Auto-update doc build config

[alauda-github-idpbot]

auto update doc build config for doc pipeline

Summary by CodeRabbit

• Chores
  • Added automated documentation build workflows triggered on changes to main, master, and release branches.
  • Added automated documentation build workflows for pull requests, enabling preview documentation before merging changes.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

This pull request adds two new Tekton PipelineRun manifests for documentation building workflows. The first manifest triggers on manual comments for local-auth documentation builds, while the second handles pull request-based builds. Both reference remote pipelines from the alauda catalog and configure workspaces, security contexts, and task-specific resource allocations.

Changes

Cohort / File(s)

Summary

Tekton Documentation Pipelines .tekton/doc-build.yaml, .tekton/doc-pr-build.yaml

Adds two PipelineRun manifests: doc-build-local-auth (triggered on /doc-build comments for main/master/release branches) and doc-pr-build-local-auth (triggered on pull requests). Both reference hub-resolved pipelines from alauda catalog, define source and cache workspaces with topolvm storage, configure security contexts (root default, non-root for git-clone), inject PAC variables (git-url, git-revision, git-commit, pull-request metadata), and specify resource requests/limits for multiple documentation build tasks.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Poem

🐰 Hop into the pipelines we go,
Doc builds triggering, watching them flow,
From comments and PRs, the manifests bind,
Security contexts, workspaces aligned,
Tekton's new magic makes docs intertwine! ✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'Auto-update doc build config' directly matches the PR's main objective to update documentation build configuration files, clearly summarizing the primary change.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch feat/auto-update-doc-build-main

Tip

🧪 Unit Test Generation v2 is now available!

We have significantly improved our unit test generation capabilities.

To enable: Add this to your .coderabbit.yaml configuration:

reviews:
  finishing_touches:
    unit_tests:
      enabled: true

Try it out by using the @coderabbitai generate unit tests command on your code files or under ✨ Finishing Touches on the walkthrough!

Have feedback? Share your thoughts on our Discord thread!

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 4

🤖 Fix all issues with AI agents

In @.tekton/doc-build.yaml:
- Line 163: The file currently ends at the line "memory: 8Gi" without a trailing
newline; open the file and add a single newline character at the end so the file
terminates with a newline (POSIX-compliant), then save—no other changes
required.
- Around line 5-16: The annotations currently mix a comment trigger
(pipelinesascode.tekton.dev/on-comment) with a CEL filter that only allows push
events (pipelinesascode.tekton.dev/on-cel-expression), causing comment-triggered
runs to be filtered out; update the CEL expression to include comment events
(e.g., allow event == "comment" or match the on-comment pattern) or remove
on-comment if comments shouldn't trigger this pipeline, and remove or make
optional the pull-request parameters (pull-request-number, pull-request-target)
referenced later in the pipeline since this config is intended for push
events—ensure any code that reads those parameters (by name) handles them as
optional or is removed.

In @.tekton/doc-pr-build.yaml:
- Line 97: The file ends with the line "memory: 8Gi" but lacks a trailing
newline; update the .tekton/doc-pr-build.yaml by adding a single newline
character at the end of the file (i.e., ensure the final line "memory: 8Gi" is
terminated with a newline) to satisfy POSIX/file-tooling expectations.
- Around line 5-14: The annotations block currently defines
pipelinesascode.tekton.dev/on-comment alongside
pipelinesascode.tekton.dev/on-cel-expression, but the CEL expression only allows
event == "pull_request" so PR comment triggers (issue_comment) never fire;
either remove the on-comment annotation (pipelinesascode.tekton.dev/on-comment)
if you only want real pull_request events, or update the on-cel-expression to
also allow issue_comment (e.g., include event == "issue_comment" and ensure the
branch-matching logic handles the issue_comment payload) so comment-triggered
runs are evaluated true.

🧹 Nitpick comments (2)

.tekton/doc-pr-build.yaml (1)

70-78: Consider minimizing root execution scope.

Running tasks as root by default (UID 0) increases the attack surface. While the comment acknowledges this is needed for build tasks, consider evaluating which specific tasks actually require root and only granting elevated privileges to those, similar to how git-clone is already overridden to non-root.

.tekton/doc-build.yaml (1)

92-163: Consider reducing duplication in task resource specifications.

All 9 build tasks have identical computeResources configurations. While this explicit approach is clear and maintainable, if resource requirements need to change, updates must be made in 9 places.

If the referenced pipeline supports default resource configurations at the pipeline level, or if Tekton's taskRunTemplate.computeResources becomes available for default compute resources, consider using that to reduce duplication.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Potential trigger conflict and parameter mismatch.

1. Trigger conflict: Same issue as doc-pr-build.yaml — on-comment triggers on comments but on-cel-expression filters for event == "push", which may prevent comment-triggered runs.

2. Parameter relevance: Lines 33-36 define pull-request-number and pull-request-target parameters, but this pipeline is configured for push events (not pull requests). These parameters may be empty or undefined for push events.

🤖 Prompt for AI Agents

In @.tekton/doc-build.yaml around lines 5 - 16, The annotations currently mix a
comment trigger (pipelinesascode.tekton.dev/on-comment) with a CEL filter that
only allows push events (pipelinesascode.tekton.dev/on-cel-expression), causing
comment-triggered runs to be filtered out; update the CEL expression to include
comment events (e.g., allow event == "comment" or match the on-comment pattern)
or remove on-comment if comments shouldn't trigger this pipeline, and remove or
make optional the pull-request parameters (pull-request-number,
pull-request-target) referenced later in the pipeline since this config is
intended for push events—ensure any code that reads those parameters (by name)
handles them as optional or is removed.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Add trailing newline at end of file.

Ensure the file ends with a newline for POSIX compliance.

🤖 Prompt for AI Agents

In @.tekton/doc-build.yaml at line 163, The file currently ends at the line
"memory: 8Gi" without a trailing newline; open the file and add a single newline
character at the end so the file terminates with a newline (POSIX-compliant),
then save—no other changes required.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🌐 Web query:

Tekton Pipelines as Code on-comment on-cel-expression annotation trigger event types

💡 Result:

In Tekton Pipelines-as-Code (PAC), you can trigger PipelineRuns via:

• pipelinesascode.tekton.dev/on-comment: triggers when a new PR comment matches a regex (comment edits don’t retrigger). Example: pipelinesascode.tekton.dev/on-comment: "^/merge-pr" (works primarily for pull_request events; for push, it’s only supported when targeting the main branch and without arguments). [3][4]
• pipelinesascode.tekton.dev/on-cel-expression: triggers when a CEL expression evaluates to true for an incoming event payload; when present, it takes priority and PAC ignores other matching annotations like on-event, on-target-branch, labels, and path-change filters. [3]

When a run is triggered by a comment/GitOps command, PAC sets the annotation pipeline.tekton.dev/event-type on the created PipelineRun. Documented event-type values include:

• test-all-comment
• test-comment
• retest-all-comment
• retest-comment
• on-comment (custom comment trigger)
• cancel-all-comment
• cancel-comment
• ok-to-test-comment [1]

---

🌐 Web query:

GitHub webhook event type pull request comment issue_comment

💡 Result:

For GitHub webhooks (and GitHub Actions triggers), a “pull request comment” maps to different event types depending on what kind of comment it is:

• Comment on a PR conversation (top-level comment, not tied to a diff line) → issue_comment (actions: created, edited, deleted). GitHub treats PRs as issues for these comments. [1] [2]
• Comment on a PR diff (inline code comment) → pull_request_review_comment (actions: created, edited, deleted). [1] [2]
• A PR review submission (Approve / Request changes / Review comment batch) → pull_request_review (actions: submitted, edited, dismissed). [1] [2]

There is no separate pull_request_comment webhook event for regular PR conversation comments—use issue_comment instead. [1]

---

Remove on-comment annotation or fix CEL expression to handle comment events.

The on-cel-expression annotation takes priority over on-comment in Tekton PAC; when present, it must evaluate to true for a PipelineRun to be created. The current CEL expression filters for event == "pull_request", but GitHub sends issue_comment events for PR comments, so comment-triggered runs will never execute. Either remove the on-comment annotation (if only pull_request events are desired) or update the CEL expression to include comment events: event == "pull_request" || event == "issue_comment" (and adjust branch matching logic as needed for issue_comment context).

🤖 Prompt for AI Agents

In @.tekton/doc-pr-build.yaml around lines 5 - 14, The annotations block
currently defines pipelinesascode.tekton.dev/on-comment alongside
pipelinesascode.tekton.dev/on-cel-expression, but the CEL expression only allows
event == "pull_request" so PR comment triggers (issue_comment) never fire;
either remove the on-comment annotation (pipelinesascode.tekton.dev/on-comment)
if you only want real pull_request events, or update the on-cel-expression to
also allow issue_comment (e.g., include event == "issue_comment" and ensure the
branch-matching logic handles the issue_comment payload) so comment-triggered
runs are evaluated true.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Add trailing newline at end of file.

The file is missing a trailing newline, which is expected for POSIX compliance and can cause issues with some tools.

🤖 Prompt for AI Agents

In @.tekton/doc-pr-build.yaml at line 97, The file ends with the line "memory:
8Gi" but lacks a trailing newline; update the .tekton/doc-pr-build.yaml by
adding a single newline character at the end of the file (i.e., ensure the final
line "memory: 8Gi" is terminated with a newline) to satisfy POSIX/file-tooling
expectations.