feat(ci): add automated Epic documentation audit workflow#36294
feat(ci): add automated Epic documentation audit workflow#36294jdcmsd wants to merge 14 commits into
Conversation
🤖 Bedrock Review —
|
|
Claude finished @jdcmsd's task in 1m 42s —— View job Rollback Safety Analysis
Result: ✅ Safe To RollbackThis PR contains three changes, none of which match any rollback-unsafe category:
All categories checked: C-1, C-2, C-3, C-4, H-1, H-2, H-3, H-4, H-5, H-6, H-7, H-8, M-1, M-2, M-3, M-4 — none match. Label applied: |
Replace uv/Python-script-based eval and finalize steps with: - Python3 stdlib context assembly using gh CLI and grep - Shell finalize using gh issue comment, curl for dotCMS API, and git commit/push - prompts/burlap.txt read directly via cat (no YAML parsing) - Fix jq null parent bug in preflight guard Eliminates dependency on dotcms-aios PR merge order.
- Fix -f → -F on gh api PATCH so the file is read, not sent literally - Prepend <!-- autodoc-report --> marker in finalize before posting so idempotent edit lookup works (marker was not in the report itself) - Add --paginate to comment lookup to search beyond the first page - Use jq first // empty instead of | head -1 to avoid SIGPIPE - Fix urlTitle awk to use sub() consistent with title/tags/seoDescription - Remove -k (TLS bypass); add --fail-with-body to dotCMS curl calls - Add comment clarifying AUTODOC_DOTCMS_API_TOKEN_AISEARCH is used by the Claude subprocess via burlap.txt, not directly by a workflow step
- Make git push conditional on commit succeeding (|| true was causing unconditional push even when there was nothing new to commit) - Add git push origin HEAD for explicit branch targeting - Validate urlTitle is a URL slug before interpolating into JSON query (non-slug chars would break the shell-built -d payload) - Validate IDENTIFIER matches UUID format before placing in URL - Add comment on unpinned npm install explaining the tradeoff
|
Claude's roasting this bedrock review:
|
Rewrites the `issue_autodoc.yml` workflow to eliminate the `uv` / Python-script dependency, making it self-contained. **What changed:** - Removed: `Set up uv`, `Install autodoc dependencies`, `uv run python finalize.py` steps - Build eval context: Python3 stdlib + `gh` CLI in a heredoc (no pip, no venv) - Run Claude: unchanged — `claude --print --allowedTools Bash,Write < /tmp/eval_context.md` - Finalize: pure shell + inline Python3 heredocs for JSON payloads; `gh issue comment` for posting; `curl` for dotCMS EDIT/NEW; `git push` for committing - Fixed jq null-parent bug in preflight guard - Reads `prompts/burlap.txt` directly (no YAML parsing) This mirrors the change in `dotCMS/core` PR dotCMS#36294 and resolves the ordering dependency on the dotcms-aios PR.
Report lives as an issue comment — the repo copy is redundant. Removing the push also drops the write-scope requirement on AUTODOC_AIOS_CI.
Embed burlap.txt content directly in the workflow as a heredoc step. Update report path to /tmp — report is ephemeral, lives as issue comment. dotcms-aios checkout now solely serves vault epic context lookup.
- Replace label check for Epic with issue type check (github.event.issue.type.name)
- Update GraphQL parent lookup to use issueType { name } instead of labels
- Add id-token: write permission for Bedrock OIDC
- Replace npm install + claude --print with anthropics/claude-code-action@v1;
model and Bedrock role sourced from vars.BEDROCK_MODEL_ID / vars.BEDROCK_ROLE_ARN
- Split finalize into three discrete steps for easier auditing:
Post report comment / Apply doc update to dotCMS / Apply doc create to dotCMS
…log; not worth its own PR.
…tcms-aios checkout Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
🤖 dotBot Review (Bedrock)Reviewed 3 file(s); 6 candidate(s) → 1 confirmed, 0 uncertain (unverified, kept for review). Confirmed findings
us.deepseek.r1-v1:0 · Run: #28389870970 · tokens: in: 21462 · out: 11651 · total: 33113 · calls: 10 · est. ~$0.092 |
github-actions
Bot
added
Area : Backend
|
PR includes two minuscule doc changes: one fixes a typo in a label, the other fixes an error in the Javadocs. |
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
| name: Determine whether to run | ||
| if: | | ||
| github.event.issue.type.name == 'Epic' || | ||
| contains(github.event.issue.labels.*.name, 'Doc : Needs Doc') || |
There was a problem hiding this comment.
🟠 [High] Incorrect label name in GitHub Actions workflow
The workflow checks for the label 'Doc : Needs Doc' with an extra space after the colon. Repository labels typically use 'Doc: Needs Doc' without the space. This mismatch prevents the automation from triggering correctly, as the label name does not exist with the space. Evidence: The line if: contains(github.event.issue.labels.*.name, 'Doc : Needs Doc') in .github/workflows/issue_autodoc.yml shows the incorrect spacing.
3 participants
This resolves #36293 by adding an automation that hopefully works. Testing on
core-workflow-reposeemed entirely promising, so hopefully the change of environment won't add any complications!All secrets (
AUTODOC_*) have already been provisioned by moi.This PR fixes: #36293