diff --git a/.github/actions/get-changed-files/action.yml b/.github/actions/get-changed-files/action.yml new file mode 100644 index 000000000000..ac1beb3a41d5 --- /dev/null +++ b/.github/actions/get-changed-files/action.yml @@ -0,0 +1,31 @@ +name: Get changed files +description: Get a list of changed files + +inputs: + files: + description: 'Files or directories to check for changes' + required: false + default: '.' + head: + description: 'Head ref to check for changes against' + required: false + +outputs: + all_changed_files: + description: 'List of all changed files (unfiltered)' + value: ${{ steps.get_changes.outputs.all_changed_files }} + filtered_changed_files: + description: 'List of changed files matching the filter' + value: ${{ steps.get_changes.outputs.filtered_changed_files }} + +runs: + using: 'composite' + steps: + - name: Gather changed files + id: get_changes + env: + INPUT_FILES: ${{ inputs.files }} + PR: ${{ github.event.pull_request.number }} + HEAD: ${{ github.event.pull_request.head.ref || github.event.merge_group.head_ref || inputs.head || github.ref_name }} + shell: bash + run: ${{ github.action_path }}/get-changed-files.sh diff --git a/.github/actions/get-changed-files/get-changed-files.sh b/.github/actions/get-changed-files/get-changed-files.sh new file mode 100755 index 000000000000..f939de58fff9 --- /dev/null +++ b/.github/actions/get-changed-files/get-changed-files.sh @@ -0,0 +1,72 @@ +#!/bin/bash + +# Required environment variables: +# $INPUT_FILES: Pattern(s) to filter files by (e.g., "content/** data/**") +# $FILTER: Derived from INPUT_FILES, defaults to "." if not provided +# $PR: Pull request number (if running in PR context) +# $HEAD: Current branch or SHA for git diff + +# Default value for files parameter if not provided +FILTER=${INPUT_FILES:-.} + +# Print the filter +echo "__ using filter: __" +echo "$FILTER" + +# Find the file diff in the pull request or merge group +# If its a pull request, use the faster call to the GitHub API +# For push, workflow_dispatch, and merge_group, use git diff +if [ -n "$PR" ] +then + echo "__ running gh pr diff __" + DIFF=`gh pr diff $PR --name-only` + if [ -z "$DIFF" ]; then + echo "__ gh pr diff failed, falling back to git diff __" + HEAD=$(gh pr view $PR --json headRefName --jq .headRefName) + fi +fi + +if [ -z "$DIFF" ]; then + echo "__ using branch name $HEAD __" + git fetch origin main --depth 1 + echo "__ running git diff __" + DIFF=`git diff --name-only origin/main $HEAD` +fi + +# So we can inspect the output +echo "__ DIFF found __" +echo "$DIFF" + +# Filter the DIFF to just the directories specified in the input files +if [ "$FILTER" != "." ]; then + echo "__ filtering DIFF to only include $FILTER __" + FILTERED_DIFF="" + IFS=$'\n' + for file in $DIFF; do + while IFS= read -r pattern || [ -n "$pattern" ]; do + clean_pattern=${pattern%/} + if [[ $file == $clean_pattern || $file == $clean_pattern/* ]]; then + FILTERED_DIFF="$FILTERED_DIFF $file" + break + fi + done <<< "$FILTER" + done + unset IFS + DIFF=$FILTERED_DIFF + echo "__ filtered DIFF __" + echo "$DIFF" +fi + +# Format the output +echo "__ formatting output __" +FORMATTED_DIFF=$(echo $DIFF | tr '\n' ' ' | tr -s ' ') +echo "$FORMATTED_DIFF" + +# Set the output for GitHub Actions +if [[ -n "$GITHUB_OUTPUT" ]]; then + echo "all_changed_files=$DIFF" >> "$GITHUB_OUTPUT" + echo "filtered_changed_files=$FORMATTED_DIFF" >> "$GITHUB_OUTPUT" +else + echo "all_changed_files=$DIFF" + echo "filtered_changed_files=$FORMATTED_DIFF" +fi diff --git a/.github/workflows/codespace-review-check.yml b/.github/workflows/codespace-review-check.yml deleted file mode 100644 index 429936e8ce5f..000000000000 --- a/.github/workflows/codespace-review-check.yml +++ /dev/null @@ -1,129 +0,0 @@ -name: Codespace review - Check - -# **What it does**: Check on a regular basis for if a codespace is about to shut down, and comment on the pull request. -# **Why we have it**: We want to notify contributors when their codespace is about to shut down. -# **Who does it impact**: Contributors who open a pull request. - -on: - schedule: - - cron: '20,35,50,5 * * * *' # Check every 15 minutes, without hitting the top of the hour - pull_request: - paths: - - '.github/workflows/codespace-review-check.yml' - workflow_dispatch: - -permissions: - contents: read - pull-requests: write - -jobs: - codespace-review-check-find: - runs-on: ubuntu-latest - if: ${{ github.repository == 'github/docs-internal' }} - outputs: - matrix: ${{ steps.set-matrix.outputs.matrix }} - steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - - name: Check codespaces - id: set-matrix - env: - GH_TOKEN: ${{ secrets.DOCS_BOT_PAT_CODESPACE }} - LOGIN: docs-bot - REPO: github/docs-internal - run: | - # If its approaching 4 hours, update the comment - # But don't keep trying to update the comment after 5 hours cause that wastes API calls - from=$(date -d '285 minutes ago' -Iseconds) # 5 * 60 - 15 = 285 - until=$(date -d '225 minutes ago' -Iseconds) # 4 * 60 - 15 = 225 - echo "- Ago: $ago" - # on mac: date -v-225M -Iseconds - # -Iseconds means ISO 8601 format, to seconds - branches=$( - gh codespace list \ - --repo "$REPO" \ - --limit 1000 \ - --json name,owner,lastUsedAt,gitStatus \ - --jq ".[] | select(.owner == \"$LOGIN\" and .lastUsedAt < \"$until\" and .lastUsedAt > \"$from\") | .gitStatus.ref" \ - ) - echo "- Branches:" - echo "$(echo "$branches" | sed 's/^/ /')" - count=$(echo "$branches" | sed '/^\s*$/d' | wc -l) - echo "- Count: $count" - - if [[ $count -gt 0 ]] - then - echo "Codespaces found that are idle or soon to idle" - else - echo "Codespaces not found, exiting..." - exit 0 - fi - - # https://stackoverflow.com/a/70716837 - matrix=$(echo "$branches" | jq -scR 'split("\n") | map(select(. != ""))') - echo "- Matrix: $matrix" - echo "matrix=$matrix" >> $GITHUB_OUTPUT - - - uses: ./.github/actions/slack-alert - if: ${{ failure() && github.event_name != 'workflow_dispatch' }} - with: - slack_channel_id: ${{ secrets.DOCS_ALERTS_SLACK_CHANNEL_ID }} - slack_token: ${{ secrets.SLACK_DOCS_BOT_TOKEN }} - - codespace-review-check-comment: - needs: - - codespace-review-check-find - strategy: - matrix: - value: ${{ fromJSON(needs.codespace-review-check-find.outputs.matrix) }} - runs-on: ubuntu-latest - if: ${{ github.repository == 'github/docs-internal' && needs.codespace-review-check-find.outputs.matrix }} - env: - repo: github/docs-internal - steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - - name: Find the pull request - id: findPr - env: - GH_TOKEN: ${{ secrets.DOCS_BOT_PAT_CODESPACE }} - run: | - echo "Looking up pull request" - echo "- Branch: ${{ matrix.value }}" - number=$(gh pr view "${{ matrix.value }}" --json number --jq '.number') - echo "- Number: $number" - echo "pr-number=$number" >> $GITHUB_OUTPUT - - - name: Find code changes comment - uses: peter-evans/find-comment@3eae4d37986fb5a8592848f6a574fdf654e61f9e - id: findComment - with: - issue-number: ${{ steps.findPr.outputs.pr-number }} - comment-author: 'github-actions[bot]' - body-includes: '' - - - name: Update comment - uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 - with: - comment-id: ${{ steps.findComment.outputs.comment-id }} - issue-number: ${{ steps.findPr.outputs.pr-number }} - edit-mode: replace - body: | - - - ### Review this PR in a codespace 📦 - - The codespace is no longer active. - You’ve reached the 4 hour limit. - In order to reactivate the codespace, please update the pull request by adding the https://github.com/${{ env.REPO }}/labels/extend-codespace label. - If the label is already applied, you can remove and reapply the label to reactivate the codespace. - - 🤖 This comment is [automatically generated][workflow]. - - [workflow]: ${{ github.server_url }}/${{ github.repository }}/blob/${{ github.workflow_sha }}/.github/workflows/codespace-review-check.yml - - - uses: ./.github/actions/slack-alert - if: ${{ failure() && github.event_name != 'workflow_dispatch' }} - with: - slack_channel_id: ${{ secrets.DOCS_ALERTS_SLACK_CHANNEL_ID }} - slack_token: ${{ secrets.SLACK_DOCS_BOT_TOKEN }} diff --git a/.github/workflows/codespace-review-down.yml b/.github/workflows/codespace-review-down.yml deleted file mode 100644 index 9c2c2a498d07..000000000000 --- a/.github/workflows/codespace-review-down.yml +++ /dev/null @@ -1,84 +0,0 @@ -name: Codespace review - Down - -# **What it does**: When closing or merging a pull request, if there are any associated codespaces, to shut them down. -# **Why we have it**: To conserve resources. -# **Who does it impact**: Contributors who open a pull request. - -on: - pull_request: - types: - - closed - workflow_dispatch: - -permissions: - contents: read - pull-requests: write - -jobs: - codespace-review-down: - runs-on: ubuntu-latest - if: ${{ github.repository == 'github/docs-internal' }} - steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - name: Delete codespace - env: - GH_TOKEN: ${{ secrets.DOCS_BOT_PAT_CODESPACE }} - BRANCH_NAME: ${{ github.head_ref || github.ref_name }} - LOGIN: docs-bot - REPO: github/docs-internal - run: | - echo "Checking if there's codespaces for this PR..." - names=$( \ - gh codespace list \ - --repo "$REPO" \ - --limit 1000 \ - --json "name,gitStatus,owner" \ - --jq ".[] | select(.owner == \"$LOGIN\" and .gitStatus.ref == \"$BRANCH_NAME\") | .name" \ - ) - echo "- Names:" - echo "$(echo "$names" | sed 's/^/ /')" - count=$(echo "$names" | sed '/^\s*$/d' | wc -l) - echo "- Count: $count" - - if [[ $count -gt 0 ]] - then - echo "Codespaces found for this PR" - else - echo "Codespaces not found, exiting..." - exit 0 - fi - - echo "Shutting down the codespaces..." - echo "$names" | while read -r name - do - echo "Deleting $name..." - gh codespace delete --codespace "$name" - echo "Deleted $name" - done - echo "Shut down the codespaces" - - - name: Find code changes comment - uses: peter-evans/find-comment@3eae4d37986fb5a8592848f6a574fdf654e61f9e - id: findComment - with: - issue-number: ${{ github.event.pull_request.number }} - comment-author: 'github-actions[bot]' - body-includes: '' - - - name: Update comment - uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 - if: ${{ steps.findComment.outputs.comment-id }} # only update if it exists - with: - comment-id: ${{ steps.findComment.outputs.comment-id }} - issue-number: ${{ github.event.pull_request.number }} - edit-mode: replace - body: | - - - ### Review this PR in a codespace 📦 - - The pull request is now merged or closed, so I've removed all automatically created codespaces. - - 🤖 This comment is [automatically generated][workflow]. - - [workflow]: ${{ github.server_url }}/${{ github.repository }}/blob/${{ github.workflow_sha }}/.github/workflows/codespace-review-down.yml diff --git a/.github/workflows/codespace-review-up.yml b/.github/workflows/codespace-review-up.yml deleted file mode 100644 index 2cabc9fe0a7d..000000000000 --- a/.github/workflows/codespace-review-up.yml +++ /dev/null @@ -1,236 +0,0 @@ -name: Codespace review - Up - -# **What it does**: On opening or updating a pull request, creates a new codespace to review changes and comments to the user with next steps. Or it will rebuild the codespace if it already exists and is idle. -# **Why we have it**: We want to provide contributors with a way to review their changes in a codespace before merging. -# **Who does it impact**: Contributors who open a pull request. - -on: - pull_request: - types: - - assigned - - unassigned - - labeled - - unlabeled - - opened - - edited - # - closed - - reopened - - synchronize - - converted_to_draft - - ready_for_review - # - locked - # - unlocked - # - milestoned - # - demilestoned - - review_requested - - review_request_removed - # - auto_merge_enabled - - auto_merge_disabled - # - enqueued - # - dequeued -- When merge queue completes, it triggers this event - workflow_dispatch: - -permissions: - contents: read - pull-requests: write - -jobs: - codespace-review-up: - runs-on: ubuntu-latest - if: >- - ${{ github.repository == 'github/docs-internal' - && contains( github.event.pull_request.labels.*.name, 'auto-codespace') }} - env: - GH_TOKEN: ${{ secrets.DOCS_BOT_PAT_CODESPACE }} - BRANCH_NAME: ${{ github.head_ref || github.ref_name }} - LOGIN: docs-bot - REPO: github/docs-internal - steps: - - name: Print event details - run: | - echo "github.event_name: ${{ github.event_name }}" - echo "github.event.action: ${{ github.event.action }}" - echo "github.actor: ${{ github.actor }}" - echo "github.triggering_actor: ${{ github.triggering_actor }}" - - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - - name: Check for existing codespace - id: check-codespace - run: | - echo "Checking if there's already a codespace for this pull request..." - names=$( \ - gh codespace list \ - --repo "$REPO" \ - --limit 1000 \ - --json "name,gitStatus,owner" \ - --jq ".[] | select(.owner == \"$LOGIN\" and .gitStatus.ref == \"$BRANCH_NAME\") | .name" \ - ) - echo "- Names:" - echo "$(echo "$names" | sed 's/^/ /')" - count=$(echo "$names" | sed '/^\s*$/d' | wc -l) - echo "- Count: $count" - if [[ $count -gt 0 ]] - then - echo "Codespace found for this pull request" - echo "has-codespace=yes" >> $GITHUB_OUTPUT - else - echo "Codespace not found for this pull request" - echo "has-codespace=no" >> $GITHUB_OUTPUT - fi - - - name: Clean up old codespaces if needed - if: ${{ steps.check-codespace.outputs.has-codespace == 'no' }} - run: | - echo "Checking if there are more than 95 codespaces..." - spaces=$( \ - gh codespace list \ - --repo "$REPO" \ - --limit 1000 \ - --json "name,lastUsedAt,gitStatus,owner" \ - --jq "sort_by(.lastUsedAt) | reverse | .[] | select(.owner == \"$LOGIN\") | [.name,.gitStatus.ref] | @tsv" \ - ) - echo "- Spaces:" - echo "$(echo "$spaces" | sed 's/^/ /')" - count=$(echo "$spaces" | sed '/^\s*$/d' | wc -l) - echo "- Count: $count" - - if [[ $count -gt 95 ]] - then - tocut=$((count - 95)) - echo "$count codespaces found. Deleting the oldest $tocut..." - oldest=$(echo "$spaces" | tail -n $tocut) - echo "- Oldest:" - echo "$(echo "$oldest" | sed 's/^/ /')" - echo "$oldest" | while read -r name branch - do - echo "Deleting $name..." - gh codespace delete --codespace "$name" - echo "Deleted $name" - - echo "Commenting on branch $branch" - # We could move this to a matrix and update the AUTO_CODESPACE comment instead - # but that's significantly more code for a scenario I'm not sure will actually happen - gh pr comment \ - "$branch" \ - --repo "$REPO" \ - --body "Thank you for this pull request. I deleted the oldest codespaces to make room for a new one. You can make a new codespace by updating the pull request or closing and reopening the pull request." - echo "Commented on branch $branch" - done - echo "Deleted the oldest $tocut codespaces" - else - echo "$count codespaces found. No deletes needed." - fi - - - name: Create a new codespace - if: ${{ steps.check-codespace.outputs.has-codespace == 'no' }} - run: | - echo "Creating a new codespace..." - # Machine types: gh api /repos/github/docs-internal/codespaces/machines - name=$( \ - gh codespace create \ - --repo "$REPO" \ - --branch "$BRANCH_NAME" \ - --idle-timeout "4h" \ - --retention-period "720h" \ - --default-permissions \ - --machine "standardLinux32gb" \ - ) - echo "- Name: $name" - echo "Created a new codespace" - - echo "Updating port visibility..." - gh codespace ports visibility \ - --codespace "$name" \ - 4000:public - echo "Updated port visibility" - - echo "APP_URL=https://$name-4000.app.github.dev" >> $GITHUB_ENV - - - name: Rebuild existing codespace - if: ${{ steps.check-codespace.outputs.has-codespace == 'yes' }} - run: | - echo "Checking if the codespace is in idle mode..." - spaces=$( \ - gh codespace list \ - --repo "$REPO" \ - --limit 1000 \ - --json "name,gitStatus,owner,state" \ - --jq ".[] | select(.owner == \"$LOGIN\" and .gitStatus.ref == \"$BRANCH_NAME\") | [.name,.state] | @tsv" \ - ) - echo "- Spaces:" - echo "$(echo "$spaces" | sed 's/^/ /')" - echo "$spaces" | while read -r name state - do - echo "Codespace $name is in state $state" - if [[ $state == "Shutdown" ]] - then - echo "Codespace $name is in idle mode" - echo "Rebuilding the codespace to kick it out of idle mode..." - gh codespace rebuild --codespace "$name" - echo "Rebuilt the codespace to kick it out of idle mode" - - echo "Updating port visibility..." - gh codespace ports visibility \ - --codespace "$name" \ - 4000:public - echo "Updated port visibility" - else - echo "Codespace $name is active" - fi - echo "APP_URL=https://$name-4000.app.github.dev" >> $GITHUB_ENV - done - - - uses: ./.github/actions/node-npm-setup - - - name: Get changes table - id: changes - timeout-minutes: 30 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - BASE_SHA: ${{ github.event.pull_request.base.sha }} - HEAD_SHA: ${{ github.event.pull_request.head.sha }} - APP_URL: ${{ env.APP_URL }} - run: npm run content-changes-table-comment - - - name: Find code changes comment - uses: peter-evans/find-comment@3eae4d37986fb5a8592848f6a574fdf654e61f9e - id: findComment - with: - issue-number: ${{ github.event.pull_request.number }} - comment-author: 'github-actions[bot]' - body-includes: '' - - - name: Update comment - uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 - with: - comment-id: ${{ steps.findComment.outputs.comment-id }} - issue-number: ${{ github.event.pull_request.number }} - edit-mode: replace - body: | - - - ### Review this PR in a codespace 📦 - - The codespace will be ready in two to three minutes and you can review changes at: - ${{ env.APP_URL }} - The codespace will be automatically deleted once the pull request is closed or merged. - - #### The codespace will idle after 4 hours of inactivity - - After 4 hours, you can reactivate the codespace by applying the https://github.com/${{ env.REPO }}/labels/extend-codespace label to the pull request. - If the label is already applied, you can remove and reapply the label to reactivate the codespace. - -
Table of review links - - ${{ steps.changes.outputs.changesTable && 'The table shows the files in the `content` directory that were changed in this pull request. Changes to the `data` directory are not included in this table.' || '' }} - - ${{ steps.changes.outputs.changesTable || '_This pull request contains code changes, so we will not generate a table of review links._' }} - - ${{ steps.changes.outputs.changesTable && 'Key: **fpt**: Free, Pro, Team; **ghec**: GitHub Enterprise Cloud; **ghes**: GitHub Enterprise Server' || '' }} - -
- - 🤖 This comment is [automatically generated][workflow]. - - [workflow]: ${{ github.server_url }}/${{ github.repository }}/blob/${{ github.workflow_sha }}/.github/workflows/codespace-review-up.yml diff --git a/.github/workflows/content-lint-markdown.yml b/.github/workflows/content-lint-markdown.yml index 80490a9440d7..596738836233 100644 --- a/.github/workflows/content-lint-markdown.yml +++ b/.github/workflows/content-lint-markdown.yml @@ -7,7 +7,13 @@ name: 'Content Lint Markdown' on: pull_request: merge_group: - + workflow_dispatch: + inputs: + branch: + description: The branch containing the changes we want to lint. + required: true + type: string + default: main permissions: contents: read @@ -30,23 +36,19 @@ jobs: - name: Get changed content/data files id: changed-files - uses: tj-actions/changed-files@40853de9f8ce2d6cfdc73c1b96f14e22ba44aec4 # v45.0.0 + uses: ./.github/actions/get-changed-files with: - # No need to escape the file names because we make the output of - # tj-actions/changed-files be set as an environment variable. Not - # as a direct input to the line of bash that uses it. - safe_output: false files: | content/** data/** - name: Print content linter annotations if changed content/data files - if: steps.changed-files.outputs.any_changed == 'true' + if: steps.changed-files.outputs.filtered_changed_files env: # Make it an environment variable so that its value doesn't need to be escaped. # See https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable CHANGED_FILES: |- - ${{ steps.changed-files.outputs.all_changed_files }} + ${{ steps.changed-files.outputs.filtered_changed_files }} # If there are errors, using `--print-annotations` will make it # so it does *not* exit non-zero. # This is so that all warnings and errors are printed. @@ -58,5 +60,5 @@ jobs: # Make it an environment variable so that its value doesn't need to be escaped. # See https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable CHANGED_FILES: |- - ${{ steps.changed-files.outputs.all_changed_files }} + ${{ steps.changed-files.outputs.filtered_changed_files }} run: npm run lint-content -- --errors-only --paths $CHANGED_FILES diff --git a/assets/images/help/issues/issue-assignees.png b/assets/images/help/issues/issue-assignees.png index 267f562618e9..4c162d5c672b 100644 Binary files a/assets/images/help/issues/issue-assignees.png and b/assets/images/help/issues/issue-assignees.png differ diff --git a/assets/images/help/issues/issue-comment.png b/assets/images/help/issues/issue-comment.png index 76a7507ea50a..40fcabde71bf 100644 Binary files a/assets/images/help/issues/issue-comment.png and b/assets/images/help/issues/issue-comment.png differ diff --git a/assets/images/help/issues/issue-milestone.png b/assets/images/help/issues/issue-milestone.png index 08291805e82d..daadf962f59a 100644 Binary files a/assets/images/help/issues/issue-milestone.png and b/assets/images/help/issues/issue-milestone.png differ diff --git a/assets/images/help/issues/issue-project.png b/assets/images/help/issues/issue-project.png index c06ef179b122..7a362491375b 100644 Binary files a/assets/images/help/issues/issue-project.png and b/assets/images/help/issues/issue-project.png differ diff --git a/assets/images/help/issues/issue-task-list-raw.png b/assets/images/help/issues/issue-task-list-raw.png index 4b4a600f4e2a..aa5366a4ebdf 100644 Binary files a/assets/images/help/issues/issue-task-list-raw.png and b/assets/images/help/issues/issue-task-list-raw.png differ diff --git a/assets/images/help/issues/issue-title-body.png b/assets/images/help/issues/issue-title-body.png index 6d2afdb37d10..8f9c25943c9a 100644 Binary files a/assets/images/help/issues/issue-title-body.png and b/assets/images/help/issues/issue-title-body.png differ diff --git a/assets/images/help/issues/issue-with-label.png b/assets/images/help/issues/issue-with-label.png index cffd73d43fbc..acc43e0f2c54 100644 Binary files a/assets/images/help/issues/issue-with-label.png and b/assets/images/help/issues/issue-with-label.png differ diff --git a/content/actions/managing-workflow-runs-and-deployments/managing-workflow-runs/removing-workflow-artifacts.md b/content/actions/managing-workflow-runs-and-deployments/managing-workflow-runs/removing-workflow-artifacts.md index 8e9ad2f097ea..9add4cef0404 100644 --- a/content/actions/managing-workflow-runs-and-deployments/managing-workflow-runs/removing-workflow-artifacts.md +++ b/content/actions/managing-workflow-runs-and-deployments/managing-workflow-runs/removing-workflow-artifacts.md @@ -38,3 +38,5 @@ You can also define a custom retention period for individual artifacts using the ## Finding the expiration date of an artifact You can use the API to confirm the date that an artifact is scheduled to be deleted. For more information, see the `expires_at` value returned by the REST API. For more information, see [AUTOTITLE](/rest/actions/artifacts). + +{% data reusables.actions.artifacts.artifacts-from-deleted-workflow-runs %} diff --git a/content/actions/writing-workflows/choosing-what-your-workflow-does/storing-and-sharing-data-from-a-workflow.md b/content/actions/writing-workflows/choosing-what-your-workflow-does/storing-and-sharing-data-from-a-workflow.md index 0c370ab093b4..31a570ff3f2f 100644 --- a/content/actions/writing-workflows/choosing-what-your-workflow-does/storing-and-sharing-data-from-a-workflow.md +++ b/content/actions/writing-workflows/choosing-what-your-workflow-does/storing-and-sharing-data-from-a-workflow.md @@ -179,6 +179,20 @@ If you download all workflow run's artifacts, a directory for each artifact is c For more information on syntax, see the {% ifversion fpt or ghec %}[actions/download-artifact](https://github.com/actions/download-artifact) action{% else %} `actions/download-artifact` action on {% data variables.product.prodname_ghe_server %}{% endif %}. +{% ifversion fpt or ghec %} + +## Validating artifacts + +Every time the upload-artifact action is used it returns an output called `digest`. This is a SHA256 digest of the Artifact you uploaded during a workflow run. + +When the download-artifact action is then used to download that artifact, it automatically calculates the digest for that downloaded artifact and validates that it matches the output from the upload-artifact step. + +If the digest does not match, the run will display a warning in the UI and in the job logs. + +To view the SHA256 digest you can open the logs for the upload-artifact job or check in the Artifact output that appears in the workflow run UI. + +{% endif %} + ## Passing data between jobs in a workflow You can use the `upload-artifact` and `download-artifact` actions to share data between jobs in a workflow. This example workflow illustrates how to pass data between jobs in the same workflow. For more information, see the {% ifversion fpt or ghec %}[actions/upload-artifact](https://github.com/actions/upload-artifact) and [download-artifact](https://github.com/actions/download-artifact) actions{% else %} `actions/upload-artifact` and `download-artifact` actions on {% data variables.product.prodname_ghe_server %}{% endif %}. @@ -256,6 +270,8 @@ jobs: The workflow run will archive any artifacts that it generated. For more information on downloading archived artifacts, see [AUTOTITLE](/actions/managing-workflow-runs/downloading-workflow-artifacts). +{% data reusables.actions.artifacts.artifacts-from-deleted-workflow-runs %} + {% ifversion fpt or ghec %} ## Further reading diff --git a/content/copilot/copilot-chat-cookbook/security-analysis/finding-existing-vulnerabilities-in-code.md b/content/copilot/copilot-chat-cookbook/security-analysis/finding-existing-vulnerabilities-in-code.md index 90a6da8b3c7a..267c534713d9 100644 --- a/content/copilot/copilot-chat-cookbook/security-analysis/finding-existing-vulnerabilities-in-code.md +++ b/content/copilot/copilot-chat-cookbook/security-analysis/finding-existing-vulnerabilities-in-code.md @@ -17,7 +17,7 @@ topics: While they may be considered "common knowledge" by many developers, the vast majority of newly introduced security weaknesses are due to vulnerabilities like cross-site scripting (XSS), SQL injection, and cross-site request forgery (CSRF). These vulnerabilities can be mitigated by following secure coding practices, such as using parameterized queries, input validation, and avoiding hard-coded sensitive data. GitHub Copilot can help detect and resolve these issues. -> [!NOTE] While {% data variables.product.prodname_copilot_chat_short %} can help find some common security vulnerabilities and help you fix them, you should not rely on {% data variables.product.prodname_copilot_short %} for a comprehensive security analysis. Using security tools and features will more thoroughly ensure your code is secure. For more information on {% data variables.product.github %} security features, see [AUTOTITLE](/code-security/getting-started/github-security-features). +> [!NOTE] While {% data variables.product.prodname_copilot_chat_short %} can help find some common security vulnerabilities and help you fix them, you should not rely on {% data variables.product.prodname_copilot_short %} for a comprehensive security analysis. Using {% data variables.product.prodname_code_scanning %} will more thoroughly ensure your code is secure. For more information on setting up {% data variables.product.prodname_code_scanning %}, see [AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning). ## Example scenario @@ -52,3 +52,4 @@ function displayName(name) { ## Further reading {% data reusables.copilot.example-prompts.further-reading-items %} +* [AUTOTITLE](/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning) diff --git a/content/packages/learn-github-packages/about-permissions-for-github-packages.md b/content/packages/learn-github-packages/about-permissions-for-github-packages.md index dc4462d62ace..4bd6584c70fa 100644 --- a/content/packages/learn-github-packages/about-permissions-for-github-packages.md +++ b/content/packages/learn-github-packages/about-permissions-for-github-packages.md @@ -51,6 +51,8 @@ The following {% data variables.product.prodname_registry %} registries **only** For {% ifversion ghes %}the {% data variables.product.prodname_container_registry %}{% else %}other registries{% endif %}, you can choose to allow packages to be scoped to a user or an organization, or linked to a repository. {% ifversion ghes %}For information about migration to the {% data variables.product.prodname_container_registry %}, see [AUTOTITLE](/packages/working-with-a-github-packages-registry/migrating-to-the-container-registry-from-the-docker-registry).{% endif %} +{% data reusables.package_registry.maven-package-visibility %} + ## Visibility and access permissions for packages {% data reusables.package_registry.visibility-and-access-permissions %} diff --git a/content/packages/learn-github-packages/configuring-a-packages-access-control-and-visibility.md b/content/packages/learn-github-packages/configuring-a-packages-access-control-and-visibility.md index 86911bdb1a5c..db0af0b7be81 100644 --- a/content/packages/learn-github-packages/configuring-a-packages-access-control-and-visibility.md +++ b/content/packages/learn-github-packages/configuring-a-packages-access-control-and-visibility.md @@ -193,6 +193,8 @@ For registries that support granular permissions, you can choose the visibility * To enable organization members to create private packages that are only visible to other organization members, click **Private**. You can further customize the visibility of private packages. * To enable organization members to create internal packages that are visible to all organization members, click **Internal**. If the organization belongs to an enterprise, the packages will be visible to all enterprise members. + {% data reusables.package_registry.maven-package-visibility %} + ## Configuring visibility of packages for an organization When you first publish a package, the default visibility is private and only you can see the package. You can grant users or teams different access roles for your package through the access settings. Once you make your package public, you cannot make your package private again. diff --git a/data/reusables/actions/artifacts/artifacts-from-deleted-workflow-runs.md b/data/reusables/actions/artifacts/artifacts-from-deleted-workflow-runs.md new file mode 100644 index 000000000000..5d34822d8c91 --- /dev/null +++ b/data/reusables/actions/artifacts/artifacts-from-deleted-workflow-runs.md @@ -0,0 +1,3 @@ +## Artifacts from deleted workflow runs + +When a workflow run is deleted all artifacts associated with the run are also deleted from storage. You can delete a workflow run using the GitHub Actions UI, the REST API, or using the GitHub CLI, see: [AUTOTITLE](/actions/managing-workflow-runs-and-deployments/managing-workflow-runs/deleting-a-workflow-run), [Delete a workflow run](/rest/actions/workflow-runs?apiVersion=2022-11-28#delete-a-workflow-run), or [gh run delete](https://cli.github.com/manual/gh_run_delete). diff --git a/data/reusables/github-connect/what-is-available-ghecom.md b/data/reusables/github-connect/what-is-available-ghecom.md index ee73cb0f0c4a..58de1991215a 100644 --- a/data/reusables/github-connect/what-is-available-ghecom.md +++ b/data/reusables/github-connect/what-is-available-ghecom.md @@ -1,5 +1,8 @@ {% ifversion ghecom-github-connect %} -If you're connecting to an enterprise on **{% data variables.enterprise.data_residency_site %}**{% ifversion ghecom-license-sync %}, Server Statistics is not available.{% else %}: +If you're connecting to an enterprise on **{% data variables.enterprise.data_residency_site %}**: * Server Statistics is not available. -* To use automatic user license sync, you must upgrade to {% data variables.product.prodname_ghe_server %} version 3.15 or later.{% endif %} +* {% data variables.product.prodname_dotcom_the_website %} actions are not available. +{%- ifversion ghes < 3.15 %} +* To use automatic user license sync, you must upgrade to {% data variables.product.prodname_ghe_server %} version 3.15 or later. +{%- endif %} {% endif %} diff --git a/data/reusables/package_registry/maven-package-visibility.md b/data/reusables/package_registry/maven-package-visibility.md new file mode 100644 index 000000000000..fac09cd31776 --- /dev/null +++ b/data/reusables/package_registry/maven-package-visibility.md @@ -0,0 +1,4 @@ +{%- ifversion ghec %} +> [!NOTE] +> Maven and Gradle are currently only supported for public and private repository visibilities. Internal repository visibility is not supported. +{% endif %} diff --git a/src/search/components/hooks/useAISearchAutocomplete.ts b/src/search/components/hooks/useAISearchAutocomplete.ts index 3419e1d8bb57..48f8a2cff2fe 100644 --- a/src/search/components/hooks/useAISearchAutocomplete.ts +++ b/src/search/components/hooks/useAISearchAutocomplete.ts @@ -25,7 +25,7 @@ type UseCombinedSearchReturn = { clearAutocompleteResults: () => void } -const DEBOUNCE_TIME = 250 // In milliseconds +const DEBOUNCE_TIME = 100 // In milliseconds // Results are only cached for the current session // We cache results so if a user presses backspace, we can show the results immediately without burdening the API diff --git a/src/shielding/middleware/handle-invalid-paths.ts b/src/shielding/middleware/handle-invalid-paths.ts index d9133c101ea0..003a6b4bcd27 100644 --- a/src/shielding/middleware/handle-invalid-paths.ts +++ b/src/shielding/middleware/handle-invalid-paths.ts @@ -7,7 +7,7 @@ import { ExtendedRequest } from '@/types' // one of these. // These are clearly intentional "guesses" made by some sort of // pen-testing bot. -const JUNK_STARTS = ['///'] +const JUNK_STARTS = ['///', '/\\'] const JUNK_ENDS = [ '/package.json', '/package-lock.json',