feat(ci): trigger publish on release tags, auto-register and prune versions#1293
Conversation
…rsions
Port the AICR publish workflow pattern to NVSentinel:
- Trigger on release tags (v[0-9]*.[0-9]*.[0-9]*) instead of docs/v*
- Resolve target tag step with semver validation and workflow_dispatch
tag input for manual re-publishes
- Auto-register version entries in the Fern dropdown via yq
- Prune to Latest + 3 most recent versions (MAX_VERSIONS env var)
- Pre-release tags (containing '-') skip version registration
- PR-based persistence: version registry changes committed via
peter-evans/create-pull-request AFTER publish succeeds
- Pre-stamp backup so transient "Latest · vX.Y.Z" isn't persisted
- Full MDX sanitization in frozen version checkout (escape { } <)
- Consistent git show-ref for tag verification across both workflows
Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]>
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Path: .coderabbit.yaml Review profile: CHILL Plan: Enterprise Run ID: 📒 Files selected for processing (2)
🚧 Files skipped from review as they are similar to previous changes (2)
📝 WalkthroughWalkthroughTwo GitHub Actions workflows updated: preview-build improves tag checking and markdown escaping for frozen docs; publish workflow adds manual dispatch, semver/tag validation, release gating, per-version archival and sanitization, Latest stamping, pruning, and PR-based persistence. ChangesPreview Build Enhancement
Release Publishing Automation
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~25 minutes Possibly related issues
Possibly related PRs
Suggested reviewers
Poem
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Comment |
There was a problem hiding this comment.
Actionable comments posted: 1
🧹 Nitpick comments (1)
.github/workflows/publish-fern-docs.yml (1)
167-167: 💤 Low valueConsider using
gh apifor consistency with the resolve step.Line 68 uses
gh release viewwith the authenticatedGH_TOKEN, while this line uses an unauthenticatedcurlcall. Usinggh apiwould be more consistent and avoids potential rate-limit issues on the unauthenticated endpoint.♻️ Suggested refactor
- VERSION=$(curl -sf https://api.github.com/repos/${{ github.repository }}/releases/latest | jq -r .tag_name || true) + VERSION=$(gh api repos/${{ github.repository }}/releases/latest --jq .tag_name 2>/dev/null || true)Note: You'll need to add
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}to the step's env if usinggh api.🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In @.github/workflows/publish-fern-docs.yml at line 167, Replace the unauthenticated curl call that sets VERSION with a GitHub CLI call to use the authenticated token; specifically update the command that assigns VERSION (the line using VERSION=$(curl -sf https://api.github.com/repos/${{ github.repository }}/releases/latest | jq -r .tag_name || true)) to use gh api repos/${{ github.repository }}/releases/latest --jq .tag_name (or equivalent gh api invocation), and ensure the step defines GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} in env so the gh CLI call is authenticated and consistent with the earlier use of gh release view.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In @.github/workflows/fern-docs-preview-build.yml:
- Around line 72-75: The xargs invocation that pipes find results into sed (the
command using "find \"fern/versions/${version}-content\" -name '*.md' -print0 |
xargs -0 sed -i ...") will call sed with no arguments when there are no matches;
update the xargs call to include the -r flag so xargs does nothing if there is
no input (preventing sed from running and avoiding CI failure under set -eo
pipefail). Keep the rest of the sed options unchanged.
---
Nitpick comments:
In @.github/workflows/publish-fern-docs.yml:
- Line 167: Replace the unauthenticated curl call that sets VERSION with a
GitHub CLI call to use the authenticated token; specifically update the command
that assigns VERSION (the line using VERSION=$(curl -sf
https://api.github.com/repos/${{ github.repository }}/releases/latest | jq -r
.tag_name || true)) to use gh api repos/${{ github.repository }}/releases/latest
--jq .tag_name (or equivalent gh api invocation), and ensure the step defines
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} in env so the gh CLI call is authenticated
and consistent with the earlier use of gh release view.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Enterprise
Run ID: 9054ff08-bfba-4c92-aa57-715dcdbeba7e
📒 Files selected for processing (2)
.github/workflows/fern-docs-preview-build.yml.github/workflows/publish-fern-docs.yml
- Add -r to xargs in frozen checkout so sed doesn't hang on empty input - Switch stamp step from unauthenticated curl to gh api for consistency with the resolve step and to avoid rate-limit issues Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]>
Summary
Port the AICR publish workflow pattern (NVIDIA/aicr#940) to NVSentinel:
docs/v*workflow_dispatchtag inputyq, prune to Latest + 3peter-evans/create-pull-requestafter publish succeeds{}<)git show-reffor tag verification in both publish and preview-buildFixes #1291
Type of Change
Component(s) Affected
Testing
Checklist
Summary by CodeRabbit
New Features
Chores