[Snyk] Security upgrade next from 11.1.4 to 13.5.4 #29
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Enterprise Server Release Search Sync | |
| # **What it does**: This workflow is used during the Enterprise Server release | |
| # process. The Enterprise release checklist includes a step to add a label in | |
| # the format `sync-english-index-for-enterprise-server@<RELEASE NUMBER>`. When | |
| # that label is added, this workflow runs anytime new commits are made to the | |
| # Enterprise release megabranch. The Docubot user commits the search indexes in | |
| # the `lib/search/indexes` directory. | |
| # | |
| # **Why we have it**: The Lunr index for the next Enterprise release doesn't yet | |
| # exist, so we need to generate it. Search wouldn't work at all if we shipped | |
| # the new release without shipping the index for that release at the same time. | |
| # | |
| # **Who does it impact**: The DRI for the Enterprise release, the content | |
| # writers that are a part of the release and the docs-engineering DRI. | |
| on: | |
| workflow_dispatch: | |
| pull_request: | |
| types: | |
| - labeled | |
| - unlabeled | |
| - opened | |
| - reopened | |
| - synchronize | |
| - ready_for_review | |
| - unlocked | |
| permissions: | |
| contents: write | |
| # This allows a subsequently queued workflow run to interrupt previous runs | |
| concurrency: | |
| group: '${{ github.workflow }} @ ${{ github.event.pull_request.head.label || github.head_ref || github.ref }}' | |
| cancel-in-progress: true | |
| # This workflow requires a label in the format `sync-english-index-for-<PLAN@RELEASE>` | |
| jobs: | |
| updateIndices: | |
| name: Update English index for new GHES release | |
| # Skip this check if the event originated from Docubot, to prevent | |
| # infinite runs when Docubot checks in the search indexes in this workflow | |
| if: github.repository == 'github/docs-internal' && github.event.sender.login != 'Docubot' && github.actor != 'dependabot[bot]' | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: checkout | |
| uses: actions/checkout@dcd71f646680f2efd8db4afa5ad64fdcba30e748 | |
| with: | |
| ref: ${{ github.head_ref }} | |
| token: ${{ secrets.DOCUBOT_REPO_PAT }} | |
| - name: Setup Node | |
| uses: actions/setup-node@17f8bd926464a1afa4c6a11669539e9c1ba77048 | |
| with: | |
| node-version: '16.15.0' | |
| cache: npm | |
| - name: Install dependencies | |
| run: npm ci | |
| - name: Get GHES release number from search label if present; only continue if the label is found. | |
| id: getVersion | |
| run: $GITHUB_WORKSPACE/.github/actions-scripts/enterprise-search-label.js | |
| - name: Cache nextjs build | |
| uses: actions/cache@48af2dc4a9e8278b89d7fa154b955c30c6aaab09 | |
| with: | |
| path: .next/cache | |
| key: ${{ runner.os }}-nextjs-${{ hashFiles('package*.json') }} | |
| - name: Generate the search index files | |
| if: ${{ steps.getVersion.outputs.versionToSync }} | |
| env: | |
| VERSION: ${{ steps.getVersion.outputs.versionToSync }} | |
| LANGUAGE: 'en' | |
| run: | | |
| npm run build | |
| npm run sync-search | |
| - name: Commit the index files and push LFS objects | |
| if: ${{ steps.getVersion.outputs.versionToSync }} | |
| run: | | |
| echo 'git config user.name Docubot' | |
| git config user.name Docubot | |
| echo 'git config user.email [email protected]' | |
| git config user.email [email protected] | |
| echo 'git add lib/search/indexes' | |
| git add lib/search/indexes/* | |
| echo 'git commit -m "update search indexes"' | |
| git commit -m 'update search indexes' | |
| echo 'git lfs push --all origin' | |
| git lfs push --all origin | |
| echo 'git push origin' $GITHUB_HEAD_REF '--set-upstream' | |
| git push origin $GITHUB_HEAD_REF --set-upstream |