Skip to content

docs: switch spectrum-ts docs to git source#111

Merged
Tom Tang (qwerzl) merged 1 commit into
mainfrom
tom/eng-1744-docs-repo-flip-spectrum-ts-source-to-git-only-drop-local
Jul 7, 2026
Merged

docs: switch spectrum-ts docs to git source#111
Tom Tang (qwerzl) merged 1 commit into
mainfrom
tom/eng-1744-docs-repo-flip-spectrum-ts-source-to-git-only-drop-local

Conversation

@qwerzl

@qwerzl Tom Tang (qwerzl) commented Jul 7, 2026

Copy link
Copy Markdown
Member

Summary

  • Remove the spectrum-ts local docs fallback from scripts/sources.json.
  • Delete the tracked docs-src/spectrum-ts template tree.
  • Add a GitHub App token to the typecheck-docs build job and pass it as GITHUB_TOKEN for git-backed docs sync.

Verification

  • pnpm docs:generate passed and fetched photon-hq/spectrum-ts#main:docs without env overrides.
  • pnpm typecheck:docs failed on existing advanced-kits/imessage examples:
    • advanced-kits/imessage/error-handling.mdx:98
    • advanced-kits/imessage/locations.mdx:36
    • advanced-kits/imessage/messages.mdx:195
    • advanced-kits/imessage/messages.mdx:484
  • pnpm lint failed on pre-existing dirty AGENTS.md formatting issues. AGENTS.md is not part of this PR.

Closes ENG-1744.


View with Codesmith Autofix with Codesmith
Need help on this PR? Tag /codesmith with what you need. Autofix is disabled.

Summary by CodeRabbit

  • Documentation

    • Streamlined the Spectrum TS docs by removing multiple content pages and sections across getting started, core concepts, content builders, providers, messaging, reactions/replies, webhooks, and troubleshooting.
    • Updated the docs navigation by clearing the Spectrum TS navigation configuration.
  • Chores

    • Improved the docs generation workflow authentication by using a generated GitHub App token for checkout and by passing that token into the docs generation step.
    • Removed support for a per-source local/offline fallback in the docs source configuration.

@cursor

cursor Bot commented Jul 7, 2026

Copy link
Copy Markdown

Bugbot is not enabled for this team, so this pull request was not reviewed.

Enable Bugbot in the Cursor dashboard to get automatic reviews on future PRs.

@coderabbitai

coderabbitai Bot commented Jul 7, 2026

Copy link
Copy Markdown

Review Change Stack

Caution

Review failed

The pull request is closed.

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: a2ffba66-b49a-4e74-987a-8b54a9ab5043

📥 Commits

Reviewing files that changed from the base of the PR and between 2eaee95 and 587c6b4.

📒 Files selected for processing (47)
  • .github/workflows/typecheck-docs.yml
  • docs-src/spectrum-ts/content.mdx.vel
  • docs-src/spectrum-ts/content/app.mdx.vel
  • docs-src/spectrum-ts/content/attachments.mdx.vel
  • docs-src/spectrum-ts/content/avatar.mdx.vel
  • docs-src/spectrum-ts/content/composing-content.mdx.vel
  • docs-src/spectrum-ts/content/contacts.mdx.vel
  • docs-src/spectrum-ts/content/custom.mdx.vel
  • docs-src/spectrum-ts/content/edits.mdx.vel
  • docs-src/spectrum-ts/content/groups.mdx.vel
  • docs-src/spectrum-ts/content/markdown.mdx.vel
  • docs-src/spectrum-ts/content/polls.mdx.vel
  • docs-src/spectrum-ts/content/rename.mdx.vel
  • docs-src/spectrum-ts/content/replies.mdx.vel
  • docs-src/spectrum-ts/content/rich-links.mdx.vel
  • docs-src/spectrum-ts/content/text.mdx.vel
  • docs-src/spectrum-ts/content/typing-indicators.mdx.vel
  • docs-src/spectrum-ts/content/unsend.mdx.vel
  • docs-src/spectrum-ts/content/voice.mdx.vel
  • docs-src/spectrum-ts/custom-events-and-lifecycle.mdx.vel
  • docs-src/spectrum-ts/custom-platforms.mdx.vel
  • docs-src/spectrum-ts/getting-started.mdx.vel
  • docs-src/spectrum-ts/introduction.mdx.vel
  • docs-src/spectrum-ts/messages.mdx.vel
  • docs-src/spectrum-ts/nav.json
  • docs-src/spectrum-ts/platform-narrowing.mdx.vel
  • docs-src/spectrum-ts/providers.mdx.vel
  • docs-src/spectrum-ts/providers/imessage.mdx.vel
  • docs-src/spectrum-ts/providers/imessage/connection-and-routing.mdx.vel
  • docs-src/spectrum-ts/providers/imessage/messaging-features.mdx.vel
  • docs-src/spectrum-ts/providers/slack.mdx.vel
  • docs-src/spectrum-ts/providers/slack/conversations-and-events.mdx.vel
  • docs-src/spectrum-ts/providers/slack/setup.mdx.vel
  • docs-src/spectrum-ts/providers/telegram.mdx.vel
  • docs-src/spectrum-ts/providers/telegram/conversations-and-features.mdx.vel
  • docs-src/spectrum-ts/providers/telegram/setup.mdx.vel
  • docs-src/spectrum-ts/providers/terminal.mdx.vel
  • docs-src/spectrum-ts/providers/terminal/interactions.mdx.vel
  • docs-src/spectrum-ts/providers/terminal/setup-and-usage.mdx.vel
  • docs-src/spectrum-ts/providers/whatsapp-business.mdx.vel
  • docs-src/spectrum-ts/providers/whatsapp-business/conversations.mdx.vel
  • docs-src/spectrum-ts/providers/whatsapp-business/setup.mdx.vel
  • docs-src/spectrum-ts/reactions-and-replies.mdx.vel
  • docs-src/spectrum-ts/spaces-and-users.mdx.vel
  • docs-src/spectrum-ts/troubleshooting/imessage.mdx.vel
  • docs-src/spectrum-ts/webhooks.mdx.vel
  • scripts/sources.json

Disabled knowledge base sources:

  • Linear integration is disabled

You can enable these sources in your CodeRabbit configuration.


📝 Walkthrough

Walkthrough

The docs workflow now authenticates checkout and docs generation with a GitHub App token. The Spectrum TS source config no longer includes the local fallback option. The Spectrum TS documentation pages and navigation file were removed.

Changes

CI Workflow and Source Config

Layer / File(s) Summary
Workflow auth
.github/workflows/typecheck-docs.yml
Adds repository parsing, GitHub App token generation, authenticated checkout, and docs generation token wiring.
Source config cleanup
scripts/sources.json
Removes the local property and its $comment documentation from the spectrum-ts source entry.

Spectrum TypeScript Docs Removal

Layer / File(s) Summary
Documentation removal
docs-src/spectrum-ts/**/*.mdx.vel, docs-src/spectrum-ts/nav.json
Removes the Spectrum TypeScript documentation pages and navigation JSON content.

Estimated code review effort: 2 (Simple) | ~10 minutes

Possibly related PRs

  • photon-hq/docs#91: Touches the same Spectrum MDX content files and nav.json, restructuring or adding what this PR removes.
  • photon-hq/docs#96: Adds the iMessage troubleshooting page that this PR removes.
  • photon-hq/docs#108: Overlaps with the docs sourcing and authentication changes in this PR.

Poem

A rabbit hops through docs so old,
Clearing pages, brave and bold. 🐇
A token now unlocks the gate,
Local paths bow out of state.
Nav trimmed clean, the burrow's bare —
New docs shall bloom with fresher air. 🌱

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title clearly captures the main change: moving spectrum-ts docs to a git-only source.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch tom/eng-1744-docs-repo-flip-spectrum-ts-source-to-git-only-drop-local

Comment @coderabbitai help to get the list of available commands.

@qwerzl Tom Tang (qwerzl) force-pushed the tom/eng-1744-docs-repo-flip-spectrum-ts-source-to-git-only-drop-local branch from 2eaee95 to 587c6b4 Compare July 7, 2026 08:24
@qwerzl Tom Tang (qwerzl) changed the title ENG-1744 Flip spectrum-ts docs source to git-only docs: switch spectrum-ts docs to git source Jul 7, 2026
@cursor

cursor Bot commented Jul 7, 2026

Copy link
Copy Markdown

Bugbot is not enabled for this team, so this pull request was not reviewed.

Enable Bugbot in the Cursor dashboard to get automatic reviews on future PRs.

@qwerzl Tom Tang (qwerzl) merged commit 569f23d into main Jul 7, 2026
3 of 4 checks passed

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

🧹 Nitpick comments (2)
.github/workflows/typecheck-docs.yml (2)

65-65: 📐 Maintainability & Code Quality | 🔵 Trivial | 💤 Low value

Naming clash risk: env var named GITHUB_TOKEN.

scripts/sync-docs/index.ts reads DOCS_GH_TOKEN first and falls back to GITHUB_TOKEN, so this works, but naming the custom app token GITHUB_TOKEN here can be confused with the Actions-native ambient token and may mask which credential is actually in use during debugging. Consider using the already-supported DOCS_GH_TOKEN name for clarity.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/typecheck-docs.yml at line 65, The workflow is exporting
the app token under GITHUB_TOKEN, which can be confused with the built-in
Actions token and makes debugging credential usage harder. Update the env
mapping in the typecheck-docs workflow to use DOCS_GH_TOKEN instead, since
scripts/sync-docs/index.ts already prefers that variable and falls back to
GITHUB_TOKEN. Keep the token source unchanged, but rename the environment
variable at the workflow boundary for clarity.

39-39: 📐 Maintainability & Code Quality | 🔵 Trivial | ⚡ Quick win

Upgrade actions/create-github-app-token to @v3. v1 is behind the current stable major, and active development is on v3.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/typecheck-docs.yml at line 39, The workflow is still using
an outdated major version of actions/create-github-app-token, so update the step
in the typecheck-docs workflow from the current v1 reference to v3. Keep the
same job and token-generation behavior, but make sure the
actions/create-github-app-token usage is aligned with the latest stable major
version.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/workflows/typecheck-docs.yml:
- Around line 48-50: In the checkout step for the workflow using
actions/checkout@v4, disable git credential persistence by setting
persist-credentials to false alongside the existing token input. Update the
checkout configuration in this workflow so the app-installation token is not
retained in local git config after the repository is checked out.
- Around line 37-46: The GitHub App token created in the “Generate GitHub App
token” step is missing an explicit read-only contents scope. Update the
`actions/create-github-app-token@v1` usage in this workflow to include the
`permission-contents` input set to `read`, alongside the existing `app-id`,
`private-key`, `owner`, and `repositories` inputs, so the `app-token` step only
grants the minimal contents permission needed.

---

Nitpick comments:
In @.github/workflows/typecheck-docs.yml:
- Line 65: The workflow is exporting the app token under GITHUB_TOKEN, which can
be confused with the built-in Actions token and makes debugging credential usage
harder. Update the env mapping in the typecheck-docs workflow to use
DOCS_GH_TOKEN instead, since scripts/sync-docs/index.ts already prefers that
variable and falls back to GITHUB_TOKEN. Keep the token source unchanged, but
rename the environment variable at the workflow boundary for clarity.
- Line 39: The workflow is still using an outdated major version of
actions/create-github-app-token, so update the step in the typecheck-docs
workflow from the current v1 reference to v3. Keep the same job and
token-generation behavior, but make sure the actions/create-github-app-token
usage is aligned with the latest stable major version.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 4c0661f1-097c-41a0-86c5-0b2a842d07f6

📥 Commits

Reviewing files that changed from the base of the PR and between a1f8914 and 2eaee95.

📒 Files selected for processing (47)
  • .github/workflows/typecheck-docs.yml
  • docs-src/spectrum-ts/content.mdx.vel
  • docs-src/spectrum-ts/content/app.mdx.vel
  • docs-src/spectrum-ts/content/attachments.mdx.vel
  • docs-src/spectrum-ts/content/avatar.mdx.vel
  • docs-src/spectrum-ts/content/composing-content.mdx.vel
  • docs-src/spectrum-ts/content/contacts.mdx.vel
  • docs-src/spectrum-ts/content/custom.mdx.vel
  • docs-src/spectrum-ts/content/edits.mdx.vel
  • docs-src/spectrum-ts/content/groups.mdx.vel
  • docs-src/spectrum-ts/content/markdown.mdx.vel
  • docs-src/spectrum-ts/content/polls.mdx.vel
  • docs-src/spectrum-ts/content/rename.mdx.vel
  • docs-src/spectrum-ts/content/replies.mdx.vel
  • docs-src/spectrum-ts/content/rich-links.mdx.vel
  • docs-src/spectrum-ts/content/text.mdx.vel
  • docs-src/spectrum-ts/content/typing-indicators.mdx.vel
  • docs-src/spectrum-ts/content/unsend.mdx.vel
  • docs-src/spectrum-ts/content/voice.mdx.vel
  • docs-src/spectrum-ts/custom-events-and-lifecycle.mdx.vel
  • docs-src/spectrum-ts/custom-platforms.mdx.vel
  • docs-src/spectrum-ts/getting-started.mdx.vel
  • docs-src/spectrum-ts/introduction.mdx.vel
  • docs-src/spectrum-ts/messages.mdx.vel
  • docs-src/spectrum-ts/nav.json
  • docs-src/spectrum-ts/platform-narrowing.mdx.vel
  • docs-src/spectrum-ts/providers.mdx.vel
  • docs-src/spectrum-ts/providers/imessage.mdx.vel
  • docs-src/spectrum-ts/providers/imessage/connection-and-routing.mdx.vel
  • docs-src/spectrum-ts/providers/imessage/messaging-features.mdx.vel
  • docs-src/spectrum-ts/providers/slack.mdx.vel
  • docs-src/spectrum-ts/providers/slack/conversations-and-events.mdx.vel
  • docs-src/spectrum-ts/providers/slack/setup.mdx.vel
  • docs-src/spectrum-ts/providers/telegram.mdx.vel
  • docs-src/spectrum-ts/providers/telegram/conversations-and-features.mdx.vel
  • docs-src/spectrum-ts/providers/telegram/setup.mdx.vel
  • docs-src/spectrum-ts/providers/terminal.mdx.vel
  • docs-src/spectrum-ts/providers/terminal/interactions.mdx.vel
  • docs-src/spectrum-ts/providers/terminal/setup-and-usage.mdx.vel
  • docs-src/spectrum-ts/providers/whatsapp-business.mdx.vel
  • docs-src/spectrum-ts/providers/whatsapp-business/conversations.mdx.vel
  • docs-src/spectrum-ts/providers/whatsapp-business/setup.mdx.vel
  • docs-src/spectrum-ts/reactions-and-replies.mdx.vel
  • docs-src/spectrum-ts/spaces-and-users.mdx.vel
  • docs-src/spectrum-ts/troubleshooting/imessage.mdx.vel
  • docs-src/spectrum-ts/webhooks.mdx.vel
  • scripts/sources.json
💤 Files with no reviewable changes (45)
  • docs-src/spectrum-ts/content/voice.mdx.vel
  • docs-src/spectrum-ts/introduction.mdx.vel
  • docs-src/spectrum-ts/content/text.mdx.vel
  • docs-src/spectrum-ts/content/groups.mdx.vel
  • docs-src/spectrum-ts/content/polls.mdx.vel
  • docs-src/spectrum-ts/providers/terminal/interactions.mdx.vel
  • docs-src/spectrum-ts/providers/slack/conversations-and-events.mdx.vel
  • docs-src/spectrum-ts/providers.mdx.vel
  • docs-src/spectrum-ts/messages.mdx.vel
  • docs-src/spectrum-ts/webhooks.mdx.vel
  • docs-src/spectrum-ts/content/markdown.mdx.vel
  • docs-src/spectrum-ts/providers/telegram.mdx.vel
  • docs-src/spectrum-ts/content/contacts.mdx.vel
  • docs-src/spectrum-ts/providers/imessage/messaging-features.mdx.vel
  • docs-src/spectrum-ts/providers/telegram/conversations-and-features.mdx.vel
  • docs-src/spectrum-ts/content/rename.mdx.vel
  • docs-src/spectrum-ts/content/edits.mdx.vel
  • docs-src/spectrum-ts/getting-started.mdx.vel
  • docs-src/spectrum-ts/providers/telegram/setup.mdx.vel
  • docs-src/spectrum-ts/content/rich-links.mdx.vel
  • docs-src/spectrum-ts/providers/terminal/setup-and-usage.mdx.vel
  • docs-src/spectrum-ts/providers/imessage/connection-and-routing.mdx.vel
  • docs-src/spectrum-ts/nav.json
  • docs-src/spectrum-ts/platform-narrowing.mdx.vel
  • docs-src/spectrum-ts/content/custom.mdx.vel
  • docs-src/spectrum-ts/content/composing-content.mdx.vel
  • docs-src/spectrum-ts/content/replies.mdx.vel
  • docs-src/spectrum-ts/content/app.mdx.vel
  • docs-src/spectrum-ts/spaces-and-users.mdx.vel
  • docs-src/spectrum-ts/providers/whatsapp-business/conversations.mdx.vel
  • docs-src/spectrum-ts/providers/imessage.mdx.vel
  • docs-src/spectrum-ts/custom-platforms.mdx.vel
  • docs-src/spectrum-ts/content.mdx.vel
  • docs-src/spectrum-ts/content/unsend.mdx.vel
  • docs-src/spectrum-ts/providers/whatsapp-business/setup.mdx.vel
  • docs-src/spectrum-ts/providers/slack.mdx.vel
  • docs-src/spectrum-ts/content/typing-indicators.mdx.vel
  • docs-src/spectrum-ts/reactions-and-replies.mdx.vel
  • docs-src/spectrum-ts/providers/terminal.mdx.vel
  • docs-src/spectrum-ts/content/attachments.mdx.vel
  • docs-src/spectrum-ts/providers/slack/setup.mdx.vel
  • docs-src/spectrum-ts/content/avatar.mdx.vel
  • docs-src/spectrum-ts/custom-events-and-lifecycle.mdx.vel
  • docs-src/spectrum-ts/providers/whatsapp-business.mdx.vel
  • docs-src/spectrum-ts/troubleshooting/imessage.mdx.vel
📜 Review details
🧰 Additional context used
🪛 zizmor (1.26.1)
.github/workflows/typecheck-docs.yml

[warning] 48-50: credential persistence through GitHub Actions artifacts (artipacked): does not set persist-credentials: false

(artipacked)


[error] 39-39: dangerous use of GitHub App tokens (github-app): app token inherits blanket installation permissions

(github-app)

🔇 Additional comments (2)
.github/workflows/typecheck-docs.yml (1)

31-35: LGTM!

scripts/sources.json (1)

2-2: LGTM!

Also applies to: 11-11

Comment on lines +37 to +46
- name: Generate GitHub App token
id: app-token
uses: actions/create-github-app-token@v1
with:
app-id: ${{ secrets.APP_ID }}
private-key: ${{ secrets.APP_PRIVATE_KEY }}
owner: ${{ steps.parse-repo.outputs.owner }}
repositories: |
${{ steps.parse-repo.outputs.name }}
spectrum-ts

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🔒 Security & Privacy | 🟠 Major | ⚡ Quick win

🧩 Analysis chain

🌐 Web query:

Does actions/create-github-app-token@v1 support permission-* inputs, or only v2+?

💡 Result:

The permission-* inputs are supported in version 1.12.0 and later of actions/create-github-app-token, not just in v2+ [1]. While the feature was associated with PR #168 [1][2], which was tagged with a v2 milestone [1], it was officially released in version 1.12.0 [1]. Before this change, older v1 releases (such as v1.9.2) did not include these specific permission-* inputs [3]. Therefore, if you are using a version of actions/create-github-app-token at or above 1.12.0, you can use the permission-* inputs to explicitly define the permissions for your token [4][1].

Citations:


Scope the GitHub App token to read-only contents. actions/create-github-app-token@v1 supports permission-* inputs, so add permission-contents: read here.

🔒 Proposed fix
       - name: Generate GitHub App token
         id: app-token
         uses: actions/create-github-app-token@v1
         with:
           app-id: ${{ secrets.APP_ID }}
           private-key: ${{ secrets.APP_PRIVATE_KEY }}
           owner: ${{ steps.parse-repo.outputs.owner }}
           repositories: |
             ${{ steps.parse-repo.outputs.name }}
             spectrum-ts
+          permission-contents: read
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
- name: Generate GitHub App token
id: app-token
uses: actions/create-github-app-token@v1
with:
app-id: ${{ secrets.APP_ID }}
private-key: ${{ secrets.APP_PRIVATE_KEY }}
owner: ${{ steps.parse-repo.outputs.owner }}
repositories: |
${{ steps.parse-repo.outputs.name }}
spectrum-ts
- name: Generate GitHub App token
id: app-token
uses: actions/create-github-app-token@v1
with:
app-id: ${{ secrets.APP_ID }}
private-key: ${{ secrets.APP_PRIVATE_KEY }}
owner: ${{ steps.parse-repo.outputs.owner }}
repositories: |
${{ steps.parse-repo.outputs.name }}
spectrum-ts
permission-contents: read
🧰 Tools
🪛 zizmor (1.26.1)

[error] 39-39: dangerous use of GitHub App tokens (github-app): app token inherits blanket installation permissions

(github-app)

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/typecheck-docs.yml around lines 37 - 46, The GitHub App
token created in the “Generate GitHub App token” step is missing an explicit
read-only contents scope. Update the `actions/create-github-app-token@v1` usage
in this workflow to include the `permission-contents` input set to `read`,
alongside the existing `app-id`, `private-key`, `owner`, and `repositories`
inputs, so the `app-token` step only grants the minimal contents permission
needed.

Source: Linters/SAST tools

Comment on lines 48 to +50
- uses: actions/checkout@v4
with:
token: ${{ steps.app-token.outputs.token }}

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🔒 Security & Privacy | 🟠 Major | ⚡ Quick win

Set persist-credentials: false on checkout.

The checked-out repo will retain the app-installation token in git config for the remainder of the job. Since no later step pushes back to the repo, disable credential persistence to reduce exposure if a later step (or a compromised dependency in pnpm install) reads local git config.

🔒 Proposed fix
       - uses: actions/checkout@v4
         with:
           token: ${{ steps.app-token.outputs.token }}
+          persist-credentials: false

As per static analysis hints (zizmor artipacked), checkout does not set persist-credentials: false.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
- uses: actions/checkout@v4
with:
token: ${{ steps.app-token.outputs.token }}
- uses: actions/checkout@v4
with:
token: ${{ steps.app-token.outputs.token }}
persist-credentials: false
🧰 Tools
🪛 zizmor (1.26.1)

[warning] 48-50: credential persistence through GitHub Actions artifacts (artipacked): does not set persist-credentials: false

(artipacked)

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/typecheck-docs.yml around lines 48 - 50, In the checkout
step for the workflow using actions/checkout@v4, disable git credential
persistence by setting persist-credentials to false alongside the existing token
input. Update the checkout configuration in this workflow so the
app-installation token is not retained in local git config after the repository
is checked out.

Source: Linters/SAST tools

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant