Skip to content

[Snyk] Fix for 14 vulnerabilities #222

[Snyk] Fix for 14 vulnerabilities

[Snyk] Fix for 14 vulnerabilities #222

name: OpenAPI dev mode check
# **What it does**: Checks that the files in lib/rest/static/decorated match
# the files in lib/rest/static/dereferenced. Checks that the decorated
# schemas in lib/rest/static/decorated are not in development mode.
# Development mode schemas have a branch name and development mode tag in the
# info.version property.
# **Why we have it**: To ensure that we aren't every shipping decorated schemas
# that are out of sync with the source derefereced schema. To ensure that
# decorated schemas generated locally are not published. Locally generated
# decorated schemas are pushing up to the remote for staging purposes only.
# **Who does it impact**: Docs content writers updating REST API docs and
# the docs engineering team as maintainers of the scripts and workflows.
on:
workflow_dispatch:
push:
branches:
- main
pull_request:
paths:
- 'lib/rest/static/**'
- 'script/rest/**/*.js'
- 'script/rest/**/*.json'
- 'package*.json'
- 'lib/redirects/static/**/*.json'
permissions:
contents: read
# This allows a subsequently queued workflow run to interrupt previous runs
concurrency:
group: '${{ github.workflow }} @ ${{ github.event.pull_request.head.label || github.head_ref || github.ref }}'
cancel-in-progress: true
jobs:
check-schema-versions:
if: ${{ github.repository == 'github/docs-internal' }}
runs-on: ${{ fromJSON('["ubuntu-latest", "self-hosted"]')[github.repository == 'github/docs-internal'] }}
steps:
- name: Checkout repository code
uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579
- name: Setup node
uses: actions/setup-node@1f8c6b94b26d0feae1e387ca63ccbdc44d27b561
with:
node-version: 16.14.x
cache: npm
- name: Install dependencies
run: npm ci
# Differences between decorated and dereferenced files indicates a problem
- name: Generate decorated files to check that there are no differences
run: script/rest/update-files.js --decorate-only
- name: Check if deref/decorated schemas are dev mode and that they match
run: .github/actions-scripts/openapi-schema-branch.js