-
Notifications
You must be signed in to change notification settings - Fork 39
192 lines (150 loc) · 5.96 KB
/
ci.yml
File metadata and controls
192 lines (150 loc) · 5.96 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
name: ci
on:
push:
branches:
- main
pull_request:
permissions:
contents: read
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: ${{ github.ref != 'refs/heads/main' }}
env:
NUGET_PACKAGES: ${{ github.workspace }}/.nuget/packages
jobs:
validate-assembler:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
- name: Bootstrap Action Workspace
id: bootstrap
uses: ./.github/actions/bootstrap
- name: Validate Navigation
run: dotnet run --project src/tooling/docs-builder -c release -- assembler navigation validate
- name: Validate Content Sources
run: dotnet run --project src/tooling/docs-builder -c release -- assembler content-source validate
build-link-index-updater-lambda:
uses: ./.github/workflows/build-link-index-updater-lambda.yml
synthetics:
runs-on: ubuntu-latest
env:
MSBuildNoWarn: IDE0032
steps:
- uses: actions/checkout@v6
- name: Bootstrap Action Workspace
id: bootstrap
uses: ./.github/actions/bootstrap
- name: Install dependencies
working-directory: src/Elastic.Documentation.Site
run: npm ci
- name: Run assembler
run: |
mkdir ../assembler-workspace
cd ../assembler-workspace
dotnet run --project ../docs-builder/src/tooling/docs-builder -- assembler config init --local
dotnet run --project ../docs-builder/src/tooling/docs-builder -- assembler clone -c local --skip-private-repositories
dotnet run --project ../docs-builder/src/tooling/docs-builder -- assembler build -c local --skip-private-repositories
dotnet run --project ../docs-builder/src/tooling/docs-builder -- assembler serve &
- name: Wait for docs
working-directory: src/Elastic.Documentation.Site
run: npx wait-on http-get://localhost:4000/docs
- name: Run synthetics
working-directory: src/Elastic.Documentation.Site
run: npm run synthetics:test
npm:
runs-on: ubuntu-latest
defaults:
run:
working-directory: src/Elastic.Documentation.Site
steps:
- uses: actions/checkout@v6
- uses: actions/setup-node@v6
with:
cache: npm
cache-dependency-path: src/Elastic.Documentation.Site/package-lock.json
node-version-file: .nvmrc
- name: Install dependencies
run: npm ci
- name: Check shai-hulud attack
run: |
# shai hulud v1
# https://semgrep.dev/blog/2025/security-advisory-npm-packages-using-secret-scanning-tools-to-steal-credentials/
if find . -type f -name "*.js" -exec sha256sum {} \; | grep -q "46faab8ab153fae6e80e7cca38eab363075bb524edd79e42269217a083628f09"; then
echo "Vulnerable version of serialize-javascript found in:"
find . -type f -name "*.js" -exec sha256sum {} \; | grep "46faab8ab153fae6e80e7cca38eab363075bb524edd79e42269217a083628f09" | awk '{print $2}'
exit 1
fi
# shai hulud v2
# https://www.wiz.io/blog/shai-hulud-2-0-ongoing-supply-chain-attack#malware-hashes-65
if find . -type f -name "*.js" -exec sha1sum {} \; | grep -q "d1829b4708126dcc7bea7437c04d1f10eacd4a16"; then
echo "Vulnerable version of serialize-javascript found in:"
find . -type f -name "*.js" -exec sha1sum {} \; | grep "d1829b4708126dcc7bea7437c04d1f10eacd4a16" | awk '{print $2}'
exit 1
fi
- name: Lint
run: npm run lint
- name: Format
run: npm run fmt:check
- name: Compile
run: npm run compile:check
- name: Build
run: npm run build
- name: Test
run: npm run test
lint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
- name: Bootstrap Action Workspace
id: bootstrap
uses: ./.github/actions/bootstrap
- name: Lint
run: dotnet run --project build -c release -- lint
build:
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
matrix:
os:
- ubuntu-latest
- macos-latest
- windows-latest
steps:
- uses: actions/checkout@v6
- name: 'Windows only, set TEMP to the same drive'
if: ${{ matrix.os == 'windows-latest' }}
# temporary waiting for https://github.com/parcel-bundler/parcel/pull/10095 to fix
run: |
mkdir "D:\\Temp"
echo "TEMP=D:\\Temp" >> $env:GITHUB_ENV
- name: Bootstrap Action Workspace
id: bootstrap
uses: ./.github/actions/bootstrap
- name: Install Aspire workload
run: dotnet workload install aspire
- name: Compile
run: dotnet run --project build -c release -- compile
- name: Test
run: dotnet run --project build -c release -- unit-test
- name: Publish AOT
if: ${{ github.event_name == 'push' && matrix.os != 'ubuntu-latest' }} # publish containers already validates AOT build
run: dotnet run --project build -c release -- publishbinaries
- name: Publish Containers
if: ${{ github.event_name == 'push' && matrix.os == 'ubuntu-latest' }}
env:
DOCKER_NO_PUBLISH: true
run: dotnet run --project build -c release -- publishcontainers
- name: Run Container
if: ${{ github.event_name == 'push' && matrix.os == 'ubuntu-latest' }}
run: dotnet run --project build -c release -- runlocalcontainer
integration:
runs-on: docs-builder-latest-16
steps:
- uses: actions/checkout@v6
- name: Bootstrap Action Workspace
id: bootstrap
uses: ./.github/actions/bootstrap
- name: Install Aspire workload
run: dotnet workload install aspire
- name: Integration Tests
run: dotnet run --project build -c release -- integrate