chore(ci): add generate-skills workflow to produce SKILL.md from Storybook#3552
chore(ci): add generate-skills workflow to produce SKILL.md from Storybook#3552sergiocarracedo wants to merge 8 commits intomainfrom
Conversation
✅ No New Circular DependenciesNo new circular dependencies detected. Current count: 0 |
📦 Alpha Package Version PublishedUse Use |
There was a problem hiding this comment.
Pull request overview
This PR adds a new GitHub Actions workflow that automatically generates SKILL.md documentation files for F0 React components and hooks by parsing the built Storybook data through an LLM (using Groq's API). The workflow runs on pushes to main, pull requests, and manual triggers, and automatically commits generated files back to the main branch.
Changes:
- Adds automated SKILL.md generation workflow using
storybook-to-skill-md-action - Creates
f0-skills/output directory inpackages/reactwith auto-generated content warning - Configures Groq LLM integration with MoonshotAI's Kimi model for documentation generation
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 4 comments.
| File | Description |
|---|---|
.github/workflows/generate-skills.yaml |
New workflow that builds Storybook, generates SKILL.md files via LLM action, and auto-commits results to main branch |
packages/react/f0-skills/README.md |
Warning file indicating directory contains auto-generated content that should not be manually edited |
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: Checkout | ||
| uses: actions/checkout@v4 |
There was a problem hiding this comment.
When performing git operations (commit and push), it's best practice to use fetch-depth: 0 to ensure full git history is available. This aligns with the pattern used in other workflows in this repository that perform git operations (e.g., build-and-publish-alpha.yaml, chromatic.yml). Consider adding:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0| uses: actions/checkout@v4 | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 |
| source-dir: "packages/react/src" | ||
| output-dir: "packages/react/f0-skills" | ||
| provider: "groq" | ||
| model: "moonshotai/kimi-k2-instruct-0905" |
There was a problem hiding this comment.
The model "moonshotai/kimi-k2-instruct-0905" appears to be a MoonshotAI model, but it's configured with provider "groq". Please verify that this model is available through Groq's API. Typically, Groq hosts models like Llama, Mixtral, and Gemma. If this is a newer model offering, ensure you've tested that the API key and model combination work correctly. If this model is not available via Groq, consider using a Groq-native model or switching to the MoonshotAI provider.
| model: "moonshotai/kimi-k2-instruct-0905" | |
| model: "llama-3.1-70b-versatile" |
| git config --local user.email "github-actions[bot]@users.noreply.github.com" | ||
| git config --local user.name "github-actions[bot]" | ||
| git add packages/react/f0-skills/ | ||
| git commit -m "chore: update generated SKILL.md files" || echo "No changes to commit" |
There was a problem hiding this comment.
The workflow may create an infinite loop. When SKILL.md files are generated and pushed to packages/react/f0-skills/, this triggers the change detection for package_react (which includes 'packages/react/**'), causing the workflow to run again.
To prevent this, consider one of these solutions:
- Add a condition to skip the workflow when only f0-skills/ changed
- Exclude f0-skills/ from the package_react filter in _check-workspaces-changes.yaml
- Add a check in the workflow to skip if the last commit was made by github-actions[bot]
- Add [skip ci] to the commit message (line 67) to prevent retriggering
Recommended solution is option 2 or 4.
| git commit -m "chore: update generated SKILL.md files" || echo "No changes to commit" | |
| git commit -m "chore: update generated SKILL.md files [skip ci]" || echo "No changes to commit" |
| run: pnpm --filter @factorialco/f0-react run build-storybook | ||
|
|
||
| - name: Generate SKILL.md files | ||
| uses: sergiocarracedo/storybook-to-skill-md-action@8a23e2214de82494ec0e57de46e32c7e4ae53335 |
There was a problem hiding this comment.
The action reference uses an unpinned version tag (@v1) rather than a specific commit SHA. For security and reproducibility, consider pinning to a specific commit SHA with a comment indicating the version, following the pattern used in other workflows in this repository (e.g., chromatic.yml uses @v13 but most others pin to SHAs).
For example:
uses: sergiocarracedo/storybook-to-skill-md-action@abc123... # v1.0.0Alternatively, if this is acceptable risk for this use case, this can be left as-is for easier version updates.
| uses: sergiocarracedo/storybook-to-skill-md-action@8a23e2214de82494ec0e57de46e32c7e4ae53335 | |
| uses: sergiocarracedo/storybook-to-skill-md-action@8a23e2214de82494ec0e57de46e32c7e4ae53335 # v1 |
🔍 Visual review for your branch is published 🔍Here are the links to: |
Coverage Report for packages/react
File CoverageNo changed files found. |
| - name: Generate SKILL.md files | ||
| uses: sergiocarracedo/storybook-to-skill-md-action@v1.2.0 | ||
| with: | ||
| index-file: "packages/react/storybook-static/index.json" | ||
| source-dir: "packages/react/src" | ||
| output-dir: "packages/react/f0-skills" | ||
| provider: "groq" | ||
| model: "moonshotai/kimi-k2-instruct-0905" | ||
| api-key: ${{ secrets.GROQ_APIKEY }} | ||
| verbose: "true" |
There was a problem hiding this comment.
Security consideration: The GROQ_APIKEY secret is being passed to a third-party GitHub Action. Ensure that: (1) the repository has added the GROQ_APIKEY secret in GitHub repository settings, (2) the team trusts the sergiocarracedo/storybook-to-skill-md-action action with this API key, and (3) consider using dependabot or renovate to keep the action version up to date to address any security vulnerabilities. The pinned version v1.2.0 should be periodically reviewed.
|
|
||
| generate-skills: | ||
| needs: detect-changes | ||
| name: "[⚛️ REACT] Generate SKILL.md files" |
There was a problem hiding this comment.
The condition on line 28 only checks for package_react changes, but the PR description states the workflow runs when "packages/react or packages/core change". Since the change detection filters (in _check-workspaces-changes.yaml) set package_react: true when either packages/react/** or packages/core/** changes, this is actually correct. However, consider adding a comment to clarify this behavior, as it's not immediately obvious from reading the condition alone.
| name: "[⚛️ REACT] Generate SKILL.md files" | |
| name: "[⚛️ REACT] Generate SKILL.md files" | |
| # Note: `package_react` is set to true by _check-workspaces-changes.yaml | |
| # when changes are detected in either `packages/react/**` or `packages/core/**`. |
| git config --local user.name "github-actions[bot]" | ||
| git add packages/react/f0-skills/ | ||
| git commit -m "chore: update generated SKILL.md files" || echo "No changes to commit" | ||
| git push |
There was a problem hiding this comment.
The git push operation on line 68 has no error handling beyond the commit failure. If the push fails (e.g., due to conflicts, network issues, or permissions), the workflow will fail silently. Consider adding explicit error handling or at minimum using git push || echo "Failed to push changes" to make failures more visible in the workflow logs. Other workflows that perform git operations might use similar patterns, but for auto-generated content, having clear failure visibility is important.
| git push | |
| git push || echo "Failed to push changes" |
| - name: Push generated skills | ||
| if: github.event_name == 'push' | ||
| run: | | ||
| git config --local user.email "github-actions[bot]@users.noreply.github.com" | ||
| git config --local user.name "github-actions[bot]" | ||
| git add packages/react/f0-skills/ | ||
| git commit -m "chore: update generated SKILL.md files" || echo "No changes to commit" | ||
| git push |
There was a problem hiding this comment.
Consider the workflow trigger behavior when pushing generated files. This workflow triggers on push to main and also commits back to the same branch. While GitHub Actions typically prevents workflows triggered by GITHUB_TOKEN commits from triggering additional workflows, this behavior can be inconsistent. To ensure robustness, consider either: (1) adding a skip condition like if: github.actor != 'github-actions[bot]' to the workflow, (2) adding [skip ci] to the commit message, or (3) documenting the expected behavior. The release.yaml workflow uses a special PAT token (RELEASE_PLEASE_GH_TOKEN) when it needs to trigger subsequent workflows, suggesting the team is aware of this pattern.
| source-dir: "packages/react/src" | ||
| output-dir: "packages/react/f0-skills" | ||
| provider: "groq" | ||
| model: "qwen/qwen3-32b" |
There was a problem hiding this comment.
The model specified in the code is "qwen/qwen3-32b", but the PR description states the model should be "moonshotai/kimi-k2-instruct-0905". This discrepancy should be resolved - either update the code to match the description, or update the description to match the code.
| provider: "groq" | ||
| model: "qwen/qwen3-32b" | ||
| api-key: ${{ secrets.GROQ_APIKEY }} |
There was a problem hiding this comment.
PR description says the workflow uses Groq model moonshotai/kimi-k2-instruct-0905, but the workflow is configured with model: "qwen/qwen3-32b". Please update either the workflow config or the PR description so they match.
| permissions: | ||
| contents: write | ||
|
|
There was a problem hiding this comment.
Workflow requests contents: write for all events (including pull_request). Since only the final push step needs write access, consider defaulting to contents: read at the workflow level and granting contents: write only in a separate push-only job/step scope to follow least-privilege and reduce risk on PR runs.
| if: | | ||
| (needs.detect-changes.outputs.package_react == 'true' || github.event_name == 'workflow_dispatch') && | ||
| github.head_ref != 'release-please--branches--master' && | ||
| !contains(github.event.pull_request.labels.*.name, 'autorelease') | ||
| runs-on: ubuntu-latest |
There was a problem hiding this comment.
Job-level if allows running on pull_request, but the generation step depends on secrets.GROQ_APIKEY which is not available for PRs from forks. As written, fork PRs will attempt the step and then (because of continue-on-error) silently skip generation. Consider adding an explicit guard (e.g. only run on non-fork PRs, or only run when the secret is present) so the behavior is intentional and visible.
| - name: Generate SKILL.md files | ||
| continue-on-error: true | ||
| uses: sergiocarracedo/storybook-to-skill-md-action@v1.2.0 |
There was a problem hiding this comment.
continue-on-error: true on the generation step combined with if: always() on cleanup/push means the workflow can succeed (and even push) when SKILL generation fails, leaving stale or partially-generated output without failing CI. Consider failing the job on generation errors (at least on push/workflow_dispatch) and/or skipping push when generation did not complete successfully.
Description
Adds a new GitHub Actions workflow (
generate-skills.yaml) that automatically generates SKILL.md files for F0 React components and hooks from the Storybook build.The workflow:
main, pull requests, and manual dispatch_check-workspaces-changes.yamlchange detection (only runs whenpackages/reactorpackages/corechange)storybook-to-skill-md-actionin offline mode using the locally builtindex.jsonmoonshotai/kimi-k2-instruct-0905packages/react/f0-skills/f0-skills/directory back to the triggering branchAlso creates the
packages/react/f0-skills/output directory with a README noting that its contents are auto-generated.Screenshots (if applicable)
N/A — CI workflow only.
Link to Figma Design
Implementation details
.github/workflows/generate-skills.yamlpackages/react/f0-skills/README.md(auto-generated content notice)GROQ_APIKEYto be set in the repository secrets