Skip to content

ci: standardize docs workflow #4

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
stefan-jansen wants to merge 1 commit into from
Closed

ci: standardize docs workflow #4

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 6 additions & 3 deletions .github/workflows/docs.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,13 +16,15 @@ jobs:
build:
name: Build & Deploy Docs
runs-on: ubuntu-latest
env:
DOCS_DEPLOY_KEY: ${{ secrets.DOCS_DEPLOY_KEY }}
steps:
Comment on lines +19 to 21

Copilot AI Apr 29, 2026

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

DOCS_DEPLOY_KEY is being placed into the job-level env, which makes the secret available to every step (including third-party actions) and increases the blast radius if any step logs/exports env vars. Prefer keeping the deploy key scoped to the deploy step only.

Copilot uses AI. Check for mistakes.
- uses: actions/checkout@v6
with:
fetch-depth: 0

- name: Install uv
uses: astral-sh/setup-uv@v8
uses: astral-sh/setup-uv@08807647e7069bb48b6ef5acd8ec9567f424441b # v8.1.0
with:
version: "latest"

Expand All @@ -33,12 +35,13 @@ jobs:
run: uv sync --dev --extra docs

- name: Build docs
run: uv run mkdocs build --strict
run: uv run mkdocs build

Copilot AI Apr 29, 2026

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Removing --strict from the MkDocs build step will allow broken links / config warnings to pass silently and can result in publishing a partially broken site. If the intent is to relax strictness, it would help to document why; otherwise consider keeping strict mode enabled for CI docs builds.

Suggested change
run: uv run mkdocs build
run: uv run mkdocs build --strict

Copilot uses AI. Check for mistakes.

- name: Deploy to website repo
if: ${{ env.DOCS_DEPLOY_KEY != '' }}
uses: cpina/github-action-push-to-another-repository@v1.7.2
env:
SSH_DEPLOY_KEY: ${{ secrets.DOCS_DEPLOY_KEY }}
SSH_DEPLOY_KEY: ${{ env.DOCS_DEPLOY_KEY }}
with:
Comment on lines +41 to 45

Copilot AI Apr 29, 2026

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The deploy gating and key injection can be done directly off the secrets context (in the if: and SSH_DEPLOY_KEY assignment) rather than routing through env.DOCS_DEPLOY_KEY. This avoids depending on a derived env value and keeps the secret out of the general environment.

Copilot uses AI. Check for mistakes.
source-directory: site/
destination-github-username: ml4t
Expand Down
Loading