/pre-commit.yml (1)

13-14: Per-job contents: read is correct given top-level permissions: {} — optional alignment with your repo-level preference

With permissions: {} at the workflow root, the reusable workflow would have no token scopes unless granted here; adding contents: read at the job is the least-privilege fix. Noting your prior preference to manage contents: read via repository defaults, you could alternatively drop the top-level permissions: {} (and this per-job block) to let repo settings apply. Pick one model to avoid confusion.

Do you want to keep the hardened model (root {} + per-job grants) consistently across workflows, or revert to repo-level defaults for simplicity?

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between ac4cc45 and c5d06bb.

📒 Files selected for processing (1)
  • .github/workflows/pre-commit.yml (1 hunks)
🧰 Additional context used
🧠 Learnings (1)
📚 Learning: 2025-09-04T03:33:27.578Z 
Learnt from: 2bndy5
PR: cpp-linter/cpp-linter#150
File: .github/workflows/release.yml:0-0
Timestamp: 2025-09-04T03:33:27.578Z
Learning: In GitHub workflows, `contents: read` permissions can be controlled via repository settings for `github.token` access rather than explicitly defining it in the workflow permissions block, as preferred by user 2bndy5.

Applied to files:

  • .github/workflows/pre-commit.yml
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)
  • GitHub Check: Codacy Static Code Analysis

@2bndy5 2bndy5 merged commit 2fd7d89 into main Sep 7, 2025
14 checks passed
@2bndy5 2bndy5 deleted the reuse-docs-ci branch September 7, 2025 20:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

Assignees

No one assigned

Labels

documentation Improvements or additions to documentation

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@2bndy5