Move docs workflows to elastic/docs-actions

[Mpdreamz]

Summary

Moves our docs CI/CD workflow logic from elastic/docs-builder to
elastic/docs-actions.
elastic/docs-builder has grown in scope; elastic/docs-actions lets the
docs team push updates to the @v1 tag independently without coupling to
the broader builder tooling.

The new setup follows GitHub's recommended two-phase workflow approach:
all required checks on pull requests now run with read-only access only.
Preview deployments and PR comments happen in a separate phase triggered
after the required check completes.

Replaces preview-build.yml and docs-cleanup.yml with three new workflow
files: docs-build.yml, docs-deploy.yml, and docs-preview-cleanup.yml.

Preview deployments for forks:
Preview deployments are not available for fork PRs by default. If you are an
Elastic employee working from a fork, previews will work once your Elastic
GitHub organization membership is set to Public:

1. Go to https://github.com/orgs/elastic/people and find your name

2. Open the visibility dropdown next to your name and select Public

   Or: GitHub profile -> Organizations -> Elastic logo -> set visibility
   to Public.

Contributors outside Elastic will still get build validation feedback on
their PRs -- only preview deployments are skipped.

Post-merge

• Update branch protection rules to require docs-build instead of
  preview-build (if applicable)

cc @elastic/ingest-docs

[coderabbitai]

📝 Walkthrough

Walkthrough

The pull request refactors the documentation workflow infrastructure by replacing references from elastic/docs-builder to elastic/docs-actions workflows. The docs-build.yml workflow is modified to trigger on pull requests and main branch pushes, calling the new reusable workflow with vale linting enabled. The legacy docs-cleanup.yml is removed and replaced with a new docs-preview-cleanup.yml workflow that handles cleanup on closed pull requests. A new docs-deploy.yml workflow is added to run after successful builds, managing the deployment phase with appropriate permissions.

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch migrate/docs-actions-workflows

• 🛠️ Update Documentation: Commit on current branch
• 🛠️ Update Documentation: Create PR

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.github/workflows/docs-deploy.yml:
- Around line 3-16: The deploy job currently runs for any completed docs-build
workflow; add a success guard so deployments only run when the triggering
workflow completed successfully by adding an if condition on the deploy job
(jobs.deploy) that checks github.event.workflow_run.conclusion == 'success' (use
the GitHub Actions expression syntax) to prevent deploys after failed or
cancelled docs-build runs.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 6d1de326-12cd-4c5f-828c-4f6103b7e43e

📥 Commits

Reviewing files that changed from the base of the PR and between 87813bc and 003ebf0.

📒 Files selected for processing (4)

• .github/workflows/docs-build.yml
• .github/workflows/docs-cleanup.yml
• .github/workflows/docs-deploy.yml
• .github/workflows/docs-preview-cleanup.yml

💤 Files with no reviewable changes (1)

• .github/workflows/docs-cleanup.yml

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "== Wrapper workflow check =="
nl -ba .github/workflows/docs-deploy.yml | sed -n '1,120p'
echo
echo "Looking for workflow_run completion trigger and success guard in wrapper:"
rg -n 'workflow_run|types:\s*\[completed\]|conclusion\s*==\s*'\''success'\''' .github/workflows/docs-deploy.yml || true

echo
echo "== Reusable workflow reference =="
echo "Please verify in elastic/docs-actions/.github/workflows/docs-deploy.yml@v1"
echo "that it contains an explicit guard on github.event.workflow_run.conclusion == 'success'."

Repository: elastic/elastic-otel-php

Length of output: 156

---

🏁 Script executed:

cat .github/workflows/docs-deploy.yml

Repository: elastic/elastic-otel-php

Length of output: 390

---

🏁 Script executed:

rg -i "docs-actions|workflow_run.*conclusion" .

Repository: elastic/elastic-otel-php

Length of output: 50

---

Add success gate to prevent deploy after failed builds.

The wrapper currently executes the deploy job after any conclusion of the docs-build workflow—including failures and cancellations. This allows deployments with write permissions (deployments: write, id-token: write) to proceed after unsuccessful builds. Add the guard condition to Line 12:

Fix

 jobs:
   deploy:
+    if: ${{ github.event.workflow_run.conclusion == 'success' }}
     uses: elastic/docs-actions/.github/workflows/docs-deploy.yml@v1
     with:
       enable-vale-linting: true

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/docs-deploy.yml around lines 3 - 16, The deploy job
currently runs for any completed docs-build workflow; add a success guard so
deployments only run when the triggering workflow completed successfully by
adding an if condition on the deploy job (jobs.deploy) that checks
github.event.workflow_run.conclusion == 'success' (use the GitHub Actions
expression syntax) to prevent deploys after failed or cancelled docs-build runs.