arch: Add document describing NVRC features #103

Copilot · 2026-01-12T20:56:28Z

The changes detection job checks out the PR head using ref: ${{ github.event.pull_request.head.sha }}, but this workflow uses pull_request_target trigger (based on the comment on line 33). When using pull_request_target with a manual checkout of untrusted PR code, there's a security risk if the checked-out code is executed. However, since this job only runs path filtering (no code execution), the security risk is minimal. Consider adding a comment explaining why this checkout is safe.

Suggested change

# For pull_request_target, checkout the PR head to detect changes

# For pull_request_target, checkout the PR head to detect changes.

# This job only runs path filtering (no build or execution of PR code),

# so checking out the untrusted PR head here is safe and used solely

# for comparing file paths between base and head.

Copilot · 2026-01-12T20:56:27Z

The shellcheck workflow includes an extension check job, but it checks for files without .sh/.bash extensions that have shell shebangs. However, the check runs even when only markdown files change (since it depends on changes.outputs.code which includes markdown files in the filter on lines 36-44). The extension-check job condition should use needs.changes.outputs.scripts instead of needs.changes.outputs.code for efficiency.

Suggested change

if: ${{ needs.changes.outputs.code == 'true' }}

if: ${{ needs.changes.outputs.scripts == 'true' }}

Copilot · 2026-01-12T20:56:26Z

The workflow removed "edited" from trigger types. While this is intentional (as seen across multiple workflow files), removing the "edited" trigger means that editing PR descriptions won't re-trigger checks. This could be problematic if PR descriptions contain important context that should trigger re-validation. Consider whether this behavior is intended for all workflows.

Suggested change

- opened

- opened

- edited

Copilot · 2026-01-12T20:56:29Z

The path filter for "code" changes should include the workflow file itself ('.github/workflows/static-checks.yaml'). Changes to the workflow logic should trigger the workflow to run, ensuring that modifications to CI configuration are tested. Consider adding '- '.github/workflows/static-checks.yaml'' to the filter list.

Suggested change

- '.cargo/**'

- '.cargo/**'

- '.github/workflows/static-checks.yaml'

Copilot · 2026-01-12T20:56:25Z

The condition check should handle the case when the workflow is triggered by schedule. The current logic ${{ needs.changes.outputs.code == 'true' || github.event_name == 'schedule' }} is correct, but scheduled runs will execute the changes job unnecessarily since path filtering doesn't apply to scheduled events. Consider adding a condition to skip the changes job for scheduled runs.

Copilot · 2026-01-12T20:56:30Z

The markdown linting configuration sets line_length to 80 characters, but the ARCHITECTURE.md file has numerous lines exceeding this limit (e.g., lines 59-76 in the table). Since the markdownlint config disables line length checks for tables (line 6), this is intentional. However, many prose lines in ARCHITECTURE.md still exceed 80 characters. Ensure the markdown files comply with the linting rules or adjust the rules accordingly.

Suggested change

"MD013": {

"line_length": 80,

"code_blocks": false,

"tables": false

}

"MD013": false

-Original file line number
+Diff line change
@@ Expand Up / @@ -5,11 +5,8 @@ on: @@
       pull_request:
         types:
           - opened
-          - edited
           - reopened
           - synchronize
-        paths:
-          - '.github/workflows/**'
     permissions:
       contents: read
@@ Expand All / @@ -19,7 +16,24 @@ concurrency: @@
       cancel-in-progress: true
     jobs:
+      # Detect if workflows changed
+      changes:
+        name: Detect changes
+        runs-on: ubuntu-latest
+        outputs:
+          workflows: ${{ steps.filter.outputs.workflows }}
+        steps:
+          - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+          - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
+            id: filter
+            with:
+              filters: |
+                workflows:
+                  - '.github/workflows/**'
       run-actionlint:
+        needs: changes
+        if: ${{ needs.changes.outputs.workflows == 'true' }}
         env:
           GH_TOKEN: ${{ github.token }}
         runs-on: ubuntu-24.04
@@ Expand Down @@

-Original file line number
+Diff line change
@@ Expand Up / @@ -5,7 +5,6 @@ on: @@
       pull_request:
         types:
           - opened
-          - edited
           - reopened
           - synchronize
@@ Expand All / @@ -16,8 +15,29 @@ concurrency: @@
     name: Code Coverage
     jobs:
+      # Detect if only docs changed - skip CI if so
+      changes:
+        name: Detect changes
+        runs-on: ubuntu-latest
+        outputs:
+          code: ${{ steps.filter.outputs.code }}
+        steps:
+          - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+          - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
+            id: filter
+            with:
+              filters: |
+                code:
+                  - '**/*.rs'
+                  - '**/*.toml'
+                  - '**/*.lock'
+                  - 'Cargo.lock'
+                  - '.cargo/**'
       coverage:
         name: Code coverage
+        needs: changes
+        if: ${{ needs.changes.outputs.code == 'true' }}
         runs-on: ubuntu-latest
         steps:
           - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
@@ Expand Down @@

-Original file line number
+Diff line change
@@ -0,0 +1,42 @@
+    name: Documentation
+    on:
+      push:
+        branches:
+          - main
+        paths:
+          - '**.md'
+          - 'docs/**'
+          - '.markdownlint.json'
+          - '.github/workflows/docs.yaml'
+      pull_request:
+        types:
+          - opened
+          - reopened
+          - synchronize
+        paths:
+          - '**.md'
+          - 'docs/**'
+          - '.markdownlint.json'
+          - '.github/workflows/docs.yaml'
+    concurrency:
+      group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
+      cancel-in-progress: true
+    permissions:
+      contents: read
+    jobs:
+      markdown-lint:
+        name: Markdown Lint
+        runs-on: ubuntu-latest
+        steps:
+          - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+            with:
+              fetch-depth: 0
+          - name: Lint Markdown files
+            uses: DavidAnson/markdownlint-cli2-action@07035fd053f7be764496c0f8d8f9f41f98305101 # v22.0.0
+            with:
+              globs: '**/*.md'

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

arch: Add document describing NVRC features #103

Uh oh!

Diff view

Diff view

There are no files selected for viewing

Copilot AI Jan 12, 2026

Uh oh!

Copilot AI Jan 12, 2026

Uh oh!

Copilot AI Jan 12, 2026

Uh oh!

Copilot AI Jan 12, 2026

Uh oh!

Copilot AI Jan 12, 2026

Uh oh!

Copilot AI Jan 12, 2026

Uh oh!

Uh oh!

arch: Add document describing NVRC features #103

Uh oh!

arch: Add document describing NVRC features #103

Uh oh!

Uh oh!

Diff view

Diff view

There are no files selected for viewing

Copilot AI Jan 12, 2026

Choose a reason for hiding this comment

Uh oh!

Copilot AI Jan 12, 2026

Choose a reason for hiding this comment

Uh oh!

Copilot AI Jan 12, 2026

Choose a reason for hiding this comment

Uh oh!

Copilot AI Jan 12, 2026

Choose a reason for hiding this comment

Uh oh!

Copilot AI Jan 12, 2026

Choose a reason for hiding this comment

Uh oh!

Copilot AI Jan 12, 2026

Choose a reason for hiding this comment

Uh oh!

Uh oh!