Skip to content
Docs Control

Downstream Dispatch

Dispatch trigger

Section titled “Dispatch trigger”

When template files change on docs-control’s main branch, the dispatch workflow at .github/workflows/dispatch-downstream.yml triggers enforcement in every enrolled downstream repository.

The trigger paths include:

  • .github/config/repo-settings.json, downstream-repos.json, docs-sites.json
  • workflows/** (caller templates)
  • .github/workflows/enforce-repo-settings.yml, sync-managed-files.yml, github-pages-deploy.yml, require-linked-issue.yml
  • .github/PULL_REQUEST_TEMPLATE.md, .github/ISSUE_TEMPLATE/**
  • CONTRIBUTING.md, CLAUDE.md, .editorconfig, .gitignore, LICENSE, .pre-commit-config.yaml, README.md.tpl

The workflow reads the downstream repository list, then calls gh workflow run enforce-repo-settings.yml for each repository using the REPO_SETTINGS_TOKEN secret (with 3 retry attempts per repository).

Enrolled repositories

Section titled “Enrolled repositories”
.github/config/downstream-repos.json
[
  "f5xc-salesdemos/docs-builder",
  "f5xc-salesdemos/docs-theme",
  "f5xc-salesdemos/docs",
  "f5xc-salesdemos/administration",
  "f5xc-salesdemos/nginx",
  "f5xc-salesdemos/observability",
  "f5xc-salesdemos/was",
  "f5xc-salesdemos/mcn",
  "f5xc-salesdemos/dns",
  "f5xc-salesdemos/cdn",
  "f5xc-salesdemos/bot-standard",
  "f5xc-salesdemos/bot-advanced",
  "f5xc-salesdemos/ddos",
  "f5xc-salesdemos/waf",
  "f5xc-salesdemos/api-protection",
  "f5xc-salesdemos/csd"
]

To enroll a new repository, add it to this file and follow the onboarding procedure.

Caller workflow templates

Section titled “Caller workflow templates”

The workflows/ directory contains three workflow files that downstream repositories copy into their .github/workflows/ directory. These are thin callers that invoke the reusable workflows hosted in docs-control.

enforce-repo-settings.yml

Section titled “enforce-repo-settings.yml”

Calls both enforce-repo-settings.yml and sync-managed-files.yml as parallel jobs with separate tokens. Triggers on schedule (every 6 hours), push to .github/config/**, and manual dispatch.

workflows/enforce-repo-settings.yml
name: Enforce Repository Settings


on:
  schedule:
    - cron: '0 */6 * * *'
  push:
    branches: [main]
    paths:
      - '.github/config/**'
  workflow_dispatch:


permissions:
  contents: read


concurrency:
  group: enforce-repo-settings
  cancel-in-progress: true


jobs:
  enforce-settings:
    uses: f5xc-salesdemos/docs-control/.github/workflows/enforce-repo-settings.yml@main
    secrets:
      repo-settings-token: $\{{ secrets.REPO_SETTINGS_TOKEN }}


  sync-files:
    uses: f5xc-salesdemos/docs-control/.github/workflows/sync-managed-files.yml@main
    secrets:
      repo-sync-token: $\{{ secrets.REPO_SYNC_TOKEN }}

github-pages-deploy.yml

Section titled “github-pages-deploy.yml”

Calls the reusable docs build and deploy workflow. Triggers on push to docs/** on main and manual dispatch.

workflows/github-pages-deploy.yml
name: GitHub Pages Deploy
on:
  push:
    branches: [main]
    paths:
      - 'docs/**'
  workflow_dispatch:


permissions:
  contents: read
  packages: read
  pages: write
  id-token: write


concurrency:
  group: pages
  cancel-in-progress: true


jobs:
  docs:
    uses: f5xc-salesdemos/docs-control/.github/workflows/github-pages-deploy.yml@main

require-linked-issue.yml

Section titled “require-linked-issue.yml”

Calls the reusable linked-issue check workflow. Triggers on pull_request_target events.

workflows/require-linked-issue.yml
name: Require Linked Issue


on:
  pull_request_target:
    types: [opened, edited, reopened, synchronize]


permissions:
  issues: read
  pull-requests: write


concurrency:
  group: $\{{ github.workflow }}-$\{{ github.event.pull_request.number }}
  cancel-in-progress: true


jobs:
  check:
    uses: f5xc-salesdemos/docs-control/.github/workflows/require-linked-issue.yml@main
    secrets: inherit

Check name format

Section titled “Check name format”

When a downstream repository uses a caller workflow, the GitHub Actions status check name becomes <caller_job_key> / <reusable_job_name>. For example:

Caller job keyReusable job nameResulting check name
checkCheck linked issuescheck / Check linked issues

This is why docs-control’s configuration has both contexts (for downstream repositories) and self_contexts (for docs-control itself) — the check names differ depending on whether the workflow runs directly or through a caller.

PR quality gate

Section titled “PR quality gate”

The require-linked-issue.yml caller enforces that every PR is linked to a GitHub issue. PRs from automated branches (dependabot/**, governance/**, sync/**, etc.) are excluded.