Skip to content

test #581

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
akanshaaa19 wants to merge 1 commit into
base: main
Choose a base branch
from
Open

test #581

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 9 additions & 1 deletion .github/workflows/export_and_update.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
name: Consolidate and Update Documentation

on:
push:
pull_request:
branches: [main]
Comment on lines +4 to 5
Copy link
Contributor

@coderabbitai coderabbitai bot Feb 27, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🔴 Critical

Restrict production vector-store mutations to post-merge events

Line 4 now runs this workflow on every PR update, but Step 5 performs destructive external operations (delete + replace in the vector store). That allows unmerged PR code to mutate production data and can also fail on fork PRs due to missing secrets.

🔧 Suggested fix (keep artifact on PR, run vector-store update only on push to main) 
 on:
   pull_request:
     branches: [main]
+  push:
+    branches: [main]
@@
       # Step 5: Upload to Vector Store
       - name: Upload to Vector Store
+        if: github.event_name == 'push'
         env:
           OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
           VECTOR_STORE_ID: ${{ secrets.VECTOR_STORE_ID }}
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In @.github/workflows/export_and_update.yml around lines 4 - 5, The workflow
currently triggers on pull_request for main which allows unmerged PRs to run
destructive Step 5 (vector-store delete/replace); change the trigger or add a
guard so only pushes to main can perform mutations: keep pull_request for
building/artifact steps but wrap the destructive job/step (referenced as Step 5
/ the vector-store update step) with a condition such as if: github.event_name
== 'push' && github.ref == 'refs/heads/main' or move the vector-store update
into a separate workflow triggered only on push to main so PRs (and forked PRs
without secrets) cannot mutate production data.


jobs:
Expand Down Expand Up @@ -114,3 +114,11 @@ jobs:
file_id=file_id )

EOF

# Step 6: Upload merged documentation as artifact
- name: Upload merged documentation
uses: actions/upload-artifact@v4
with:
name: merged-documentation
path: merged_documentation.md
retention-days: 30