diff --git a/.github/aw/actions-lock.json b/.github/aw/actions-lock.json index 82e4910..91373f4 100644 --- a/.github/aw/actions-lock.json +++ b/.github/aw/actions-lock.json @@ -10,6 +10,11 @@ "version": "v5.0.5", "sha": "27d5ce7f107fe9357f9df03efb73ab90386fccae" }, + "actions/checkout@v6": { + "repo": "actions/checkout", + "version": "v6", + "sha": "df4cb1c069e1874edd31b4311f1884172cec0e10" + }, "actions/checkout@v6.0.2": { "repo": "actions/checkout", "version": "v6.0.2", diff --git a/.github/workflows/changelog-bundle-pr.yml b/.github/workflows/changelog-bundle-pr.yml index 73a4e39..4d8b51b 100644 --- a/.github/workflows/changelog-bundle-pr.yml +++ b/.github/workflows/changelog-bundle-pr.yml @@ -60,7 +60,7 @@ concurrency: cancel-in-progress: false jobs: - generate: + fetch: runs-on: ubuntu-latest permissions: contents: read @@ -68,8 +68,10 @@ jobs: outputs: output: ${{ steps.bundle.outputs.output }} steps: + # Resolve the plan and download the already generated and scrubbed bundle from the public CDN + # (it must have been uploaded first by the changelog-bundle workflow). No regeneration, no S3 auth. - id: bundle - uses: elastic/docs-actions/changelog/bundle-create@v1 + uses: elastic/docs-actions/changelog/bundle-fetch@v1 with: config: ${{ inputs.config }} profile: ${{ inputs.profile }} @@ -84,7 +86,7 @@ jobs: github-token: ${{ github.token }} create-pr: - needs: generate + needs: fetch runs-on: ubuntu-latest permissions: contents: write @@ -92,6 +94,6 @@ jobs: steps: - uses: elastic/docs-actions/changelog/bundle-pr@v1 with: - output: ${{ needs.generate.outputs.output }} + output: ${{ needs.fetch.outputs.output }} base-branch: ${{ inputs.base-branch }} github-token: ${{ github.token }} diff --git a/.github/workflows/gh-aw-docs-applies-to-sweep.lock.yml b/.github/workflows/gh-aw-docs-applies-to-sweep.lock.yml index 899750b..48d27c9 100644 --- a/.github/workflows/gh-aw-docs-applies-to-sweep.lock.yml +++ b/.github/workflows/gh-aw-docs-applies-to-sweep.lock.yml @@ -1,5 +1,5 @@ # gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"0fed7cba1098883ebd07c37ad7926ab3adc379e9f9577fcbf70a99c024c5a5a5","compiler_version":"v0.75.0","agent_id":"copilot"} -# gh-aw-manifest: {"version":1,"secrets":["COPILOT_GITHUB_TOKEN","GH_AW_GITHUB_MCP_SERVER_TOKEN","GH_AW_GITHUB_TOKEN","GITHUB_TOKEN"],"actions":[{"repo":"actions/checkout","sha":"de0fac2e4500dabe0009e67214ff5f5447ce83dd","version":"v6.0.2"},{"repo":"actions/download-artifact","sha":"3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c","version":"v8.0.1"},{"repo":"actions/github-script","sha":"373c709c69115d41ff229c7e5df9f8788daa9553","version":"v9"},{"repo":"actions/github-script","sha":"3a2844b7e9c422d3c10d287c895573f7108da1b3","version":"v9.0.0"},{"repo":"actions/setup-node","sha":"48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e","version":"v6.4.0"},{"repo":"actions/upload-artifact","sha":"043fb46d1a93c77aae656e7c1c64a875d1fc6a0a","version":"v7.0.1"},{"repo":"github/gh-aw-actions/setup","sha":"f889c9c3c06adeaabccefc06e29c42733ee05dff","version":"v0.75.0"}],"containers":[{"image":"ghcr.io/github/gh-aw-firewall/agent:0.25.51"},{"image":"ghcr.io/github/gh-aw-firewall/api-proxy:0.25.51"},{"image":"ghcr.io/github/gh-aw-firewall/squid:0.25.51"},{"image":"ghcr.io/github/gh-aw-mcpg:v0.3.17"},{"image":"ghcr.io/github/github-mcp-server:v1.0.4"},{"image":"node:lts-alpine","digest":"sha256:d1b3b4da11eefd5941e7f0b9cf17783fc99d9c6fc34884a665f40a06dbdfc94f","pinned_image":"node:lts-alpine@sha256:d1b3b4da11eefd5941e7f0b9cf17783fc99d9c6fc34884a665f40a06dbdfc94f"}]} +# gh-aw-manifest: {"version":1,"secrets":["COPILOT_GITHUB_TOKEN","GH_AW_GITHUB_MCP_SERVER_TOKEN","GH_AW_GITHUB_TOKEN","GITHUB_TOKEN"],"actions":[{"repo":"actions/checkout","sha":"de0fac2e4500dabe0009e67214ff5f5447ce83dd","version":"v6.0.2"},{"repo":"actions/checkout","sha":"df4cb1c069e1874edd31b4311f1884172cec0e10","version":"v6"},{"repo":"actions/download-artifact","sha":"3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c","version":"v8.0.1"},{"repo":"actions/github-script","sha":"373c709c69115d41ff229c7e5df9f8788daa9553","version":"v9"},{"repo":"actions/github-script","sha":"3a2844b7e9c422d3c10d287c895573f7108da1b3","version":"v9.0.0"},{"repo":"actions/setup-node","sha":"48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e","version":"v6.4.0"},{"repo":"actions/upload-artifact","sha":"043fb46d1a93c77aae656e7c1c64a875d1fc6a0a","version":"v7.0.1"},{"repo":"github/gh-aw-actions/setup","sha":"f889c9c3c06adeaabccefc06e29c42733ee05dff","version":"v0.75.0"}],"containers":[{"image":"ghcr.io/github/gh-aw-firewall/agent:0.25.51"},{"image":"ghcr.io/github/gh-aw-firewall/api-proxy:0.25.51"},{"image":"ghcr.io/github/gh-aw-firewall/squid:0.25.51"},{"image":"ghcr.io/github/gh-aw-mcpg:v0.3.17"},{"image":"ghcr.io/github/github-mcp-server:v1.0.4"},{"image":"node:lts-alpine","digest":"sha256:d1b3b4da11eefd5941e7f0b9cf17783fc99d9c6fc34884a665f40a06dbdfc94f","pinned_image":"node:lts-alpine@sha256:d1b3b4da11eefd5941e7f0b9cf17783fc99d9c6fc34884a665f40a06dbdfc94f"}]} # ___ _ _ # / _ \ | | (_) # | |_| | __ _ ___ _ __ | |_ _ ___ @@ -43,7 +43,7 @@ # # Custom actions used: # - actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 -# - actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 (source v6) +# - actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6 # - actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 # - actions/github-script@373c709c69115d41ff229c7e5df9f8788daa9553 # v9 # - actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 @@ -628,7 +628,7 @@ jobs: env: GH_TOKEN: ${{ github.token }} - name: Checkout source docs repo - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 (source v6) + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6 with: fetch-depth: 30 persist-credentials: false diff --git a/.github/workflows/gh-aw-docs-coherence-sweep.lock.yml b/.github/workflows/gh-aw-docs-coherence-sweep.lock.yml index 4c257ec..e3ae6ed 100644 --- a/.github/workflows/gh-aw-docs-coherence-sweep.lock.yml +++ b/.github/workflows/gh-aw-docs-coherence-sweep.lock.yml @@ -1,5 +1,5 @@ # gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"da184731259d4126ad359ba043c1c4730c4ef2437f3364fe0336575e32c82368","compiler_version":"v0.75.0","agent_id":"copilot"} -# gh-aw-manifest: {"version":1,"secrets":["COPILOT_GITHUB_TOKEN","GH_AW_GITHUB_MCP_SERVER_TOKEN","GH_AW_GITHUB_TOKEN","GITHUB_TOKEN"],"actions":[{"repo":"actions/checkout","sha":"de0fac2e4500dabe0009e67214ff5f5447ce83dd","version":"v6.0.2"},{"repo":"actions/download-artifact","sha":"3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c","version":"v8.0.1"},{"repo":"actions/github-script","sha":"373c709c69115d41ff229c7e5df9f8788daa9553","version":"v9"},{"repo":"actions/github-script","sha":"3a2844b7e9c422d3c10d287c895573f7108da1b3","version":"v9.0.0"},{"repo":"actions/setup-node","sha":"48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e","version":"v6.4.0"},{"repo":"actions/upload-artifact","sha":"043fb46d1a93c77aae656e7c1c64a875d1fc6a0a","version":"v7.0.1"},{"repo":"github/gh-aw-actions/setup","sha":"f889c9c3c06adeaabccefc06e29c42733ee05dff","version":"v0.75.0"}],"containers":[{"image":"ghcr.io/github/gh-aw-firewall/agent:0.25.51"},{"image":"ghcr.io/github/gh-aw-firewall/api-proxy:0.25.51"},{"image":"ghcr.io/github/gh-aw-firewall/squid:0.25.51"},{"image":"ghcr.io/github/gh-aw-mcpg:v0.3.17"},{"image":"ghcr.io/github/github-mcp-server:v1.0.4"},{"image":"node:lts-alpine","digest":"sha256:d1b3b4da11eefd5941e7f0b9cf17783fc99d9c6fc34884a665f40a06dbdfc94f","pinned_image":"node:lts-alpine@sha256:d1b3b4da11eefd5941e7f0b9cf17783fc99d9c6fc34884a665f40a06dbdfc94f"}]} +# gh-aw-manifest: {"version":1,"secrets":["COPILOT_GITHUB_TOKEN","GH_AW_GITHUB_MCP_SERVER_TOKEN","GH_AW_GITHUB_TOKEN","GITHUB_TOKEN"],"actions":[{"repo":"actions/checkout","sha":"de0fac2e4500dabe0009e67214ff5f5447ce83dd","version":"v6.0.2"},{"repo":"actions/checkout","sha":"df4cb1c069e1874edd31b4311f1884172cec0e10","version":"v6"},{"repo":"actions/download-artifact","sha":"3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c","version":"v8.0.1"},{"repo":"actions/github-script","sha":"373c709c69115d41ff229c7e5df9f8788daa9553","version":"v9"},{"repo":"actions/github-script","sha":"3a2844b7e9c422d3c10d287c895573f7108da1b3","version":"v9.0.0"},{"repo":"actions/setup-node","sha":"48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e","version":"v6.4.0"},{"repo":"actions/upload-artifact","sha":"043fb46d1a93c77aae656e7c1c64a875d1fc6a0a","version":"v7.0.1"},{"repo":"github/gh-aw-actions/setup","sha":"f889c9c3c06adeaabccefc06e29c42733ee05dff","version":"v0.75.0"}],"containers":[{"image":"ghcr.io/github/gh-aw-firewall/agent:0.25.51"},{"image":"ghcr.io/github/gh-aw-firewall/api-proxy:0.25.51"},{"image":"ghcr.io/github/gh-aw-firewall/squid:0.25.51"},{"image":"ghcr.io/github/gh-aw-mcpg:v0.3.17"},{"image":"ghcr.io/github/github-mcp-server:v1.0.4"},{"image":"node:lts-alpine","digest":"sha256:d1b3b4da11eefd5941e7f0b9cf17783fc99d9c6fc34884a665f40a06dbdfc94f","pinned_image":"node:lts-alpine@sha256:d1b3b4da11eefd5941e7f0b9cf17783fc99d9c6fc34884a665f40a06dbdfc94f"}]} # ___ _ _ # / _ \ | | (_) # | |_| | __ _ ___ _ __ | |_ _ ___ @@ -44,7 +44,7 @@ # # Custom actions used: # - actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 -# - actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 (source v6) +# - actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6 # - actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 # - actions/github-script@373c709c69115d41ff229c7e5df9f8788daa9553 # v9 # - actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 @@ -643,7 +643,7 @@ jobs: env: GH_TOKEN: ${{ github.token }} - name: Checkout source docs repo - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 (source v6) + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6 with: fetch-depth: 30 persist-credentials: false diff --git a/.github/workflows/gh-aw-docs-frontmatter-sweep.lock.yml b/.github/workflows/gh-aw-docs-frontmatter-sweep.lock.yml index 125f908..748c5d1 100644 --- a/.github/workflows/gh-aw-docs-frontmatter-sweep.lock.yml +++ b/.github/workflows/gh-aw-docs-frontmatter-sweep.lock.yml @@ -1,5 +1,5 @@ # gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"0092af990d55dc70c7e1d94ccbd243fefa27c2f8e2be5042f7659897b24b6c31","compiler_version":"v0.75.0","agent_id":"copilot"} -# gh-aw-manifest: {"version":1,"secrets":["COPILOT_GITHUB_TOKEN","GH_AW_GITHUB_MCP_SERVER_TOKEN","GH_AW_GITHUB_TOKEN","GITHUB_TOKEN"],"actions":[{"repo":"actions/checkout","sha":"de0fac2e4500dabe0009e67214ff5f5447ce83dd","version":"v6.0.2"},{"repo":"actions/download-artifact","sha":"3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c","version":"v8.0.1"},{"repo":"actions/github-script","sha":"373c709c69115d41ff229c7e5df9f8788daa9553","version":"v9"},{"repo":"actions/github-script","sha":"3a2844b7e9c422d3c10d287c895573f7108da1b3","version":"v9.0.0"},{"repo":"actions/setup-node","sha":"48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e","version":"v6.4.0"},{"repo":"actions/upload-artifact","sha":"043fb46d1a93c77aae656e7c1c64a875d1fc6a0a","version":"v7.0.1"},{"repo":"github/gh-aw-actions/setup","sha":"f889c9c3c06adeaabccefc06e29c42733ee05dff","version":"v0.75.0"}],"containers":[{"image":"ghcr.io/github/gh-aw-firewall/agent:0.25.51"},{"image":"ghcr.io/github/gh-aw-firewall/api-proxy:0.25.51"},{"image":"ghcr.io/github/gh-aw-firewall/squid:0.25.51"},{"image":"ghcr.io/github/gh-aw-mcpg:v0.3.17"},{"image":"ghcr.io/github/github-mcp-server:v1.0.4"},{"image":"node:lts-alpine","digest":"sha256:d1b3b4da11eefd5941e7f0b9cf17783fc99d9c6fc34884a665f40a06dbdfc94f","pinned_image":"node:lts-alpine@sha256:d1b3b4da11eefd5941e7f0b9cf17783fc99d9c6fc34884a665f40a06dbdfc94f"}]} +# gh-aw-manifest: {"version":1,"secrets":["COPILOT_GITHUB_TOKEN","GH_AW_GITHUB_MCP_SERVER_TOKEN","GH_AW_GITHUB_TOKEN","GITHUB_TOKEN"],"actions":[{"repo":"actions/checkout","sha":"de0fac2e4500dabe0009e67214ff5f5447ce83dd","version":"v6.0.2"},{"repo":"actions/checkout","sha":"df4cb1c069e1874edd31b4311f1884172cec0e10","version":"v6"},{"repo":"actions/download-artifact","sha":"3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c","version":"v8.0.1"},{"repo":"actions/github-script","sha":"373c709c69115d41ff229c7e5df9f8788daa9553","version":"v9"},{"repo":"actions/github-script","sha":"3a2844b7e9c422d3c10d287c895573f7108da1b3","version":"v9.0.0"},{"repo":"actions/setup-node","sha":"48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e","version":"v6.4.0"},{"repo":"actions/upload-artifact","sha":"043fb46d1a93c77aae656e7c1c64a875d1fc6a0a","version":"v7.0.1"},{"repo":"github/gh-aw-actions/setup","sha":"f889c9c3c06adeaabccefc06e29c42733ee05dff","version":"v0.75.0"}],"containers":[{"image":"ghcr.io/github/gh-aw-firewall/agent:0.25.51"},{"image":"ghcr.io/github/gh-aw-firewall/api-proxy:0.25.51"},{"image":"ghcr.io/github/gh-aw-firewall/squid:0.25.51"},{"image":"ghcr.io/github/gh-aw-mcpg:v0.3.17"},{"image":"ghcr.io/github/github-mcp-server:v1.0.4"},{"image":"node:lts-alpine","digest":"sha256:d1b3b4da11eefd5941e7f0b9cf17783fc99d9c6fc34884a665f40a06dbdfc94f","pinned_image":"node:lts-alpine@sha256:d1b3b4da11eefd5941e7f0b9cf17783fc99d9c6fc34884a665f40a06dbdfc94f"}]} # ___ _ _ # / _ \ | | (_) # | |_| | __ _ ___ _ __ | |_ _ ___ @@ -44,7 +44,7 @@ # # Custom actions used: # - actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 -# - actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 (source v6) +# - actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6 # - actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 # - actions/github-script@373c709c69115d41ff229c7e5df9f8788daa9553 # v9 # - actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 @@ -631,7 +631,7 @@ jobs: env: GH_TOKEN: ${{ github.token }} - name: Checkout source docs repo - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 (source v6) + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6 with: fetch-depth: 30 persist-credentials: false diff --git a/.github/workflows/gh-aw-docs-openings-sweep.lock.yml b/.github/workflows/gh-aw-docs-openings-sweep.lock.yml index 2499bb2..cf9a7de 100644 --- a/.github/workflows/gh-aw-docs-openings-sweep.lock.yml +++ b/.github/workflows/gh-aw-docs-openings-sweep.lock.yml @@ -1,5 +1,5 @@ # gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"6f92b7dd643845ebdd84409b45c39f5eba3493453cabd41e9fe06738576586d8","compiler_version":"v0.75.0","agent_id":"copilot"} -# gh-aw-manifest: {"version":1,"secrets":["COPILOT_GITHUB_TOKEN","GH_AW_GITHUB_MCP_SERVER_TOKEN","GH_AW_GITHUB_TOKEN","GITHUB_TOKEN"],"actions":[{"repo":"actions/checkout","sha":"de0fac2e4500dabe0009e67214ff5f5447ce83dd","version":"v6.0.2"},{"repo":"actions/download-artifact","sha":"3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c","version":"v8.0.1"},{"repo":"actions/github-script","sha":"373c709c69115d41ff229c7e5df9f8788daa9553","version":"v9"},{"repo":"actions/github-script","sha":"3a2844b7e9c422d3c10d287c895573f7108da1b3","version":"v9.0.0"},{"repo":"actions/setup-node","sha":"48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e","version":"v6.4.0"},{"repo":"actions/upload-artifact","sha":"043fb46d1a93c77aae656e7c1c64a875d1fc6a0a","version":"v7.0.1"},{"repo":"github/gh-aw-actions/setup","sha":"f889c9c3c06adeaabccefc06e29c42733ee05dff","version":"v0.75.0"}],"containers":[{"image":"ghcr.io/github/gh-aw-firewall/agent:0.25.51"},{"image":"ghcr.io/github/gh-aw-firewall/api-proxy:0.25.51"},{"image":"ghcr.io/github/gh-aw-firewall/squid:0.25.51"},{"image":"ghcr.io/github/gh-aw-mcpg:v0.3.17"},{"image":"ghcr.io/github/github-mcp-server:v1.0.4"},{"image":"node:lts-alpine","digest":"sha256:d1b3b4da11eefd5941e7f0b9cf17783fc99d9c6fc34884a665f40a06dbdfc94f","pinned_image":"node:lts-alpine@sha256:d1b3b4da11eefd5941e7f0b9cf17783fc99d9c6fc34884a665f40a06dbdfc94f"}]} +# gh-aw-manifest: {"version":1,"secrets":["COPILOT_GITHUB_TOKEN","GH_AW_GITHUB_MCP_SERVER_TOKEN","GH_AW_GITHUB_TOKEN","GITHUB_TOKEN"],"actions":[{"repo":"actions/checkout","sha":"de0fac2e4500dabe0009e67214ff5f5447ce83dd","version":"v6.0.2"},{"repo":"actions/checkout","sha":"df4cb1c069e1874edd31b4311f1884172cec0e10","version":"v6"},{"repo":"actions/download-artifact","sha":"3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c","version":"v8.0.1"},{"repo":"actions/github-script","sha":"373c709c69115d41ff229c7e5df9f8788daa9553","version":"v9"},{"repo":"actions/github-script","sha":"3a2844b7e9c422d3c10d287c895573f7108da1b3","version":"v9.0.0"},{"repo":"actions/setup-node","sha":"48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e","version":"v6.4.0"},{"repo":"actions/upload-artifact","sha":"043fb46d1a93c77aae656e7c1c64a875d1fc6a0a","version":"v7.0.1"},{"repo":"github/gh-aw-actions/setup","sha":"f889c9c3c06adeaabccefc06e29c42733ee05dff","version":"v0.75.0"}],"containers":[{"image":"ghcr.io/github/gh-aw-firewall/agent:0.25.51"},{"image":"ghcr.io/github/gh-aw-firewall/api-proxy:0.25.51"},{"image":"ghcr.io/github/gh-aw-firewall/squid:0.25.51"},{"image":"ghcr.io/github/gh-aw-mcpg:v0.3.17"},{"image":"ghcr.io/github/github-mcp-server:v1.0.4"},{"image":"node:lts-alpine","digest":"sha256:d1b3b4da11eefd5941e7f0b9cf17783fc99d9c6fc34884a665f40a06dbdfc94f","pinned_image":"node:lts-alpine@sha256:d1b3b4da11eefd5941e7f0b9cf17783fc99d9c6fc34884a665f40a06dbdfc94f"}]} # ___ _ _ # / _ \ | | (_) # | |_| | __ _ ___ _ __ | |_ _ ___ @@ -43,7 +43,7 @@ # # Custom actions used: # - actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 -# - actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 (source v6) +# - actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6 # - actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 # - actions/github-script@373c709c69115d41ff229c7e5df9f8788daa9553 # v9 # - actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 @@ -639,7 +639,7 @@ jobs: env: GH_TOKEN: ${{ github.token }} - name: Checkout source docs repo - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 (source v6) + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6 with: fetch-depth: 30 persist-credentials: false diff --git a/.github/workflows/gh-aw-docs-staleness-sweep.lock.yml b/.github/workflows/gh-aw-docs-staleness-sweep.lock.yml index 1ad4cc3..0777e4f 100644 --- a/.github/workflows/gh-aw-docs-staleness-sweep.lock.yml +++ b/.github/workflows/gh-aw-docs-staleness-sweep.lock.yml @@ -1,5 +1,5 @@ # gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"83730e892c4686ac69269d501b9fd18336ef3252ddd9da9245805b0dfcf2b865","compiler_version":"v0.75.0","agent_id":"copilot"} -# gh-aw-manifest: {"version":1,"secrets":["COPILOT_GITHUB_TOKEN","GH_AW_GITHUB_MCP_SERVER_TOKEN","GH_AW_GITHUB_TOKEN","GITHUB_TOKEN"],"actions":[{"repo":"actions/checkout","sha":"de0fac2e4500dabe0009e67214ff5f5447ce83dd","version":"v6.0.2"},{"repo":"actions/download-artifact","sha":"3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c","version":"v8.0.1"},{"repo":"actions/github-script","sha":"373c709c69115d41ff229c7e5df9f8788daa9553","version":"v9"},{"repo":"actions/github-script","sha":"3a2844b7e9c422d3c10d287c895573f7108da1b3","version":"v9.0.0"},{"repo":"actions/setup-node","sha":"48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e","version":"v6.4.0"},{"repo":"actions/upload-artifact","sha":"043fb46d1a93c77aae656e7c1c64a875d1fc6a0a","version":"v7.0.1"},{"repo":"github/gh-aw-actions/setup","sha":"f889c9c3c06adeaabccefc06e29c42733ee05dff","version":"v0.75.0"}],"containers":[{"image":"ghcr.io/github/gh-aw-firewall/agent:0.25.51"},{"image":"ghcr.io/github/gh-aw-firewall/api-proxy:0.25.51"},{"image":"ghcr.io/github/gh-aw-firewall/squid:0.25.51"},{"image":"ghcr.io/github/gh-aw-mcpg:v0.3.17"},{"image":"ghcr.io/github/github-mcp-server:v1.0.4"},{"image":"node:lts-alpine","digest":"sha256:d1b3b4da11eefd5941e7f0b9cf17783fc99d9c6fc34884a665f40a06dbdfc94f","pinned_image":"node:lts-alpine@sha256:d1b3b4da11eefd5941e7f0b9cf17783fc99d9c6fc34884a665f40a06dbdfc94f"}]} +# gh-aw-manifest: {"version":1,"secrets":["COPILOT_GITHUB_TOKEN","GH_AW_GITHUB_MCP_SERVER_TOKEN","GH_AW_GITHUB_TOKEN","GITHUB_TOKEN"],"actions":[{"repo":"actions/checkout","sha":"de0fac2e4500dabe0009e67214ff5f5447ce83dd","version":"v6.0.2"},{"repo":"actions/checkout","sha":"df4cb1c069e1874edd31b4311f1884172cec0e10","version":"v6"},{"repo":"actions/download-artifact","sha":"3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c","version":"v8.0.1"},{"repo":"actions/github-script","sha":"373c709c69115d41ff229c7e5df9f8788daa9553","version":"v9"},{"repo":"actions/github-script","sha":"3a2844b7e9c422d3c10d287c895573f7108da1b3","version":"v9.0.0"},{"repo":"actions/setup-node","sha":"48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e","version":"v6.4.0"},{"repo":"actions/upload-artifact","sha":"043fb46d1a93c77aae656e7c1c64a875d1fc6a0a","version":"v7.0.1"},{"repo":"github/gh-aw-actions/setup","sha":"f889c9c3c06adeaabccefc06e29c42733ee05dff","version":"v0.75.0"}],"containers":[{"image":"ghcr.io/github/gh-aw-firewall/agent:0.25.51"},{"image":"ghcr.io/github/gh-aw-firewall/api-proxy:0.25.51"},{"image":"ghcr.io/github/gh-aw-firewall/squid:0.25.51"},{"image":"ghcr.io/github/gh-aw-mcpg:v0.3.17"},{"image":"ghcr.io/github/github-mcp-server:v1.0.4"},{"image":"node:lts-alpine","digest":"sha256:d1b3b4da11eefd5941e7f0b9cf17783fc99d9c6fc34884a665f40a06dbdfc94f","pinned_image":"node:lts-alpine@sha256:d1b3b4da11eefd5941e7f0b9cf17783fc99d9c6fc34884a665f40a06dbdfc94f"}]} # ___ _ _ # / _ \ | | (_) # | |_| | __ _ ___ _ __ | |_ _ ___ @@ -44,7 +44,7 @@ # # Custom actions used: # - actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 -# - actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 (source v6) +# - actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6 # - actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 # - actions/github-script@373c709c69115d41ff229c7e5df9f8788daa9553 # v9 # - actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 @@ -650,7 +650,7 @@ jobs: env: GH_TOKEN: ${{ github.token }} - name: Checkout source docs repo - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 (source v6) + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6 with: fetch-depth: 0 persist-credentials: false diff --git a/.github/workflows/gh-aw-docs-style-sweep.lock.yml b/.github/workflows/gh-aw-docs-style-sweep.lock.yml index ce2c2bc..a1c3ef6 100644 --- a/.github/workflows/gh-aw-docs-style-sweep.lock.yml +++ b/.github/workflows/gh-aw-docs-style-sweep.lock.yml @@ -1,5 +1,5 @@ # gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"3a87b6e135615b0fde1701690ded47f089dd65413730cf7dc8118c04758314d0","compiler_version":"v0.75.0","agent_id":"copilot"} -# gh-aw-manifest: {"version":1,"secrets":["COPILOT_GITHUB_TOKEN","GH_AW_GITHUB_MCP_SERVER_TOKEN","GH_AW_GITHUB_TOKEN","GITHUB_TOKEN"],"actions":[{"repo":"actions/checkout","sha":"de0fac2e4500dabe0009e67214ff5f5447ce83dd","version":"v6.0.2"},{"repo":"actions/download-artifact","sha":"3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c","version":"v8.0.1"},{"repo":"actions/github-script","sha":"373c709c69115d41ff229c7e5df9f8788daa9553","version":"v9"},{"repo":"actions/github-script","sha":"3a2844b7e9c422d3c10d287c895573f7108da1b3","version":"v9.0.0"},{"repo":"actions/setup-node","sha":"48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e","version":"v6.4.0"},{"repo":"actions/upload-artifact","sha":"043fb46d1a93c77aae656e7c1c64a875d1fc6a0a","version":"v7.0.1"},{"repo":"github/gh-aw-actions/setup","sha":"f889c9c3c06adeaabccefc06e29c42733ee05dff","version":"v0.75.0"}],"containers":[{"image":"ghcr.io/github/gh-aw-firewall/agent:0.25.51"},{"image":"ghcr.io/github/gh-aw-firewall/api-proxy:0.25.51"},{"image":"ghcr.io/github/gh-aw-firewall/squid:0.25.51"},{"image":"ghcr.io/github/gh-aw-mcpg:v0.3.17"},{"image":"ghcr.io/github/github-mcp-server:v1.0.4"},{"image":"node:lts-alpine","digest":"sha256:d1b3b4da11eefd5941e7f0b9cf17783fc99d9c6fc34884a665f40a06dbdfc94f","pinned_image":"node:lts-alpine@sha256:d1b3b4da11eefd5941e7f0b9cf17783fc99d9c6fc34884a665f40a06dbdfc94f"}]} +# gh-aw-manifest: {"version":1,"secrets":["COPILOT_GITHUB_TOKEN","GH_AW_GITHUB_MCP_SERVER_TOKEN","GH_AW_GITHUB_TOKEN","GITHUB_TOKEN"],"actions":[{"repo":"actions/checkout","sha":"de0fac2e4500dabe0009e67214ff5f5447ce83dd","version":"v6.0.2"},{"repo":"actions/checkout","sha":"df4cb1c069e1874edd31b4311f1884172cec0e10","version":"v6"},{"repo":"actions/download-artifact","sha":"3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c","version":"v8.0.1"},{"repo":"actions/github-script","sha":"373c709c69115d41ff229c7e5df9f8788daa9553","version":"v9"},{"repo":"actions/github-script","sha":"3a2844b7e9c422d3c10d287c895573f7108da1b3","version":"v9.0.0"},{"repo":"actions/setup-node","sha":"48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e","version":"v6.4.0"},{"repo":"actions/upload-artifact","sha":"043fb46d1a93c77aae656e7c1c64a875d1fc6a0a","version":"v7.0.1"},{"repo":"github/gh-aw-actions/setup","sha":"f889c9c3c06adeaabccefc06e29c42733ee05dff","version":"v0.75.0"}],"containers":[{"image":"ghcr.io/github/gh-aw-firewall/agent:0.25.51"},{"image":"ghcr.io/github/gh-aw-firewall/api-proxy:0.25.51"},{"image":"ghcr.io/github/gh-aw-firewall/squid:0.25.51"},{"image":"ghcr.io/github/gh-aw-mcpg:v0.3.17"},{"image":"ghcr.io/github/github-mcp-server:v1.0.4"},{"image":"node:lts-alpine","digest":"sha256:d1b3b4da11eefd5941e7f0b9cf17783fc99d9c6fc34884a665f40a06dbdfc94f","pinned_image":"node:lts-alpine@sha256:d1b3b4da11eefd5941e7f0b9cf17783fc99d9c6fc34884a665f40a06dbdfc94f"}]} # ___ _ _ # / _ \ | | (_) # | |_| | __ _ ___ _ __ | |_ _ ___ @@ -43,7 +43,7 @@ # # Custom actions used: # - actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 -# - actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 (source v6) +# - actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6 # - actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 # - actions/github-script@373c709c69115d41ff229c7e5df9f8788daa9553 # v9 # - actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 @@ -631,7 +631,7 @@ jobs: env: GH_TOKEN: ${{ github.token }} - name: Checkout source docs repo - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 (source v6) + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6 with: fetch-depth: 30 persist-credentials: false diff --git a/.github/workflows/gh-aw-docs-typos-sweep.lock.yml b/.github/workflows/gh-aw-docs-typos-sweep.lock.yml index c79391c..5d23879 100644 --- a/.github/workflows/gh-aw-docs-typos-sweep.lock.yml +++ b/.github/workflows/gh-aw-docs-typos-sweep.lock.yml @@ -1,5 +1,5 @@ # gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"3be42550899dd610111872c641e30947ba676b126cb692bf2bdb7d8e0ce5cf12","compiler_version":"v0.75.0","agent_id":"copilot"} -# gh-aw-manifest: {"version":1,"secrets":["COPILOT_GITHUB_TOKEN","GH_AW_GITHUB_MCP_SERVER_TOKEN","GH_AW_GITHUB_TOKEN","GITHUB_TOKEN"],"actions":[{"repo":"actions/checkout","sha":"de0fac2e4500dabe0009e67214ff5f5447ce83dd","version":"v6.0.2"},{"repo":"actions/download-artifact","sha":"3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c","version":"v8.0.1"},{"repo":"actions/github-script","sha":"373c709c69115d41ff229c7e5df9f8788daa9553","version":"v9"},{"repo":"actions/github-script","sha":"3a2844b7e9c422d3c10d287c895573f7108da1b3","version":"v9.0.0"},{"repo":"actions/setup-node","sha":"48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e","version":"v6.4.0"},{"repo":"actions/setup-python","sha":"a309ff8b426b58ec0e2a45f0f869d46889d02405","version":"v6.2.0"},{"repo":"actions/upload-artifact","sha":"043fb46d1a93c77aae656e7c1c64a875d1fc6a0a","version":"v7.0.1"},{"repo":"github/gh-aw-actions/setup","sha":"f889c9c3c06adeaabccefc06e29c42733ee05dff","version":"v0.75.0"}],"containers":[{"image":"ghcr.io/github/gh-aw-firewall/agent:0.25.51"},{"image":"ghcr.io/github/gh-aw-firewall/api-proxy:0.25.51"},{"image":"ghcr.io/github/gh-aw-firewall/squid:0.25.51"},{"image":"ghcr.io/github/gh-aw-mcpg:v0.3.17"},{"image":"ghcr.io/github/github-mcp-server:v1.0.4"},{"image":"node:lts-alpine","digest":"sha256:d1b3b4da11eefd5941e7f0b9cf17783fc99d9c6fc34884a665f40a06dbdfc94f","pinned_image":"node:lts-alpine@sha256:d1b3b4da11eefd5941e7f0b9cf17783fc99d9c6fc34884a665f40a06dbdfc94f"}]} +# gh-aw-manifest: {"version":1,"secrets":["COPILOT_GITHUB_TOKEN","GH_AW_GITHUB_MCP_SERVER_TOKEN","GH_AW_GITHUB_TOKEN","GITHUB_TOKEN"],"actions":[{"repo":"actions/checkout","sha":"de0fac2e4500dabe0009e67214ff5f5447ce83dd","version":"v6.0.2"},{"repo":"actions/checkout","sha":"df4cb1c069e1874edd31b4311f1884172cec0e10","version":"v6"},{"repo":"actions/download-artifact","sha":"3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c","version":"v8.0.1"},{"repo":"actions/github-script","sha":"373c709c69115d41ff229c7e5df9f8788daa9553","version":"v9"},{"repo":"actions/github-script","sha":"3a2844b7e9c422d3c10d287c895573f7108da1b3","version":"v9.0.0"},{"repo":"actions/setup-node","sha":"48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e","version":"v6.4.0"},{"repo":"actions/setup-python","sha":"a309ff8b426b58ec0e2a45f0f869d46889d02405","version":"v6.2.0"},{"repo":"actions/upload-artifact","sha":"043fb46d1a93c77aae656e7c1c64a875d1fc6a0a","version":"v7.0.1"},{"repo":"github/gh-aw-actions/setup","sha":"f889c9c3c06adeaabccefc06e29c42733ee05dff","version":"v0.75.0"}],"containers":[{"image":"ghcr.io/github/gh-aw-firewall/agent:0.25.51"},{"image":"ghcr.io/github/gh-aw-firewall/api-proxy:0.25.51"},{"image":"ghcr.io/github/gh-aw-firewall/squid:0.25.51"},{"image":"ghcr.io/github/gh-aw-mcpg:v0.3.17"},{"image":"ghcr.io/github/github-mcp-server:v1.0.4"},{"image":"node:lts-alpine","digest":"sha256:d1b3b4da11eefd5941e7f0b9cf17783fc99d9c6fc34884a665f40a06dbdfc94f","pinned_image":"node:lts-alpine@sha256:d1b3b4da11eefd5941e7f0b9cf17783fc99d9c6fc34884a665f40a06dbdfc94f"}]} # ___ _ _ # / _ \ | | (_) # | |_| | __ _ ___ _ __ | |_ _ ___ @@ -42,7 +42,7 @@ # # Custom actions used: # - actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 -# - actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 (source v6) +# - actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6 # - actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 # - actions/github-script@373c709c69115d41ff229c7e5df9f8788daa9553 # v9 # - actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 @@ -593,7 +593,7 @@ jobs: env: GH_TOKEN: ${{ github.token }} - name: Checkout source docs repo - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 (source v6) + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6 with: fetch-depth: 1 persist-credentials: false diff --git a/changelog/README.md b/changelog/README.md index 182e671..c88d08f 100644 --- a/changelog/README.md +++ b/changelog/README.md @@ -262,14 +262,48 @@ The entry is always regenerated from the *current* PR state at merge time, so an ## Bundling changelogs -Individual changelog files accumulate on the default branch as PRs merge. The bundle action generates a fully-resolved YAML file containing only the changelog entries that match a given filter, then uploads it to the `elastic-docs-v3-changelog-bundles` S3 bucket. +As PRs merge, individual changelog entries pile up on your default branch (and, once uploaded, in S3). A **bundle** is a single, fully-resolved YAML file that collects the entries matching a filter — a release version, a promotion report, or an explicit list of PRs — with each entry's full content inlined. Downstream tooling renders a release changelog from the bundle alone, without needing the original entry files. -Two reusable workflows are available: +Setting up bundling comes down to two choices: **how the bundle is delivered** and **how its entries are selected**. Pick one row from each table below, then follow the matching recipe. -- **`changelog-bundle.yml`** (primary) — generates a bundle and uploads it to S3. Used for release-triggered workflows. -- **`changelog-bundle-pr.yml`** (opt-in) — generates a bundle and opens a pull request. Used for teams that need a committed bundle before a tag exists. +### 1. Choose how the bundle is delivered -The bundle always includes the full content of each matching entry, so downstream consumers can render changelogs without access to the original files. +| Your goal | Workflow | What you get | +| --- | --- | --- | +| Make the bundle available to docs rendering | [`changelog-bundle.yml`](#setup-1) | Uploads the bundle to S3 (`{product}/bundle/{file}`) | +| Commit the bundle into your repository | [`changelog-bundle-pr.yml`](#bundle-pr-workflow-opt-in) | Opens a PR with the scrubbed bundle fetched from the CDN | +| Both | run `changelog-bundle.yml`, then `changelog-bundle-pr.yml` | Upload first, then open the PR | + +The PR workflow is **fetch-only**: it downloads the already-uploaded, scrubbed bundle instead of regenerating it, so the committed file is exactly what was published (private references removed). It therefore requires `changelog-bundle.yml` to have uploaded the bundle first. + +### 2. Choose how entries are selected + +Pick exactly one — `profile`, `release-version`, `report`, and `prs` are mutually exclusive. + +| Situation | Mode | Key inputs | +| --- | --- | --- | +| You accumulate entry files and tag releases (most teams) | **Profile** _(recommended)_ | `profile` + `version` | +| You build changelogs from a GitHub release's notes rather than entry files | **gh-release** | `mode: gh-release` + `repo` + `version` | +| You want everything in a given release tag | **Option** | `release-version` (+ `output`) | +| You want everything in a Buildkite promotion report | **Option** | `report` (+ `output`) | +| You want a specific set of PRs | **Option** | `prs` (+ `output`) | + +Each mode has a complete, copy-pasteable workflow file under [Setup](#setup-1). + +### Where bundle entries come from + +By default, the bundle command sources the individual changelog entries from the **public CDN**, scoped to the bundle's product(s), rather than from the local `bundle.directory`. This means a bundle reflects the same sanitized entries that have been published to S3, and a repository can produce a bundle without keeping every entry file checked out locally. + +CDN sourcing requires a resolvable product (from a profile's `products`/`output_products`, or `--input-products`) so the per-product registry (`{product}/changelog/registry.json`) can be located. When no product can be resolved (e.g. an option-mode PR/issue-only filter), the command automatically falls back to local sourcing. + +To always source entries from the local `bundle.directory` instead, set `use_local_changelogs: true` in the `bundle` section of your `docs/changelog.yml`. Passing an explicit `--directory`/`output` also forces local sourcing. + +```yaml +bundle: + directory: docs/changelog + output_directory: docs/releases + use_local_changelogs: true # opt out of CDN sourcing; use local entry files +``` ### Prerequisites @@ -287,6 +321,8 @@ Your repository must also be listed in the `elastic-docs-v3-changelog-bundles` i ### Setup +Each recipe below is a complete `changelog-bundle.yml` caller for one selection mode (S3-upload delivery). To also commit the bundle to your repo, add the [Bundle PR workflow](#bundle-pr-workflow-opt-in) afterwards. + #### Profile-based bundling with S3 upload (`on: release`) The recommended setup for stack and product releases. The caller triggers on `release`, passes a profile and version, and the bundle is uploaded to S3 automatically. @@ -435,7 +471,9 @@ The primary workflow (`changelog-bundle.yml`) uploads the bundle to the `elastic ### Bundle PR workflow (opt-in) -For teams that need a committed bundle file before a tag exists (e.g. feature-freeze branches), use the PR workflow instead. This generates the bundle and opens a pull request. +For teams that need the bundle committed into the repository, use the PR workflow. Unlike the primary workflow, it does **not** generate the bundle: it downloads the already-uploaded, scrubbed copy from the public CDN and opens a pull request with it. This guarantees the committed file matches what was published to S3 (private references removed), rather than a freshly-regenerated local copy. + +Because it is fetch-only, `changelog-bundle.yml` must have run and uploaded the bundle first. The fetch step polls the CDN with exponential backoff (up to ~10 minutes) to absorb scrubbing and CloudFront propagation latency, failing the job if the bundle never appears. **`.github/workflows/changelog-bundle-pr.yml`** @@ -452,17 +490,19 @@ on: permissions: {} jobs: - bundle: + bundle-pr: permissions: contents: write # commit the bundle file and push the branch pull-requests: write # open or update the bundle PR - packages: read # pull the docs-builder image from GHCR + packages: read # pull the docs-builder image from GHCR (plan step) uses: elastic/docs-actions/.github/workflows/changelog-bundle-pr.yml@v1 with: profile: my-release version: ${{ inputs.version }} ``` -The PR workflow opens a pull request on a branch named `changelog-bundle/` (e.g. `changelog-bundle/v9.2.0`). If a PR already exists for that branch, the bundle is updated in place. If the generated bundle is identical to what's already in the repository, no commit or PR is created. +The PR workflow opens a pull request on a branch named `changelog-bundle/` (e.g. `changelog-bundle/v9.2.0`). If a PR already exists for that branch, the bundle is updated in place. If the fetched bundle is identical to what's already in the repository, no commit or PR is created. + +> **Note:** Locating the bundle on the CDN requires a resolvable product, so the PR workflow only supports profile (or product-scoped option) mode — the same constraint as CDN entry sourcing above. PR/issue-only filters that resolve no product cannot be fetched from the CDN. -> **Note:** The PR workflow does not upload to S3. If you need both S3 upload and a PR, run both workflows or use the composite actions (`bundle-create`, `bundle-upload`, `bundle-pr`) directly. +> **Note:** The PR workflow does not upload to S3; it consumes what `changelog-bundle.yml` already uploaded. If you need both S3 upload and a PR, run the primary workflow first, then this one. To compose the steps yourself, use the composite actions (`bundle-fetch` then `bundle-pr`) directly. diff --git a/changelog/bundle-create/README.md b/changelog/bundle-create/README.md index 0fe5613..fd673b1 100644 --- a/changelog/bundle-create/README.md +++ b/changelog/bundle-create/README.md @@ -4,9 +4,15 @@ Checks out the repository, runs docs-builder in Docker to generate a fully-resol ## Modes -- **`bundle`** (default) — runs `docs-builder changelog bundle` with profile or option-based filtering. Requires changelogs to already exist in the repository. +- **`bundle`** (default) — runs `docs-builder changelog bundle` with profile or option-based filtering. - **`gh-release`** — runs `docs-builder changelog gh-release` to create changelogs directly from a GitHub release's notes. Requires `repo` and optionally `version` (defaults to `latest`). +## Entry sourcing + +In `bundle` mode, the individual changelog entries are sourced from the **public CDN** by default (scoped to the bundle's product), so the local entry files don't need to be checked out. The Docker run enables network access only when the `--plan` step reports `needs_network: true`; otherwise it runs with `--network none`. + +CDN sourcing requires a resolvable product. When none can be resolved (e.g. an option-mode PR/issue-only filter) the command falls back to the local `bundle.directory`, which must then contain the entries. To force local sourcing, set `use_local_changelogs: true` in `changelog.yml` or pass an explicit `output` path. + ## Inputs | Name | Description | Required | Default | diff --git a/changelog/bundle-fetch/README.md b/changelog/bundle-fetch/README.md new file mode 100644 index 0000000..e2d9330 --- /dev/null +++ b/changelog/bundle-fetch/README.md @@ -0,0 +1,51 @@ + +# Changelog bundle fetch + +Resolves the bundle plan with docs-builder, then downloads the already generated and scrubbed bundle from the public CDN (rather than regenerating it locally) and uploads it as an artifact for the bundle-pr action. Polls the CDN with exponential backoff to absorb scrubbing/CloudFront propagation latency. The bundle must already have been uploaded by the changelog-bundle workflow; this action never contacts the private S3 bucket. + + +This action is the read-only first half of the `changelog-bundle-pr` workflow: it fetches the +sanitized bundle that the `changelog-bundle` workflow previously uploaded to S3 (and the scrubber +Lambda mirrored to the public CDN), so the resulting PR carries the scrubbed copy rather than a raw, +locally-generated one. Pair it with [`bundle-pr`](../bundle-pr) which opens the pull request. + +Fetching from the CDN requires a resolvable product to scope the URL (`{base}/{product}/bundle/{file}`), +so use a profile with `products`/`output_products`. PR/issue-only option-mode bundles cannot be located +on the CDN — use the [`changelog-bundle`](../README.md) workflow for those. + +## Inputs + +| Name | Description | Required | Default | +|------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------|-----------------------| +| `config` | Path to changelog.yml configuration file | `false` | `docs/changelog.yml` | +| `profile` | Bundle profile name from bundle.profiles in changelog.yml. Mutually exclusive with release-version and prs.
| `false` | ` ` | +| `version` | Version string for profile mode (e.g. 9.2.0, 2026-03). Used for {version} substitution in profile patterns.
| `false` | ` ` | +| `release-version` | GitHub release tag used as the PR filter source (e.g. v9.2.0). Mutually exclusive with profile, report, and prs.
| `false` | ` ` | +| `report` | Buildkite promotion report URL or local file path used as the PR filter source. Local paths must be relative to the repo root.
| `false` | ` ` | +| `prs` | Comma-separated PR URLs or numbers, or a path to a newline-delimited file. Mutually exclusive with profile, release-version, and report.
| `false` | ` ` | +| `output` | Output file path for the bundle, relative to the repo root. Optional; when omitted the path is resolved from the config (bundle.output_directory) by the plan.
| `false` | ` ` | +| `repo` | GitHub repository name. Falls back to bundle.repo in changelog.yml. | `false` | ` ` | +| `owner` | GitHub repository owner. Falls back to bundle.owner in changelog.yml, then elastic. | `false` | ` ` | +| `docs-builder-version` | docs-builder version to use (e.g. 0.1.100, latest, edge). Non-edge versions are attestation-verified by the setup action.
| `false` | `edge` | +| `artifact-name` | Name for the uploaded artifact (must match bundle-pr artifact-name) | `false` | `changelog-bundle` | +| `cdn-base-url` | Override the public changelog CDN base URL (for staging/testing). When set, it is passed to docs-builder via DOCS_BUILDER_CHANGELOG_CDN so the resolved cdn_url and the poll target stay in sync. Must be an absolute HTTPS URL.
| `false` | ` ` | +| `github-token` | GitHub token (used by docs-builder setup). | `false` | `${{ github.token }}` | + + +## Outputs + +| Name | Description | +|----------|----------------------------------------------------------| +| `output` | Resolved output file path for the bundle (repo-relative) | + + +## Usage + +```yaml +steps: + - uses: elastic/docs-actions/changelog/bundle-fetch@v1 + with: + profile: elasticsearch-release + version: 9.2.0 +``` + diff --git a/changelog/bundle-fetch/action.yml b/changelog/bundle-fetch/action.yml new file mode 100644 index 0000000..006c189 --- /dev/null +++ b/changelog/bundle-fetch/action.yml @@ -0,0 +1,254 @@ +name: Changelog bundle fetch +description: > + Resolves the bundle plan with docs-builder, then downloads the already + generated and scrubbed bundle from the public CDN (rather than regenerating + it locally) and uploads it as an artifact for the bundle-pr action. Polls the + CDN with exponential backoff to absorb scrubbing/CloudFront propagation + latency. The bundle must already have been uploaded by the changelog-bundle + workflow; this action never contacts the private S3 bucket. + +inputs: + config: + description: 'Path to changelog.yml configuration file' + default: 'docs/changelog.yml' + profile: + description: > + Bundle profile name from bundle.profiles in changelog.yml. + Mutually exclusive with release-version and prs. + version: + description: > + Version string for profile mode (e.g. 9.2.0, 2026-03). + Used for {version} substitution in profile patterns. + release-version: + description: > + GitHub release tag used as the PR filter source (e.g. v9.2.0). + Mutually exclusive with profile, report, and prs. + report: + description: > + Buildkite promotion report URL or local file path used as the + PR filter source. Local paths must be relative to the repo root. + prs: + description: > + Comma-separated PR URLs or numbers, or a path to a newline-delimited file. + Mutually exclusive with profile, release-version, and report. + output: + description: > + Output file path for the bundle, relative to the repo root. Optional; + when omitted the path is resolved from the config (bundle.output_directory) + by the plan. + repo: + description: 'GitHub repository name. Falls back to bundle.repo in changelog.yml.' + owner: + description: 'GitHub repository owner. Falls back to bundle.owner in changelog.yml, then elastic.' + docs-builder-version: + description: > + docs-builder version to use (e.g. 0.1.100, latest, edge). + Non-edge versions are attestation-verified by the setup action. + default: 'edge' + artifact-name: + description: 'Name for the uploaded artifact (must match bundle-pr artifact-name)' + default: 'changelog-bundle' + cdn-base-url: + description: > + Override the public changelog CDN base URL (for staging/testing). When set, + it is passed to docs-builder via DOCS_BUILDER_CHANGELOG_CDN so the resolved + cdn_url and the poll target stay in sync. Must be an absolute HTTPS URL. + default: '' + github-token: + description: 'GitHub token (used by docs-builder setup).' + default: '${{ github.token }}' + +outputs: + output: + description: 'Resolved output file path for the bundle (repo-relative)' + value: ${{ steps.plan.outputs.output_path }} + +runs: + using: composite + steps: + - name: Validate inputs + shell: bash + env: + CONFIG: ${{ inputs.config }} + PROFILE: ${{ inputs.profile }} + VERSION: ${{ inputs.version }} + RELEASE_VERSION: ${{ inputs.release-version }} + OUTPUT: ${{ inputs.output }} + REPORT: ${{ inputs.report }} + PRS: ${{ inputs.prs }} + REPO: ${{ inputs.repo }} + OWNER: ${{ inputs.owner }} + ARTIFACT_NAME: ${{ inputs.artifact-name }} + CDN_BASE_URL: ${{ inputs.cdn-base-url }} + run: | + validate_path() { + local value="$1" name="$2" + [ -z "$value" ] && return + if [[ "$value" == /* ]]; then + echo "::error::${name} must be a relative path: ${value}"; exit 1 + fi + if [[ "$value" == *..* ]]; then + echo "::error::${name} must not contain '..': ${value}"; exit 1 + fi + if [[ "$value" == *$'\n'* || "$value" == *$'\r'* ]]; then + echo "::error::${name} must not contain newlines"; exit 1 + fi + } + + validate_identifier() { + local value="$1" name="$2" pattern="$3" + [ -z "$value" ] && return + if [[ ! "$value" =~ $pattern ]]; then + echo "::error::${name} contains disallowed characters: ${value}"; exit 1 + fi + } + + validate_path "$CONFIG" "config" + validate_path "$OUTPUT" "output" + + if [ -n "$REPORT" ] && [[ "$REPORT" != https://* ]] && [[ "$REPORT" != http://* ]]; then + validate_path "$REPORT" "report" + fi + if [ -n "$PRS" ] && { [[ "$PRS" == */* ]] || [[ "$PRS" == *.txt ]]; }; then + validate_path "$PRS" "prs" + fi + + validate_identifier "$PROFILE" "profile" '^[a-zA-Z0-9._-]+$' + validate_identifier "$VERSION" "version" '^[a-zA-Z0-9._+-]+$' + validate_identifier "$RELEASE_VERSION" "release-version" '^[a-zA-Z0-9._+-]+$' + validate_identifier "$REPO" "repo" '^[a-zA-Z0-9._-]+$' + validate_identifier "$OWNER" "owner" '^[a-zA-Z0-9._-]+$' + validate_identifier "$ARTIFACT_NAME" "artifact-name" '^[a-zA-Z0-9._-]+$' + + if [ -n "$REPORT" ] && [[ "$REPORT" == http://* ]]; then + echo "::error::Report URL must use HTTPS: ${REPORT}"; exit 1 + fi + if [ -n "$CDN_BASE_URL" ] && [[ "$CDN_BASE_URL" != https://* ]]; then + echo "::error::cdn-base-url must be an absolute HTTPS URL: ${CDN_BASE_URL}"; exit 1 + fi + + - name: Checkout + uses: actions/checkout@v6 + with: + persist-credentials: false + + - name: Setup docs-builder + uses: elastic/docs-actions/docs-builder/setup@v1 + with: + version: ${{ inputs.docs-builder-version }} + github-token: ${{ inputs.github-token }} + + - name: Resolve bundle plan + id: plan + shell: bash + env: + CONFIG: ${{ inputs.config }} + PROFILE: ${{ inputs.profile }} + VERSION: ${{ inputs.version }} + RELEASE_VERSION: ${{ inputs.release-version }} + REPORT: ${{ inputs.report }} + PRS: ${{ inputs.prs }} + OUTPUT: ${{ inputs.output }} + REPO: ${{ inputs.repo }} + OWNER: ${{ inputs.owner }} + DOCS_BUILDER_CHANGELOG_CDN: ${{ inputs.cdn-base-url }} + run: | + ARGS=() + ARGS+=(changelog bundle --plan) + if [ -n "$PROFILE" ]; then + ARGS+=("$PROFILE") + [ -n "$VERSION" ] && ARGS+=("$VERSION") + [ -n "$REPORT" ] && ARGS+=("$REPORT") + else + ARGS+=(--config "$CONFIG" --resolve) + [ -n "$RELEASE_VERSION" ] && ARGS+=(--release-version "$RELEASE_VERSION") + [ -n "$REPORT" ] && ARGS+=(--report "$REPORT") + [ -n "$PRS" ] && ARGS+=(--prs "$PRS") + [ -n "$OUTPUT" ] && ARGS+=(--output "$OUTPUT") + [ -n "$REPO" ] && ARGS+=(--repo "$REPO") + [ -n "$OWNER" ] && ARGS+=(--owner "$OWNER") + fi + + docs-builder "${ARGS[@]}" + + - name: Verify plan output + shell: bash + env: + OUTPUT_PATH: ${{ steps.plan.outputs.output_path }} + CDN_URL: ${{ steps.plan.outputs.cdn_url }} + run: | + if [ -z "$OUTPUT_PATH" ]; then + echo "::error::Plan did not resolve an output path. Set 'output' or configure bundle.output_directory in changelog.yml." + exit 1 + fi + if [ -z "$CDN_URL" ]; then + echo "::error::Plan did not resolve a CDN URL. Fetching the scrubbed bundle from the CDN requires a resolvable product (use a profile with products/output_products). For PR/issue-only option-mode bundles, use the changelog-bundle workflow instead." + exit 1 + fi + # The bundle file committed to the repo must live inside it. + if [[ "$OUTPUT_PATH" == /* || "$OUTPUT_PATH" == *..* ]]; then + echo "::error::Resolved output path must be a relative in-repo path: ${OUTPUT_PATH}" + exit 1 + fi + if [[ "$CDN_URL" != https://* ]]; then + echo "::error::Resolved CDN URL must be HTTPS: ${CDN_URL}" + exit 1 + fi + + - name: Fetch scrubbed bundle from CDN + shell: bash + env: + OUTPUT_PATH: ${{ steps.plan.outputs.output_path }} + CDN_URL: ${{ steps.plan.outputs.cdn_url }} + run: | + # Poll the public CDN until the scrubbed bundle is available. The scrubber Lambda + CloudFront + # propagation can lag the upload by tens of seconds, and CloudFront may briefly negative-cache a + # 404, so we retry with exponential backoff (5s -> 60s cap) for up to 10 minutes and bust the + # cache on each attempt. + mkdir -p "$(dirname "$OUTPUT_PATH")" + DEST="$OUTPUT_PATH" + + MAX_TOTAL=600 + DELAY=5 + ELAPSED=0 + ATTEMPT=0 + + while :; do + ATTEMPT=$((ATTEMPT + 1)) + CACHE_BUSTER="cb=$(date +%s%N)" + if [[ "$CDN_URL" == *\?* ]]; then + POLL_URL="${CDN_URL}&${CACHE_BUSTER}" + else + POLL_URL="${CDN_URL}?${CACHE_BUSTER}" + fi + + HTTP_CODE=$(curl --silent --show-error --location --max-redirs 3 --max-time 30 \ + -H 'Cache-Control: no-cache' \ + -o "$DEST" -w '%{http_code}' "$POLL_URL") || HTTP_CODE="000" + + if [ "$HTTP_CODE" = "200" ] && [ -s "$DEST" ]; then + echo "::notice title=Bundle fetched::Downloaded scrubbed bundle from CDN after ${ATTEMPT} attempt(s) (${ELAPSED}s)" + break + fi + + rm -f "$DEST" + + if [ "$ELAPSED" -ge "$MAX_TOTAL" ]; then + echo "::error::Timed out after ${ELAPSED}s waiting for the scrubbed bundle at ${CDN_URL} (last HTTP ${HTTP_CODE}). Ensure the changelog-bundle workflow uploaded it first." + exit 1 + fi + + echo "Attempt ${ATTEMPT}: bundle not ready (HTTP ${HTTP_CODE}); retrying in ${DELAY}s (elapsed ${ELAPSED}s)" + sleep "$DELAY" + ELAPSED=$((ELAPSED + DELAY)) + DELAY=$((DELAY * 2)) + [ "$DELAY" -gt 60 ] && DELAY=60 + done + + - name: Upload bundle artifact + uses: actions/upload-artifact@v7 + with: + name: ${{ inputs.artifact-name }} + path: ${{ steps.plan.outputs.output_path }} + if-no-files-found: error + retention-days: 1 diff --git a/changelog/bundle-pr/README.md b/changelog/bundle-pr/README.md index 8ec07da..e2adb81 100644 --- a/changelog/bundle-pr/README.md +++ b/changelog/bundle-pr/README.md @@ -6,12 +6,12 @@ Downloads a changelog bundle artifact and opens a pull request to add it to the ## Inputs -| Name | Description | Required | Default | -|-----------------|--------------------------------------------------------------------------------------------------------------------------------------------------------|----------|-----------------------| -| `output` | Output file path for the bundle, relative to the repo root (e.g. docs/releases/v9.2.0.yaml). Must match the path used by the bundle-create action.
| `true` | ` ` | -| `base-branch` | Base branch for the pull request (defaults to repository default branch) | `false` | ` ` | -| `artifact-name` | Name of the artifact uploaded by bundle-create | `false` | `changelog-bundle` | -| `github-token` | GitHub token with contents:write and pull-requests:write permissions | `false` | `${{ github.token }}` | +| Name | Description | Required | Default | +|-----------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------|-----------------------| +| `output` | Output file path for the bundle, relative to the repo root (e.g. docs/releases/v9.2.0.yaml). Must match the path used by the bundle-create or bundle-fetch action.
| `true` | ` ` | +| `base-branch` | Base branch for the pull request (defaults to repository default branch) | `false` | ` ` | +| `artifact-name` | Name of the artifact uploaded by bundle-create or bundle-fetch | `false` | `changelog-bundle` | +| `github-token` | GitHub token with contents:write and pull-requests:write permissions | `false` | `${{ github.token }}` | ## Outputs diff --git a/changelog/bundle-pr/action.yml b/changelog/bundle-pr/action.yml index b3fed5f..32b1cf6 100644 --- a/changelog/bundle-pr/action.yml +++ b/changelog/bundle-pr/action.yml @@ -9,13 +9,13 @@ inputs: description: > Output file path for the bundle, relative to the repo root (e.g. docs/releases/v9.2.0.yaml). Must match the path used - by the bundle-create action. + by the bundle-create or bundle-fetch action. required: true base-branch: description: 'Base branch for the pull request (defaults to repository default branch)' default: '' artifact-name: - description: 'Name of the artifact uploaded by bundle-create' + description: 'Name of the artifact uploaded by bundle-create or bundle-fetch' default: 'changelog-bundle' github-token: description: 'GitHub token with contents:write and pull-requests:write permissions'