From bed0790483992a21004ebdefa944bef48b71229e Mon Sep 17 00:00:00 2001 From: docs-bot <77750099+docs-bot@users.noreply.github.com> Date: Tue, 1 Apr 2025 11:05:22 -0700 Subject: [PATCH 1/3] Delete orphaned features (2025-04-01-16-46) (#55100) Co-authored-by: Felicity Chapman --- data/features/security-feature-enablement-policies.yml | 5 ----- data/features/security-log-oauth-access-tokens.yml | 6 ------ .../security-overview-org-risk-coverage-enterprise.yml | 7 ------- data/features/security-overview-org-risk-coverage.yml | 8 -------- data/features/security-overview-team-write-access.yml | 7 ------- data/features/server-statistics.yml | 4 ---- data/features/slack-and-team-integrations.yml | 6 ------ data/features/ssh-cert-policy-allow-u2s-tokens.yml | 5 ----- data/features/streaming-datadog.yml | 5 ----- data/features/syncing-fork-web-ui.yml | 6 ------ data/features/target-runner-groups.yml | 6 ------ data/features/team-discussions-migration.yml | 4 ---- data/features/team-mentions-setting.yml | 6 ------ data/features/token-audit-log.yml | 3 --- data/features/totp-and-mobile-sudo-challenge.yml | 6 ------ data/features/upload-expired-or-revoked-gpg-key.yml | 7 ------- data/features/workflow-nav-2022.yml | 6 ------ 17 files changed, 97 deletions(-) delete mode 100644 data/features/security-feature-enablement-policies.yml delete mode 100644 data/features/security-log-oauth-access-tokens.yml delete mode 100644 data/features/security-overview-org-risk-coverage-enterprise.yml delete mode 100644 data/features/security-overview-org-risk-coverage.yml delete mode 100644 data/features/security-overview-team-write-access.yml delete mode 100644 data/features/server-statistics.yml delete mode 100644 data/features/slack-and-team-integrations.yml delete mode 100644 data/features/ssh-cert-policy-allow-u2s-tokens.yml delete mode 100644 data/features/streaming-datadog.yml delete mode 100644 data/features/syncing-fork-web-ui.yml delete mode 100644 data/features/target-runner-groups.yml delete mode 100644 data/features/team-discussions-migration.yml delete mode 100644 data/features/team-mentions-setting.yml delete mode 100644 data/features/token-audit-log.yml delete mode 100644 data/features/totp-and-mobile-sudo-challenge.yml delete mode 100644 data/features/upload-expired-or-revoked-gpg-key.yml delete mode 100644 data/features/workflow-nav-2022.yml diff --git a/data/features/security-feature-enablement-policies.yml b/data/features/security-feature-enablement-policies.yml deleted file mode 100644 index 3cb9e54585c9..000000000000 --- a/data/features/security-feature-enablement-policies.yml +++ /dev/null @@ -1,5 +0,0 @@ -# Reference: #7661. -# Documentation for Security Features Enablement Enterprise-Level Policies. -versions: - ghec: '*' - ghes: '>=3.8' diff --git a/data/features/security-log-oauth-access-tokens.yml b/data/features/security-log-oauth-access-tokens.yml deleted file mode 100644 index 5a8ffd80fdab..000000000000 --- a/data/features/security-log-oauth-access-tokens.yml +++ /dev/null @@ -1,6 +0,0 @@ -# Reference: #10912 -# Documentation for security log events for OAuth access tokens. -versions: - fpt: '*' - ghec: '*' - ghes: '> 3.9' diff --git a/data/features/security-overview-org-risk-coverage-enterprise.yml b/data/features/security-overview-org-risk-coverage-enterprise.yml deleted file mode 100644 index 5a3e7f106c03..000000000000 --- a/data/features/security-overview-org-risk-coverage-enterprise.yml +++ /dev/null @@ -1,7 +0,0 @@ -# Reference: #10312 -# Documentation for the enterprise-level security "Risk" and "Coverage" views -# Ref 17108 Advanced Security available to Team plans -versions: - fpt: '*' - ghes: '> 3.9' - ghec: '*' diff --git a/data/features/security-overview-org-risk-coverage.yml b/data/features/security-overview-org-risk-coverage.yml deleted file mode 100644 index 3677f6f21499..000000000000 --- a/data/features/security-overview-org-risk-coverage.yml +++ /dev/null @@ -1,8 +0,0 @@ -# Reference: #8557 and #8765. -# Documentation for the organization-level split of the "Overview" page into "Risks" and "Coverage" -# and the initial single-repo enablement panel for security overview coverage view. -# Ref 17108 Advanced Security available to Team plans -versions: - fpt: '*' - ghes: '> 3.7' - ghec: '*' diff --git a/data/features/security-overview-team-write-access.yml b/data/features/security-overview-team-write-access.yml deleted file mode 100644 index e18c7f7122cb..000000000000 --- a/data/features/security-overview-team-write-access.yml +++ /dev/null @@ -1,7 +0,0 @@ -# Reference: #8973 -# Documentation for tweaks to the results of the team filter on the "Security risk" and "Security coverage" views -# Ref 17108 Advanced Security available to Team plans -versions: - fpt: '*' - ghec: '*' - ghes: '> 3.8' diff --git a/data/features/server-statistics.yml b/data/features/server-statistics.yml deleted file mode 100644 index 229675f2b3dc..000000000000 --- a/data/features/server-statistics.yml +++ /dev/null @@ -1,4 +0,0 @@ -# Reference #6677 -# Documentation for GitHub Enterprise Server Statistics -versions: - ghes: '>=3.5' diff --git a/data/features/slack-and-team-integrations.yml b/data/features/slack-and-team-integrations.yml deleted file mode 100644 index 8af680962502..000000000000 --- a/data/features/slack-and-team-integrations.yml +++ /dev/null @@ -1,6 +0,0 @@ -# Reference: #8287 -# Slack and Teams integrations (now available for GHES) -versions: - fpt: '*' - ghec: '*' - ghes: '>= 3.8' diff --git a/data/features/ssh-cert-policy-allow-u2s-tokens.yml b/data/features/ssh-cert-policy-allow-u2s-tokens.yml deleted file mode 100644 index 351970633f1b..000000000000 --- a/data/features/ssh-cert-policy-allow-u2s-tokens.yml +++ /dev/null @@ -1,5 +0,0 @@ -# Reference: #9840 -# Updating the "SSH Certificates Required" feature to allow GitHub Apps -versions: - ghec: '*' - ghes: '>= 3.9' diff --git a/data/features/streaming-datadog.yml b/data/features/streaming-datadog.yml deleted file mode 100644 index b984956e6f30..000000000000 --- a/data/features/streaming-datadog.yml +++ /dev/null @@ -1,5 +0,0 @@ -# Reference #7495 -# Documentation for audit log streaming to a Datadog endpoint -versions: - ghec: '*' - ghes: '>= 3.8' diff --git a/data/features/syncing-fork-web-ui.yml b/data/features/syncing-fork-web-ui.yml deleted file mode 100644 index f28f9c284def..000000000000 --- a/data/features/syncing-fork-web-ui.yml +++ /dev/null @@ -1,6 +0,0 @@ -# Issue 7629 -# Improved UI for manually syncing a fork -versions: - fpt: '*' - ghec: '*' - ghes: '>=3.7' diff --git a/data/features/target-runner-groups.yml b/data/features/target-runner-groups.yml deleted file mode 100644 index 3b9eaeeb7d40..000000000000 --- a/data/features/target-runner-groups.yml +++ /dev/null @@ -1,6 +0,0 @@ -# Reference: #8268 -# Restrict workflow using runner group names -versions: - fpt: '*' - ghec: '*' - ghes: '>= 3.8' diff --git a/data/features/team-discussions-migration.yml b/data/features/team-discussions-migration.yml deleted file mode 100644 index 76d52b36b53f..000000000000 --- a/data/features/team-discussions-migration.yml +++ /dev/null @@ -1,4 +0,0 @@ -# Reference: #8869 -# Team Discussions migration and eventual deprecation announcement (for GHES - already deprecated for Dotcom and GHEC) -versions: - ghes: '>3.9 <3.13' diff --git a/data/features/team-mentions-setting.yml b/data/features/team-mentions-setting.yml deleted file mode 100644 index 863001d59992..000000000000 --- a/data/features/team-mentions-setting.yml +++ /dev/null @@ -1,6 +0,0 @@ -# Reference: #9959 -# Optionally disable notifications from team mentions -versions: - fpt: '*' - ghec: '*' - ghes: '>=3.10' diff --git a/data/features/token-audit-log.yml b/data/features/token-audit-log.yml deleted file mode 100644 index 55c463eb17d9..000000000000 --- a/data/features/token-audit-log.yml +++ /dev/null @@ -1,3 +0,0 @@ -versions: - ghec: '*' - ghes: '>3.7' diff --git a/data/features/totp-and-mobile-sudo-challenge.yml b/data/features/totp-and-mobile-sudo-challenge.yml deleted file mode 100644 index caf7524585f0..000000000000 --- a/data/features/totp-and-mobile-sudo-challenge.yml +++ /dev/null @@ -1,6 +0,0 @@ -# TOTP and mobile challenge for sudo mode prompt. - -versions: - fpt: '*' - ghec: '*' - ghes: '>= 3.7' diff --git a/data/features/upload-expired-or-revoked-gpg-key.yml b/data/features/upload-expired-or-revoked-gpg-key.yml deleted file mode 100644 index 7cb1dedfc8d4..000000000000 --- a/data/features/upload-expired-or-revoked-gpg-key.yml +++ /dev/null @@ -1,7 +0,0 @@ -# Issue: 7123 -# Description: Allow adding expired and revoked GPG keys for verifying commit and tag signatures -# Usage: {% ifversion upload-expired-or-revoked-gpg-key %} ... {% endif %} -versions: - fpt: '*' - ghec: '*' - ghes: '>=3.6' diff --git a/data/features/workflow-nav-2022.yml b/data/features/workflow-nav-2022.yml deleted file mode 100644 index ac8284efcae9..000000000000 --- a/data/features/workflow-nav-2022.yml +++ /dev/null @@ -1,6 +0,0 @@ -# Issue: 7898 -# Description: Actions workflow run and workflow list navigation updates, late 2022. -versions: - fpt: '*' - ghec: '*' - ghes: '>=3.8' From cf18599613e3d5eae64a3f4d3dfb79b9ec75e958 Mon Sep 17 00:00:00 2001 From: Felicity Chapman Date: Tue, 1 Apr 2025 19:24:48 +0100 Subject: [PATCH 2/3] GHAS unbundle: a couple more UI fixes for fast follow (#55084) Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com> --- .../configuring-advanced-setup-for-code-scanning.md | 6 ++++-- .../editing-your-configuration-of-default-setup.md | 8 ++++++-- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/content/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/configuring-advanced-setup-for-code-scanning.md b/content/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/configuring-advanced-setup-for-code-scanning.md index 4d04656f30eb..867f7da5a37e 100644 --- a/content/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/configuring-advanced-setup-for-code-scanning.md +++ b/content/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/configuring-advanced-setup-for-code-scanning.md @@ -63,10 +63,10 @@ You can customize your {% data variables.product.prodname_codeql %} analysis by {% data reusables.repositories.navigate-to-repo %} {% data reusables.repositories.sidebar-settings %} {% data reusables.repositories.navigate-to-code-security-and-analysis %} -1. Scroll down to "{% data variables.product.UI_code_security_scanning %}", select **Set up** {% octicon "triangle-down" aria-hidden="true" %}, then click **Advanced**. +1. Scroll down to "{% data variables.product.UI_code_security_scanning %}", in the "{% data variables.product.prodname_codeql %} analysis" row select **Set up** {% octicon "triangle-down" aria-hidden="true" %}, then click **Advanced**. > [!NOTE] - > If you are switching from default setup to advanced setup, in the "{% data variables.product.UI_code_security_scanning %}" section, select {% octicon "kebab-horizontal" aria-label="Menu" %}, then click **{% octicon "workflow" aria-hidden="true" %} Switch to advanced**. In the pop-up window that appears, click **Disable {% data variables.product.prodname_codeql %}**. + > If you are switching from default setup to advanced setup, in the "{% data variables.product.prodname_codeql %} analysis" row, select {% octicon "kebab-horizontal" aria-label="Menu" %}, then click **{% octicon "workflow" aria-hidden="true" %} Switch to advanced**. In the pop-up window that appears, click **Disable {% data variables.product.prodname_codeql %}**. {% ifversion ghas-products %} @@ -120,6 +120,8 @@ For information on bulk enablement, see [AUTOTITLE](/code-security/code-scanning ![Screenshot showing a workflow template file open for editing. The "Documentation" button is highlighted with an orange outline.](/assets/images/help/security/actions-workflows-documentation.png) +1. When you have finished defining your configuration, add the new workflow to your default branch. + For more information, see [AUTOTITLE](/actions/learn-github-actions/using-starter-workflows#choosing-and-using-a-starter-workflow) and [AUTOTITLE](/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning). {% endif %} diff --git a/content/code-security/code-scanning/managing-your-code-scanning-configuration/editing-your-configuration-of-default-setup.md b/content/code-security/code-scanning/managing-your-code-scanning-configuration/editing-your-configuration-of-default-setup.md index 6432740fc893..1fb70e798bc8 100644 --- a/content/code-security/code-scanning/managing-your-code-scanning-configuration/editing-your-configuration-of-default-setup.md +++ b/content/code-security/code-scanning/managing-your-code-scanning-configuration/editing-your-configuration-of-default-setup.md @@ -33,7 +33,7 @@ If you need to change any other aspects of your {% data variables.product.prodna 1. In the "{% data variables.product.prodname_codeql %} analysis" row of the "{% data variables.product.UI_code_security_scanning %}" section, select {% octicon "kebab-horizontal" aria-label="Menu" %}, then click **{% octicon "gear" aria-hidden="true" %} View {% data variables.product.prodname_codeql %} configuration**. 1. In the "{% data variables.product.prodname_codeql %} default configuration" window, click **{% octicon "pencil" aria-hidden="true" %} Edit**. 1. Optionally, in the "Languages" section, select or deselect languages for analysis. -1. Optionally, in the "Query suite" row of the "Scan settings" section, select a different query suite to run against your code.{% ifversion codeql-threat-models %} +1. Optionally, in the "Query suite" row of the "Scan settings" section, select a different query suite to run against your code. {% ifversion code-scanning-default-setup-customize-labels %} @@ -41,8 +41,12 @@ If you need to change any other aspects of your {% data variables.product.prodna {% endif %} -1. ({% data variables.release-phases.public_preview_caps %}) Optionally, in the "Threat model" row of the "Scan settings" section, select **Remote and local sources**. +{% ifversion codeql-threat-models %} + +1. ({% data variables.release-phases.public_preview_caps %}) Optionally, in the "Threat model" row of the "Scan settings" section, select **Remote and local sources**. This option is only available for repositories with code in a supported language: {% data variables.code-scanning.code_scanning_threat_model_support %}. + {% endif %} + 1. To update your configuration, as well as run an initial analysis of your code with the new configuration, click **Save changes**. All future analyses will use your new configuration. ## Defining the alert severities that cause a check failure for a pull request From 9f3284e98d9485aaa5dd3bbfebd726646365bdb3 Mon Sep 17 00:00:00 2001 From: Marco Gario Date: Tue, 1 Apr 2025 20:34:02 +0200 Subject: [PATCH 3/3] Add actions to generate-code-scanning-query-lists.yml (#55011) Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com> --- .github/actions/install-cocofix/action.yml | 2 +- .github/workflows/generate-code-scanning-query-lists.yml | 2 +- .../scripts/generate-code-scanning-query-list.ts | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/actions/install-cocofix/action.yml b/.github/actions/install-cocofix/action.yml index 8cd9b69d1cf9..cd7e15b4491e 100644 --- a/.github/actions/install-cocofix/action.yml +++ b/.github/actions/install-cocofix/action.yml @@ -18,4 +18,4 @@ runs: npm install --no-save \ '--@github:registry=https://npm.pkg.github.com' \ '--//npm.pkg.github.com/:_authToken=${TOKEN}' \ - @github/cocofix + @github/cocofix codeql-ts diff --git a/.github/workflows/generate-code-scanning-query-lists.yml b/.github/workflows/generate-code-scanning-query-lists.yml index 7fcbc2bc31c9..2b022eb4bbe3 100644 --- a/.github/workflows/generate-code-scanning-query-lists.yml +++ b/.github/workflows/generate-code-scanning-query-lists.yml @@ -87,7 +87,7 @@ jobs: - name: Build code scanning query list run: | - for lang in "cpp" "csharp" "go" "java" "javascript" "python" "ruby" "swift"; do + for lang in "actions" "cpp" "csharp" "go" "java" "javascript" "python" "ruby" "swift"; do echo "Generating code scanning query list for $lang" npm run generate-code-scanning-query-list -- \ --verbose \ diff --git a/src/code-scanning/scripts/generate-code-scanning-query-list.ts b/src/code-scanning/scripts/generate-code-scanning-query-list.ts index e27e5ce887df..2bc8a6cbb820 100644 --- a/src/code-scanning/scripts/generate-code-scanning-query-list.ts +++ b/src/code-scanning/scripts/generate-code-scanning-query-list.ts @@ -55,8 +55,8 @@ import chalk from 'chalk' import { program } from 'commander' // We don't want to introduce a global dependency on @github/cocofix, so we install it by hand // as described above and suppress the import warning. -import { getSupportedQueries } from '@github/cocofix/dist/querySuites.js' // eslint-disable-line import/no-extraneous-dependencies -import { type Language } from '@github/cocofix/dist/codeql' // eslint-disable-line import/no-extraneous-dependencies +import { getSupportedQueries } from '@github/cocofix/dist/querySuites.js' /* eslint-disable-line import/no-extraneous-dependencies, import/no-unresolved */ +import type { Language } from 'codeql-ts' program .description('Generate a reusable Markdown for for a code scanning query language')