Guide update: Create policies automatically for custom packages #18064
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Test Fleet website | |
on: | |
pull_request: | |
paths: | |
- "website/**" | |
- "docs/**" | |
- "handbook/**" | |
- "schema/**" | |
- "articles/**" | |
- ".github/workflows/test-website.yml" | |
# This allows a subsequently queued workflow run to interrupt previous runs | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id}} | |
cancel-in-progress: true | |
defaults: | |
run: | |
# fail-fast using bash -eo pipefail. See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#exit-codes-and-error-action-preference | |
shell: bash | |
permissions: | |
contents: read | |
jobs: | |
build: | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
node-version: [16.x] | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 | |
with: | |
egress-policy: audit | |
- uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 | |
# Set the Node.js version | |
- name: Use Node.js ${{ matrix.node-version }} | |
uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d # v3.8.1 | |
with: | |
node-version: ${{ matrix.node-version }} | |
# Download top-level dependencies and build Storybook in the website's assets/ folder. | |
- run: npm install --legacy-peer-deps && npm run build-storybook -- -o ./website/assets/storybook --loglevel verbose | |
# Now start building! | |
# > …but first, get a little crazy for a sec and delete the top-level package.json file | |
# > i.e. the one used by the Fleet server. This is because require() in node will go | |
# > hunting in ancestral directories for missing dependencies, and since some of the | |
# > bundled transpiler tasks sniff for package availability using require(), this trips | |
# > up when it encounters another Node universe in the parent directory. | |
- run: rm -rf package.json package-lock.json node_modules/ | |
# > Turns out there's a similar issue with how eslint plugins are looked up, so we | |
# > delete the top level .eslintrc file too. | |
- run: rm -f .eslintrc.js | |
# Get dependencies (including dev deps) | |
- run: cd website/ && npm install | |
# Run sanity checks | |
- run: cd website/ && npm test | |
# Compile assets | |
- run: cd website/ && BUILD_SCRIPT_ARGS="--githubAccessToken=${{ secrets.FLEET_GITHUB_TOKEN_FOR_WEBSITE_TEST }}" npm run build-for-prod |