fleet/.github/workflows/test-website.yml

name: Test Fleet website

on:
  pull_request:
    paths:
      - 'website/**'
      - 'docs/**'
      - 'handbook/**'
      - 'schema/**'
      - 'articles/**'

# This allows a subsequently queued workflow run to interrupt previous runs
concurrency:
  group: ${{ github.workflow }}-${{ github.head_ref || github.run_id}}
  cancel-in-progress: true

defaults:
  run:
    # fail-fast using bash -eo pipefail. See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#exit-codes-and-error-action-preference
    shell: bash

permissions:
  contents: read

jobs:
  build:
    runs-on: ubuntu-latest

    strategy:
      matrix:
        node-version: [14.x]

    steps:
    - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v2

    # Set the Node.js version
    - name: Use Node.js ${{ matrix.node-version }}
      uses: actions/setup-node@f1f314fca9dfce2769ece7d933488f076716723e # v1
      with:
        node-version: ${{ matrix.node-version }}

    # Now start building!
    # > …but first, get a little crazy for a sec and delete the top-level package.json file
    # > i.e. the one used by the Fleet server.  This is because require() in node will go
    # > hunting in ancestral directories for missing dependencies, and since some of the
    # > bundled transpiler tasks sniff for package availability using require(), this trips
    # > up when it encounters another Node universe in the parent directory.
    - run: rm -rf package.json package-lock.json node_modules/
    # > Turns out there's a similar issue with how eslint plugins are looked up, so we
    # > delete the top level .eslintrc file too.
    - run: rm -f .eslintrc.js

    # Get dependencies (including dev deps)
    - run: cd website/ && npm install

    # Run sanity checks
    - run: cd website/ && npm test

    # Compile assets
    - run: cd website/ && npm run build-for-prod
Add GitHub Action to test website on PR (#579) 2021-04-02 20:33:36 +00:00			`name: Test Fleet website`

			`on:`
			`pull_request:`
			`paths:`
Fix path for website test (#581) 2021-04-02 21:41:27 +00:00			`- 'website/**'`
remove concept of "Detection", for now (in favor of what's coming) (#2046) * remove concept of "Detection", for now (in favor of what's coming) * remove extra --- to make YAML parse properly * Simplify the check to remove remediation check for now * Run compile script any time docs or handbook is changed 2021-09-14 16:43:45 +00:00			`- 'docs/**'`
			`- 'handbook/**'`
Update test-website.yml (#8076) 2022-10-04 17:52:00 +00:00			`- 'schema/**'`
Update test-website.yml (#9042) 2022-12-21 16:29:56 +00:00			`- 'articles/**'`
Add GitHub Action to test website on PR (#579) 2021-04-02 20:33:36 +00:00
add concurrency to ci (#8271) * add concurrency to ci * add readme for workflows 2022-10-24 20:01:00 +00:00			`# This allows a subsequently queued workflow run to interrupt previous runs`
			`concurrency:`
			`group: ${{ github.workflow }}-${{ github.head_ref \|\| github.run_id}}`
			`cancel-in-progress: true`

set default shell in workflows (#8108) * wait for mysql in workflows 2022-10-07 15:43:56 +00:00			`defaults:`
			`run:`
			`# fail-fast using bash -eo pipefail. See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#exit-codes-and-error-action-preference`
			`shell: bash`

Adding permissions to some workflows (#4698) * Adding permissions to docs.yml and integration.yml * Update codeql-analysis.yml Adding top level read permissions to codeql workflow * Update codeql-analysis.yml Adding manual dispatch to codeql - to be able to test it easier * Update deploy-fleet-website.yml Adding top level read permission + write in the job so it can push the website * Update test-website.yml test-website should only need read permissions on content. * Update fleet-and-orbit.yml Testing Fleet and Orbit should be fine with top level read access * Update fleetctl-preview.yml fleetctl-preview should be fine with just read access at top level * Update push-osquery-perf-to-ecr.yml ECR is out of github so read permissions should be enough * Update semgrep-analysis.yml semgrep should only need read * Update test-packaging.yml Should only need read permission - setting on top * Update test.yml Should not need any write access - setting to READ on top. * Update deploy-fleet-website.yml Removing git write permission - since this pushes to Heroku not GitHub * Tweaked as per Zach's comments Removed some useless restrictions (contents none on a public repo for example) * Removed meaningless permissions contents: none - this does not have any security advantage on a public repo 2022-03-25 18:19:42 +00:00			`permissions:`
			`contents: read`

Add GitHub Action to test website on PR (#579) 2021-04-02 20:33:36 +00:00			`jobs:`
			`build:`
			`runs-on: ubuntu-latest`

			`strategy:`
			`matrix:`
			`node-version: [14.x]`

			`steps:`
Bump actions/checkout from 2 to 3.0.2 (#7301) Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 3.0.2. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v2...2541b1294d2704b0964813337f33b291d3f8596b) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> 2022-08-31 10:44:22 +00:00			`- uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v2`
Add GitHub Action to test website on PR (#579) 2021-04-02 20:33:36 +00:00
			`# Set the Node.js version`
			`- name: Use Node.js ${{ matrix.node-version }}`
4620 pin action dependencies (#4622) * Update build-binaries.yaml Pin action versions + add read only token to build-binaries.yaml * Update codeql-analysis.yml Pin dependencies with hash for codeql-analysis.yml * Update deploy-fleet-website.yml Pin dependencies in deploy-fleet-website.yml * Update docs.yml Pin dependencies for docs.yml * Update fleet-and-orbit.yml Pinning dependencies for fleet-and-orbit.yml * Update generate-osqueryd-app-tar-gz.yml Pin dependencies for generate-osqueryd-app-tar-gz.yml * Pin dependencies in goreleaser workflows Pinned dependencies in the 3 goreleaser workflows * Update integration.yml Pinned dependencies with hash * Update pr-helm.yaml Pinned dependencies with hash * Update push-osquery-perf-to-ecr.yml Pinned dependencies with a hash * Update release-helm.yaml Pinned one dependency with a hash * Update semgrep-analysis.yml Pinned dependencies with hashes * Update test-go.yaml Pinned dependencies with hash * Update test-packaging.yml Pinned dependencies with hashes * Update test-website.yml Pinned dependencies with hashes * Update test.yml Pinned dependencies with hashes 2022-03-16 19:42:28 +00:00			`uses: actions/setup-node@f1f314fca9dfce2769ece7d933488f076716723e # v1`
Add GitHub Action to test website on PR (#579) 2021-04-02 20:33:36 +00:00			`with:`
			`node-version: ${{ matrix.node-version }}`

			`# Now start building!`
			`# > …but first, get a little crazy for a sec and delete the top-level package.json file`
			`# > i.e. the one used by the Fleet server. This is because require() in node will go`
			`# > hunting in ancestral directories for missing dependencies, and since some of the`
			`# > bundled transpiler tasks sniff for package availability using require(), this trips`
			`# > up when it encounters another Node universe in the parent directory.`
			`- run: rm -rf package.json package-lock.json node_modules/`
			`# > Turns out there's a similar issue with how eslint plugins are looked up, so we`
			`# > delete the top level .eslintrc file too.`
			`- run: rm -f .eslintrc.js`

			`# Get dependencies (including dev deps)`
			`- run: cd website/ && npm install`

			`# Run sanity checks`
			`- run: cd website/ && npm test`

			`# Compile assets`
			`- run: cd website/ && npm run build-for-prod`