ci: Re-use exising docs PRs and sign off on commits

[adamwg]

Description of your changes

Set a static branch name in the create-pull-request action that updates the reference docs so that if an existing docs update PR is open it will be re-used. This avoids creating a sequence of PRs (of which it makes sense to merge only the most recent) if we don't review and merge them right away.

While we're here, also update the docs update job to add a Signed-off-by line to its commit message. This should make the DCO check in the docs repo pass, avoiding the need for a bypass merge.

I have:

• Read and followed Crossplane's contribution process.
• Run ./nix.sh flake check to ensure this PR is ready for review.
  - [ ] Added or updated unit tests.
  - [ ] Linked a PR or a docs tracking issue to document this change.
  - [ ] Added backport release-x.y labels to auto-backport this PR.

[coderabbitai]

📝 Walkthrough

Walkthrough

The CI workflow's "Create docs PR" step is updated to use a static branch name (auto-update-cli-docs) instead of a version-specific branch, so repeated runs update the same PR branch. The commit-message field is expanded to a multi-line format that appends a Signed-off-by footer.

Changes

Docs PR Branch and Commit Message Update

Layer / File(s)	Summary
Static branch name and Signed-off-by commit message .github/workflows/ci.yml	Replaces the version-specific branch cli-docs-${{ needs.build-artifacts.outputs.version }} with the fixed branch auto-update-cli-docs, and expands commit-message to a multi-line block that adds a Signed-off-by footer while keeping the versioned PR title.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Possibly related PRs

• crossplane/cli#106: Modifies the same CI workflow step that creates/updates the CLI reference docs pull request, with overlapping changes to branch and commit-message handling.

Suggested reviewers

• tampakrap
• jcogilvie

🚥 Pre-merge checks | ✅ 6

✅ Passed checks (6 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly describes the main changes: reusing existing docs PRs with a static branch and adding signed commits for DCO compliance.
Description check	✅ Passed	The description is directly related to the changeset, explaining both the static branch naming strategy and the Signed-off-by addition in detail.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Breaking Changes	✅ Passed	PR only modifies .github/workflows/ci.yml (no changes to apis/** or cmd/**). Custom check for breaking changes in those directories does not apply.
Feature Gate Requirement	✅ Passed	PR only modifies GitHub Actions workflow configuration (.github/workflows/ci.yml) with no API changes or new experimental features requiring feature gates.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/workflows/ci.yml:
- Around line 263-267: The commit message includes a hardcoded Signed-off-by
footer for cli-docs-bot, but the peter-evans/create-pull-request@v7 action is
not explicitly configured with author and committer inputs, causing it to
default to the GitHub Actions trigger context. This creates a mismatch that
violates DCO validation. Add explicit `author` and `committer` inputs to the
create-pull-request action step, setting both to "cli-docs-bot
<info@crossplane.io>", and remove the manual Signed-off-by line from the
commit-message field to let the action handle the sign-off automatically,
ensuring the commit author and Signed-off-by footer match exactly.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 3d2c7b07-79dd-45b0-9809-e80a27a26b44

📥 Commits

Reviewing files that changed from the base of the PR and between 3df82fc and e3871f9.

📒 Files selected for processing (1)

• .github/workflows/ci.yml

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🌐 Web query:

For peter-evans/create-pull-request v7, what are the default commit author and committer values, and does signoff: true generate a Signed-off-by line tied to that identity?

💡 Result:

In peter-evans/create-pull-request v7, the default values for commit author and committer are as follows: - Author: ${{ github.actor }} <${{ github.actor_id }}+${{ github.actor }}@users.noreply.github.com> [1][2] - Committer: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> [1][2] Regarding the signoff input, it is distinct from the sign-commits feature introduced in v7 [3][4]. The signoff input (if set to true) appends a Signed-off-by line to the commit message [1][5]. This line is tied to the identity defined by the commit author, as configured by the action's author input [1][2]. Please note that this is different from commit signature verification (enabled via sign-commits: true), which uses GPG or bot-generated signatures to verify the origin of a commit [3][4]. If you are using the signoff input, it will append the standard trailer (e.g., Signed-off-by: Display Name email@address.com) using the information provided in the author field [1].

Citations:

• 1: https://github.com/peter-evans/create-pull-request
• 2: https://github.com/peter-evans/create-pull-request/blob/main/docs/updating.md
• 3: https://github.com/peter-evans/create-pull-request/blob/HEAD/docs/concepts-guidelines.md
• 4: peter-evans/create-pull-request@4320041
• 5: https://github.com/peter-evans/create-pull-request/blob/main/README.md

---

Ensure commit author and Signed-off-by footer match to satisfy DCO validation

Great addition of DCO support! Just to clarify how this works with peter-evans/create-pull-request@v7: when you don't explicitly set author and committer inputs, the action defaults to using the GitHub Actions trigger context (github.actor) as the commit author. This means the commit author will be whoever triggered the workflow, not cli-docs-bot.

Since your commit message manually includes Signed-off-by: cli-docs-bot <info@crossplane.io>, there's a mismatch—DCO typically validates that the Signed-off-by identity matches the commit author, so downstream checks may still fail.

To align these, consider explicitly configuring the author identity and letting the action handle the sign-off:

Suggested adjustment

       - name: Create docs PR
         if: ${{ github.ref == 'refs/heads/main' && steps.find-changes.outputs.changed == 'true' }}
         uses: peter-evans/create-pull-request@22a9089034f40e5a961c8808d113e2c98fb63676 # v7
         with:
           token: ${{ steps.generate-token.outputs.token }}
           path: ./docs
+          author: cli-docs-bot <info@crossplane.io>
+          committer: cli-docs-bot <info@crossplane.io>
+          signoff: true
           commit-message: |
             Update master CLI reference docs for ${{ needs.build-artifacts.outputs.version }}
-
-            Signed-off-by: cli-docs-bot <info@crossplane.io>
           title: Update master CLI reference docs for ${{ needs.build-artifacts.outputs.version }}
           branch: auto-update-cli-docs
           add-paths: content/cli/master/command-reference.md

This ensures the commit author, Signed-off-by footer, and DCO validation all align correctly.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	commit-message: |
	Update master CLI reference docs for ${{ needs.build-artifacts.outputs.version }}
	Signed-off-by: cli-docs-bot <info@crossplane.io>
	title: Update master CLI reference docs for ${{ needs.build-artifacts.outputs.version }}
	author: cli-docs-bot <info@crossplane.io>
	committer: cli-docs-bot <info@crossplane.io>
	signoff: true
	commit-message: |
	Update master CLI reference docs for ${{ needs.build-artifacts.outputs.version }}
	title: Update master CLI reference docs for ${{ needs.build-artifacts.outputs.version }}

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/ci.yml around lines 263 - 267, The commit message includes
a hardcoded Signed-off-by footer for cli-docs-bot, but the
peter-evans/create-pull-request@v7 action is not explicitly configured with
author and committer inputs, causing it to default to the GitHub Actions trigger
context. This creates a mismatch that violates DCO validation. Add explicit
`author` and `committer` inputs to the create-pull-request action step, setting
both to "cli-docs-bot <info@crossplane.io>", and remove the manual Signed-off-by
line from the commit-message field to let the action handle the sign-off
automatically, ensuring the commit author and Signed-off-by footer match
exactly.

[jbw976]

this could be a good idea @adamwg ^ (if it's correct)

[coderabbitai]

Seems like the humans are having a chat. I'll hop back into my burrow for now. If you need me again, just tag @coderabbitai in a new comment, and I'll come hopping out!

[jbw976]

This will be a great improvement to consolidate the docs PRs! a couple questions about the implementation, thank you!

[jbw976]

since we'll be re-using the same branch, is there any additional config/settings we need to do to make sure it keeps getting synced/rebased to the latest in docs master?