chore: add Context7 auto-refresh workflow [no-ci]#688
Conversation
There was a problem hiding this comment.
Pull request overview
Adds a GitHub Actions workflow to refresh Context7 documentation automatically when a GitHub Release is published (and via manual dispatch).
Changes:
- Introduces a new
context7.ymlworkflow triggered onrelease.publishedandworkflow_dispatch. - Runs a job that checks out the repo and invokes
rennf93/upsert-context7withoperation: refresh.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| - uses: actions/checkout@v4 | ||
| - name: Update Context7 Documentation | ||
| id: context7 | ||
| uses: rennf93/upsert-context7@1.1 |
There was a problem hiding this comment.
The workflow uses a third-party action reference (rennf93/upsert-context7@1.1) that is not pinned to an immutable commit SHA. For supply-chain security and reproducibility, pin the action to a specific commit SHA (and optionally keep a major tag via Dependabot/action updates) so a retagged release can’t change what runs in this repository.
| uses: rennf93/upsert-context7@1.1 | |
| # Pin to the exact commit for the intended 1.1 release. | |
| uses: rennf93/upsert-context7@<FULL_40_CHAR_COMMIT_SHA_FOR_V1_1> |
| workflow_dispatch: | ||
|
|
||
| jobs: | ||
| update-docs: |
There was a problem hiding this comment.
This workflow relies on the repository’s default GITHUB_TOKEN permissions. To ensure it behaves consistently across repos/orgs (and to follow least-privilege), add an explicit permissions: block at the workflow or job level (e.g., start with contents: read and only add additional scopes if upsert-context7 requires them).
| update-docs: | |
| update-docs: | |
| permissions: | |
| contents: read |
Adds a GitHub Actions workflow to automatically refresh Context7 documentation on each release.
Triggers on:
release(published) andworkflow_dispatch.