feat: integrate docs publishing into unified publish workflow

[davidpoblador]

• Add docs change detection to publish.yml detect-changes job
• Add build-docs job with mkdocs build and artifact upload
• Add deploy-docs job with GitHub Pages deployment
• Update release-please.yml to only call unified publish workflow
• Remove separate docs.yml workflow file
• Add proper permissions and concurrency for Pages deployment

This consolidates all publishing (Python, JS, docs) into a single workflow that triggers on new releases, maintaining the smart change detection pattern established for packages.

[claude]

Claude finished @davidpoblador's task —— View job

---

PR Review: Docs Publishing Integration

Reviewing the integration of docs publishing into the unified publish workflow.

Todo List

• Read and analyze the deleted docs.yml workflow
• Review the new publish.yml workflow changes
• Examine the release-please.yml modifications
• Evaluate workflow structure and job dependencies
• Check security and permissions configuration
• Assess performance implications
• Provide comprehensive feedback and recommendations

Code Review Feedback

✅ Strengths

1. Smart Consolidation Approach

• Excellent consolidation of all publishing workflows into a single, unified publish.yml
• Maintains the smart change detection pattern for docs (lines 172-196 in publish.yml:172-196)
• Consistent trigger mechanism through release-please.yml for all publishing types

2. Proper Security Configuration

• Correct GitHub Pages permissions: pages: write and id-token: write (publish.yml:294-295)
• Appropriate environment configuration for GitHub Pages deployment (publish.yml:404-406)
• Trusted publishing setup for both Python and npm packages

3. Robust Job Dependencies

• Proper conditional execution with always() checks to handle failures gracefully
• Smart blocking logic: deploy jobs wait for build success but don't fail if builds are skipped

⚠️ Areas for Improvement

1. Concurrency Configuration Issue

concurrency:
  group: "pages"
  cancel-in-progress: false

• Problem: This concurrency group is too broad and applies to the entire workflow
• Impact: Could block Python/JS publishing when only docs need to deploy
• Suggestion: Move concurrency configuration to the deploy-docs job only:

deploy-docs:
  concurrency:
    group: "pages-deploy"
    cancel-in-progress: false

2. Documentation Change Detection Logic

DOCS_CHANGED=$(git diff --name-only $PREV_TAG..HEAD | grep -E "^vibetuner-docs/" | wc -l)

• Concern: Only detects changes in vibetuner-docs/ directory
• Missing: Documentation changes in main README, CONTRIBUTING.md, or package-level docs
• Suggestion: Consider expanding pattern to include relevant docs in other locations

3. Custom Domain Hardcoded

echo "vibetuner.alltuner.com" > _site/CNAME

• Issue: Domain is hardcoded in workflow (publish.yml:317)
• Maintainability: Should be configurable via repository variable or input
• Security: Verify domain ownership before deployment

🔧 Performance Considerations

1. Build Optimization

• Good: Uses uv for fast Python dependency management
• Good: Artifacts are properly uploaded/downloaded for job separation
• Good: Conditional execution prevents unnecessary builds

2. Potential Improvements

• Consider caching mkdocs build dependencies
• The --strict flag in mkdocs build is good for catching errors early

🛡️ Security Assessment

1. Permissions Model - ✅ Good

• Least privilege principle followed
• Appropriate use of id-token: write for OIDC
• Proper environment configuration for Pages

2. Artifact Handling - ✅ Good

• Artifacts are properly scoped to specific jobs
• No sensitive data exposure in build logs

3. Token Usage - ✅ Good

• Uses ${{ github.token }} appropriately
• Trusted publishing for package registries

📝 Minor Issues

1. Documentation Build Path

uvx --with mkdocs-material mkdocs build --strict --site-dir ../_site

• The relative path ../_site could be made more explicit for clarity

2. Version Detection

• Good error handling for missing previous tags
• Robust version extraction logic

🧪 Test Coverage Recommendations

Since this is a workflow change, consider:

1. Integration Testing: Verify the workflow with a test release
2. Documentation Building: Test mkdocs build locally with the exact command used
3. Artifact Validation: Ensure uploaded artifacts contain expected content
4. Domain Configuration: Verify CNAME record points to correct GitHub Pages

Summary

This is a well-executed consolidation that improves maintainability by unifying all publishing workflows. The smart change detection logic and proper security configuration are particular strengths.

Key Recommendations:

1. Move concurrency group to deploy-docs job only
2. Consider making the custom domain configurable
3. Expand documentation change detection if needed
4. Test the workflow end-to-end with a real release

The approach successfully maintains the established pattern while adding documentation publishing capabilities. The conditional logic ensures efficient resource usage by only building what's changed.

---