[Snyk] Fix for 5 vulnerabilities #39
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Node.js Tests | |
# **What it does**: Runs our tests. | |
# **Why we have it**: We want our tests to pass before merging code. | |
# **Who does it impact**: Docs engineering, open-source engineering contributors. | |
on: | |
workflow_dispatch: | |
merge_group: | |
pull_request: | |
permissions: | |
contents: read | |
pull-requests: read | |
# This allows a subsequently queued workflow run to interrupt previous runs | |
concurrency: | |
group: '${{ github.workflow }} @ ${{ github.event.pull_request.head.label || github.head_ref || github.ref }}' | |
cancel-in-progress: true | |
env: | |
# Setting this will activate the jest tests that depend on actually | |
# sending real search queries to Elasticsearch | |
ELASTICSEARCH_URL: http://localhost:9200/ | |
# Hopefully the name is clear enough. By enabling this, we're testing | |
# the future code. | |
ENABLE_SEARCH_RESULTS_PAGE: true | |
jobs: | |
figureOutMatrix: | |
if: github.repository == 'github/docs-internal' || github.repository == 'github/docs' | |
runs-on: ubuntu-latest | |
outputs: | |
matrix: ${{ steps.set-matrix.outputs.result }} | |
steps: | |
- uses: actions/github-script@98814c53be79b1d30f795b907e553d8679345975 | |
id: set-matrix | |
with: | |
script: | | |
// We only want to run the 'translations' suite when we know | |
// we're on the private docs-internal repo because only that | |
// one has ability to clone the remote (private) translations | |
// repos. | |
const all = [ | |
'content', | |
'graphql', | |
'meta', | |
'rendering', | |
'routing', | |
'unit', | |
'linting', | |
'rendering-fixtures', | |
]; | |
if (context.payload.repository.full_name === 'github/docs-internal') { | |
all.push('translations'); | |
} | |
return all; | |
test: | |
needs: figureOutMatrix | |
# Run on ubuntu-20.04-xl if the private repo or ubuntu-latest if the public repo | |
# See pull # 17442 in the private repo for context | |
runs-on: ${{ fromJSON('["ubuntu-latest", "ubuntu-20.04-xl"]')[github.repository == 'github/docs-internal'] }} | |
timeout-minutes: 60 | |
strategy: | |
fail-fast: false | |
matrix: | |
test-group: ${{ fromJSON(needs.figureOutMatrix.outputs.matrix) }} | |
steps: | |
- name: Install a local Elasticsearch for testing | |
# For the sake of saving time, only run this step if the test-group | |
# is one that will run tests against an Elasticsearch on localhost. | |
if: ${{ matrix.test-group == 'content' || matrix.test-group == 'translations' }} | |
uses: getong/elasticsearch-action@95b501ab0c83dee0aac7c39b7cea3723bef14954 | |
with: | |
# Make sure this matches production and `sync-search-pr.yml` | |
elasticsearch version: '7.11.1' | |
host port: 9200 | |
container port: 9200 | |
host node port: 9300 | |
node port: 9300 | |
discovery type: 'single-node' | |
# Each of these ifs needs to be repeated at each step to make sure the required check still runs | |
# Even if if doesn't do anything | |
- name: Check out repo | |
uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 | |
- uses: ./.github/actions/node-npm-setup | |
- uses: ./.github/actions/get-docs-early-access | |
if: ${{ github.repository == 'github/docs-internal' }} | |
with: | |
token: ${{ secrets.DOCUBOT_REPO_PAT }} | |
- name: Check the test fixture data (if applicable) | |
if: ${{ matrix.test-group == 'rendering-fixtures' }} | |
run: ./script/copy-fixture-data.js --check | |
# This keeps our fixture content/data in check | |
- name: Check the test fixture content (if applicable) | |
if: ${{ matrix.test-group == 'rendering-fixtures' }} | |
env: | |
ROOT: tests/fixtures | |
run: | | |
# If either of these fail, it means our fixture content's internal | |
# links can and should be updated. | |
./script/update-internal-links.js --dry-run --check --strict --verbose \ | |
tests/fixtures/content \ | |
--exclude tests/fixtures/content/get-started/foo/typo-autotitling.md | |
./script/update-internal-links.js --dry-run --check --strict --verbose \ | |
tests/fixtures/data | |
- name: Clone all translations | |
if: ${{ matrix.test-group == 'translations' }} | |
uses: ./.github/actions/clone-translations | |
with: | |
token: ${{ secrets.DOCUBOT_REPO_PAT }} | |
- name: Gather files changed | |
env: | |
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
PR: ${{ github.event.pull_request.number }} | |
HEAD: ${{ github.event.pull_request.head.ref || github.event.merge_group.head_ref }} | |
run: | | |
# Find the file diff in the pull request or merge group | |
# If its a pull request, use the faster call to the GitHub API | |
# For push, workflow_dispatch, and merge_group, use git diff | |
if [ -n "$PR" ] | |
then | |
echo __ running gh pr diff __ | |
DIFF=`gh pr diff $PR --name-only` | |
elif [ -n "$HEAD" ] | |
then | |
echo __ running git fetch main __ | |
git fetch origin main --depth 1 | |
echo __ running git diff __ | |
DIFF=`git diff --name-only origin/main` | |
else | |
echo __ no head, empty diff __ | |
DIFF='' | |
fi | |
# So we can inspect the output | |
echo __ DIFF found __ | |
echo $DIFF | |
# So that becomes a string like `foo.js path/bar.md` | |
# Must to do this because the list of files can be HUGE. Especially | |
# in a repo-sync when there are lots of translation files involved. | |
echo __ format, write to get_diff_files.txt __ | |
echo $DIFF | tr '\n' ' ' > get_diff_files.txt | |
- name: Cache nextjs build | |
uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7 | |
with: | |
path: .next/cache | |
key: ${{ runner.os }}-nextjs-${{ hashFiles('package*.json') }} | |
- name: Run build script | |
run: npm run build | |
- name: Index fixtures into the local Elasticsearch | |
# For the sake of saving time, only run this step if the test-group | |
# is one that will run tests against an Elasticsearch on localhost. | |
if: ${{ matrix.test-group == 'content' || matrix.test-group == 'translations' }} | |
run: npm run index-test-fixtures | |
- name: Run tests | |
env: | |
DIFF_FILE: get_diff_files.txt | |
CHANGELOG_CACHE_FILE_PATH: tests/fixtures/changelog-feed.json | |
# By default, when `process.env.NODE_ENV === 'test'` it forces the | |
# tests run only in English. The exception is the | |
# `tests/translations/` suite which needs all languages to be set up. | |
ENABLED_LANGUAGES: ${{ matrix.test-group == 'translations' && 'all' || '' }} | |
ROOT: ${{ matrix.test-group == 'rendering-fixtures' && 'tests/fixtures' || ''}} | |
run: npm test -- tests/${{ matrix.test-group }}/ |