[Snyk] Fix for 14 vulnerabilities #222
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: OpenAPI dev mode check | |
# **What it does**: Checks that the files in lib/rest/static/decorated match | |
# the files in lib/rest/static/dereferenced. Checks that the decorated | |
# schemas in lib/rest/static/decorated are not in development mode. | |
# Development mode schemas have a branch name and development mode tag in the | |
# info.version property. | |
# **Why we have it**: To ensure that we aren't every shipping decorated schemas | |
# that are out of sync with the source derefereced schema. To ensure that | |
# decorated schemas generated locally are not published. Locally generated | |
# decorated schemas are pushing up to the remote for staging purposes only. | |
# **Who does it impact**: Docs content writers updating REST API docs and | |
# the docs engineering team as maintainers of the scripts and workflows. | |
on: | |
workflow_dispatch: | |
push: | |
branches: | |
- main | |
pull_request: | |
paths: | |
- 'lib/rest/static/**' | |
- 'script/rest/**/*.js' | |
- 'script/rest/**/*.json' | |
- 'package*.json' | |
- 'lib/redirects/static/**/*.json' | |
permissions: | |
contents: read | |
# This allows a subsequently queued workflow run to interrupt previous runs | |
concurrency: | |
group: '${{ github.workflow }} @ ${{ github.event.pull_request.head.label || github.head_ref || github.ref }}' | |
cancel-in-progress: true | |
jobs: | |
check-schema-versions: | |
if: ${{ github.repository == 'github/docs-internal' }} | |
runs-on: ${{ fromJSON('["ubuntu-latest", "self-hosted"]')[github.repository == 'github/docs-internal'] }} | |
steps: | |
- name: Checkout repository code | |
uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 | |
- name: Setup node | |
uses: actions/setup-node@1f8c6b94b26d0feae1e387ca63ccbdc44d27b561 | |
with: | |
node-version: 16.14.x | |
cache: npm | |
- name: Install dependencies | |
run: npm ci | |
# Differences between decorated and dereferenced files indicates a problem | |
- name: Generate decorated files to check that there are no differences | |
run: script/rest/update-files.js --decorate-only | |
- name: Check if deref/decorated schemas are dev mode and that they match | |
run: .github/actions-scripts/openapi-schema-branch.js |