[Snyk] Security upgrade next from 14.2.3 to 14.2.7 #20
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: 'Content Lint Markdown' | |
# **What it does**: Lints our content markdown to ensure the content matches the specified styleguide. | |
# **Why we have it**: We want some level of consistency to our content markdown files. | |
# **Who does it impact**: Docs content writers. | |
on: | |
pull_request: | |
merge_group: | |
permissions: | |
contents: read | |
jobs: | |
lint-content: | |
if: github.repository == 'github/docs-internal' || github.repository == 'github/docs' | |
runs-on: ${{ fromJSON('["ubuntu-latest", "ubuntu-20.04-xl"]')[github.repository == 'github/docs-internal'] }} | |
steps: | |
- name: Check out repo | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
with: | |
# Picking this number is a "best guess". If we make it too large, | |
# the checkout will take potentially unnecessariily long. | |
# This reduces the chance that tj-actions/changed-files has to | |
# fetch deeper history. But if it needs to, it will. | |
fetch-depth: 10 | |
- name: Set up Node and dependencies | |
uses: ./.github/actions/node-npm-setup | |
- name: Get changed content/data files | |
id: changed-files | |
uses: tj-actions/changed-files@1754cd4b9e661d1f0eced3b33545a8d8b3bc46d8 # v44.5.0 | |
with: | |
# No need to escape the file names because we make the output of | |
# tj-actions/changed-files be set as an environment variable. Not | |
# as a direct input to the line of bash that uses it. | |
safe_output: false | |
files: | | |
content/** | |
data/** | |
- name: Print content linter annotations if changed content/data files | |
if: steps.changed-files.outputs.any_changed == 'true' | |
env: | |
# Make it an environment variable so that its value doesn't need to be escaped. | |
# See https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable | |
CHANGED_FILES: |- | |
${{ steps.changed-files.outputs.all_changed_files }} | |
# If there are errors, using `--print-annotations` will make it | |
# so it does *not* exit non-zero. | |
# This is so that all warnings and errors are printed. | |
run: npm run lint-content -- --print-annotations --paths $CHANGED_FILES | |
- name: Run content linter if changed content/data files | |
if: steps.changed-files.outputs.any_changed == 'true' | |
env: | |
# Make it an environment variable so that its value doesn't need to be escaped. | |
# See https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable | |
CHANGED_FILES: |- | |
${{ steps.changed-files.outputs.all_changed_files }} | |
run: npm run lint-content -- --errors-only --paths $CHANGED_FILES |