docs-v2

Commit Graph

Author	SHA1	Message	Date
copilot-swe-agent[bot]	8e6a29ec80	Address code review feedback - Remove unnecessary comment about fallback default in resolve-review-urls.js - Use plain text sanitization for skip reasons in preview comments - Add clarifying comment about string comparison in GitHub Actions outputs Co-authored-by: jstirnaman <212227+jstirnaman@users.noreply.github.com>	2026-03-13 17:30:42 +00:00
copilot-swe-agent[bot]	720c99e72c	Improve PR review workflow status signals and add agent personas - Add Job 4 (report-skipped) to explicitly report when visual review is skipped - Update resolve-review-urls.js to output skip status and reason - Add clear agent persona headers to all bot comments (Preview Bot, Doc Review Bot) - Reduce URL duplication by having visual review reference PR Preview comment - Update copilot-visual-review.md template with completion signal format - Add consistent status tables with emojis for clear at-a-glance status Co-authored-by: jstirnaman <212227+jstirnaman@users.noreply.github.com>	2026-03-13 17:26:51 +00:00
Jason Stirnaman	e203482b62	feat(ci): add PR preview system for GitHub Pages (#6636 ) * docs(ci): add PR preview system design Document the design for GitHub Pages PR previews including: - Selective deployment of changed pages only - Reuse of existing content-utils.js change detection - URL parsing from PR descriptions for layout/asset changes - Automatic cleanup on PR close - Storage budget management * docs(ci): add PR preview implementation plan Detailed task-by-task implementation plan including: - 8 tasks with complete code and exact file paths - Reuses existing content-utils.js for change detection - Scripts for URL parsing, change detection, file staging - Main workflow and cleanup workflow - Setup documentation and testing steps * feat(ci): add PR URL parser for preview page detection * fix(ci): harden PR URL parser against malicious input - Add path validation to reject path traversal attacks (..) - Add validation to reject HTML/script injection attempts - Add validation to reject URL-encoded characters - Update regex to capture markdown link paths: [text](/path/) - Add comprehensive test suite with 27 security and functionality tests Security improvements: - Reject paths containing '..' to prevent directory traversal - Reject paths with suspicious characters: <, >, \|, {, }, `, etc. - Reject URL-encoded characters to prevent encoding attacks - Validate all paths against known product prefixes Functionality improvements: - Support markdown link syntax: [text](/influxdb3/core/) - Support reference-style markdown links - Maintain existing support for production URLs, localhost URLs, and relative paths * feat(ci): add change detection script for PR previews * fix(ci): remove unused import from detect-preview-pages.js * feat(ci): add preview file staging script for selective deployment * fix(ci): add input validation to preview file staging script - Add path traversal validation to urlToHtmlPath() to reject paths containing '..' - Add array validation at start of preparePreviewFiles() with clear error message - Fix copiedCount to only increment when safeCopy() actually succeeds - Add return value to copyPage() to track success/failure Addresses security vulnerabilities and improves accuracy of preview stats. * feat(ci): add preview comment manager for sticky PR comments * fix(ci): sanitize user input in preview comments to prevent XSS * feat(ci): add PR preview workflow for GitHub Pages deployment * fix(ci): correct environment variables and checkout in PR preview workflow * feat(ci): add weekly stale preview cleanup workflow * docs(ci): add PR preview setup guide * Delete docs/plans/2025-12-16-pr-preview-design.md * Delete docs/plans/2025-12-16-pr-preview-implementation.md * fix(ci): add input validation for PR preview security - Add single quote to rejected characters in URL path validation to prevent JavaScript injection in workflow string interpolation - Add BASE_REF validation regex to prevent command injection, allowing slashes for feature branches (e.g., feature/new-auth) - Add PR_NUM numeric validation in cleanup workflow - Add tests for single quote handling and BASE_REF validation	2025-12-18 13:44:14 -06:00

Author

SHA1

Message

Date

copilot-swe-agent[bot]

8e6a29ec80

Address code review feedback

- Remove unnecessary comment about fallback default in resolve-review-urls.js
- Use plain text sanitization for skip reasons in preview comments
- Add clarifying comment about string comparison in GitHub Actions outputs

Co-authored-by: jstirnaman <212227+jstirnaman@users.noreply.github.com>

2026-03-13 17:30:42 +00:00

copilot-swe-agent[bot]

720c99e72c

Improve PR review workflow status signals and add agent personas

- Add Job 4 (report-skipped) to explicitly report when visual review is skipped
- Update resolve-review-urls.js to output skip status and reason
- Add clear agent persona headers to all bot comments (Preview Bot, Doc Review Bot)
- Reduce URL duplication by having visual review reference PR Preview comment
- Update copilot-visual-review.md template with completion signal format
- Add consistent status tables with emojis for clear at-a-glance status

Co-authored-by: jstirnaman <212227+jstirnaman@users.noreply.github.com>

2026-03-13 17:26:51 +00:00

Jason Stirnaman

e203482b62

feat(ci): add PR preview system for GitHub Pages (#6636 )

* docs(ci): add PR preview system design

Document the design for GitHub Pages PR previews including:
- Selective deployment of changed pages only
- Reuse of existing content-utils.js change detection
- URL parsing from PR descriptions for layout/asset changes
- Automatic cleanup on PR close
- Storage budget management

* docs(ci): add PR preview implementation plan

Detailed task-by-task implementation plan including:
- 8 tasks with complete code and exact file paths
- Reuses existing content-utils.js for change detection
- Scripts for URL parsing, change detection, file staging
- Main workflow and cleanup workflow
- Setup documentation and testing steps

* feat(ci): add PR URL parser for preview page detection

* fix(ci): harden PR URL parser against malicious input

- Add path validation to reject path traversal attacks (..)
- Add validation to reject HTML/script injection attempts
- Add validation to reject URL-encoded characters
- Update regex to capture markdown link paths: [text](/path/)
- Add comprehensive test suite with 27 security and functionality tests

Security improvements:
- Reject paths containing '..' to prevent directory traversal
- Reject paths with suspicious characters: <, >, |, {, }, `, etc.
- Reject URL-encoded characters to prevent encoding attacks
- Validate all paths against known product prefixes

Functionality improvements:
- Support markdown link syntax: [text](/influxdb3/core/)
- Support reference-style markdown links
- Maintain existing support for production URLs, localhost URLs, and relative paths

* feat(ci): add change detection script for PR previews

* fix(ci): remove unused import from detect-preview-pages.js

* feat(ci): add preview file staging script for selective deployment

* fix(ci): add input validation to preview file staging script

- Add path traversal validation to urlToHtmlPath() to reject paths containing '..'
- Add array validation at start of preparePreviewFiles() with clear error message
- Fix copiedCount to only increment when safeCopy() actually succeeds
- Add return value to copyPage() to track success/failure

Addresses security vulnerabilities and improves accuracy of preview stats.

* feat(ci): add preview comment manager for sticky PR comments

* fix(ci): sanitize user input in preview comments to prevent XSS

* feat(ci): add PR preview workflow for GitHub Pages deployment

* fix(ci): correct environment variables and checkout in PR preview workflow

* feat(ci): add weekly stale preview cleanup workflow

* docs(ci): add PR preview setup guide

* Delete docs/plans/2025-12-16-pr-preview-design.md

* Delete docs/plans/2025-12-16-pr-preview-implementation.md

* fix(ci): add input validation for PR preview security

- Add single quote to rejected characters in URL path validation
  to prevent JavaScript injection in workflow string interpolation
- Add BASE_REF validation regex to prevent command injection,
  allowing slashes for feature branches (e.g., feature/new-auth)
- Add PR_NUM numeric validation in cleanup workflow
- Add tests for single quote handling and BASE_REF validation

2025-12-18 13:44:14 -06:00

3 Commits (c99c2e87ed8d0ea7c9ae4040716ecdfc6bafdcf7)