Add automated duplicate issue detection workflow using GitHub Models … #2070
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: ci | |
| on: | |
| push: | |
| branches: | |
| - main | |
| pull_request: | |
| permissions: | |
| contents: read | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: ${{ github.ref != 'refs/heads/main' }} | |
| env: | |
| NUGET_PACKAGES: ${{ github.workspace }}/.nuget/packages | |
| jobs: | |
| validate-assembler: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v5 | |
| - name: Bootstrap Action Workspace | |
| id: bootstrap | |
| uses: ./.github/actions/bootstrap | |
| - name: Validate Navigation | |
| run: dotnet run --project src/tooling/docs-assembler -c release -- navigation validate | |
| - name: Validate Content Sources | |
| run: dotnet run --project src/tooling/docs-assembler -c release -- content-source validate | |
| build-link-index-updater-lambda: | |
| uses: ./.github/workflows/build-link-index-updater-lambda.yml | |
| build-api-lambda: | |
| uses: ./.github/workflows/build-api-lambda.yml | |
| npm: | |
| runs-on: ubuntu-latest | |
| defaults: | |
| run: | |
| working-directory: src/Elastic.Documentation.Site | |
| steps: | |
| - uses: actions/checkout@v5 | |
| - uses: actions/setup-node@v5 | |
| with: | |
| cache: npm | |
| cache-dependency-path: src/Elastic.Documentation.Site/package-lock.json | |
| node-version-file: .nvmrc | |
| - name: Install dependencies | |
| run: npm ci | |
| ## https://semgrep.dev/blog/2025/security-advisory-npm-packages-using-secret-scanning-tools-to-steal-credentials/ | |
| - name: Check shai-hulud attack | |
| run: | | |
| if find . -type f -name "*.js" -exec sha256sum {} \; | grep -q "46faab8ab153fae6e80e7cca38eab363075bb524edd79e42269217a083628f09"; then | |
| echo "Vulnerable version of serialize-javascript found in:" | |
| find . -type f -name "*.js" -exec sha256sum {} \; | grep "46faab8ab153fae6e80e7cca38eab363075bb524edd79e42269217a083628f09" | awk '{print $2}' | |
| exit 1 | |
| fi | |
| - name: Lint | |
| run: npm run lint | |
| - name: Format | |
| run: npm run fmt:check | |
| - name: Build | |
| run: npm run build | |
| - name: Test | |
| run: npm run test | |
| build: | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| os: | |
| - ubuntu-latest | |
| - macos-latest | |
| - windows-latest | |
| steps: | |
| - uses: actions/checkout@v5 | |
| - name: Bootstrap Action Workspace | |
| id: bootstrap | |
| uses: ./.github/actions/bootstrap | |
| - name: Install Aspire workload | |
| run: dotnet workload install aspire | |
| - name: Build | |
| run: dotnet run --project build -c release | |
| - name: Test | |
| run: dotnet run --project build -c release -- unit-test | |
| - name: Publish AOT | |
| if: ${{ matrix.os != 'ubuntu-latest' }} # publish containers already validates AOT build | |
| run: dotnet run --project build -c release -- publishbinaries | |
| - name: Publish Containers | |
| if: ${{ matrix.os == 'ubuntu-latest' }} | |
| env: | |
| DOCKER_NO_PUBLISH: true | |
| run: dotnet run --project build -c release -- publishcontainers | |
| - name: Run Container | |
| if: ${{ matrix.os == 'ubuntu-latest' }} | |
| run: dotnet run --project build -c release -- runlocalcontainer | |
| integration: | |
| runs-on: docs-builder-latest-16 | |
| steps: | |
| - uses: actions/checkout@v5 | |
| - name: Bootstrap Action Workspace | |
| id: bootstrap | |
| uses: ./.github/actions/bootstrap | |
| - name: Install Aspire workload | |
| run: dotnet workload install aspire | |
| - name: Integration Tests | |
| run: dotnet run --project build -c release -- integrate |