chore(deps): bump huggingface/doc-builder/.github/workflows/upload_pr_documentation.yml from b0f9a6e3b6aa912656cbda9f74896eb721d29421 to bcff59fca682130d2e7271ca8589911b7ac0b8bf#782
Conversation
…_documentation.yml Bumps [huggingface/doc-builder/.github/workflows/upload_pr_documentation.yml](https://github.com/huggingface/doc-builder) from b0f9a6e3b6aa912656cbda9f74896eb721d29421 to bcff59fca682130d2e7271ca8589911b7ac0b8bf. - [Release notes](https://github.com/huggingface/doc-builder/releases) - [Commits](huggingface/doc-builder@b0f9a6e...bcff59f) --- updated-dependencies: - dependency-name: huggingface/doc-builder/.github/workflows/upload_pr_documentation.yml dependency-version: bcff59fca682130d2e7271ca8589911b7ac0b8bf dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
added
Dependencies
github_actions
|
The docs for this PR live here. All of your documentation changes will be reflected on that endpoint. The docs are available until 30 days after the last update. |
Darktex
left a comment
Darktex
left a comment
There was a problem hiding this comment.
Note: This is an automated review by Claude Code, not a human review.
Alignment Review
Tier 1 — mechanical: PASS. Exactly one line changed: the SHA pin on uses: for huggingface/doc-builder/.github/workflows/upload_pr_documentation.yml (b0f9a6e… → bcff59f…). The # main tracking comment is preserved, and the with (package_name: openenv) and secrets blocks are untouched. Well-formed YAML.
Tier 2 — alignment: No concerns. SHA-pinning third-party reusable workflows (rather than a mutable @main/tag ref) is the correct supply-chain-safe pattern, and this bump maintains it.
Approved.
Automated review by Claude Code | Learn more
Darktex
left a comment
Darktex
left a comment
There was a problem hiding this comment.
Note: This is an automated review by Claude Code, not a human review.
Tier 1 (correctness): Clean one-line Dependabot bump — advances the huggingface/doc-builder reusable workflow upload_pr_documentation.yml pin from b0f9a6e to bcff59f. Full 40-char SHA, # main comment preserved, valid YAML.
Tier 2 (alignment): No concerns. CI-only change; no environment code or invariants touched. SHA-pinning is the intended convention for these reusable workflows per .github/dependabot.yml.
Verdict: approve.
Automated review by Claude Code | Learn more
Darktex
left a comment
Darktex
left a comment
There was a problem hiding this comment.
Note: This is an automated review by Claude Code, not a human review.
Alignment Review (automated)
Tier 1 (bugs/lint): None. Single-line SHA pin bump for the reusable workflow huggingface/doc-builder/.github/workflows/upload_pr_documentation.yml. Both old and new SHAs are valid 40-char hashes and the trailing # main comment remains accurate. Upstream change is a low-risk doc-builder bugfix.
Tier 2 (alignment): None. Touches only the docs-upload CI workflow — outside all OpenEnv system invariants.
Automated review by Claude Code | Learn more
Darktex
left a comment
Darktex
left a comment
There was a problem hiding this comment.
Note: This is an automated review by Claude Code, not a human review.
Tier 1 (correctness): Single-line bump of the pinned huggingface/doc-builder commit SHA in .github/workflows/upload_pr_documentation.yml (b0f9a6e… → bcff59f…). Both refs are valid full 40-char SHAs; only the pin changed (with:/secrets: untouched). The # main comment stays accurate.
Tier 2 (alignment): CI-only; no source or invariant impact. Full-SHA pin preserved (correct supply-chain practice). Upstream commit is a low-risk prerender bugfix.
Verdict: approve.
Automated review by Claude Code | Learn more
Darktex
left a comment
Darktex
left a comment
There was a problem hiding this comment.
Note: This is an automated review by Claude Code, not a human review.
Alignment Review
Automated checks (changed files): Lint PASS (YAML only) | Debug code CLEAN
Tier 1 — bugs / correctness
None. Single-line SHA advancement of the huggingface/doc-builder reusable workflow (upload_pr_documentation.yml): b0f9a6e3 → bcff59fc. # main comment preserved; inputs unchanged.
Tier 2 — alignment
None. CI-only change; no environment code, agent API, reward logic, or invariant implicated.
Note: #782 / #784 / #785 all converge on SHA bcff59fc. Land them together (or in quick succession) to avoid a window where only some doc-builder workflows are on the new pin.
Verdict: approve
Automated review by Claude Code | Learn more
Darktex
left a comment
Darktex
left a comment
There was a problem hiding this comment.
Note: This is an automated review by Claude Code, not a human review.
Routine Dependabot pinned-SHA bump for the HuggingFace doc-builder upload_pr_documentation.yml reusable workflow. Single-line change to the uses: ref (full 40-char SHA on main); package_name: openenv input and secrets: passthrough unchanged. No source or invariant impact.
Verdict: approve
Automated review by Claude Code | Learn more
Darktex
left a comment
Darktex
left a comment
There was a problem hiding this comment.
Note: This is an automated review by Claude Code, not a human review.
Alignment Review
Confirmed: a single-line SHA bump on the pinned huggingface/doc-builder reusable upload_pr_documentation.yml workflow (b0f9a6e → bcff59f). Inputs, secrets, and triggers are all untouched.
Tier 1: No issues. Tier 2: No concerns — no source, API, or invariant affected. Routine dependabot maintenance.
LGTM.
Automated review by Claude Code | Learn more
Darktex
left a comment
Darktex
left a comment
There was a problem hiding this comment.
Note: This is an automated review by Claude Code, not a human review.
Alignment Review Report
Tier 1: Bugs / Lint
None. Single-line SHA pin update for the huggingface/doc-builder reusable workflow (upload_pr_documentation.yml). No other files touched; the # main comment accurately documents the tracked branch.
Tier 2: Alignment
No principles/invariants implicated — CI-only change, no runtime impact.
Verdict: approve — routine Dependabot SHA-pin maintenance.
Automated review by Claude Code | Learn more
Darktex
left a comment
Darktex
left a comment
There was a problem hiding this comment.
Note: This is an automated review by Claude Code, not a human review.
Verdict: approve
Dependabot bump of the pinned huggingface/doc-builder reusable workflow (upload_pr_documentation.yml) from b0f9a6e3… to bcff59fca… (both # main).
Tier 1
None. Single-line SHA replacement in a YAML workflow; no Python source affected.
Tier 2
- Supply-chain note (non-blocking): the new SHA points at
mainof a third-party (HF-owned) repo and runs with the workflow'ssecrets:block (HF_DOC_PUSH_TOKEN). I can't inspect the new commit's contents without network access. Risk is low — routine dependabot bump to an HF-owned action, and the same SHA is being promoted across sibling PRs #784/#785. Surfaced for awareness only.
Approve.
Automated review by Claude Code | Learn more
Darktex
left a comment
Darktex
left a comment
There was a problem hiding this comment.
Note: This is an automated review by Claude Code, not a human review.
Tier 1 (Bugs & Lint): Pinned workflow reference bumped to the new huggingface/doc-builder commit bcff59f; inputs/secrets unchanged. Mechanical and consistent with the sibling doc-builder workflow bumps in this batch.
Tier 2 (Alignment): None — CI/workflow maintenance only.
LGTM.
Automated review by Claude Code | Learn more
|
Rolled into #788 so maintainers can review and merge the non-env Dependabot updates together. |
|
OK, I won't notify you again about this release, but will get in touch when a new version is available. You can also ignore all major, minor, or patch releases for a dependency by adding an If you change your mind, just re-open this PR and I'll resolve any conflicts on it. |
dependabot
Bot
deleted the
dependabot/github_actions/huggingface/doc-builder/dot-github/workflows/upload_pr_documentation.yml-bcff59fca682130d2e7271ca8589911b7ac0b8bf
branch
2 participants
Bumps huggingface/doc-builder/.github/workflows/upload_pr_documentation.yml from b0f9a6e3b6aa912656cbda9f74896eb721d29421 to bcff59fca682130d2e7271ca8589911b7ac0b8bf.
Commits
bcff59ffix(kit): don't crash prerender when a provider/task has no snippet (#791)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)