feat: add auto-build-main-module-docs and auto-deploy-docs yml

[wuyiping0628]

English | 简体中文

PR

PR Checklist

Please check if your PR fulfills the following requirements:

• The commit message follows our Commit Message Guidelines
• Tests for the changes have been added (for bug fixes / features)
• Docs have been added / updated (for bug fixes / features)
• Built its own designer, fully self-validated

PR Type

What kind of change does this PR introduce?

• Bugfix
• Feature
• Code style update (formatting, local variables)
• Refactoring (no functional changes, no api changes)
• Build related changes
• CI related changes
• Documentation content changes
• Other... Please describe:

Background and solution

What is the current behavior?

Issue Number: N/A

What is the new behavior?

Does this PR introduce a breaking change?

• Yes
• No

Other information

Summary by CodeRabbit

• Chores

  • Implemented automated documentation build validation during pull requests to ensure documentation quality before merging.
  • Added automated documentation deployment mechanism triggered when changes are merged to the development branch.

• Documentation

  • Minor formatting adjustment to API documentation overview page.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

Two new GitHub Actions workflows are introduced: one automatically builds documentation on PR/push events to develop, and another dispatches a notification event to an external docs repository. Additionally, a minor formatting change updates spacing in a documentation header.

Changes

Cohort / File(s)	Summary
GitHub Actions Workflows .github/workflows/auto-build-main-module-docs.yml, .github/workflows/auto-deploy-docs.yml	Introduces automated build and deployment workflows. Auto-build triggers on develop PRs/pushes affecting docs/, sets up SSH, syncs submodules, installs pnpm 9, builds docs, and reports PR status. Auto-deploy triggers on develop pushes to docs/, dispatching a workflow event to an external docs repository via GitHub API using PAT token authentication.
Documentation docs/api/api-overview.md	Adds spacing to header title from "TinyEngine能力API" to "TinyEngine 能力API" for improved formatting consistency.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

🐰 Two workflows hop into place,
Building docs at a steady pace,
Dispatch events when changes flow,
From develop branch, watch them go!
A title spaced, now bright and neat,
Our burrow's docs are now complete! 📚✨

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately describes the main change: adding two GitHub Actions workflow files (auto-build-main-module-docs.yml and auto-deploy-docs.yml), which matches the changeset.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

✨ Finishing touches

• 📝 Generate docstrings

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 5

🧹 Nitpick comments (1)

.github/workflows/auto-build-main-module-docs.yml (1)

55-61: Consider adding error handling for build commands.

The build step runs multiple commands without explicit error checking. While each command will naturally fail the step if it exits non-zero, adding explicit error handling can provide clearer feedback.

🔎 Proposed enhancement

       - name: Run main repo build
         id: build
         working-directory: ./docs-main
         run: |
+          set -e  # Exit on any error
           pnpm i
           # 如果使用VitePress
           pnpm build
+          echo "✅ Build completed successfully"

📜 Review details

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between edc673d and c28e527.

📒 Files selected for processing (3)

• .github/workflows/auto-build-main-module-docs.yml
• .github/workflows/auto-deploy-docs.yml
• docs/api/api-overview.md

🧰 Additional context used

🧠 Learnings (2)

📚 Learning: 2025-01-14T08:42:18.574Z

Learnt from: gene9831
Repo: opentiny/tiny-engine PR: 1038
File: packages/plugins/block/index.js:24-24
Timestamp: 2025-01-14T08:42:18.574Z
Learning: In the tiny-engine project, breaking changes are documented in the changelog rather than in JSDoc comments or separate migration guides.

Applied to files:

• docs/api/api-overview.md

📚 Learning: 2025-02-06T08:58:58.022Z

Learnt from: gene9831
Repo: opentiny/tiny-engine PR: 1050
File: packages/plugins/tree/src/Main.vue:151-165
Timestamp: 2025-02-06T08:58:58.022Z
Learning: The canvas API functions `getConfigure` and `allowInsert` in the Tiny Engine are internal APIs that don't require explicit error handling in the calling code.

Applied to files:

• docs/api/api-overview.md

🪛 actionlint (1.7.9)

.github/workflows/auto-build-main-module-docs.yml

31-31: "github.head_ref" is potentially untrusted. avoid using it directly in inline scripts. instead, pass it through an environment variable. see https://docs.github.com/en/actions/reference/security/secure-use#good-practices-for-mitigating-script-injection-attacks for more details

(expression)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)

• GitHub Check: push-check
• GitHub Check: verify-main-build
• GitHub Check: push-check

🔇 Additional comments (2)

docs/api/api-overview.md (1)

5-5: LGTM: Formatting improvement.

The added space between "TinyEngine" and "能力API" follows Chinese typography conventions for mixing English and Chinese text.

.github/workflows/auto-deploy-docs.yml (1)

14-18: LGTM: Proper secret handling.

The PAT is correctly passed through an environment variable rather than directly in the command, following GitHub security best practices.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

Fix script injection vulnerability.

Using github.head_ref directly in an inline script creates a script injection risk. An attacker could create a branch with a malicious name containing shell commands.

🔎 Recommended fix

       - name: Checkout main repository
         run: |
           # 克隆主仓库
           git clone https://github.com/opentiny/docs.git docs-main
           cd docs-main
 
           # 更新子模块到PR分支的版本
           git submodule sync --recursive
           git submodule update --init --recursive
 
 
           # 获取PR分支的最新提交
           cd ./tiny-engine
-          BRANCH_NAME="${{ github.head_ref }}"
-          git fetch origin $BRANCH_NAME
-          git checkout $BRANCH_NAME
+          git fetch origin "$BRANCH_NAME"
+          git checkout "$BRANCH_NAME"
 
           # 回到主仓库根目录
           cd ../
+        env:
+          BRANCH_NAME: ${{ github.head_ref }}

Based on the static analysis hint provided.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	BRANCH_NAME="${{ github.head_ref }}"
	git fetch origin $BRANCH_NAME
	git checkout $BRANCH_NAME
	# 获取PR分支的最新提交
	cd ./tiny-engine
	git fetch origin "$BRANCH_NAME"
	git checkout "$BRANCH_NAME"
	# 回到主仓库根目录
	cd ../
	env:
	BRANCH_NAME: ${{ github.head_ref }}

🤖 Prompt for AI Agents

.github/workflows/auto-build-main-module-docs.yml around lines 43-45: using
github.head_ref directly in an inline shell creates a script-injection risk;
replace this pattern by either (A) using the actions/checkout step with ref: ${{
github.head_ref }} instead of doing git checkout in an inline script, or (B) if
you must run shell commands, validate the branch name against a strict whitelist
regex (e.g. allow only alphanumerics, dot, underscore, hyphen, slash), exit if
it fails, always wrap the variable in double quotes, and use git commands with a
-- to prevent it being parsed as an option (e.g. git fetch origin --
"$BRANCH_NAME" && git checkout -- "$BRANCH_NAME").

[hexqi]

需要包含release分支， ==> [develop, release/*]