fix: docs-validation broken links + helm-release fork guard#164
Merged
Conversation
- docs/enterprise/setting-up-entra/scim.mdx: remove 9 <Frame><img> references to /media/user-provisioning/entra/*.png screenshots that were never added (sync PR #159), breaking `mintlify broken-links` on every push to main since; add the missing docs.json nav entry for enterprise/setting-up-entra/scim (was reachable only via the Okta/generic-oidc sibling pages, never listed in nav). - .github/workflows/helm-release.yml: add the same `github.repository == 'maximhq/bifrost'` guard already applied to release-pipeline.yml/openapi-bundle.yml/release-bifrost-migration-cli.yml. This workflow was unguarded despite hardcoding pushes to upstream's own ghcr.io/Docker Hub/GitHub Pages targets under maximhq/*; any future sync touching helm-charts/bifrost/** would trigger it on the fork's main and push bogus releases/pages content under the fork's identity.
echo '${{ inputs.dismissals }}' interpolates the raw JSON into a
single-quoted shell string; the required dismissed_reason value
"won't fix" contains an apostrophe that terminates the quote early,
corrupting the whole command (observed failure: run 28735975130,
exit 127). Pass the JSON through an env var instead so the shell
never re-parses embedded quote characters.
2 tasks
shudonglin
added a commit
that referenced
this pull request
Jul 5, 2026
PR #166 added continue-on-error to the Docs Validation broken-links step as a quarantine for the 9 missing scim.mdx image links, merged concurrently with #164 which fixed the actual broken links (removed the dead <Frame><img> references, added the missing docs.json nav entry). With the root cause fixed, the quarantine is dead weight that would silently mask any *new* broken link in docs/** going forward. Verified: `cd docs && npx mintlify broken-links` still passes without continue-on-error. Co-authored-by: Claude <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Two issues found during today's post-sync audit (following PR #163):
docs/**push since sync PR fix: sync upstream security and quality fixes #159 (first observed 2026-06-27, recurring today):docs/enterprise/setting-up-entra/scim.mdxreferences 9/media/user-provisioning/entra/*.pngscreenshots that were never added. Removed the 9 broken<Frame><img>blocks (surrounding instructional text is unaffected — the doc still walks through every step, just without the screenshot). Also added the missingdocs.jsonnav entry forenterprise/setting-up-entra/scim(the page existed but was unreachable from nav — Okta/generic-oidc have bothoidc+scimlisted, Entra only hadoidc).cd docs && npx mintlify broken-links→success no broken links found.helm-release.ymlhad no fork guard, unlikerelease-pipeline.yml/openapi-bundle.yml/release-bifrost-migration-cli.yml. It hardcodes pushes to upstream's ownoci://ghcr.io/maximhq/helm-charts,oci://registry-1.docker.io/maximhq/helm-charts, andmaximhq.github.ioPages. It triggers onpush:[main]wheneverhelm-charts/bifrost/**changes (e.g. a future upstream sync), which would create bogus releases/Pages content and attempt package pushes under the fork's identity. Added the samegithub.repository == 'maximhq/bifrost'guard as the other release workflows and documented it in.github/fork-patches.txt.Test plan
python3 -m json.tool docs/docs.json— valid JSONcd docs && npx mintlify broken-links— passes locallyGenerated by Claude Code