Skip to content

[Snyk] Security upgrade sharp from 0.31.3 to 0.32.6 #4215

[Snyk] Security upgrade sharp from 0.31.3 to 0.32.6

[Snyk] Security upgrade sharp from 0.31.3 to 0.32.6 #4215

Workflow file for this run

name: Test
# **What it does**: Runs our tests.
# **Why we have it**: We want our tests to pass before merging code.
# **Who does it impact**: Docs engineering, open-source engineering contributors.
on:
workflow_dispatch:
merge_group:
pull_request:
permissions:
contents: read
pull-requests: read
# This allows a subsequently queued workflow run to interrupt previous runs
concurrency:
group: '${{ github.workflow }} @ ${{ github.event.pull_request.head.label || github.head_ref || github.ref }}'
cancel-in-progress: true
env:
# Setting this will activate the jest tests that depend on actually
# sending real search queries to Elasticsearch
ELASTICSEARCH_URL: http://localhost:9200/
# Hopefully the name is clear enough. By enabling this, we're testing
# the future code.
ENABLE_SEARCH_RESULTS_PAGE: true
jobs:
figureOutMatrix:
if: github.repository == 'github/docs-internal' || github.repository == 'github/docs'
runs-on: ubuntu-latest
outputs:
matrix: ${{ steps.set-matrix.outputs.result }}
steps:
- uses: actions/github-script@98814c53be79b1d30f795b907e553d8679345975
id: set-matrix
with:
script: |
// We only want to run the 'translations' suite when we know
// we're on the private docs-internal repo because only that
// one has ability to clone the remote (private) translations
// repos.
return [
{ name: 'content', path: 'tests/content', },
{ name: 'graphql', path: 'tests/graphql', },
{ name: 'events', path: 'src/events/tests', },
{ name: 'automated-pipelines', path: 'src/automated-pipelines/tests', },
{ name: 'rest', path: 'src/rest/tests', },
{ name: 'webhooks', path: 'src/webhooks/tests', },
{ name: 'linting', path: 'tests/linting', },
{ name: 'meta', path: 'tests/meta', },
{ name: 'routing', path: 'tests/routing', },
{ name: 'rendering', path: 'tests/rendering', },
{ name: 'rendering-fixtures', path: 'tests/rendering-fixtures', },
{ name: 'search', path: 'src/search/tests', },
context.payload.repository.full_name === 'github/docs-internal' &&
{ name: 'translations', path: 'tests/translations', },
{ name: 'unit', path: 'tests/unit', },
].filter(Boolean)
test:
name: ${{ matrix.name }}
needs: figureOutMatrix
# Run on ubuntu-20.04-xl if the private repo or ubuntu-latest if the public repo
# See pull # 17442 in the private repo for context
runs-on: ${{ fromJSON('["ubuntu-latest", "ubuntu-20.04-xl"]')[github.repository == 'github/docs-internal'] }}
timeout-minutes: 60
strategy:
fail-fast: false
matrix:
include: ${{ fromJSON(needs.figureOutMatrix.outputs.matrix) }}
steps:
# Each of these ifs needs to be repeated at each step to make sure the required check still runs
# Even if if doesn't do anything
- name: Check out repo
uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8
- uses: ./.github/actions/setup-elasticsearch
if: ${{ matrix.name == 'search' || matrix.name == 'translations' }}
- uses: ./.github/actions/node-npm-setup
- uses: ./.github/actions/get-docs-early-access
if: ${{ github.repository == 'github/docs-internal' }}
with:
token: ${{ secrets.DOCUBOT_REPO_PAT }}
- name: Check the test fixture data (if applicable)
if: ${{ matrix.name == 'rendering-fixtures' }}
run: ./script/copy-fixture-data.js --check
# This keeps our fixture content/data in check
- name: Check the test fixture content (if applicable)
if: ${{ matrix.name == 'rendering-fixtures' }}
env:
ROOT: tests/fixtures
run: |
# If either of these fail, it means our fixture content's internal
# links can and should be updated.
./script/update-internal-links.js --dry-run --check --strict \
tests/fixtures/content \
--exclude tests/fixtures/content/get-started/foo/typo-autotitling.md \
--exclude tests/fixtures/content/get-started/foo/anchor-autotitling.md
./script/update-internal-links.js --dry-run --check --strict \
tests/fixtures/data
- name: Clone all translations
if: ${{ matrix.name == 'translations' }}
uses: ./.github/actions/clone-translations
with:
token: ${{ secrets.DOCUBOT_REPO_PAT }}
- name: Gather files changed
if: ${{ matrix.name == 'linting' }}
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
PR: ${{ github.event.pull_request.number }}
HEAD: ${{ github.event.pull_request.head.ref || github.event.merge_group.head_ref }}
run: |
# Find the file diff in the pull request or merge group
# If its a pull request, use the faster call to the GitHub API
# For push, workflow_dispatch, and merge_group, use git diff
if [ -n "$PR" ]
then
echo __ running gh pr diff __
DIFF=`gh pr diff $PR --name-only`
elif [ -n "$HEAD" ]
then
echo __ running git fetch main __
git fetch origin main --depth 1
echo __ running git diff __
DIFF=`git diff --name-only origin/main`
else
echo __ no head, empty diff __
DIFF=''
fi
# So we can inspect the output
echo __ DIFF found __
echo $DIFF
# So that becomes a string like `foo.js path/bar.md`
# Must to do this because the list of files can be HUGE. Especially
# in a repo-sync when there are lots of translation files involved.
echo __ format, write to get_diff_files.txt __
echo $DIFF | tr '\n' ' ' > get_diff_files.txt
- name: Cache nextjs build
uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7
with:
path: .next/cache
key: ${{ runner.os }}-nextjs-${{ hashFiles('package*.json') }}
- name: Run build script
run: npm run build
- name: Disk cache used by getRemoteJSON function in middleware
uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7
with:
path: .remotejson-cache
# Very liberal cache key. Note, for this to become populated
# for other branches, you have to manually run this workflow
# at least once using the "Run workflow" button.
key: ${{ runner.os }}-remotejson
- name: Index fixtures into the local Elasticsearch
# For the sake of saving time, only run this step if the group
# is one that will run tests against an Elasticsearch on localhost.
if: ${{ matrix.name == 'search' || matrix.name == 'translations' }}
run: npm run index-test-fixtures
- name: Run tests
env:
DIFF_FILE: get_diff_files.txt
CHANGELOG_CACHE_FILE_PATH: tests/fixtures/changelog-feed.json
# By default, when `process.env.NODE_ENV === 'test'` it forces the
# tests run only in English. The exception is the
# `tests/translations/` suite which needs all languages to be set up.
ENABLED_LANGUAGES: ${{ matrix.name == 'translations' && 'all' || '' }}
ROOT: ${{ matrix.name == 'rendering-fixtures' && 'tests/fixtures' || ''}}
run: npm test -- ${{ matrix.path }}/