docs: add automated upstream sync workflow#27
Conversation
Adds a Claude-powered workflow that syncs docs pages with upstream README changes from five source repos (tracebloc-py-package, client, start-training, data-ingestors, model-zoo). Source repos fire repository_dispatch on push; this repo's workflow fetches the upstream file, has Claude rewrite the target .mdx in docs voice, and opens a PR. - .github/sync-sources.yml: mapping of upstream files to docs pages - .github/workflows/sync-docs.yml: dispatch + manual + cron-driven sync job - .github/notify-docs.workflow-template.yml: template for source repos Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 2 potential issues.
❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
Reviewed by Cursor Bugbot for commit 5065236. Configure here.
| uses: anthropics/claude-code-action@v1 | ||
| env: | ||
| ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }} | ||
| with: |
There was a problem hiding this comment.
API key passed via env instead of action input
High Severity
The ANTHROPIC_API_KEY is passed as a step-level env: variable, but anthropics/claude-code-action@v1 expects it as a with: input named anthropic_api_key. The action reads inputs via core.getInput(), which looks for INPUT_ANTHROPIC_API_KEY, not the raw ANTHROPIC_API_KEY environment variable. This mismatch will likely cause the Claude step to fail authentication, breaking the entire sync workflow.
Reviewed by Cursor Bugbot for commit 5065236. Configure here.
| verify accuracy against the upstream README before merging. | ||
| labels: | | ||
| docs-sync | ||
| automated |
There was a problem hiding this comment.
Temporary .sync-cache/ directory committed to PR
Medium Severity
The fetch step creates .sync-cache/ with raw upstream README content inside the git working directory. The peter-evans/create-pull-request@v6 step has no add-paths restriction, so it defaults to staging all new and modified files. Since the repo has no .gitignore, the .sync-cache/ directory and its files will be committed to the PR alongside the intended docs changes. This also means a PR is created/updated on every cron run even when Claude makes no docs edits, since the cache files always appear as new untracked files.
Additional Locations (1)
Reviewed by Cursor Bugbot for commit 5065236. Configure here.
2 participants
Summary
repository_dispatchon push → this repo fetches the upstream file → Claude rewrites the target.mdxin docs voice → a PR is opened/updated ondocs/sync-upstream.workflow_dispatchas safety nets.Mapping
tracebloc/tracebloc-py-packageREADME.mdtools-help/tracebloc-package.mdxtracebloc/clientREADME.mdenvironment-setup/setup-guide.mdxtracebloc/start-trainingREADME.mdjoin-use-case/start-training.mdxtracebloc/data-ingestorsReadme.mdcreate-use-case/prepare-dataset.mdxtracebloc/model-zooREADME.mdcreate-use-case/templates.mdxFiles
.github/sync-sources.yml— mapping (extend by appending entries).github/workflows/sync-docs.yml— sync job.github/notify-docs.workflow-template.yml— template to copy into each source repoRequired setup before this works
DOCS_DISPATCH_TOKEN— fine-grained PAT scoped totracebloc/docs,Contents: Read and write. Lets source repos fire dispatch.SOURCE_REPOS_TOKENon this repo — fine-grained PAT scoped totracebloc/tracebloc-py-package,Contents: Read-only. Needed because that repo is private.ANTHROPIC_API_KEY— assumed already org-wide..github/notify-docs.workflow-template.ymlinto each source repo as.github/workflows/notify-docs.yml, replacing<SOURCE_ID>with the matchingidfromsync-sources.yml. Fordata-ingestors, also changepaths:toReadme.md.Test plan
DOCS_DISPATCH_TOKENorg secret andSOURCE_REPOS_TOKENrepo secret.source_id. Verify the resulting PR's edits against current upstream READMEs.notify-docs.ymlto one source repo (e.g.tracebloc/client), push a README change, confirm dispatch fires this workflow.notify-docs.ymlto remaining source repos.🤖 Generated with Claude Code
Note
Medium Risk
Medium risk because it introduces a scheduled/dispatch-triggered workflow that fetches external repo contents, invokes an LLM to rewrite docs, and pushes changes via automated PRs using repo/org secrets.
Overview
Adds an automated GitHub Actions pipeline (
.github/workflows/sync-docs.yml) that, onrepository_dispatch, manual trigger, or daily schedule, fetches upstream README files and usesanthropics/claude-code-actionto update specific docs pages, then opens/updates a PR ondocs/sync-upstream.Introduces a central mapping file (
.github/sync-sources.yml) defining the upstream repo/ref/path → docsdesttargets plus per-source rewrite instructions, and a reusable upstream workflow template (.github/notify-docs.workflow-template.yml) for source repos to trigger this repo viarepository_dispatchwith asource_idpayload.Reviewed by Cursor Bugbot for commit 5065236. Bugbot is set up for automated code reviews on this repo. Configure here.