govuk_tech_docs 6.2.1 → 6.2.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.github/dependabot.yml +17 -5
- data/.github/workflows/dependency-review.yaml +11 -3
- data/.github/workflows/publish.yaml +5 -5
- data/.github/workflows/test.yaml +6 -6
- data/CHANGELOG.md +4 -0
- data/govuk_tech_docs.gemspec +11 -5
- data/lib/govuk_tech_docs/version.rb +1 -1
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 1ea5b48a595e28d761a1c50fcfb4533eeba24c00b5fcaa0dd2a00b03b46dc026
|
|
4
|
+
data.tar.gz: 1e41564f09c3e49afd2683f68e99b58f00f31037527f04786e0ac98c728660c7
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 6fd2247414abdada48e407277b7c03521f8810662bd0c6699ee8615363ab09b3a6e657a2a865dbc4d963fadf3763719f8d34de10b3074ef35ead7d949d471b91
|
|
7
|
+
data.tar.gz: 0a580c8cf43aaecaa36281dda8adfa6687cd22589334f6cc43e1f0cbd7ccc58e28d322fe99adcc482d883df373dd5270425a02de778b0deec1865031decf2567
|
data/.github/dependabot.yml
CHANGED
|
@@ -7,14 +7,23 @@ version: 2
|
|
|
7
7
|
updates:
|
|
8
8
|
# 1. Update Ruby dependencies (Gemfile/gemspec) in the root
|
|
9
9
|
- package-ecosystem: "bundler"
|
|
10
|
-
directory: "/"
|
|
10
|
+
directory: "/"
|
|
11
11
|
schedule:
|
|
12
12
|
interval: "weekly"
|
|
13
13
|
day: "monday"
|
|
14
14
|
time: "06:00"
|
|
15
15
|
commit-message:
|
|
16
16
|
prefix: chore
|
|
17
|
-
open-pull-requests-limit:
|
|
17
|
+
open-pull-requests-limit: 3
|
|
18
|
+
groups:
|
|
19
|
+
prod-safe-updates:
|
|
20
|
+
dependency-type: "production"
|
|
21
|
+
patterns:
|
|
22
|
+
- "*"
|
|
23
|
+
update-types:
|
|
24
|
+
- "minor"
|
|
25
|
+
- "patch"
|
|
26
|
+
|
|
18
27
|
|
|
19
28
|
# 2. Update GitHub Actions (keeps your CI workflows secure)
|
|
20
29
|
- package-ecosystem: "github-actions"
|
|
@@ -29,26 +38,29 @@ updates:
|
|
|
29
38
|
github-actions-updates:
|
|
30
39
|
patterns:
|
|
31
40
|
- "*"
|
|
41
|
+
|
|
32
42
|
- package-ecosystem: "npm"
|
|
33
43
|
directory: "/"
|
|
34
44
|
schedule:
|
|
35
45
|
interval: "weekly"
|
|
36
46
|
day: "monday"
|
|
37
47
|
time: "06:00"
|
|
38
|
-
open-pull-requests-limit:
|
|
39
|
-
|
|
48
|
+
open-pull-requests-limit: 3
|
|
40
49
|
groups:
|
|
41
50
|
# Group all "development" dependencies (linters, test runners, etc.)
|
|
42
51
|
dev-dependencies:
|
|
43
52
|
dependency-type: "development"
|
|
53
|
+
patterns:
|
|
54
|
+
- "*"
|
|
44
55
|
update-types:
|
|
45
56
|
- "patch"
|
|
46
57
|
- "minor"
|
|
47
|
-
|
|
48
58
|
# Group all "production" dependencies (react, express, etc.)
|
|
49
59
|
# but ONLY for minor/patch versions to avoid breaking changes
|
|
50
60
|
prod-safe-updates:
|
|
51
61
|
dependency-type: "production"
|
|
62
|
+
patterns:
|
|
63
|
+
- "*"
|
|
52
64
|
update-types:
|
|
53
65
|
- "patch"
|
|
54
66
|
- "minor"
|
|
@@ -1,5 +1,9 @@
|
|
|
1
1
|
name: 'Dependency Review'
|
|
2
|
-
on:
|
|
2
|
+
on:
|
|
3
|
+
pull_request:
|
|
4
|
+
branches: [ "main" ]
|
|
5
|
+
push:
|
|
6
|
+
branches: [ "main" ]
|
|
3
7
|
|
|
4
8
|
permissions:
|
|
5
9
|
contents: read
|
|
@@ -9,9 +13,13 @@ jobs:
|
|
|
9
13
|
runs-on: ubuntu-latest
|
|
10
14
|
steps:
|
|
11
15
|
- name: 'Checkout Repository'
|
|
12
|
-
uses: actions/checkout@v6
|
|
16
|
+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
|
13
17
|
- name: 'Dependency Review'
|
|
14
|
-
uses: actions/dependency-review-action@
|
|
18
|
+
uses: actions/dependency-review-action@2031cfc080254a8a887f58cffee85186f0e49e48 #4.9.0
|
|
15
19
|
with:
|
|
20
|
+
# If it's a PR, use the target branch. If it's a push, use 'main'.
|
|
21
|
+
base-ref: ${{ github.event.pull_request.base.ref || 'main' }}
|
|
22
|
+
# If it's a PR, use the source branch. If it's a push, use the current commit.
|
|
23
|
+
head-ref: ${{ github.event.pull_request.head.ref || github.sha }}
|
|
16
24
|
fail-on-severity: high
|
|
17
25
|
show-patched-versions: true
|
|
@@ -16,11 +16,11 @@ jobs:
|
|
|
16
16
|
go: ${{ steps.gem_version.outputs.new_version }}
|
|
17
17
|
|
|
18
18
|
steps:
|
|
19
|
-
- uses: actions/checkout@v6
|
|
19
|
+
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
|
20
20
|
with:
|
|
21
21
|
show-progress: false
|
|
22
22
|
|
|
23
|
-
- uses: ruby/setup-ruby@v1
|
|
23
|
+
- uses: ruby/setup-ruby@c4e5b1316158f92e3d49443a9d58b31d25ac0f8f # v1.306.0
|
|
24
24
|
with:
|
|
25
25
|
ruby-version: '3'
|
|
26
26
|
|
|
@@ -48,16 +48,16 @@ jobs:
|
|
|
48
48
|
if: needs.pre.outputs.go == 'true'
|
|
49
49
|
|
|
50
50
|
steps:
|
|
51
|
-
- uses: actions/checkout@v6
|
|
51
|
+
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
|
52
52
|
with:
|
|
53
53
|
show-progress: false
|
|
54
54
|
|
|
55
|
-
- uses: actions/setup-node@v6
|
|
55
|
+
- uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
|
|
56
56
|
with:
|
|
57
57
|
node-version-file: '.nvmrc'
|
|
58
58
|
cache: 'npm'
|
|
59
59
|
|
|
60
|
-
- uses: ruby/setup-ruby@v1
|
|
60
|
+
- uses: ruby/setup-ruby@c4e5b1316158f92e3d49443a9d58b31d25ac0f8f # v1.306.0
|
|
61
61
|
with:
|
|
62
62
|
ruby-version: '3'
|
|
63
63
|
bundler-cache: true
|
data/.github/workflows/test.yaml
CHANGED
|
@@ -1,10 +1,10 @@
|
|
|
1
1
|
name: Test
|
|
2
2
|
|
|
3
3
|
on:
|
|
4
|
-
push:
|
|
5
|
-
branches:
|
|
6
|
-
- main
|
|
7
4
|
pull_request:
|
|
5
|
+
branches: [ "main" ]
|
|
6
|
+
push:
|
|
7
|
+
branches: [ "main" ]
|
|
8
8
|
workflow_dispatch:
|
|
9
9
|
|
|
10
10
|
jobs:
|
|
@@ -17,16 +17,16 @@ jobs:
|
|
|
17
17
|
ruby: ['3.3', '3.4', '4.0']
|
|
18
18
|
|
|
19
19
|
steps:
|
|
20
|
-
- uses: actions/checkout@v6
|
|
20
|
+
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
|
21
21
|
with:
|
|
22
22
|
show-progress: false
|
|
23
23
|
|
|
24
|
-
- uses: actions/setup-node@v6
|
|
24
|
+
- uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
|
|
25
25
|
with:
|
|
26
26
|
node-version-file: '.nvmrc'
|
|
27
27
|
cache: 'npm'
|
|
28
28
|
|
|
29
|
-
- uses: ruby/setup-ruby@v1
|
|
29
|
+
- uses: ruby/setup-ruby@c4e5b1316158f92e3d49443a9d58b31d25ac0f8f # v1.306.0
|
|
30
30
|
with:
|
|
31
31
|
ruby-version: ${{ matrix.ruby }}
|
|
32
32
|
bundler-cache: true
|
data/CHANGELOG.md
CHANGED
|
@@ -1,3 +1,7 @@
|
|
|
1
|
+
## 6.2.2
|
|
2
|
+
|
|
3
|
+
- Update [govuk_tech_docs.gemspec](govuk_tech_docs.gemspec) to only run `npm` if `npm` is installed. Allows gem versions scans to complete properly.
|
|
4
|
+
|
|
1
5
|
## 6.2.1
|
|
2
6
|
|
|
3
7
|
- [Fix comments in code blocks being hard to read](https://github.com/alphagov/tech-docs-gem/pull/477)
|
data/govuk_tech_docs.gemspec
CHANGED
|
@@ -4,11 +4,17 @@ lib = File.expand_path("lib", __dir__)
|
|
|
4
4
|
$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
|
5
5
|
require "govuk_tech_docs/version"
|
|
6
6
|
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
7
|
+
# npm is not necessarily expected in a gemspec, this makes a big assumption about the environment
|
|
8
|
+
# Additionally, for actions such as evaluating the gemspec (e.g. for vulnerability patching) we do not actaully want npm packages
|
|
9
|
+
# We will move these sections into specific rake tasks when we get a chance
|
|
10
|
+
if system("which npm > /dev/null 2>&1")
|
|
11
|
+
`npm ci`
|
|
12
|
+
abort "npm ci failed to run" unless $CHILD_STATUS.success?
|
|
13
|
+
unless File.exist?("node_modules/govuk-frontend/dist/govuk/_base.scss")
|
|
14
|
+
abort "govuk-frontend and other npm packages not installed"
|
|
15
|
+
end
|
|
16
|
+
else
|
|
17
|
+
warn "npm is not available, no assets will be generated. If you did not expect this please confirm your environment settings."
|
|
12
18
|
end
|
|
13
19
|
|
|
14
20
|
Gem::Specification.new do |spec|
|