Context
docs/content/docs/99.examples/0.index.md and several recipe pages link to bitrix24/b24sdk-examples for paired UI showcases (Nuxt, React) and the legacy Node/Hook starters. Today every reference uses bare https://github.com/bitrix24/b24sdk-examples or https://github.com/bitrix24/b24sdk-examples/tree/main/....
Surfaced by the security pass during PR #116 review: if the external repo is renamed, moved, or — worst case — taken over, links from our docs would silently point at a third party's code. Bare main branch references also break the moment that repo refactors its tree.
Proposal
Lightweight supply-chain hygiene without imposing a sync burden:
- Tag pinning where it matters. Pages that quote a specific recipe (
js/02-nuxt-hook, js/03-nuxt-frame, js/05-node-hook, js/04-react-frame) should link at a known-good tag of b24sdk-examples, not main. Pick the latest stable tag and freeze the references.
- One-line note in
99.examples/0.index.md Contributing section. Tell readers that any new doc link to b24sdk-examples should target a tag, not a branch — same convention.
- CI canary (optional). Add a tiny
docs:lint-external step that issues a HEAD against the canonical b24sdk-examples repo URL once per CI run and warns if it returns 404. Catches takeover / rename early.
(1) and (2) are five-minute fixes; (3) is an opt-in extra.
Acceptance criteria
Out of scope
- Vendoring the examples into this repo. The current split (SDK-native recipes here, paired UI showcases there) is intentional.
- Replicating the same checks for
b24ui or other Bitrix24 repos linked from the docs — they're internally owned, lower supply-chain risk.
Related
Context
docs/content/docs/99.examples/0.index.mdand several recipe pages link to bitrix24/b24sdk-examples for paired UI showcases (Nuxt, React) and the legacy Node/Hook starters. Today every reference uses barehttps://github.com/bitrix24/b24sdk-examplesorhttps://github.com/bitrix24/b24sdk-examples/tree/main/....Surfaced by the security pass during PR #116 review: if the external repo is renamed, moved, or — worst case — taken over, links from our docs would silently point at a third party's code. Bare
mainbranch references also break the moment that repo refactors its tree.Proposal
Lightweight supply-chain hygiene without imposing a sync burden:
js/02-nuxt-hook,js/03-nuxt-frame,js/05-node-hook,js/04-react-frame) should link at a known-good tag ofb24sdk-examples, notmain. Pick the latest stable tag and freeze the references.99.examples/0.index.mdContributing section. Tell readers that any new doc link tob24sdk-examplesshould target a tag, not a branch — same convention.docs:lint-externalstep that issues a HEAD against the canonicalb24sdk-examplesrepo URL once per CI run and warns if it returns 404. Catches takeover / rename early.(1) and (2) are five-minute fixes; (3) is an opt-in extra.
Acceptance criteria
docs/content/docs/**/*.mdforb24sdk-examplesreferences and replace branch links with tag links where the page quotes a specific path.99.examples/0.index.mdto document the convention.curl -Istep to.github/workflows/ci.yml(docs-lintjob) that flags 404 on the canonical URL.Out of scope
b24uior other Bitrix24 repos linked from the docs — they're internally owned, lower supply-chain risk.Related