Skip to content
This repository was archived by the owner on May 29, 2026. It is now read-only.

ci(documentation): run build/validate on PRs, deploy only on push#73

Merged
rubenvdlinde merged 1 commit into
mainfrom
feat/ai-baseline-pr-validation
May 18, 2026
Merged

ci(documentation): run build/validate on PRs, deploy only on push#73
rubenvdlinde merged 1 commit into
mainfrom
feat/ai-baseline-pr-validation

Conversation

@rubenvdlinde

Copy link
Copy Markdown
Contributor

Summary

Split the shared documentation workflow into a build job that runs on every event (including pull_request) and a deploy job that runs only on push / schedule / workflow_dispatch. Net effect: every docs site that uses this workflow now gets PR-time CI on the build, including the AI-baseline validator that ships postbuild from @conduction/docusaurus-preset.

Why

Today the workflow has:

if: github.event_name == 'push' || github.event_name == 'schedule' || github.event_name == 'workflow_dispatch'

at the top of the only job. PRs match none of those, so the whole job is SKIPPED. A PR can:

  • drop static/robots.txt
  • empty static/llms.txt
  • delete the SoftwareApplication JSON-LD emission from <DetailHero> (via a preset version pin downgrade)
  • remove the FAQ block from /support
  • break the sitemap

...and CI gives a green check anyway. The bad code lands. The nightly cron rebuilds, sees the regression, fails the deploy. By then production is already broken.

This PR shifts detection left. PRs now run the same npm run ci (build + validate) that production runs. Sites that ship the AI-baseline gate (robots.txt, llms.txt, sitemap shape, JSON-LD on the homepage and /apps/<slug> pages, FAQPage on /support /install /iso, og:image, twitter meta) get fleet-wide PR-time enforcement of the contract without each repo needing its own validate-ai-baseline.yml workflow.

What changed

  • build job: runs on every event. Checks out, installs, runs npm run ci. Uploads the build/ tree as an artifact on the events that go on to deploy.
  • deploy job: needs the build job. Only fires on push / schedule / workflow_dispatch. Downloads the artifact, adds .nojekyll + CNAME, pushes to gh-pages.

Compatibility

  • No input contract changes. Sites that already call this workflow with cname: ...; source-folder: ... keep working unchanged.
  • PRs that previously got no CI signal now get a green or red check from the new build job.
  • Sites without a postbuild validator (most of the fleet today) see the build job run a vanilla npm run ci and pass. The gate only fires for sites that have wired it locally (conduction-website is the first; the rest of the fleet follows in separate PRs).

Test plan

  • CI runs on this PR; the build job exists and runs
  • After merge, the next PR opened against any consuming docs site triggers the workflow and runs build only (no deploy)
  • After merge, the next push to development on any consuming docs site triggers build then deploy
  • Spot-check that a docs site without a validator still builds successfully through the new flow (e.g. docudesk, mydash)

Split the single deploy job into two:

- build: runs on every event (push, schedule, workflow_dispatch,
  pull_request). Checks out, installs, runs `npm run ci` (which
  builds and runs each site's postbuild AI-baseline validator from
  @conduction/docusaurus-preset). Uploads the build/ tree as an
  artifact on the events that go on to deploy.
- deploy: runs only on push / schedule / workflow_dispatch.
  Downloads the artifact, adds .nojekyll + CNAME, pushes to
  gh-pages.

Why
- Sites that ship the AI-baseline gate (robots.txt, llms.txt,
  sitemaps, JSON-LD, FAQPage, og:image) get PR-time enforcement
  fleet-wide without each repo needing its own workflow file.
  Today, the shared workflow's `if: push || schedule || dispatch`
  guard means a PR can drop schemas, break a sitemap, or remove
  robots.txt without CI ever firing the validator. The bad code
  lands, the nightly cron catches it the next morning, production
  is already broken. This shifts detection left.
- Separating build from deploy also de-risks the deploy itself:
  if the build succeeds but a deploy step fails for a transient
  reason, we can re-run just the deploy job without rebuilding.

Compatibility
- No input contract changes. Sites that already call this
  workflow with `cname: ...; source-folder: ...` keep working.
- PRs that previously got no CI signal at all now get a green
  check (or a red one) from the new `build` job.
- Sites without a postbuild validator (most of the fleet today)
  see the build job run a vanilla `npm run ci` and pass; the
  gate only fires for sites that have wired it.
This was referenced May 18, 2026
@rubenvdlinde rubenvdlinde merged commit 8d9e90c into main May 18, 2026
4 checks passed
@rubenvdlinde rubenvdlinde deleted the feat/ai-baseline-pr-validation branch May 18, 2026 18:03
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant