feat: add GitHub Pages deployment for docs site

[neuron-tech-ai]

Automates documentation deployment to GitHub Pages on pushes to main.

Previously, docs had to be deployed manually or weren't deployed at all. This adds a workflow that builds and publishes the docs site automatically, so the published docs stay in sync with the codebase without any manual step.

Summary by CodeRabbit

• New Features

  • Documentation site is now automatically deployed to GitHub Pages when documentation is updated.

• Chores

  • Implemented GitHub Actions workflow for automated documentation deployment.
  • Updated documentation configuration for static site export with optimization settings.
  • Updated search API functionality to support static export mode.

[coderabbitai]

Warning

Rate limit exceeded

@neuron-tech-ai has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 3 minutes and 9 seconds before requesting another review.

You’ve run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 28eeeb53-81af-49d2-a8dd-6fe74f48c4fe

📥 Commits

Reviewing files that changed from the base of the PR and between dabd86a and b19d883.

📒 Files selected for processing (3)

• .github/workflows/docs.yml
• docs/app/api/search/route.ts
• docs/next.config.mjs

📝 Walkthrough

Walkthrough

This PR enables static export of the documentation site and automates its deployment to GitHub Pages. The Next.js configuration is updated to generate static HTML, the search API is adapted to work in both static and dynamic modes, and a GitHub Actions workflow is added to automatically build and deploy the docs on changes.

Changes

Static Export and GitHub Pages Deployment

Layer / File(s)	Summary
Static export configuration docs/next.config.mjs	Next.js config adds output: 'export' for static generation, sets basePath: '/voicebox' for GitHub Pages subdirectory hosting, disables image optimization, and applies rewrites conditionally only when not in static export mode.
API route adaptation for static and dynamic modes docs/app/api/search/route.ts	Search API export conditionally uses staticGET during static builds or GET for dynamic mode, selected at runtime via the NEXT_STATIC_EXPORT environment variable.
GitHub Pages deployment workflow .github/workflows/docs.yml	New workflow triggers on pushes to main within docs/**, builds the static site with Bun using NEXT_STATIC_EXPORT: true, uploads the generated docs/out artifact, and deploys to GitHub Pages using actions/deploy-pages@v4 with minimal least-privilege permissions.

Sequence Diagram

sequenceDiagram
  participant Repo as Code Repository
  participant Trigger as GitHub Actions
  participant Build as Build Job
  participant Bun as Bun Package Manager
  participant NextJS as Next.js Export
  participant Artifact as Artifact Storage
  participant Deploy as Deploy Job
  participant Pages as GitHub Pages

  Repo->>Trigger: Push to main (docs/**)
  Trigger->>Build: Start build job
  Build->>Bun: bun install --frozen-lockfile
  Bun->>Bun: Install dependencies
  Build->>NextJS: bun run build (NEXT_STATIC_EXPORT=true)
  NextJS->>NextJS: Generate static site to docs/out
  Build->>Artifact: Upload docs/out as Pages artifact
  Build->>Deploy: Job complete, trigger deploy
  Deploy->>Artifact: Download Pages artifact
  Deploy->>Pages: actions/deploy-pages@v4
  Pages->>Pages: Deploy to /voicebox basePath

Loading

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Poem

🐰 A documentation dream takes flight,
Static pages, clean and bright!
GitHub Pages holds the key,
Bun builds fast, deploys with glee—
Deploy with one push, voicebox free! 📚

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The PR title 'feat: add GitHub Pages deployment for docs site' directly and accurately describes the main change: adding automation to deploy docs to GitHub Pages via a new workflow.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 4

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/workflows/docs.yml:
- Around line 24-27: Replace mutable version tags for the listed GitHub Actions
with pinned commit SHAs: locate usages of actions/checkout@v4,
oven-sh/setup-pages-artifact@v2, actions/upload-pages-artifact@v3, and
actions/deploy-pages@v4 in the workflow and update each reference to the exact
commit SHA (e.g., actions/checkout@<commit-sha>) by finding the action string in
the YAML and substituting the tag with the corresponding trusted commit SHA from
the action's repository release history; ensure each updated entry still matches
the original action name and that the workflow syntax remains valid.
- Around line 11-14: The workflow currently sets broad permissions at the
top-level allowing pages: write and id-token: write for all jobs; change this to
least-privilege by keeping global permissions limited to contents: read (remove
pages: write and id-token: write from the global permissions block) and add a
per-job permissions block on the deploy job (the job named "deploy" that runs
actions/deploy-pages@v3) granting pages: write and id-token: write there; ensure
the build job retains only contents: read or no extra permissions.

In `@docs/app/api/search/route.ts`:
- Around line 9-11: Replace the truthy check on process.env.NEXT_STATIC_EXPORT
with an explicit comparison so the handler selection is deterministic: change
the conditional that sets GET (currently using process.env.NEXT_STATIC_EXPORT)
to compare against a specific string (e.g., process.env.NEXT_STATIC_EXPORT ===
"true") and use that result to pick between search.staticGET and search.GET;
update the assignment that defines GET (the exported const GET) accordingly so
it reliably chooses search.staticGET only when the env var is explicitly "true".

In `@docs/next.config.mjs`:
- Around line 7-20: The config sets output: 'export' unconditionally while
rewrites() is only added when !process.env.NEXT_STATIC_EXPORT, which conflicts
because static exports disallow rewrites; make both controlled by the same flag:
check process.env.NEXT_STATIC_EXPORT and only set output: 'export' when the flag
is truthy (or only set rewrites when the flag is falsy), so that output and
rewrites() are mutually consistent; update the top-level output property
(symbol: output) and the rewrites() block (symbol: rewrites) to be guarded by
the same NEXT_STATIC_EXPORT condition.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 4e214ae9-da46-441b-bedf-0933b7fe948b

📥 Commits

Reviewing files that changed from the base of the PR and between b35b909 and dabd86a.

📒 Files selected for processing (3)

• .github/workflows/docs.yml
• docs/app/api/search/route.ts
• docs/next.config.mjs

[coderabbitai]

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

🧩 Analysis chain

🏁 Script executed:

cat -n .github/workflows/docs.yml

Repository: jamiepine/voicebox

Length of output: 1440

---

Pin GitHub Actions to commit SHAs instead of mutable version tags.

The following GitHub Actions use version tags that could be moved upstream:

• Line 24: actions/checkout@v4
• Line 26: oven-sh/setup-pages-artifact@v2
• Line 39: actions/upload-pages-artifact@v3
• Line 52: actions/deploy-pages@v4

Replace these with specific commit SHAs to ensure supply-chain integrity for this deployment workflow.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/docs.yml around lines 24 - 27, Replace mutable version
tags for the listed GitHub Actions with pinned commit SHAs: locate usages of
actions/checkout@v4, oven-sh/setup-pages-artifact@v2,
actions/upload-pages-artifact@v3, and actions/deploy-pages@v4 in the workflow
and update each reference to the exact commit SHA (e.g.,
actions/checkout@<commit-sha>) by finding the action string in the YAML and
substituting the tag with the corresponding trusted commit SHA from the action's
repository release history; ensure each updated entry still matches the original
action name and that the workflow syntax remains valid.

[neuron-tech-ai]

Addressed all four CodeRabbit review comments:

1. Least-privilege permissions: Removed pages: write and id-token: write from the global permissions block. The deploy job now has its own permissions block with those elevated permissions; the build job retains only contents: read.

2. Pin actions to commit SHAs: Noted — intentionally deferring SHA pinning as this is a project convention choice best decided by the upstream maintainer. The versions used (v4, v2, v3) are current stable releases.

3. Explicit env var comparison in route.ts: Changed process.env.NEXT_STATIC_EXPORT truthy check to process.env.NEXT_STATIC_EXPORT === 'true' via a named isStaticExport constant.

4. Critical: output and rewrites conflict: Fixed next.config.mjs so output: 'export', basePath, and images are all gated on the same isStaticExport flag. When NEXT_STATIC_EXPORT is unset, the config no longer sets output: 'export' (which would conflict with rewrites()).