Skip to content

Update doc-sync #1763

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
tarrencev merged 1 commit into from
Jun 17, 2025
Merged

Update doc-sync #1763

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
66 changes: 53 additions & 13 deletions .github/workflows/docs-sync.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@
run: |
# Check if changes require documentation updates
NEEDS_DOCS_UPDATE=false

# Define patterns that typically require docs updates
DOCS_PATTERNS=(
"^src/.*\.ts$"
Expand All @@ -49,7 +49,7 @@
"^api/"
"^schema/"
)

while IFS= read -r file; do
for pattern in "${DOCS_PATTERNS[@]}"; do
if [[ $file =~ $pattern ]]; then
Expand All @@ -58,7 +58,7 @@
fi
done
done <<< "${{ steps.changed-files.outputs.changed_files }}"

echo "needs_update=$NEEDS_DOCS_UPDATE" >> $GITHUB_OUTPUT
echo "Files that may need docs updates: ${{ steps.changed-files.outputs.changed_files }}"

Expand All @@ -70,13 +70,13 @@
token: ${{ secrets.CREATE_PR_TOKEN }}
path: docs-repo

- name: Analyze changes and create docs PR
- name: Analyze changes and update docs
if: steps.check-docs.outputs.needs_update == 'true'
uses: anthropics/claude-code-action@beta

Check warning

Code scanning / CodeQL

Unpinned tag for a non-immutable Action in workflow Medium

Unpinned 3rd party Action 'doc-sync' step
Uses Step
Loading
uses 'anthropics/claude-code-action' with ref 'beta', not a pinned commit hash
with:
anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
direct_prompt: |
I need you to analyze the changes in this controller repository PR and determine if the documentation in the cartridge-gg/docs repository needs to be updated.
I need you to analyze the changes in this controller repository PR and update the documentation in the cartridge-gg/docs repository accordingly.

**PR Information:**
- Title: ${{ github.event.pull_request.title }}
Expand All @@ -88,25 +88,65 @@
2. Check the docs-repo directory to see what documentation currently exists
3. Determine if any existing documentation needs updates or if new documentation should be created
4. If updates are needed:
- Create or update the appropriate documentation files
- Create or update the appropriate documentation files in the docs-repo directory
- Ensure the documentation accurately reflects the current state of the controller
- Follow the existing documentation style and structure
- Create a new branch in the docs repo
- Commit the changes with a descriptive message
- Create a pull request in the docs repository
- Focus on user-facing changes, API changes, new features, or breaking changes

**Important guidelines:**
- Only create documentation updates if they are actually needed
- Focus on user-facing changes, API changes, new features, or breaking changes
- Don't document internal implementation details unless they affect usage
- If no documentation updates are needed, simply state that and exit
- DO NOT create git branches, commits, or PRs - just update the files

The docs repository is checked out in the `docs-repo` directory. Please analyze the controller changes and update the documentation files accordingly.

allowed_tools: "Read,Write,Edit,MultiEdit,Glob,Grep"

- name: Create branch and commit changes
if: steps.check-docs.outputs.needs_update == 'true'
working-directory: docs-repo
run: |
# Configure git
git config user.name "github-actions[bot]"
git config user.email "github-actions[bot]@users.noreply.github.com"

# Check if there are any changes
if [ -n "$(git status --porcelain)" ]; then
# Create new branch
BRANCH_NAME="docs-update-$(date +%s)"
git checkout -b "$BRANCH_NAME"

# Add and commit changes
git add .
git commit -m "docs: Update documentation for controller PR #${{ github.event.pull_request.number }}

The docs repository is checked out in the `docs-repo` directory. Please analyze the controller changes and update the documentation accordingly.
Updates documentation to reflect changes made in:
${{ github.event.pull_request.title }}

Check warning

Code scanning / CodeQL

Code injection Medium

Potential code injection in
${ github.event.pull_request.title }
Loading
, which may be controlled by an external user.

Copilot Autofix

AI 9 months ago

To fix the issue, we will follow the recommended best practices for preventing code injection in GitHub Actions workflows. Specifically, we will:

  1. Assign the value of ${{ github.event.pull_request.title }} to an intermediate environment variable.
  2. Use the environment variable in the shell script with shell-safe syntax ("$VAR").

This approach ensures that the user-controlled input is treated as a literal string and not executed as a command.

Suggested changeset 1
.github/workflows/docs-sync.yml

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/.github/workflows/docs-sync.yml b/.github/workflows/docs-sync.yml
--- a/.github/workflows/docs-sync.yml
+++ b/.github/workflows/docs-sync.yml
@@ -124,3 +124,3 @@
             Updates documentation to reflect changes made in:
-            ${{ github.event.pull_request.title }}
+            $PR_TITLE
             
@@ -137,3 +137,3 @@
             **Original PR Details:**
-            - Title: ${{ github.event.pull_request.title }}
+            - Title: $PR_TITLE
             - Files changed: ${{ steps.changed-files.outputs.changed_files }}
@@ -146,2 +146,3 @@
           GITHUB_TOKEN: ${{ secrets.CREATE_PR_TOKEN }}
+          PR_TITLE: ${{ github.event.pull_request.title }}
 
EOF
@@ -124,3 +124,3 @@
Updates documentation to reflect changes made in:
${{ github.event.pull_request.title }}
$PR_TITLE

@@ -137,3 +137,3 @@
**Original PR Details:**
- Title: ${{ github.event.pull_request.title }}
- Title: $PR_TITLE
- Files changed: ${{ steps.changed-files.outputs.changed_files }}
@@ -146,2 +146,3 @@
GITHUB_TOKEN: ${{ secrets.CREATE_PR_TOKEN }}
PR_TITLE: ${{ github.event.pull_request.title }}

Copilot is powered by AI and may make mistakes. Always verify output.

Related controller PR: cartridge-gg/controller#${{ github.event.pull_request.number }}"

# Push branch
git push origin "$BRANCH_NAME"

# Create PR
gh pr create \
--title "docs: Update documentation for controller PR #${{ github.event.pull_request.number }}" \
--body "This PR updates the documentation to reflect changes made in cartridge-gg/controller#${{ github.event.pull_request.number }}

**Original PR Details:**
- Title: ${{ github.event.pull_request.title }}

Check warning

Code scanning / CodeQL

Code injection Medium

Potential code injection in
${ github.event.pull_request.title }
Loading
, which may be controlled by an external user.

Copilot Autofix

AI 9 months ago

To fix the issue, the untrusted input (github.event.pull_request.title) should be assigned to an intermediate environment variable and referenced using native shell syntax ($VAR) instead of ${{ ... }}. This prevents direct interpolation of user-controlled input into the shell script, mitigating the risk of code injection.

The following changes will:

  1. Define an environment variable for github.event.pull_request.title.
  2. Use the environment variable in the shell script with $TITLE syntax.
Suggested changeset 1
.github/workflows/docs-sync.yml

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/.github/workflows/docs-sync.yml b/.github/workflows/docs-sync.yml
--- a/.github/workflows/docs-sync.yml
+++ b/.github/workflows/docs-sync.yml
@@ -124,3 +124,3 @@
             Updates documentation to reflect changes made in:
-            ${{ github.event.pull_request.title }}
+            $TITLE
             
@@ -137,3 +137,3 @@
             **Original PR Details:**
-            - Title: ${{ github.event.pull_request.title }}
+            - Title: $TITLE
             - Files changed: ${{ steps.changed-files.outputs.changed_files }}
@@ -146,2 +146,3 @@
           GITHUB_TOKEN: ${{ secrets.CREATE_PR_TOKEN }}
+          TITLE: ${{ github.event.pull_request.title }}
 
EOF
@@ -124,3 +124,3 @@
Updates documentation to reflect changes made in:
${{ github.event.pull_request.title }}
$TITLE

@@ -137,3 +137,3 @@
**Original PR Details:**
- Title: ${{ github.event.pull_request.title }}
- Title: $TITLE
- Files changed: ${{ steps.changed-files.outputs.changed_files }}
@@ -146,2 +146,3 @@
GITHUB_TOKEN: ${{ secrets.CREATE_PR_TOKEN }}
TITLE: ${{ github.event.pull_request.title }}

Copilot is powered by AI and may make mistakes. Always verify output.
- Files changed: ${{ steps.changed-files.outputs.changed_files }}

allowed_tools: "Bash(git *),Bash(cd *),Read,Write,Edit,MultiEdit,Glob,Grep"
Please review the documentation changes to ensure they accurately reflect the controller updates."
else
echo "No documentation changes were made by Claude"
fi
env:
GITHUB_TOKEN: ${{ secrets.CREATE_PR_TOKEN }}

- name: Cleanup
if: always()
run: |
# Clean up any temporary files or directories
rm -rf docs-repo || true
rm -rf docs-repo || true
Loading