Kirill888
commented
2 years ago Also it would be nice to trigger rebuild of the readthedocs when newly rendered notebooks are pushed to S3. As really there are two inputs into the docs: git commit + rendered notebooks. The URI for rendered notebooks is fixed per commit as it is derived from the content of the un-rendered notebooks, but renders of those notebooks might change and are not tracked in git. Maybe there was some problem at the time of the render on the external data source for example that caused output to come out wrong without failing completely and you want to re-render the same notebooks sources.
For security reasons github actions triggered by PRs from external sources do not have access to repository secrets, as a result we can not upload rendered notebooks to S3 which in turn causes readthedocs builds to fail when PR is merged. Similarly publishing of built docs to netlify can not proceed without credentials so it's hard to review changes to demo notebooks.
The work-around for documentation building failures is to wait for notebooks to be re-rendered after PR is merged and then trigger rebuild on read-the-docs. Which is not ideal.
Maybe there are Github actions options that could allow running PR actions with secrets after manual approval by the authorized reviewer, or some other mechanisms that could allow us to run those actions in response to PRs but with action yamls that are vetted not to leak secrets and that are guaranteed to be unchanged by the PR itself.