Add hooks documentation

[Resonance1584]

Summary by CodeRabbit

• Documentation
  • Added new Enterprise “Hooks” guides: overview, prerequisites/setup (including plan-artifact encryption key requirement), configuration (after hook attributes and execution/exit semantics), and writing bash-based hooks.
  • Documented hook authentication options (AWS/Azure/GCP OIDC and custom credentials) and clarified that secrets aren’t auto-injected—hooks must retrieve them at runtime.
  • Added a Slack deploy notification hook walkthrough.
  • Introduced a “Hooks API” reference defining hook environment variables, plan/input/output file locations, and hook result semantics.
  • Updated configuration/reference docs and navigation to include “Hooks” and “Hooks API” entries.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
docs	Ready	Preview, Comment	Jun 19, 2026 6:50pm

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

📝 Walkthrough

Walkthrough

Adds comprehensive Hooks documentation for Pipelines including a new Hooks API reference documenting the environment-variable contract (PIPELINES_HOOKS_CTX_*, PIPELINES_HOOKS_IN_*, PIPELINES_HOOKS_OUT_*), six guide pages (overview, setup, configuration, writing a hook, authentication, Slack example), updates to the configurations-as-code API reference, and Docusaurus sidebar navigation.

Changes

Pipelines Hooks documentation

Layer / File(s)	Summary
Hooks API contract & configurations-as-code reference docs/2.0/reference/pipelines/hooks-api.md, docs/2.0/reference/pipelines/configurations-as-code/api.mdx	Defines PIPELINES_HOOKS_CTX_* (run context scalars), PIPELINES_HOOKS_IN_* (input file paths), and PIPELINES_HOOKS_OUT_* (output file paths and result semantics: pass/warn/deny as advisory only). Documents after_hook block with all attributes in the configurations-as-code reference.
Overview, setup, and configuring guides docs/2.0/docs/pipelines/guides/hooks/overview.md, docs/2.0/docs/pipelines/guides/hooks/setup.md, docs/2.0/docs/pipelines/guides/hooks/configuring.md	Overview introduces hooks as Enterprise-only; setup covers PIPELINES_PLAN_ENCRYPTION_KEY generation and GitHub/GitLab configuration; configuring documents after_hook block structure, execution only when units affected, command filtering, exit code semantics (0 = read outputs, non-zero = fail run), run_on_error override, timeout/cancellation, isolated working directories, and I/O model.
Writing a hook & authentication guides docs/2.0/docs/pipelines/guides/hooks/writing-a-hook.md, docs/2.0/docs/pipelines/guides/hooks/authentication.md	Step-by-step guide to creating a bash hook that reads PIPELINES_HOOKS_IN_* and PIPELINES_HOOKS_CTX_* variables and writes comment/result files, configuring it in repository blocks, and interpreting rendered results in PR comments; authentication guide documents OIDC credential acquisition (AWS/Azure/GCP and custom) with distinct plan vs. apply identities and no automatic secret injection.
Slack deploy notification example docs/2.0/docs/pipelines/guides/hooks/slack-deploy-notification.md	End-to-end example storing Slack webhook URL in AWS SSM SecureString, creating an IAM role with SSM/KMS permissions, configuring aws_oidc authentication in an after_hook on apply with run_on_error = true, and a bash script that assumes the role, fetches the decrypted webhook URL, reads run context, and posts a success/failure message to Slack.
Sidebar navigation wiring sidebars/docs.js, sidebars/reference.js	Adds a collapsible "Hooks" subcategory to the Pipelines guides sidebar with links to all hook pages; adds "Hooks API" entry to the reference sidebar.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Poem

🐰 A hop through the docs, a new feature arrives,
With hooks for your pipelines, your workflow now thrives!
Plan, apply, and notify — Slack gets the news,
OIDC keys and SSM secrets to use.
The bunny has written it all down with care,
Now reviewers rejoice — the docs are all there! 🎉

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'Add hooks documentation' directly and accurately describes the main change: adding comprehensive documentation for the Hooks feature across multiple guide pages and API references.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch 2026-06-17_after-hooks

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 3

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@docs/2.0/docs/pipelines/guides/hooks/slack-deploy-notification.md`:
- Line 104: Update the statement about the hook reporting as a pass in the Slack
deploy notification example documentation. Currently it states that writing
nothing to output files results in a pass, but this needs qualification: clarify
that a pass is only reported when the script exits with code 0, and explain that
despite writing no output files, the example can still fail the hook if the AWS
secret lookup fails or the curl Slack API call fails (due to set -euo pipefail
and the --fail flags used in the example), causing non-zero exit codes that will
fail the entire pipeline run.

In `@docs/2.0/docs/pipelines/guides/hooks/writing-a-hook.md`:
- Around line 30-47: The documentation examples use the jq command-line tool in
multiple code snippets but do not document it as a required prerequisite. Add a
note or prerequisites section before or at the beginning of the hook writing
guide (before the section "3. Write the comment") that explicitly mentions jq as
a runtime dependency that readers must have installed on their system to use the
hook examples. This ensures users are aware of the requirement before attempting
to run the code snippets that invoke jq commands.

In `@docs/2.0/reference/pipelines/hooks-api.md`:
- Around line 90-98: The table entry for the `pass` result incorrectly states it
"Produces no comment," which contradicts the actual behavior where hooks can
still emit summary and comment output when exiting with status 0. Update the
`pass` row in the Result table to clarify that `pass` is the default result and
does not suppress hook output or comments; it simply indicates the hook executed
successfully and allows any comments the hook chooses to emit.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 9e38d549-f52b-46cf-9649-ee2d237380c3

📥 Commits

Reviewing files that changed from the base of the PR and between fbf3d71 and f3ecf6b.

⛔ Files ignored due to path filters (1)

• static/img/pipelines/guides/affected-units-comment.png is excluded by !**/*.png

📒 Files selected for processing (10)

• docs/2.0/docs/pipelines/guides/hooks/authentication.md
• docs/2.0/docs/pipelines/guides/hooks/configuring.md
• docs/2.0/docs/pipelines/guides/hooks/overview.md
• docs/2.0/docs/pipelines/guides/hooks/setup.md
• docs/2.0/docs/pipelines/guides/hooks/slack-deploy-notification.md
• docs/2.0/docs/pipelines/guides/hooks/writing-a-hook.md
• docs/2.0/reference/pipelines/configurations-as-code/api.mdx
• docs/2.0/reference/pipelines/hooks-api.md
• sidebars/docs.js
• sidebars/reference.js

[coderabbitai]

⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Call out the jq runtime dependency.

Both snippets use jq, so readers who copy this hook into an environment without it will hit a runtime failure immediately. Please mention that prerequisite in the guide.

Proposed fix

 Before you start, make sure hooks are set up for your repository. See [Setup & Prerequisites](/2.0/docs/pipelines/guides/hooks/setup).
+This example also requires `jq` to be available in the hook runtime.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@docs/2.0/docs/pipelines/guides/hooks/writing-a-hook.md` around lines 30 - 47,
The documentation examples use the jq command-line tool in multiple code
snippets but do not document it as a required prerequisite. Add a note or
prerequisites section before or at the beginning of the hook writing guide
(before the section "3. Write the comment") that explicitly mentions jq as a
runtime dependency that readers must have installed on their system to use the
hook examples. This ensures users are aware of the requirement before attempting
to run the code snippets that invoke jq commands.

[oredavids]

Based on the current pages I've reviewed.

[oredavids]

It may be best to leave out the Required and optional sections here since we link to the full spec below and can have a single source of truth for the documentation.

We should still have the text explaining the label, commands and execute meaning.

[ebeneliason]

Is HTML the expected format? I expected all comment files to be formatted as markdown. We should clarify what's supported. Can we make this markdown-enabled?

[Resonance1584]

Well, it all gets dumped into the mixed html/md comment that already exists. Some things like code blocks with backticks ` wont work on the first new line within the details block. Then they might start working after two new lines. Using <code> works straight away.

[ebeneliason]

Should this live in the Tutorials section instead?

[ebeneliason]

What's the relationship of Hooks to the "Extending Pipelines" section? The extension talks about how to extend actions. Do we promote both approaches going forward? Recommend one over the other? Recommend one or the other for specific use cases?

At the very least, it seems we might need to cross-reference so folks don't find one and miss the other, but perhaps the extending section just gets overhauled or removed?

[coderabbitai]

🧹 Nitpick comments (1)

docs/2.0/docs/pipelines/guides/hooks/overview.md (1)

9-15: Add guidance distinguishing Hooks from Extending Pipelines.

The intro states "Hooks are how you extend a Pipelines run," but the codebase has a separate "Extending Pipelines" guide that covers GitHub Actions workflow customization. Clarify whether Hooks complement workflow-level extensions or are an alternative path. A sentence noting that Hooks execute commands at specific pipeline points (distinct from modifying GitHub Actions workflows) would help readers choose the right approach.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@docs/2.0/docs/pipelines/guides/hooks/overview.md` around lines 9 - 15, Add
clarification to the Hooks overview section to distinguish Hooks from the
separate "Extending Pipelines" guide that covers GitHub Actions workflow
customization. Insert a sentence after the first paragraph explaining that Hooks
specifically execute commands at defined points within the pipeline run (like
after plan or apply), which is distinct from and complementary to modifying
GitHub Actions workflows themselves. This will help readers understand when to
use Hooks versus workflow-level extensions and which approach is appropriate for
their use case.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In `@docs/2.0/docs/pipelines/guides/hooks/overview.md`:
- Around line 9-15: Add clarification to the Hooks overview section to
distinguish Hooks from the separate "Extending Pipelines" guide that covers
GitHub Actions workflow customization. Insert a sentence after the first
paragraph explaining that Hooks specifically execute commands at defined points
within the pipeline run (like after plan or apply), which is distinct from and
complementary to modifying GitHub Actions workflows themselves. This will help
readers understand when to use Hooks versus workflow-level extensions and which
approach is appropriate for their use case.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 0c6600d2-ee85-49c8-aede-d35d9f207379

📥 Commits

Reviewing files that changed from the base of the PR and between 0583a3b and 046488f.

📒 Files selected for processing (6)

• docs/2.0/docs/pipelines/guides/hooks/authentication.md
• docs/2.0/docs/pipelines/guides/hooks/configuring.md
• docs/2.0/docs/pipelines/guides/hooks/overview.md
• docs/2.0/docs/pipelines/guides/hooks/setup.md
• docs/2.0/docs/pipelines/guides/hooks/slack-deploy-notification.md
• docs/2.0/reference/pipelines/configurations-as-code/api.mdx

✅ Files skipped from review due to trivial changes (5)

• docs/2.0/docs/pipelines/guides/hooks/authentication.md
• docs/2.0/reference/pipelines/configurations-as-code/api.mdx
• docs/2.0/docs/pipelines/guides/hooks/setup.md
• docs/2.0/docs/pipelines/guides/hooks/configuring.md
• docs/2.0/docs/pipelines/guides/hooks/slack-deploy-notification.md

[coderabbitai]

🧹 Nitpick comments (1)

docs/2.0/reference/pipelines/hooks-api.md (1)

21-21: 💤 Low value

Capitalize GitHub as a proper noun.

The CI platform github should be capitalized as GitHub per official branding.

-| `PIPELINES_HOOK_CTX_CI_PLATFORM` | The CI platform running the hook: `github` or `gitlab`. |
+| `PIPELINES_HOOK_CTX_CI_PLATFORM` | The CI platform running the hook: `GitHub` or `GitLab`. |

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@docs/2.0/reference/pipelines/hooks-api.md` at line 21, The documentation for
the PIPELINES_HOOK_CTX_CI_PLATFORM environment variable contains the lowercase
word `github` which does not follow proper branding guidelines. In the
hooks-api.md file, change the lowercase `github` to the properly capitalized
`GitHub` in the table row describing this CI platform constant to maintain
consistency with official branding conventions.

Source: Linters/SAST tools

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In `@docs/2.0/reference/pipelines/hooks-api.md`:
- Line 21: The documentation for the PIPELINES_HOOK_CTX_CI_PLATFORM environment
variable contains the lowercase word `github` which does not follow proper
branding guidelines. In the hooks-api.md file, change the lowercase `github` to
the properly capitalized `GitHub` in the table row describing this CI platform
constant to maintain consistency with official branding conventions.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 5965bea0-b984-4eed-a0ff-6eee42f5703d

📥 Commits

Reviewing files that changed from the base of the PR and between 046488f and 36333cd.

📒 Files selected for processing (4)

• docs/2.0/docs/pipelines/guides/hooks/slack-deploy-notification.md
• docs/2.0/docs/pipelines/guides/hooks/writing-a-hook.md
• docs/2.0/reference/pipelines/configurations-as-code/api.mdx
• docs/2.0/reference/pipelines/hooks-api.md

✅ Files skipped from review due to trivial changes (2)

• docs/2.0/docs/pipelines/guides/hooks/writing-a-hook.md
• docs/2.0/docs/pipelines/guides/hooks/slack-deploy-notification.md

🚧 Files skipped from review as they are similar to previous changes (1)

• docs/2.0/reference/pipelines/configurations-as-code/api.mdx