[Snyk] Fix for 14 vulnerabilities #44
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: OpenAPI generate decorated schema files | |
# **What it does**: On 'Update OpenAPI Descriptions' PRs opened by github-openapi-bot, this workflow runs the script to generate the decorated OpenAPI files and commit them to the PR. | |
# **Why we have it**: So we can consume OpenAPI changes, decorate them, and publish them to the REST API docs. | |
# **Who does it impact**: Anyone making OpenAPI changes in `github/github`, and wanting to get them published on the docs site. | |
on: | |
pull_request: | |
permissions: | |
contents: write | |
pull-requests: write | |
# This allows a subsequently queued workflow run to interrupt previous runs | |
concurrency: | |
group: '${{ github.workflow }} @ ${{ github.event.pull_request.head.label || github.head_ref || github.ref }}' | |
cancel-in-progress: true | |
jobs: | |
generate-decorated-files: | |
if: >- | |
${{ | |
github.repository == 'github/docs-internal' && | |
github.event.pull_request.user.login == 'github-openapi-bot' | |
}} | |
runs-on: ubuntu-latest | |
steps: | |
- name: Label pull requests with 'github-openapi-bot' | |
uses: andymckay/labeler@e6c4322d0397f3240f0e7e30a33b5c5df2d39e90 | |
with: | |
add-labels: 'github-openapi-bot' | |
- name: Checkout repository code | |
uses: actions/checkout@dcd71f646680f2efd8db4afa5ad64fdcba30e748 | |
with: | |
# actions/checkout by default will leave you in a detached head state | |
# so we need to specify the PR head ref explicitly since we're making | |
# changes that we want to commit to the branch. | |
ref: ${{ github.event.pull_request.head.ref }} | |
# Using a PAT is necessary so that the new commit will trigger the | |
# CI in the PR. (Events from GITHUB_TOKEN don't trigger new workflows.) | |
token: ${{ secrets.DOCUBOT_REPO_PAT }} | |
- name: Setup node | |
uses: actions/setup-node@1f8c6b94b26d0feae1e387ca63ccbdc44d27b561 | |
with: | |
node-version: 16.14.x | |
cache: npm | |
- name: Install dependencies | |
run: npm ci | |
- name: Decorate the dereferenced OpenAPI schemas | |
run: script/rest/update-files.js --decorate-only | |
- name: Check in the decorated files | |
uses: EndBug/add-and-commit@050a66787244b10a4874a2a5f682130263edc192 | |
with: | |
# The arguments for the `git add` command | |
add: '["lib/rest/static/apps", "lib/rest/static/decorated"]' | |
# The message for the commit | |
message: 'Add decorated OpenAPI schema files' | |
env: | |
# Disable pre-commit hooks; they don't play nicely with add-and-commit | |
HUSKY: '0' |