Add GitHub Action to sync wiki to public repo #914
Conversation
|
Warning Rate limit exceeded@mensfeld has exceeded the limit for the number of commits or files that can be reviewed per hour. Please wait 7 minutes and 37 seconds before requesting another review. ⌛ How to resolve this issue?After the wait time has elapsed, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout. Please see our FAQ for further information. 📒 Files selected for processing (1)
✨ Finishing touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: Checkout hidden wiki | ||
| uses: actions/checkout@v4 | ||
| with: | ||
| repository: ruby-shoryuken/shoryuken.wiki | ||
| path: hidden-wiki | ||
|
|
||
| - name: Checkout public wiki | ||
| uses: actions/checkout@v4 | ||
| with: | ||
| repository: ruby-shoryuken/wiki | ||
| path: public-wiki | ||
| token: ${{ secrets.WIKI_SYNC_TOKEN }} | ||
|
|
||
| - name: Sync wikis | ||
| run: | | ||
| # Copy all files from hidden wiki to public wiki (excluding .git) | ||
| rsync -av --delete hidden-wiki/ public-wiki/ --exclude .git | ||
|
|
||
| cd public-wiki | ||
|
|
||
| # Check if there are changes | ||
| git add -A | ||
| if git diff --staged --quiet; then | ||
| echo "No changes to sync" | ||
| exit 0 | ||
| fi | ||
|
|
||
| # Configure git and commit | ||
| git config user.name "github-actions[bot]" | ||
| git config user.email "github-actions[bot]@users.noreply.github.com" | ||
| git commit -m "Sync from shoryuken.wiki" | ||
| git push |
Check warning
Code scanning / CodeQL
Workflow does not contain permissions Medium
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI about 1 month ago
To fix the problem, add an explicit permissions: block at the job or workflow root specifying only the minimum required privileges for the workflow. Since the job interacts with repositories (performing git operations, but using a personal access token for push), at minimum it will need contents: read to check out code. If it never uses the GITHUB_TOKEN for write operations, contents: read is sufficient.
Best fix: Add
permissions:
contents: readat the top/root (just after name: and before on:), which ensures all jobs in the workflow only get read-only access to repository contents, unless overridden per-job.
No imports or extra definitions are required, just this change to the workflow YAML.
| @@ -1,4 +1,6 @@ | ||
| name: Sync Wiki | ||
| permissions: | ||
| contents: read | ||
|
|
||
| on: | ||
| gollum: # Triggers when the hidden wiki is edited via GitHub UI |
|
Not needed - public wiki repo will be source of truth |
Summary
Adds a GitHub Action workflow to keep the public wiki repository (
ruby-shoryuken/wiki) in sync with the hidden wiki (shoryuken.wiki).How it works
Hidden wiki → Public wiki (this PR):
gollumevent (when wiki is edited via GitHub UI)workflow_dispatchPublic wiki → Hidden wiki (in ruby-shoryuken/wiki repo):
mainbranchSetup required
You need to create a
WIKI_SYNC_TOKENsecret in both repos:reposcopeWIKI_SYNC_TOKENin:ruby-shoryuken/shoryuken(Settings → Secrets → Actions)ruby-shoryuken/wiki(Settings → Secrets → Actions)Benefits
ruby-shoryuken/wikifor wiki changes