mirror of
https://github.com/fleetdm/fleet
synced 2026-05-14 12:38:41 +00:00
b94972351f
* Adding permissions to docs.yml and integration.yml * Update codeql-analysis.yml Adding top level read permissions to codeql workflow * Update codeql-analysis.yml Adding manual dispatch to codeql - to be able to test it easier * Update deploy-fleet-website.yml Adding top level read permission + write in the job so it can push the website * Update test-website.yml test-website should only need read permissions on content. * Update fleet-and-orbit.yml Testing Fleet and Orbit should be fine with top level read access * Update fleetctl-preview.yml fleetctl-preview should be fine with just read access at top level * Update push-osquery-perf-to-ecr.yml ECR is out of github so read permissions should be enough * Update semgrep-analysis.yml semgrep should only need read * Update test-packaging.yml Should only need read permission - setting on top * Update test.yml Should not need any write access - setting to READ on top. * Update deploy-fleet-website.yml Removing git write permission - since this pushes to Heroku not GitHub * Tweaked as per Zach's comments Removed some useless restrictions (contents none on a public repo for example) * Removed meaningless permissions contents: none - this does not have any security advantage on a public repo
48 lines
1.4 KiB
YAML
48 lines
1.4 KiB
YAML
name: Test Fleet website
|
|
|
|
on:
|
|
pull_request:
|
|
paths:
|
|
- 'website/**'
|
|
- 'docs/**'
|
|
- 'handbook/**'
|
|
|
|
permissions:
|
|
contents: read
|
|
|
|
jobs:
|
|
build:
|
|
runs-on: ubuntu-latest
|
|
|
|
strategy:
|
|
matrix:
|
|
node-version: [14.x]
|
|
|
|
steps:
|
|
- uses: actions/checkout@629c2de402a417ea7690ca6ce3f33229e27606a5 # v2
|
|
|
|
# Set the Node.js version
|
|
- name: Use Node.js ${{ matrix.node-version }}
|
|
uses: actions/setup-node@f1f314fca9dfce2769ece7d933488f076716723e # v1
|
|
with:
|
|
node-version: ${{ matrix.node-version }}
|
|
|
|
# Now start building!
|
|
# > …but first, get a little crazy for a sec and delete the top-level package.json file
|
|
# > i.e. the one used by the Fleet server. This is because require() in node will go
|
|
# > hunting in ancestral directories for missing dependencies, and since some of the
|
|
# > bundled transpiler tasks sniff for package availability using require(), this trips
|
|
# > up when it encounters another Node universe in the parent directory.
|
|
- run: rm -rf package.json package-lock.json node_modules/
|
|
# > Turns out there's a similar issue with how eslint plugins are looked up, so we
|
|
# > delete the top level .eslintrc file too.
|
|
- run: rm -f .eslintrc.js
|
|
|
|
# Get dependencies (including dev deps)
|
|
- run: cd website/ && npm install
|
|
|
|
# Run sanity checks
|
|
- run: cd website/ && npm test
|
|
|
|
# Compile assets
|
|
- run: cd website/ && npm run build-for-prod
|