feat: GitHub Actions auto-commit#1062
Conversation
- Update configuration documentation to reference v1.8.15 - Update resolveNodeBreadthLimit default value from 100 to 10 - Update dependencies to latest versions
- Add permissions for GitHub Actions to commit documentation changes - Add auto-commit step to update OpenFGA configuration docs - Update pr-preview-action to latest version This needs further review as requested by maintainers.
|
Important Review skippedAuto incremental reviews are disabled on this repository. Please check the settings in the CodeRabbit UI or the ⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
WalkthroughThe updates include enhancements to GitHub Actions workflows for deployment and preview, documentation changes for OpenFGA configuration, and dependency upgrades in Changes
Sequence Diagram(s)sequenceDiagram
participant GitHub Actions
participant Build System
participant Docs Repo
GitHub Actions->>Build System: Build website
Build System-->>GitHub Actions: Build artifacts
GitHub Actions->>Docs Repo: Auto-commit updated *.mdx docs
GitHub Actions->>GitHub Pages: Deploy site
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
Actionable comments posted: 3
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
⛔ Files ignored due to path filters (1)
package-lock.jsonis excluded by!**/package-lock.json
📒 Files selected for processing (4)
.github/workflows/deploy.yml(2 hunks).github/workflows/preview.yml(1 hunks)docs/content/getting-started/setup-openfga/configuration.mdx(4 hunks)package.json(2 hunks)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)
- GitHub Check: Socket Security: Pull Request Alerts
- GitHub Check: deploy-preview
- GitHub Check: Test deployment
🔇 Additional comments (4)
.github/workflows/preview.yml (1)
37-40: Action remains pinned – 👍 but consider aliasing for easier upgradesThe workflow keeps the
rossjrw/pr-preview-actionpinned to a full-length SHA (good for supply-chain security).
If you want quicker upgrades without editing every commit hash, you can pin to a semver tag (e.g.v1) and combine it with@refverification (actions/verify-hash) so you still get tamper-proofing while lowering maintenance overhead.
No blocking issues here..github/workflows/deploy.yml (1)
18-22: Explicitpermissionsblock improves least-privilege complianceGranting only
contents,pagesandid-tokenis exactly what this job needs and nothing more. Nice hardening.package.json (2)
28-45: Large dependency bump – verify Node/React/Docusaurus compatibilityUpgrading Docusaurus to
3.8.1, React 18.3 and moving the CI runner to Node 22 is a triple-jump. Node 22 is not an LTS release yet and Docusaurus’ latest docs still recommend Node 18/20.Please double-check:
- Local dev machines on older LTS versions won’t break.
- The generated static site still works in PROD (no React 18.3 breaking changes).
engines.nodeinpackage.json(if present) is updated accordingly.If everything passes locally & in preview, all good ‑ just worth an explicit verification.
56-58: ESLint major upgrade to v9 may require config tweaks
eslint9.x is eslint-config-breaking (theflatconfig becomes default).
Make sure.eslintrc.*has been migrated or the lint job will error out.If you need a minimal patch:
{ - "root": true, - "extends": ["eslint:recommended", "plugin:react/recommended"], + "eslintConfig": { + "root": true, + "extends": ["eslint:recommended", "plugin:react/recommended"] + } }(or switch to the new
eslint.config.jsflat format).
| | `resolveNodeLimit` | <div id="OPENFGA_RESOLVE_NODE_LIMIT"><code>OPENFGA_RESOLVE_NODE_LIMIT</code></div> | `resolve-node-limit` | integer | Maximum resolution depth to attempt before throwing an error (defines how deeply nested an authorization model can be before a query errors out). | `25` | | ||
| | `resolveNodeBreadthLimit` | <div id="OPENFGA_RESOLVE_NODE_BREADTH_LIMIT"><code>OPENFGA_RESOLVE_NODE_BREADTH_LIMIT</code></div> | `resolve-node-breadth-limit` | integer | Defines how many nodes on a given level can be evaluated concurrently in a Check resolution tree. | `100` | | ||
| | `resolveNodeBreadthLimit` | <div id="OPENFGA_RESOLVE_NODE_BREADTH_LIMIT"><code>OPENFGA_RESOLVE_NODE_BREADTH_LIMIT</code></div> | `resolve-node-breadth-limit` | integer | Defines how many nodes on a given level can be evaluated concurrently in a Check resolution tree. | `10` | | ||
| | `listObjectsDeadline` | <div id="OPENFGA_LIST_OBJECTS_DEADLINE"><code>OPENFGA_LIST_OBJECTS_DEADLINE</code></div> | `list-objects-deadline` | string (duration) | The timeout deadline for serving ListObjects requests | `3s` | |
There was a problem hiding this comment.
🛠️ Refactor suggestion
Default for resolveNodeBreadthLimit changed – highlight backwards-compat risk
Dropping the default from 100 → 10 is a behaviour change that may throttle existing workloads.
Consider adding a call-out note in the doc (or release notes) so users aren’t surprised by slower or error-prone deep graph traversals.
🤖 Prompt for AI Agents
In docs/content/getting-started/setup-openfga/configuration.mdx around lines 118
to 120, the default value for resolveNodeBreadthLimit has been changed from 100
to 10, which can cause backward compatibility issues by throttling existing
workloads. Add a clear call-out note or warning near this configuration entry to
inform users about this behavior change and its potential impact on performance
and error rates during deep graph traversals.
rhamzeh
left a comment
There was a problem hiding this comment.
Instead of having the deploy workflow commit directly to the repo, let's add a separate nightly job that checks for changes and commit only if any are made.
Let's keep the deploy as is.
Can you remove the parts that are unrelated from this (dep updates + eslint)?
|
No dependency changes detected. Learn more about Socket for GitHub. 👍 No dependency changes detected in pull request |
|
This PR has had no human activity for 90 days, so it has been marked This is automated backlog grooming, not a judgment on the work. What happens next, unless there is activity:
To keep it open, push a commit or leave a comment, and the clock will reset. For work that should not auto-close, such as an RFC or long-running experiment, ask a maintainer to add |
|
@rhamzeh - any thoughts on this? |
There was a problem hiding this comment.
Pull request overview
Adds GitHub Actions automation intended to periodically regenerate and commit OpenFGA configuration documentation, alongside a small formatting fix in the generated MDX.
Changes:
- Adds a scheduled/manual
update-docsworkflow that builds the site and auto-commits documentation changes. - Fixes a minor MDX formatting/indentation issue in the configuration docs page.
Reviewed changes
Copilot reviewed 1 out of 2 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
| docs/content/getting-started/setup-openfga/configuration.mdx | Minor formatting adjustment to the related links component closing tag. |
| .github/workflows/update-docs.yml | New scheduled workflow to build and auto-commit updated documentation. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| } | ||
| ]} | ||
| /> No newline at end of file | ||
| /> |
There was a problem hiding this comment.
Unintentional & non-related change, it just added an EOL
Related #1054
Summary by CodeRabbit
Documentation
Chores