Skip to content

feat(ci): trigger publish on release tags, auto-register and prune versions#1293

Merged
lalitadithya merged 2 commits into
NVIDIA:mainfrom
pdmack:pdmack/fern-publish-release-tags
May 18, 2026
Merged

feat(ci): trigger publish on release tags, auto-register and prune versions#1293
lalitadithya merged 2 commits into
NVIDIA:mainfrom
pdmack:pdmack/fern-publish-release-tags

Conversation

@pdmack

@pdmack pdmack commented May 16, 2026

Copy link
Copy Markdown
Collaborator

Summary

Port the AICR publish workflow pattern (NVIDIA/aicr#940) to NVSentinel:

  • Trigger on release tags instead of docs/v*
  • Resolve target tag step with semver validation and workflow_dispatch tag input
  • Auto-register version entries in Fern dropdown via yq, prune to Latest + 3
  • Pre-release tags skip version registration
  • PR-based persistence: registry changes go via peter-evans/create-pull-request after publish succeeds
  • Pre-stamp backup so transient "Latest · vX.Y.Z" isn't persisted
  • Full MDX sanitization in frozen version checkout (escape { } <)
  • Consistent git show-ref for tag verification in both publish and preview-build

Fixes #1291

Type of Change

  • ✨ New feature
  • 🔨 Build/CI

Component(s) Affected

  • Documentation/CI

Testing

  • Manual testing completed
  • No breaking changes (or documented)

Checklist

  • Self-review completed
  • Ready for review

Summary by CodeRabbit

  • New Features

    • Added manual documentation publishing via workflow dispatch with optional tag input
  • Chores

    • Enforced stricter tag validation and existence checks before publishing actions
    • Implemented automatic version registration with intelligent pruning of older docs
    • Switched documentation updates to be created via pull requests for safer publishing
    • Improved documentation content processing with broader markdown escaping and compatibility fixes

Review Change Stack

…rsions

Port the AICR publish workflow pattern to NVSentinel:

- Trigger on release tags (v[0-9]*.[0-9]*.[0-9]*) instead of docs/v*
- Resolve target tag step with semver validation and workflow_dispatch
  tag input for manual re-publishes
- Auto-register version entries in the Fern dropdown via yq
- Prune to Latest + 3 most recent versions (MAX_VERSIONS env var)
- Pre-release tags (containing '-') skip version registration
- PR-based persistence: version registry changes committed via
  peter-evans/create-pull-request AFTER publish succeeds
- Pre-stamp backup so transient "Latest · vX.Y.Z" isn't persisted
- Full MDX sanitization in frozen version checkout (escape { } <)
- Consistent git show-ref for tag verification across both workflows

Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]>
@coderabbitai

coderabbitai Bot commented May 16, 2026

Copy link
Copy Markdown
Contributor

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 89727cec-d868-4912-8fe4-a2caa3b2e2b7

📥 Commits

Reviewing files that changed from the base of the PR and between 944fb51 and bd48db3.

📒 Files selected for processing (2)
  • .github/workflows/fern-docs-preview-build.yml
  • .github/workflows/publish-fern-docs.yml
🚧 Files skipped from review as they are similar to previous changes (2)
  • .github/workflows/fern-docs-preview-build.yml
  • .github/workflows/publish-fern-docs.yml

📝 Walkthrough

Walkthrough

Two GitHub Actions workflows updated: preview-build improves tag checking and markdown escaping for frozen docs; publish workflow adds manual dispatch, semver/tag validation, release gating, per-version archival and sanitization, Latest stamping, pruning, and PR-based persistence.

Changes

Preview Build Enhancement

Layer / File(s) Summary
Tag checking and MD/HTML escaping for preview builds
.github/workflows/fern-docs-preview-build.yml
Tag existence check now uses git show-ref --verify; post-extract markdown processing uses find + xargs + sed to escape {/} and convert < to &lt; across extracted *.md files.

Release Publishing Automation

Layer / File(s) Summary
Dispatch triggering and workflow permissions
.github/workflows/publish-fern-docs.yml
Adds workflow_dispatch with optional tag input and grants pull-requests: write permission for PR creation.
Tag resolution and semver validation
.github/workflows/publish-fern-docs.yml
Adds a resolve step to compute the effective tag for push or dispatch, validate semver (including prerelease), verify tag existence, and output tag and is_release to gate registration.
Version registration and pruning logic
.github/workflows/publish-fern-docs.yml
Updates the yq expression to insert new versions into fern/docs.yml, runs pruning conditioned on is_release, and adjusts pruned-slug extraction for deletions.
Frozen content checkout and Latest stamping
.github/workflows/publish-fern-docs.yml
Archives each tagged docs/ into fern/versions/<version>-content, applies unified escaping for {, }, < across markdown files, stamps a transient "Latest" display name using the GitHub releases API, then continues to Node and Fern CLI setup.
PR-based persistence and registry updates
.github/workflows/publish-fern-docs.yml
Restores the pre-stamped fern/docs.yml and opens a pull request (deterministic branch) including only fern/versions/v*.yml and fern/docs.yml to persist registry changes.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related issues

Possibly related PRs

  • NVIDIA/NVSentinel#1292: Overlapping changes to publish workflow tag handling, version registration, and pruning.
  • NVIDIA/NVSentinel#1285: Related edits to preview workflow frozen-content checkout and MD escaping behavior.
  • NVIDIA/NVSentinel#1290: Similar modifications to the preview-build "Checkout frozen version content" post-processing for MDX fixes.

Suggested reviewers

  • lalitadithya

Poem

🐰 I hopped through tags and braided docs with care,

Escaped the braces and turned < into flair,
I stamped "Latest" briefly, then tucked it away,
Opened a PR so changes could stay —
A tiny rabbit's tidy publish bouquet.

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title accurately summarizes the main changes: triggering publish on release tags with auto-registration and pruning of Fern versions.
Linked Issues check ✅ Passed The pull request implements all coding requirements from issue #1291: semver validation, tag existence checks, auto-registration via yq, N+3 pruning, pre-release skip logic, PR-based persistence, pre-stamp backup, MDX sanitization, and consistent git show-ref verification.
Out of Scope Changes check ✅ Passed All changes are directly aligned with the requirements from issue #1291: publish workflow trigger logic, version registration, pruning, and MDX sanitization in both workflows modified.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Comment @coderabbitai help to get the list of available commands and usage tips.

@github-actions

Copy link
Copy Markdown
Contributor

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🧹 Nitpick comments (1)
.github/workflows/publish-fern-docs.yml (1)

167-167: 💤 Low value

Consider using gh api for consistency with the resolve step.

Line 68 uses gh release view with the authenticated GH_TOKEN, while this line uses an unauthenticated curl call. Using gh api would be more consistent and avoids potential rate-limit issues on the unauthenticated endpoint.

♻️ Suggested refactor
-          VERSION=$(curl -sf https://api.github.com/repos/${{ github.repository }}/releases/latest | jq -r .tag_name || true)
+          VERSION=$(gh api repos/${{ github.repository }}/releases/latest --jq .tag_name 2>/dev/null || true)

Note: You'll need to add GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} to the step's env if using gh api.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/publish-fern-docs.yml at line 167, Replace the
unauthenticated curl call that sets VERSION with a GitHub CLI call to use the
authenticated token; specifically update the command that assigns VERSION (the
line using VERSION=$(curl -sf https://api.github.com/repos/${{ github.repository
}}/releases/latest | jq -r .tag_name || true)) to use gh api repos/${{
github.repository }}/releases/latest --jq .tag_name (or equivalent gh api
invocation), and ensure the step defines GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
in env so the gh CLI call is authenticated and consistent with the earlier use
of gh release view.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/workflows/fern-docs-preview-build.yml:
- Around line 72-75: The xargs invocation that pipes find results into sed (the
command using "find \"fern/versions/${version}-content\" -name '*.md' -print0 |
xargs -0 sed -i ...") will call sed with no arguments when there are no matches;
update the xargs call to include the -r flag so xargs does nothing if there is
no input (preventing sed from running and avoiding CI failure under set -eo
pipefail). Keep the rest of the sed options unchanged.

---

Nitpick comments:
In @.github/workflows/publish-fern-docs.yml:
- Line 167: Replace the unauthenticated curl call that sets VERSION with a
GitHub CLI call to use the authenticated token; specifically update the command
that assigns VERSION (the line using VERSION=$(curl -sf
https://api.github.com/repos/${{ github.repository }}/releases/latest | jq -r
.tag_name || true)) to use gh api repos/${{ github.repository }}/releases/latest
--jq .tag_name (or equivalent gh api invocation), and ensure the step defines
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} in env so the gh CLI call is authenticated
and consistent with the earlier use of gh release view.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 9054ff08-bfba-4c92-aa57-715dcdbeba7e

📥 Commits

Reviewing files that changed from the base of the PR and between 41da64c and 944fb51.

📒 Files selected for processing (2)
  • .github/workflows/fern-docs-preview-build.yml
  • .github/workflows/publish-fern-docs.yml

Comment thread .github/workflows/fern-docs-preview-build.yml Outdated
- Add -r to xargs in frozen checkout so sed doesn't hang on empty input
- Switch stamp step from unauthenticated curl to gh api for consistency
  with the resolve step and to avoid rate-limit issues

Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]>
@lalitadithya lalitadithya merged commit 3d4230d into NVIDIA:main May 18, 2026
52 checks passed
@pdmack pdmack deleted the pdmack/fern-publish-release-tags branch May 19, 2026 13:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

[Feature]: Automate Fern version registration on release tags with N-3 pruning

2 participants