[Snyk] Fix for 14 vulnerabilities #322
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Node.js Tests | |
# **What it does**: Runs our tests. | |
# **Why we have it**: We want our tests to pass before merging code. | |
# **Who does it impact**: Docs engineering, open-source engineering contributors. | |
on: | |
workflow_dispatch: | |
pull_request: | |
push: | |
branches: | |
- gh-readonly-queue/main/** | |
permissions: | |
contents: read | |
# Needed for the 'trilom/file-changes-action' action | |
pull-requests: read | |
# This allows a subsequently queued workflow run to interrupt previous runs | |
concurrency: | |
group: '${{ github.workflow }} @ ${{ github.event.pull_request.head.label || github.head_ref || github.ref }}' | |
cancel-in-progress: true | |
jobs: | |
test: | |
# Run on self-hosted if the private repo or ubuntu-latest if the public repo | |
# See pull # 17442 in the private repo for context | |
runs-on: ${{ fromJSON('["ubuntu-latest", "self-hosted"]')[github.repository == 'github/docs-internal'] }} | |
timeout-minutes: 60 | |
strategy: | |
fail-fast: false | |
matrix: | |
# The same array lives in test-windows.yml, so make any updates there too. | |
test-group: | |
[ | |
content, | |
graphql, | |
meta, | |
rendering, | |
routing, | |
unit, | |
linting, | |
translations, | |
] | |
steps: | |
# Each of these ifs needs to be repeated at each step to make sure the required check still runs | |
# Even if if doesn't do anything | |
- name: Check out repo | |
uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 | |
with: | |
# Not all test suites need the LFS files. So instead, we opt to | |
# NOT clone them initially and instead, include them manually | |
# only for the test groups that we know need the files. | |
lfs: ${{ matrix.test-group == 'content' }} | |
# Enables cloning the Early Access repo later with the relevant PAT | |
persist-credentials: 'false' | |
- name: Figure out which docs-early-access branch to checkout, if internal repo | |
if: ${{ github.repository == 'github/docs-internal' }} | |
id: check-early-access | |
uses: actions/github-script@2b34a689ec86a68d8ab9478298f91d5401337b7d | |
env: | |
BRANCH_NAME: ${{ github.head_ref || github.ref_name }} | |
with: | |
github-token: ${{ secrets.DOCUBOT_REPO_PAT }} | |
result-encoding: string | |
script: | | |
// If being run from a PR, this becomes 'my-cool-branch'. | |
// If run on main, with the `workflow_dispatch` action for | |
// example, the value becomes 'main'. | |
const { BRANCH_NAME } = process.env | |
try { | |
const response = await github.repos.getBranch({ | |
owner: 'github', | |
repo: 'docs-early-access', | |
BRANCH_NAME, | |
}) | |
console.log(`Using docs-early-access branch called '${BRANCH_NAME}'.`) | |
return BRANCH_NAME | |
} catch (err) { | |
if (err.status === 404) { | |
console.log(`There is no docs-early-access branch called '${BRANCH_NAME}' so checking out 'main' instead.`) | |
return 'main' | |
} | |
throw err | |
} | |
- name: Check out docs-early-access too, if internal repo | |
if: ${{ github.repository == 'github/docs-internal' }} | |
uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 | |
with: | |
repository: github/docs-early-access | |
token: ${{ secrets.DOCUBOT_REPO_PAT }} | |
path: docs-early-access | |
ref: ${{ steps.check-early-access.outputs.result }} | |
- name: Merge docs-early-access repo's folders | |
if: ${{ github.repository == 'github/docs-internal' }} | |
run: | | |
mv docs-early-access/assets assets/images/early-access | |
mv docs-early-access/content content/early-access | |
mv docs-early-access/data data/early-access | |
rm -r docs-early-access | |
# This is necessary when LFS files where cloned but does nothing | |
# if actions/checkout was run with `lfs:false`. | |
- name: Checkout LFS objects | |
run: git lfs checkout | |
- name: Gather files changed | |
uses: trilom/file-changes-action@a6ca26c14274c33b15e6499323aac178af06ad4b | |
id: get_diff_files | |
with: | |
# So that `steps.get_diff_files.outputs.files` becomes | |
# a string like `foo.js path/bar.md` | |
output: ' ' | |
- name: Insight into changed files | |
run: | | |
# Must to do this because the list of files can be HUGE. Especially | |
# in a repo-sync when there are lots of translation files involved. | |
echo "${{ steps.get_diff_files.outputs.files }}" > get_diff_files.txt | |
- name: Setup node | |
uses: actions/setup-node@1f8c6b94b26d0feae1e387ca63ccbdc44d27b561 | |
with: | |
node-version: 16.14.x | |
cache: npm | |
- name: Install dependencies | |
run: npm ci | |
- name: Cache nextjs build | |
uses: actions/cache@937d24475381cd9c75ae6db12cb4e79714b926ed | |
with: | |
path: .next/cache | |
key: ${{ runner.os }}-nextjs-${{ hashFiles('package*.json') }} | |
- name: Run build script | |
run: npm run build | |
- name: Run tests | |
env: | |
DIFF_FILE: get_diff_files.txt | |
CHANGELOG_CACHE_FILE_PATH: tests/fixtures/changelog-feed.json | |
run: npm test -- tests/${{ matrix.test-group }}/ |