chore(deps): bump huggingface/doc-builder/.github/workflows/upload_pr_documentation.yml from 7e6bd45ee271b96e75484eeafea1b3e6139cd0c7 to 6108e850ae1cf2f71bb0815a600bcd50c39abfa7#960
Conversation
…_documentation.yml Bumps [huggingface/doc-builder/.github/workflows/upload_pr_documentation.yml](https://github.com/huggingface/doc-builder) from 7e6bd45ee271b96e75484eeafea1b3e6139cd0c7 to 6108e850ae1cf2f71bb0815a600bcd50c39abfa7. - [Release notes](https://github.com/huggingface/doc-builder/releases) - [Commits](huggingface/doc-builder@7e6bd45...6108e85) --- updated-dependencies: - dependency-name: huggingface/doc-builder/.github/workflows/upload_pr_documentation.yml dependency-version: 6108e850ae1cf2f71bb0815a600bcd50c39abfa7 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
There was a problem hiding this comment.
Alignment Review Report
Dependabot bumps the pinned commit SHA of the huggingface/doc-builder reusable workflow upload_pr_documentation.yml from 7e6bd45 → 6108e850 (single line, no Python touched).
Automated Checks
- Lint: PASS (for PR scope) — This PR changes 0
.pyfiles, so thesrc//tests/ruff+usort pipeline is unaffected and the working tree is clean. (lint.shcouldn't execute in the review sandbox becauseuvisn't preinstalled here, but it never inspects workflow YAML.) - Debug code: CLEAN (for PR scope) —
check-debug.shonly lists pre-existingsrc/prints/TODOs (docstring examples, Rich console output, CLI UX); zero in the changed file.
Open RFCs Context
All current RFCs are In Review (000–005) or Draft (010). None cover CI/CD, GitHub Actions, dependency management, or the docs-build pipeline — no overlap with this change.
Tier 1: Fixes Required
None. Verifications performed (all read-only via gh api / git):
- SHA legitimate —
6108e850is a real doc-builder commit (huggingface/doc-builder#807, 2026-07-13, "Add reachy_mini mock-deps registry entry"). - Clean forward bump —
compare 7e6bd45...6108e850=status: ahead,ahead_by: 4,behind_by: 0; andcompare 6108e850...main=identical, so the trailing# maincomment stays accurate. - Supply-chain hygiene — still pinned to a full 40-char SHA (not a tag/branch).
- Reusable-workflow interface compatible — the new workflow's
workflow_callrequires onlypackage_name(input) andhf_token(secret); OpenEnv's caller supplies both, plus the optionalcomment_bot_app_id/comment_bot_secret_pem. No newly-required input/secret was introduced. The inter-SHA change to the workflow was internal-only (removed the doc-builder checkout +uv pip installstep, keptastral-sh/setup-uv); theworkflow_callinput/secret block is unchanged. - Cross-workflow artifact contract intact — the new
uploadworkflow still downloadsdoc-build-artifact(the artifact produced bybuild_pr_documentation.yml), so bumping only this half creates no skew risk. - Merges cleanly into
main—git merge-treeagainst currentorigin/mainis conflict-free (no stale-branch conflict).
Tier 2: Alignment Discussion
Principle Conflicts
None identified. This is a CI/docs-pipeline dependency bump; it touches no runtime API surface (Gym/MCP/WebSocket, rewards, client-server separation, Pydantic types, agent isolation). Full-SHA pinning + Dependabot freshness is consistent with the reproducibility/security posture in PRINCIPLES.md.
RFC Conflicts
None identified.
Informational (no action needed)
Temporary SHA skew: build_pr_documentation.yml:13 and build_documentation.yml:12 still pin 7e6bd45 while upload now points to 6108e850. This is expected — Dependabot tracks each reusable-workflow path as a separate dependency, so these arrive as separate PRs and re-converge as the siblings merge. Not a defect in this PR.
Summary
- 0 mechanical issues to fix
- 0 alignment points for human review
- 0 RFC conflicts to discuss
Clean, interface-compatible, first-party (HF-owned) reusable-workflow SHA bump. No blockers.
Sent by Cursor Automation: Pre-review
| jobs: | ||
| build: | ||
| uses: huggingface/doc-builder/.github/workflows/upload_pr_documentation.yml@7e6bd45ee271b96e75484eeafea1b3e6139cd0c7 # main | ||
| uses: huggingface/doc-builder/.github/workflows/upload_pr_documentation.yml@6108e850ae1cf2f71bb0815a600bcd50c39abfa7 # main |
There was a problem hiding this comment.
Verified this bump end-to-end (read-only):
6108e850is a real doc-builder commit (Add reachy_mini mock-deps registry entry doc-builder#807) and is identical to doc-builder'smainHEAD, so the# maincomment stays accurate; clean forward bump from7e6bd45(ahead 4 / behind 0).- Interface compatible: the new
workflow_callstill requires onlypackage_name(input) +hf_token(secret) — both supplied below — withcomment_bot_app_id/comment_bot_secret_pemoptional. No newly-required input/secret; the inter-SHA delta was internal-only (dropped the doc-builder checkout +uv pip install, keptastral-sh/setup-uv).
Non-blocking: the sibling pins in build_pr_documentation.yml:13 and build_documentation.yml:12 are still on 7e6bd45; expected temporary skew that converges as the sibling Dependabot PRs merge.


Bumps huggingface/doc-builder/.github/workflows/upload_pr_documentation.yml from 7e6bd45ee271b96e75484eeafea1b3e6139cd0c7 to 6108e850ae1cf2f71bb0815a600bcd50c39abfa7.
Commits
6108e85Add reachy_mini mock-deps registry entry (#807)0f47843Mock optimum, torchao, gguf for diffusers docs (#806)f8ab2e5Add bitsandbytes (mock) and sentencepiece (real) to diffusers doc deps (#805)4a384d0Fix upload_pr_documentation: drop unused doc-builder install (#804)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)Note
Low Risk
Single SHA bump for CI documentation upload only; no application or runtime code changes.
Overview
Updates the reusable Upload PR Documentation workflow pin in
.github/workflows/upload_pr_documentation.ymlfrom7e6bd45…to6108e85…onhuggingface/doc-builder.package_name: openenvand the HF doc-build / comment-bot secrets are unchanged; only the upstream workflow version moves forward (including upstream fixes such as dropping an unused doc-builder install in that job).Reviewed by Cursor Bugbot for commit 6694e3c. Bugbot is set up for automated code reviews on this repo. Configure here.