[Snyk] Security upgrade next from 12.2.4 to 14.2.15 #25
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: 'Link Checker: All English' | |
| # **What it does**: Renders the content of every page and check all internal links. | |
| # **Why we have it**: To make sure all links connect correctly. | |
| # **Who does it impact**: Docs content. | |
| on: | |
| workflow_dispatch: | |
| merge_group: | |
| push: | |
| branches: | |
| - main | |
| pull_request: | |
| permissions: | |
| contents: read | |
| # Needed for the 'trilom/file-changes-action' action | |
| pull-requests: read | |
| # This allows a subsequently queued workflow run to interrupt previous runs | |
| concurrency: | |
| group: '${{ github.workflow }} @ ${{ github.event.pull_request.head.label || github.head_ref || github.ref }}' | |
| cancel-in-progress: true | |
| jobs: | |
| check-links: | |
| runs-on: ${{ fromJSON('["ubuntu-latest", "ubuntu-20.04-xl"]')[github.repository == 'github/docs-internal'] }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@dcd71f646680f2efd8db4afa5ad64fdcba30e748 | |
| - name: Setup node | |
| uses: actions/setup-node@17f8bd926464a1afa4c6a11669539e9c1ba77048 | |
| with: | |
| node-version: '16.15.0' | |
| cache: npm | |
| - name: Install | |
| run: npm ci | |
| - name: Gather files changed | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| PR: ${{ github.event.pull_request.number }} | |
| HEAD: ${{ github.event.pull_request.head.ref || github.event.merge_group.head_ref }} | |
| run: | | |
| # Find the file diff in the pull request or merge group | |
| # If its a pull request, use the faster call to the GitHub API | |
| # For push, workflow_dispatch, and merge_group, use git diff | |
| if [ -n "$PR" ] | |
| then | |
| echo __ running gh pr diff __ | |
| DIFF=`gh pr diff $PR --name-only` | |
| elif [ -n "$HEAD" ] | |
| then | |
| echo __ running git fetch main __ | |
| git fetch origin main --depth 1 | |
| echo __ running git diff __ | |
| DIFF=`git diff --name-only origin/main` | |
| else | |
| echo __ no head, empty diff __ | |
| DIFF='' | |
| fi | |
| # So we can inspect the output | |
| echo __ DIFF found __ | |
| echo $DIFF | |
| # Formats into single line JSON array, removing any empty strings | |
| echo __ format, write to files.json __ | |
| echo $DIFF | \ | |
| tr ' ' '\n' | \ | |
| jq --raw-input | \ | |
| jq --slurp --compact-output 'map(select(length > 0))' \ | |
| > $HOME/files.json | |
| - name: Link check (warnings, changed files) | |
| env: | |
| # Don't care about CDN caching image URLs | |
| DISABLE_REWRITE_ASSET_URLS: true | |
| run: | | |
| # Note as of Aug 2022, we *don't* check external links | |
| # on the pages you touched in the PR. We could enable that | |
| # but it has the added risk of false positives blocking CI. | |
| # We are using this script for the daily/nightly checker that | |
| # checks external links too. Once we're confident it really works | |
| # well, we can consider enabling it here on every content PR too. | |
| ./script/rendered-content-link-checker.js \ | |
| --language en \ | |
| --max 100 \ | |
| --check-anchors \ | |
| --check-images \ | |
| --verbose \ | |
| --list $HOME/files.json | |
| - name: Link check (critical, all files) | |
| env: | |
| # Don't care about CDN caching image URLs | |
| DISABLE_REWRITE_ASSET_URLS: true | |
| run: | | |
| ./script/rendered-content-link-checker.js \ | |
| --language en \ | |
| --exit \ | |
| --verbose \ | |
| --check-images \ | |
| --level critical |