Skip to content

chore(deps): bump huggingface/doc-builder/.github/workflows/upload_pr_documentation.yml from 7e6bd45ee271b96e75484eeafea1b3e6139cd0c7 to 6108e850ae1cf2f71bb0815a600bcd50c39abfa7#960

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/huggingface/doc-builder/dot-github/workflows/upload_pr_documentation.yml-6108e850ae1cf2f71bb0815a600bcd50c39abfa7
Open

chore(deps): bump huggingface/doc-builder/.github/workflows/upload_pr_documentation.yml from 7e6bd45ee271b96e75484eeafea1b3e6139cd0c7 to 6108e850ae1cf2f71bb0815a600bcd50c39abfa7#960
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/huggingface/doc-builder/dot-github/workflows/upload_pr_documentation.yml-6108e850ae1cf2f71bb0815a600bcd50c39abfa7

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 14, 2026

Copy link
Copy Markdown
Contributor

Bumps huggingface/doc-builder/.github/workflows/upload_pr_documentation.yml from 7e6bd45ee271b96e75484eeafea1b3e6139cd0c7 to 6108e850ae1cf2f71bb0815a600bcd50c39abfa7.

Commits
  • 6108e85 Add reachy_mini mock-deps registry entry (#807)
  • 0f47843 Mock optimum, torchao, gguf for diffusers docs (#806)
  • f8ab2e5 Add bitsandbytes (mock) and sentencepiece (real) to diffusers doc deps (#805)
  • 4a384d0 Fix upload_pr_documentation: drop unused doc-builder install (#804)
  • See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note

Low Risk
Single SHA bump for CI documentation upload only; no application or runtime code changes.

Overview
Updates the reusable Upload PR Documentation workflow pin in .github/workflows/upload_pr_documentation.yml from 7e6bd45… to 6108e85… on huggingface/doc-builder.

package_name: openenv and the HF doc-build / comment-bot secrets are unchanged; only the upstream workflow version moves forward (including upstream fixes such as dropping an unused doc-builder install in that job).

Reviewed by Cursor Bugbot for commit 6694e3c. Bugbot is set up for automated code reviews on this repo. Configure here.

…_documentation.yml

Bumps [huggingface/doc-builder/.github/workflows/upload_pr_documentation.yml](https://github.com/huggingface/doc-builder) from 7e6bd45ee271b96e75484eeafea1b3e6139cd0c7 to 6108e850ae1cf2f71bb0815a600bcd50c39abfa7.
- [Release notes](https://github.com/huggingface/doc-builder/releases)
- [Commits](huggingface/doc-builder@7e6bd45...6108e85)

---
updated-dependencies:
- dependency-name: huggingface/doc-builder/.github/workflows/upload_pr_documentation.yml
  dependency-version: 6108e850ae1cf2f71bb0815a600bcd50c39abfa7
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added Dependencies github_actions Pull requests that update GitHub Actions code labels Jul 14, 2026
@burtenshaw burtenshaw added enhancement New feature or request size: small Small pull request labels Jul 14, 2026 — with Cursor

@cursor cursor Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Alignment Review Report

Dependabot bumps the pinned commit SHA of the huggingface/doc-builder reusable workflow upload_pr_documentation.yml from 7e6bd456108e850 (single line, no Python touched).

Automated Checks

  • Lint: PASS (for PR scope) — This PR changes 0 .py files, so the src//tests/ ruff+usort pipeline is unaffected and the working tree is clean. (lint.sh couldn't execute in the review sandbox because uv isn't preinstalled here, but it never inspects workflow YAML.)
  • Debug code: CLEAN (for PR scope)check-debug.sh only lists pre-existing src/ prints/TODOs (docstring examples, Rich console output, CLI UX); zero in the changed file.

Open RFCs Context

All current RFCs are In Review (000–005) or Draft (010). None cover CI/CD, GitHub Actions, dependency management, or the docs-build pipeline — no overlap with this change.

Tier 1: Fixes Required

None. Verifications performed (all read-only via gh api / git):

  • SHA legitimate6108e850 is a real doc-builder commit (huggingface/doc-builder#807, 2026-07-13, "Add reachy_mini mock-deps registry entry").
  • Clean forward bumpcompare 7e6bd45...6108e850 = status: ahead, ahead_by: 4, behind_by: 0; and compare 6108e850...main = identical, so the trailing # main comment stays accurate.
  • Supply-chain hygiene — still pinned to a full 40-char SHA (not a tag/branch).
  • Reusable-workflow interface compatible — the new workflow's workflow_call requires only package_name (input) and hf_token (secret); OpenEnv's caller supplies both, plus the optional comment_bot_app_id / comment_bot_secret_pem. No newly-required input/secret was introduced. The inter-SHA change to the workflow was internal-only (removed the doc-builder checkout + uv pip install step, kept astral-sh/setup-uv); the workflow_call input/secret block is unchanged.
  • Cross-workflow artifact contract intact — the new upload workflow still downloads doc-build-artifact (the artifact produced by build_pr_documentation.yml), so bumping only this half creates no skew risk.
  • Merges cleanly into maingit merge-tree against current origin/main is conflict-free (no stale-branch conflict).

Tier 2: Alignment Discussion

Principle Conflicts

None identified. This is a CI/docs-pipeline dependency bump; it touches no runtime API surface (Gym/MCP/WebSocket, rewards, client-server separation, Pydantic types, agent isolation). Full-SHA pinning + Dependabot freshness is consistent with the reproducibility/security posture in PRINCIPLES.md.

RFC Conflicts

None identified.

Informational (no action needed)

Temporary SHA skew: build_pr_documentation.yml:13 and build_documentation.yml:12 still pin 7e6bd45 while upload now points to 6108e850. This is expected — Dependabot tracks each reusable-workflow path as a separate dependency, so these arrive as separate PRs and re-converge as the siblings merge. Not a defect in this PR.

Summary

  • 0 mechanical issues to fix
  • 0 alignment points for human review
  • 0 RFC conflicts to discuss

Clean, interface-compatible, first-party (HF-owned) reusable-workflow SHA bump. No blockers.

Open in Web View Automation 

Sent by Cursor Automation: Pre-review

jobs:
build:
uses: huggingface/doc-builder/.github/workflows/upload_pr_documentation.yml@7e6bd45ee271b96e75484eeafea1b3e6139cd0c7 # main
uses: huggingface/doc-builder/.github/workflows/upload_pr_documentation.yml@6108e850ae1cf2f71bb0815a600bcd50c39abfa7 # main

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Verified this bump end-to-end (read-only):

  • 6108e850 is a real doc-builder commit (Add reachy_mini mock-deps registry entry doc-builder#807) and is identical to doc-builder's main HEAD, so the # main comment stays accurate; clean forward bump from 7e6bd45 (ahead 4 / behind 0).
  • Interface compatible: the new workflow_call still requires only package_name (input) + hf_token (secret) — both supplied below — with comment_bot_app_id / comment_bot_secret_pem optional. No newly-required input/secret; the inter-SHA delta was internal-only (dropped the doc-builder checkout + uv pip install, kept astral-sh/setup-uv).

Non-blocking: the sibling pins in build_pr_documentation.yml:13 and build_documentation.yml:12 are still on 7e6bd45; expected temporary skew that converges as the sibling Dependabot PRs merge.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Dependencies enhancement New feature or request github_actions Pull requests that update GitHub Actions code size: small Small pull request

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant