diff --git a/assets/images/help/dependabot/dependabot-self-hosted-runner-log.png b/assets/images/help/dependabot/dependabot-self-hosted-runner-log.png new file mode 100644 index 000000000000..e4061ffa8ade Binary files /dev/null and b/assets/images/help/dependabot/dependabot-self-hosted-runner-log.png differ diff --git a/assets/images/help/dependabot/dependabot-self-hosted-runner.png b/assets/images/help/dependabot/dependabot-self-hosted-runner.png new file mode 100644 index 000000000000..80c70ed3cb47 Binary files /dev/null and b/assets/images/help/dependabot/dependabot-self-hosted-runner.png differ diff --git a/content/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens.md b/content/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens.md index a569efd83ea8..fecf79a96008 100644 --- a/content/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens.md +++ b/content/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens.md @@ -145,6 +145,9 @@ You should delete a {% data variables.product.pat_generic %} if it is no longer 1. In the left sidebar, under **{% octicon "key" aria-hidden="true" %} {% data variables.product.pat_generic_caps %}s**, click either **Fine-grained tokens** or **Tokens (classic)**, depending on which type of {% data variables.product.pat_generic %} you'd like to delete. 1. To the right of the {% data variables.product.pat_generic %} you want to delete, click **Delete**. +{% ifversion ghec or fpt %}> [!NOTE] If you find a leaked {% data variables.product.pat_generic %} belonging to someone else, you can submit a revocation request through the REST API. See [AUTOTITLE](/code-security/getting-started/best-practices-for-preventing-data-leaks-in-your-organization#mitigate-data-leaks). +{% endif %} + ## Using a {% data variables.product.pat_generic %} on the command line Once you have a {% data variables.product.pat_generic %}, you can enter it instead of your password when performing Git operations over HTTPS. diff --git a/content/authentication/keeping-your-account-and-data-secure/token-expiration-and-revocation.md b/content/authentication/keeping-your-account-and-data-secure/token-expiration-and-revocation.md index c1d8ca32ee63..4095c21da952 100644 --- a/content/authentication/keeping-your-account-and-data-secure/token-expiration-and-revocation.md +++ b/content/authentication/keeping-your-account-and-data-secure/token-expiration-and-revocation.md @@ -45,6 +45,18 @@ You can revoke your authorization of a {% data variables.product.prodname_github Once an authorization is revoked, any tokens associated with the authorization will be revoked as well. To reauthorize an application, follow the instructions from the third-party application or website to connect your account on {% data variables.product.prodname_dotcom %} again. +{% ifversion fpt or ghec %} + +## Token revoked by a third party + +To prevent unauthorized access using exposed tokens, {% data variables.product.github %} recommends token revocation to ensure that a token can no longer be used to authenticate to {% data variables.product.github %}. If you find another user's {% data variables.product.pat_generic %} leaked on {% data variables.product.github %} or elsewhere, you can submit a revocation request through the REST API. See [AUTOTITLE](/rest/credentials/revoke#revoke-a-list-of-credentials). + +If a valid {% data variables.product.pat_generic %} is submitted to {% data variables.product.github %}'s credential revocation API, the token will be automatically revoked. This API allows a third party to revoke a token they do not own and helps protect the data associated with this token from unauthorized access, limiting the impact of exposed tokens. + +To encourage reports and ensure that exposed tokens can be quickly and easily revoked, we do not require authentication for the revocation requests submitted through the API. As a result, {% data variables.product.github %} is unable to provide further information about the source of the reported token. + +{% endif %} + ## Token revoked by the {% data variables.product.prodname_oauth_app %} The owner of an {% data variables.product.prodname_oauth_app %} can revoke an account's authorization of their app, this will also revoke any tokens associated with the authorization. For more information about revoking authorizations of your {% data variables.product.prodname_oauth_app %}, see [AUTOTITLE](/rest/apps/oauth-applications#delete-an-app-authorization). diff --git a/content/code-security/dependabot/working-with-dependabot/index.md b/content/code-security/dependabot/working-with-dependabot/index.md index 168fdf6dfd63..682f68f21b14 100644 --- a/content/code-security/dependabot/working-with-dependabot/index.md +++ b/content/code-security/dependabot/working-with-dependabot/index.md @@ -21,4 +21,5 @@ children: - /configuring-access-to-private-registries-for-dependabot - /guidance-for-the-configuration-of-private-registries-for-dependabot - /dependabot-options-reference + - /setting-dependabot-to-run-on-self-hosted-runners-using-arc --- diff --git a/content/code-security/dependabot/working-with-dependabot/setting-dependabot-to-run-on-self-hosted-runners-using-arc.md b/content/code-security/dependabot/working-with-dependabot/setting-dependabot-to-run-on-self-hosted-runners-using-arc.md new file mode 100644 index 000000000000..73dd535bf426 --- /dev/null +++ b/content/code-security/dependabot/working-with-dependabot/setting-dependabot-to-run-on-self-hosted-runners-using-arc.md @@ -0,0 +1,214 @@ +--- +title: Setting up Dependabot to run on self-hosted action runners using the Actions Runner Controller +intro: You can configure the {% data variables.product.prodname_actions_runner_controller %} to run {% data variables.product.prodname_dependabot %} on self-hosted runners. +versions: + feature: dependabot-arc-support +permissions: '{% data reusables.permissions.dependabot-various-tasks %}' +topics: + - Repositories + - Dependabot + - Version updates + - Security updates + - Dependencies + - Pull requests +allowTitleToDifferFromFilename: true +shortTitle: Configure ARC +--- + +## Working with the {% data variables.product.prodname_actions_runner_controller %} (ARC) + +{% data reusables.dependabot.arc-support-private-preview-note %} + +This article provides step-by-step instructions for setting up ARC on a Kubernetes cluster and configuring {% data variables.product.prodname_dependabot %} to run on self-hosted action runners. The article: + +* Contains an overview of the ARC and {% data variables.product.prodname_dependabot %} integration. +* Provides detailed installation and configuration steps using helm scripts. + +## What is ARC? + +The {% data variables.product.prodname_actions_runner_controller %} is a Kubernetes controller that manages self-hosted {% data variables.product.prodname_actions %} as Kubernetes pods. It allows you to dynamically scale and orchestrate runners based on your workflows, providing better resource utilization and integration with Kubernetes environments. See [AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/about-actions-runner-controller). + +## {% data variables.product.prodname_dependabot %} on ARC + +You can run {% data variables.product.prodname_dependabot %} on self-hosted {% data variables.product.prodname_actions %} runners managed within a Kubernetes cluster via ARC. This enables auto-scaling, workload isolation, and better resource management for {% data variables.product.prodname_dependabot %} jobs, ensuring that dependency updates can run efficiently within an organization's controlled infrastructure while integrating seamlessly with {% data variables.product.prodname_actions %}. + +## Setting up ARC for {% data variables.product.prodname_dependabot %} on your Local environment + +### Prerequisites + +* A Kubernetes cluster + * For a managed cloud environment, you can use Azure Kubernetes Service (AKS). + * For a local setup, you can use minikube. +* Helm + * A package manager for Kubernetes. + +### Setting up ARC + +1. Install ARC. For more information, see [AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/quickstart-for-actions-runner-controller). +1. Create a work directory for the ARC setup and create a shell script file (for example, `helm_install_arc.sh`) to install the latest ARC version. + + ```bash copy + mkdir ARC + touch helm_install_arc.sh + chmod 755 helm_install_arc.sh + ``` + +1. Edit `helm_install_arc.sh` with this bash script for installing ARC. + + ```text copy + NAMESPACE="arc-systems" + helm install arc \ + --namespace "${NAMESPACE}" \ + --create-namespace \ + oci://ghcr.io/actions/actions-runner-controller-charts/gha-runner-scale-set-controller + ``` + +1. Execute the `helm_install_arc.sh` script file. + + ```bash + ./helm_install_arc.sh + ``` + +1. Now, you need to configure the runner scale set. For this, let's start by creating and editing a file with the following bash script. + + ```bash copy + touch arc-runner-set.sh + chmod 755 arc-runner-set.sh + ``` + + ```text copy + INSTALLATION_NAME="dependabot" + NAMESPACE="arc-runners" + GITHUB_CONFIG_URL=REPO_URL + GITHUB_PAT=PAT + helm install "${INSTALLATION_NAME}" \ + --namespace "${NAMESPACE}" \ + --create-namespace \ + --set githubConfigUrl="${GITHUB_CONFIG_URL}" \ + --set githubConfigSecret.github_token="${GITHUB_PAT}" \ + --set containerMode.type="dind" \ + oci://ghcr.io/actions/actions-runner-controller-charts/gha-runner-scale-set + ``` + +1. Execute the `arc-runner-set.sh` script file. + + ```bash copy + ./arc-runner-set.sh + ``` + +> [!NOTE] +> +> * The installation name of the runner scale set has to be `dependabot` in order to target the dependabot job to the runner. +> * The `containerMode.type="dind"` configuration is required to allow the runner to connect to the Docker daemon. +> * If an organization-level or enterprise-level runner is created, then the appropriate scopes should be provided to the {% data variables.product.pat_generic_title_case %} (PAT). +> * A {% data variables.product.pat_v1 %} (PAT) can be created. The token should have the following scopes based on whether you are creating a repository, organization or enterprise level runner scale set. +> * Repository level: **repo** +> * Organization level: **admin:org** +> * Enterprise level: **admin:enterprise**\ +> For information about creating a {% data variables.product.pat_v1 %}, see [AUTOTITLE](/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens#creating-a-personal-access-token-classic). + +### Adding runner groups + +Runner groups are used to control which organizations or repositories have access to runner scale sets. To add a runner scale set to a runner group, you must already have a runner group created. + +For information about creating runner groups, see [AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups#creating-a-self-hosted-runner-group-for-an-organization). + +Don't forget to add the following setting to the runner scale set configuration in the helm chart. + + ```text copy + --set runnerGroup="" \ + ``` + +### Checking your installation + +1. Check your installation. + + ```bash copy + helm list -A + ``` + + Output: + + ```text + ➜ ARC git:(master) ✗ helm list -A + NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION + arc arc-systems 1 2025-04-11 14:41:53.70893 -0500 CDT deployed gha-runner-scale-set-controller-0.11.0 0.11.0 + arc-runner-set arc-runners 1 2025-04-11 15:08:12.58119 -0500 CDT deployed gha-runner-scale-set-0.11.0 0.11.0 + dependabot arc-runners 1 2025-04-16 21:53:40.080772 -0500 CDT deployed gha-runner-scale-set-0.11.0 + ``` + +1. Check the manager pod using this command. + + ```bash copy + kubectl get pods -n arc-systems + ``` + + Output: + + ```text + ➜ ARC git:(master) ✗ kubectl get pods -n arc-systems + + NAME READY STATUS RESTARTS AGE + arc-gha-rs-controller-57c67d4c7-zjmw2 1/1 Running 8 (36h ago) 6d9h + arc-runner-set-754b578d-listener 1/1 Running 0 11h + dependabot-754b578d-listener 1/1 Running 0 14h + ``` + +### Setting up {% data variables.product.prodname_dependabot %} + +{% ifversion fpt or ghec %} + +{% data reusables.repositories.navigate-to-repo %} +{% data reusables.repositories.sidebar-settings %} +{% data reusables.repositories.navigate-to-code-security-and-analysis %} + +1. Under "{% data variables.product.prodname_dependabot %}", scroll to "{% data variables.product.prodname_dependabot %} on Action Runners", and select **Enable** for "{% data variables.product.prodname_dependabot %} on self-hosted runners". + +{% elsif ghes %} + +1. Create an organization on {% data variables.product.prodname_ghe_server %}. For more information, see [AUTOTITLE](/organizations/collaborating-with-groups-in-organizations/creating-a-new-organization-from-scratch). +1. Create a runner group. See [Adding runner groups](#adding-runner-groups). +1. Enable the dependency graph from the {% data variables.enterprise.management_console %}. See [AUTOTITLE](/admin/managing-code-security/managing-supply-chain-security-for-your-enterprise/enabling-the-dependency-graph-for-your-enterprise#enabling-the-dependency-graph-via-the-management-console). +1. Enable {% data variables.product.prodname_github_connect %} for your enterprise. See [AUTOTITLE](/admin/configuring-settings/configuring-github-connect/enabling-github-connect-for-githubcom#enabling-github-connect). +1. Enable {% data variables.product.prodname_dependabot_alerts %} for the enterprise. See [AUTOTITLE](/admin/configuring-settings/configuring-github-connect/enabling-dependabot-for-your-enterprise#enabling-dependabot-alerts). + +{% endif %} + +## Triggering a {% data variables.product.prodname_dependabot %} run + +Now that you've set up ARC, you can start a {% data variables.product.prodname_dependabot %} run. + +{% data reusables.repositories.navigate-to-repo %} +{% data reusables.repositories.navigate-to-insights %} +{% data reusables.repositories.click-dependency-graph %} + +1. Under "Dependency graph", click **{% data variables.product.prodname_dependabot %}**. +1. To the right of the name of manifest file you're interested in, click **Recent update jobs**. +1. If there are no recent update jobs for the manifest file, click **Check for updates** to re-run a {% data variables.product.prodname_dependabot %} version updates'job and check for new updates to dependencies for that ecosystem. + +## Viewing the generated ARC runners + +You can the ARC runners that have been created for the {% data variables.product.prodname_dependabot %} job. + +{% data reusables.repositories.navigate-to-repo %} +{% data reusables.repositories.actions-tab %} + +1. On the left sidebar, click **Runners**. +1. Under "Runners", click **Self-hosted runners** to view the list of all the runners available in the repository. You can see the ephemeral dependabot runner that has been created. + ![Screenshot showing a dependabot runner in the list of available runners. The runner is highlighted with an orange outline.](/assets/images/help/dependabot/dependabot-self-hosted-runner.png) + + You can also view the same dependabot runner pod created in your kubernetes cluster from the terminal by executing this command. + + ```text copy + ➜ ARC git:(master) ✗ kubectl get pods -n arc-runners + NAME READY STATUS RESTARTS AGE + dependabot-sw8zn-runner-4mbc7 2/2 Running 0 46s + ``` + +Additionally, you can verify: + +* The logs, by checking the runner and machine name. See [AUTOTITLE](/code-security/dependabot/troubleshooting-dependabot/viewing-dependabot-job-logs). + + ![Example of log for a dependabot self hosted runner.](/assets/images/help/dependabot/dependabot-self-hosted-runner-log.png) + +* The version update pull requests created by the dependabot job in the **Pull requests** tab of the repository. diff --git a/content/code-security/getting-started/best-practices-for-preventing-data-leaks-in-your-organization.md b/content/code-security/getting-started/best-practices-for-preventing-data-leaks-in-your-organization.md index a1f7bfcdd415..719089e68df5 100644 --- a/content/code-security/getting-started/best-practices-for-preventing-data-leaks-in-your-organization.md +++ b/content/code-security/getting-started/best-practices-for-preventing-data-leaks-in-your-organization.md @@ -116,6 +116,16 @@ If you're unable to coordinate directly with the repository owner to remove data > If one of your repositories has been taken down due to a false claim, you should fill out a DMCA counter notice form and alert GitHub Support. For more information, see [DMCA counter notice](https://support.github.com/contact/dmca-counter-notice). +{% ifversion ghec or fpt %} + +### Revoke exposed tokens + +If a {% data variables.product.pat_generic_plural %} has been exposed in a {% data variables.product.github %} repository, {% data variables.product.github %} {% data variables.product.prodname_secret_scanning %} can be used to report and revoke the token. For more information, see [AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning/resolving-alerts#reporting-a-leaked-secret). + +You can also revoke {% data variables.product.pat_generic_plural %} that you do not own and have been exposed outside of {% data variables.product.github %} repositories. By doing this, you are contributing to the overall security of the {% data variables.product.github %} community and can quickly limit the impact of these tokens. If you find exposed {% data variables.product.pat_generic_plural %} either on {% data variables.product.github %} or elsewhere, you can submit a revocation request using the REST API. See [AUTOTITLE](/rest/credentials/revoke#revoke-a-list-of-credentials). + +{% endif %} + ## Next steps * [AUTOTITLE](/code-security/supply-chain-security/end-to-end-supply-chain/securing-code) diff --git a/content/rest/authentication/keeping-your-api-credentials-secure.md b/content/rest/authentication/keeping-your-api-credentials-secure.md index c00f032b315b..7543445bf83f 100644 --- a/content/rest/authentication/keeping-your-api-credentials-secure.md +++ b/content/rest/authentication/keeping-your-api-credentials-secure.md @@ -53,6 +53,12 @@ If you're creating a {% data variables.product.prodname_actions %} workflow that Never hardcode authentication credentials like tokens, keys, or app-related secrets into your code. Instead, consider using a secret manager such as [Azure Key Vault](https://azure.microsoft.com/products/key-vault) or [HashiCorp Vault](https://www.hashicorp.com/products/vault). For more information about securing {% data variables.product.prodname_github_app %} credentials, see [AUTOTITLE](/apps/creating-github-apps/setting-up-a-github-app/best-practices-for-creating-a-github-app). +{% ifversion fpt or ghec %} + +If you find another user's {% data variables.product.pat_generic %} exposed on {% data variables.product.github %} or elsewhere, you can submit a revocation request through the REST API. See [AUTOTITLE](/rest/credentials/revoke#revoke-a-list-of-credentials). + +{% endif %} + When using a {% data variables.product.pat_generic %} in a script, consider storing your token as a {% data variables.product.prodname_actions %} secret and running your script through {% data variables.product.prodname_actions %}.{% ifversion fpt or ghec %} You can also store your token as a Codespaces secret and run your script in Codespaces.{% endif %} For more information, see [AUTOTITLE](/actions/security-guides/encrypted-secrets){% ifversion fpt or ghec %} and [AUTOTITLE](/codespaces/managing-your-codespaces/managing-encrypted-secrets-for-your-codespaces){% endif %}. If none of these options are possible, you can store authentication credentials in a `.env` file. Make sure to encrypt your `.env` file, and never push it to any repository. diff --git a/content/rest/credentials/index.md b/content/rest/credentials/index.md new file mode 100644 index 000000000000..37f896f6757a --- /dev/null +++ b/content/rest/credentials/index.md @@ -0,0 +1,13 @@ +--- +title: Credentials +topics: + - API +autogenerated: rest +allowTitleToDifferFromFilename: true +children: + - /revoke +versions: + fpt: '*' + ghec: '*' +--- + diff --git a/content/rest/credentials/revoke.md b/content/rest/credentials/revoke.md new file mode 100644 index 000000000000..95189d73afbf --- /dev/null +++ b/content/rest/credentials/revoke.md @@ -0,0 +1,14 @@ +--- +title: Revocation +shortTitle: Revocation +intro: Use the REST API to revoke credentials that you have found exposed on {% data variables.product.github %} or elsewhere. +versions: # DO NOT MANUALLY EDIT. CHANGES WILL BE OVERWRITTEN BY A 🤖 + fpt: '*' + ghec: '*' +topics: + - API +autogenerated: rest +allowTitleToDifferFromFilename: true +--- + + diff --git a/content/rest/index.md b/content/rest/index.md index 023563063a23..9ff5868af144 100644 --- a/content/rest/index.md +++ b/content/rest/index.md @@ -56,6 +56,7 @@ children: - /collaborators - /commits - /copilot + - /credentials - /dependabot - /dependency-graph - /deploy-keys diff --git a/data/features/dependabot-arc-support.yml b/data/features/dependabot-arc-support.yml new file mode 100644 index 000000000000..355ae2fa3886 --- /dev/null +++ b/data/features/dependabot-arc-support.yml @@ -0,0 +1,7 @@ +# References: +# Issue #17954 - Dependabot adds ARC (Actions Runner Controller) support for security and version updates + +versions: + fpt: '*' + ghec: '*' + ghes: '>3.17' diff --git a/data/reusables/dependabot/arc-support-private-preview-note.md b/data/reusables/dependabot/arc-support-private-preview-note.md new file mode 100644 index 000000000000..be7ed78527af --- /dev/null +++ b/data/reusables/dependabot/arc-support-private-preview-note.md @@ -0,0 +1,2 @@ +> [!NOTE] +> ARC support for {% data variables.product.prodname_dependabot %} on {% data variables.product.prodname_actions %} is currently in {% data variables.release-phases.public_preview %} and subject to change. diff --git a/data/reusables/dependabot/vnet-arc-note.md b/data/reusables/dependabot/vnet-arc-note.md index 018c522fd960..2a56d5f812e3 100644 --- a/data/reusables/dependabot/vnet-arc-note.md +++ b/data/reusables/dependabot/vnet-arc-note.md @@ -1 +1,9 @@ +{% ifversion dependabot-arc-support %} + +> [!WARNING] Private networking is currently unsupported with an Azure Virtual Network (VNET) for {% data variables.product.prodname_dependabot %} on {% data variables.product.prodname_actions %}. By using VNET, you do so at your own risk, and {% data variables.product.github %} cannot currently support you if problems arise. Private networking is supported for the {% data variables.product.prodname_actions_runner_controller %}. See [AUTOTITLE](/code-security/dependabot/working-with-dependabot/setting-dependabot-to-run-on-self-hosted-runners-using-arc). + +{% else %} + > [!WARNING] Private networking is currently unsupported with either an Azure Virtual Network (VNET) or the Actions Runner Controller (ARC) for {% data variables.product.prodname_dependabot %} on {% data variables.product.prodname_actions %}. By using VNET or ARC, you do so at your own risk, and {% data variables.product.github %} cannot currently support you if problems arise. + +{% endif %} diff --git a/src/fixtures/tests/playwright-rendering.spec.ts b/src/fixtures/tests/playwright-rendering.spec.ts index 71de8784ed91..9e2d97616e90 100644 --- a/src/fixtures/tests/playwright-rendering.spec.ts +++ b/src/fixtures/tests/playwright-rendering.spec.ts @@ -79,7 +79,7 @@ test('open new search, and perform a general search', async ({ page }) => { window.overrideControlGroup('ai_search_experiment', 'treatment') }) - await page.getByTestId('search').click() + await page.locator('[data-testid="search"]:visible').click() await page.getByTestId('overlay-search-input').fill('serve playwright') // Wait for the results to load @@ -112,7 +112,7 @@ test('open new search, and select a general search article', async ({ page }) => window.overrideControlGroup('ai_search_experiment', 'treatment') }) - await page.getByTestId('search').click() + await page.locator('[data-testid="search"]:visible').click() await page.getByTestId('overlay-search-input').fill('serve playwright') // Let new suggestions load @@ -138,7 +138,7 @@ test('open new search, and get auto-complete results', async ({ page }) => { window.overrideControlGroup('ai_search_experiment', 'treatment') }) - await page.getByTestId('search').click() + await page.locator('[data-testid="search"]:visible').click() let listGroup = page.getByTestId('ai-autocomplete-suggestions') diff --git a/src/frame/components/page-header/Header.module.scss b/src/frame/components/page-header/Header.module.scss index 2624600b0994..9ff4a14c1c3e 100644 --- a/src/frame/components/page-header/Header.module.scss +++ b/src/frame/components/page-header/Header.module.scss @@ -41,3 +41,13 @@ display: none; } } + +.displayOverLarge { + display: none; + visibility: none; + + @include breakpoint(lg) { + display: flex !important; + visibility: visible !important; + } +} diff --git a/src/frame/components/page-header/Header.tsx b/src/frame/components/page-header/Header.tsx index 75be6b63a0ca..fb5bce71a4b0 100644 --- a/src/frame/components/page-header/Header.tsx +++ b/src/frame/components/page-header/Header.tsx @@ -14,14 +14,17 @@ import { Breadcrumbs } from 'src/frame/components/page-header/Breadcrumbs' import { VersionPicker } from 'src/versions/components/VersionPicker' import { SidebarNav } from 'src/frame/components/sidebar/SidebarNav' import { AllProductsLink } from 'src/frame/components/sidebar/AllProductsLink' - -import styles from './Header.module.scss' +import { SearchBarButton } from '@/search/components/input/SearchBarButton' import { OldHeaderSearchAndWidgets } from './OldHeaderSearchAndWidgets' import { HeaderSearchAndWidgets } from './HeaderSearchAndWidgets' import { useInnerWindowWidth } from './hooks/useInnerWindowWidth' import { EXPERIMENTS } from '@/events/components/experiments/experiments' import { useShouldShowExperiment } from '@/events/components/experiments/useShouldShowExperiment' import { useQueryParam } from '@/frame/components/hooks/useQueryParam' +import { useMultiQueryParams } from '@/search/components/hooks/useMultiQueryParams' +import { SearchOverlayContainer } from '@/search/components/input/SearchOverlayContainer' + +import styles from './Header.module.scss' export const Header = () => { const router = useRouter() @@ -34,6 +37,7 @@ export const Header = () => { 'search-overlay-open', true, ) + const { params, updateParams } = useMultiQueryParams() const [scroll, setScroll] = useState(false) const [isSidebarOpen, setIsSidebarOpen] = useState(false) const openSidebar = useCallback(() => setIsSidebarOpen(true), [isSidebarOpen]) @@ -45,8 +49,20 @@ export const Header = () => { const isEarlyAccessPage = currentProduct && currentProduct.id === 'early-access' const { width } = useInnerWindowWidth() const returnFocusRef = useRef(null) + const searchButtonRef = useRef(null) const showNewSearch = useShouldShowExperiment(EXPERIMENTS.ai_search_experiment) + let SearchButton: JSX.Element | null = ( + + ) + if (!showNewSearch) { + SearchButton = null + } useEffect(() => { function onScroll() { @@ -166,14 +182,16 @@ export const Header = () => { {t('github_docs')} -
+
+ {/* In larger viewports, we want to show the search bar next to the version picker */} +
{SearchButton}
{showNewSearch ? ( ) : ( @@ -246,6 +264,15 @@ export const Header = () => { )} + {showNewSearch && ( + + )} ) diff --git a/src/frame/components/page-header/HeaderSearchAndWidgets.module.scss b/src/frame/components/page-header/HeaderSearchAndWidgets.module.scss new file mode 100644 index 000000000000..4920eadd6e8f --- /dev/null +++ b/src/frame/components/page-header/HeaderSearchAndWidgets.module.scss @@ -0,0 +1,12 @@ +@import "@primer/css/support/variables/layout.scss"; +@import "@primer/css/support/mixins/layout.scss"; + +.displayUnderLarge { + display: flex; + visibility: visible; + + @include breakpoint(lg) { + display: none !important; + visibility: hidden !important; + } +} diff --git a/src/frame/components/page-header/HeaderSearchAndWidgets.tsx b/src/frame/components/page-header/HeaderSearchAndWidgets.tsx index 2f12548de6ac..296fcd90b177 100644 --- a/src/frame/components/page-header/HeaderSearchAndWidgets.tsx +++ b/src/frame/components/page-header/HeaderSearchAndWidgets.tsx @@ -10,19 +10,17 @@ import { VersionPicker } from '@/versions/components/VersionPicker' import { DEFAULT_VERSION, useVersion } from '@/versions/components/useVersion' import { useHasAccount } from '../hooks/useHasAccount' -import { SearchBarButton } from '@/search/components/input/SearchBarButton' -import { useBreakpoint } from '@/search/components/hooks/useBreakpoint' +import styles from './HeaderSearchAndWidgets.module.scss' type Props = { isSearchOpen: boolean - setIsSearchOpen: (value: boolean) => void width: number | null + SearchButton: JSX.Element | null } -export function HeaderSearchAndWidgets({ isSearchOpen, setIsSearchOpen, width }: Props) { +export function HeaderSearchAndWidgets({ width, isSearchOpen, SearchButton }: Props) { const { currentVersion } = useVersion() const { t } = useTranslation(['header']) - const isLarge = useBreakpoint('large') const { hasAccount } = useHasAccount() const signupCTAVisible = hasAccount === false && // don't show if `null` @@ -30,14 +28,8 @@ export function HeaderSearchAndWidgets({ isSearchOpen, setIsSearchOpen, width }: const showDomainNameEdit = currentVersion.startsWith('enterprise-server@') - const SearchButton = ( - - ) - return ( <> - {/* At larger & up widths we show the search as an input. This doesn't need to be grouped with the widgets */} - {isLarge ? SearchButton : null}
@@ -57,7 +49,7 @@ export function HeaderSearchAndWidgets({ isSearchOpen, setIsSearchOpen, width }: )} {/* Below large widths we show the search as a button which needs to be grouped with the widgets */} - {!isLarge ? SearchButton : null} +
{SearchButton}
{/* The ... navigation menu at medium and smaller widths */}
diff --git a/src/github-apps/data/fpt-2022-11-28/fine-grained-pat.json b/src/github-apps/data/fpt-2022-11-28/fine-grained-pat.json index b84783cddeee..1428cda1aa64 100644 --- a/src/github-apps/data/fpt-2022-11-28/fine-grained-pat.json +++ b/src/github-apps/data/fpt-2022-11-28/fine-grained-pat.json @@ -2171,6 +2171,14 @@ "requestPath": "/orgs/{org}/team/{team_slug}/copilot/metrics" } ], + "credentials": [ + { + "slug": "revoke-a-list-of-credentials", + "subcategory": "revoke", + "verb": "post", + "requestPath": "/credentials/revoke" + } + ], "dependabot": [ { "slug": "list-dependabot-alerts-for-an-organization", diff --git a/src/github-apps/data/fpt-2022-11-28/server-to-server-rest.json b/src/github-apps/data/fpt-2022-11-28/server-to-server-rest.json index a278f4a098dd..92ba9e964e5c 100644 --- a/src/github-apps/data/fpt-2022-11-28/server-to-server-rest.json +++ b/src/github-apps/data/fpt-2022-11-28/server-to-server-rest.json @@ -1905,6 +1905,14 @@ "requestPath": "/orgs/{org}/team/{team_slug}/copilot/metrics" } ], + "credentials": [ + { + "slug": "revoke-a-list-of-credentials", + "subcategory": "revoke", + "verb": "post", + "requestPath": "/credentials/revoke" + } + ], "dependabot": [ { "slug": "list-dependabot-alerts-for-an-organization", diff --git a/src/github-apps/data/fpt-2022-11-28/user-to-server-rest.json b/src/github-apps/data/fpt-2022-11-28/user-to-server-rest.json index b84783cddeee..1428cda1aa64 100644 --- a/src/github-apps/data/fpt-2022-11-28/user-to-server-rest.json +++ b/src/github-apps/data/fpt-2022-11-28/user-to-server-rest.json @@ -2171,6 +2171,14 @@ "requestPath": "/orgs/{org}/team/{team_slug}/copilot/metrics" } ], + "credentials": [ + { + "slug": "revoke-a-list-of-credentials", + "subcategory": "revoke", + "verb": "post", + "requestPath": "/credentials/revoke" + } + ], "dependabot": [ { "slug": "list-dependabot-alerts-for-an-organization", diff --git a/src/github-apps/data/ghec-2022-11-28/fine-grained-pat.json b/src/github-apps/data/ghec-2022-11-28/fine-grained-pat.json index fd6e89ba4d36..e0a5b7027530 100644 --- a/src/github-apps/data/ghec-2022-11-28/fine-grained-pat.json +++ b/src/github-apps/data/ghec-2022-11-28/fine-grained-pat.json @@ -2209,6 +2209,14 @@ "requestPath": "/orgs/{org}/team/{team_slug}/copilot/metrics" } ], + "credentials": [ + { + "slug": "revoke-a-list-of-credentials", + "subcategory": "revoke", + "verb": "post", + "requestPath": "/credentials/revoke" + } + ], "dependabot": [ { "slug": "list-dependabot-alerts-for-an-organization", diff --git a/src/github-apps/data/ghec-2022-11-28/server-to-server-rest.json b/src/github-apps/data/ghec-2022-11-28/server-to-server-rest.json index bf50fed338a0..27836fbacc22 100644 --- a/src/github-apps/data/ghec-2022-11-28/server-to-server-rest.json +++ b/src/github-apps/data/ghec-2022-11-28/server-to-server-rest.json @@ -1943,6 +1943,14 @@ "requestPath": "/orgs/{org}/team/{team_slug}/copilot/metrics" } ], + "credentials": [ + { + "slug": "revoke-a-list-of-credentials", + "subcategory": "revoke", + "verb": "post", + "requestPath": "/credentials/revoke" + } + ], "dependabot": [ { "slug": "list-dependabot-alerts-for-an-organization", diff --git a/src/github-apps/data/ghec-2022-11-28/user-to-server-rest.json b/src/github-apps/data/ghec-2022-11-28/user-to-server-rest.json index fd6e89ba4d36..e0a5b7027530 100644 --- a/src/github-apps/data/ghec-2022-11-28/user-to-server-rest.json +++ b/src/github-apps/data/ghec-2022-11-28/user-to-server-rest.json @@ -2209,6 +2209,14 @@ "requestPath": "/orgs/{org}/team/{team_slug}/copilot/metrics" } ], + "credentials": [ + { + "slug": "revoke-a-list-of-credentials", + "subcategory": "revoke", + "verb": "post", + "requestPath": "/credentials/revoke" + } + ], "dependabot": [ { "slug": "list-dependabot-alerts-for-an-organization", diff --git a/src/github-apps/lib/config.json b/src/github-apps/lib/config.json index 1d00060c528a..d5b0747c896b 100644 --- a/src/github-apps/lib/config.json +++ b/src/github-apps/lib/config.json @@ -60,5 +60,5 @@ "2022-11-28" ] }, - "sha": "8af3e59120fdf6294e2d385bdae74b39fa824da5" + "sha": "e7a314cf1c452fbcf55e3be650f1bb7363cad424" } \ No newline at end of file diff --git a/src/rest/data/fpt-2022-11-28/schema.json b/src/rest/data/fpt-2022-11-28/schema.json index b5ef6363e95b..3f796952b247 100644 --- a/src/rest/data/fpt-2022-11-28/schema.json +++ b/src/rest/data/fpt-2022-11-28/schema.json @@ -243374,6 +243374,76 @@ } ] }, + "credentials": { + "revoke": [ + { + "serverUrl": "https://api.github.com", + "verb": "post", + "requestPath": "/credentials/revoke", + "title": "Revoke a list of credentials", + "category": "credentials", + "subcategory": "revoke", + "parameters": [], + "bodyParameters": [ + { + "type": "array of strings", + "name": "credentials", + "in": "body", + "description": "

A list of credentials to be revoked, up to 1000 per request.

", + "isRequired": true + } + ], + "progAccess": { + "userToServerRest": true, + "serverToServer": true, + "fineGrainedPat": true, + "permissions": [], + "allowPermissionlessAccess": true + }, + "codeExamples": [ + { + "key": "default", + "request": { + "contentType": "application/json", + "description": "Example", + "acceptHeader": "application/vnd.github.v3+json", + "bodyParameters": { + "credentials": [ + "ghp_1234567890abcdef1234567890abcdef12345678", + "ghp_abcdef1234567890abcdef1234567890abcdef12" + ] + } + }, + "response": { + "statusCode": "202", + "contentType": "application/json", + "description": "

Accepted

", + "example": null, + "schema": { + "type": "object" + } + } + } + ], + "previews": [], + "descriptionHTML": "

Submit a list of credentials to be revoked. This endpoint is intended to revoke credentials the caller does not own and may have found exposed on GitHub.com or elsewhere. It can also be used for credentials associated with an old user account that you no longer have access to. Credential owners will be notified of the revocation.

\n

This endpoint currently accepts the following credential types:

\n
    \n
  • Personal access tokens (classic)
    • \n
  • Fine-grained personal access tokens
    • \n
\n

Revoked credentials may impact users on GitHub Free, Pro, & Team and GitHub Enterprise Cloud, and GitHub Enterprise Cloud with Enterprise Managed Users.\nGitHub cannot reactivate any credentials that have been revoked; new credentials will need to be generated.

\n

To prevent abuse, this API is limited to only 60 unauthenticated requests per hour and a max of 1000 tokens per API request.

\n

Note

\n

\nAny authenticated requests will return a 403.

\n
", + "statusCodes": [ + { + "httpStatusCode": "202", + "description": "

Accepted

" + }, + { + "httpStatusCode": "422", + "description": "

Validation failed, or the endpoint has been spammed.

" + }, + { + "httpStatusCode": "500", + "description": "

Internal Error

" + } + ] + } + ] + }, "dependabot": { "alerts": [ { @@ -397864,13 +397934,14 @@ }, { "name": "filter", - "description": "

Filter members returned in the list. 2fa_disabled means that only members without two-factor authentication enabled will be returned. This options is only available for organization owners.

", + "description": "

Filter members returned in the list. 2fa_disabled means that only members without two-factor authentication enabled will be returned. 2fa_insecure means that only members with insecure 2FA methods will be returned. These options are only available for organization owners.

", "in": "query", "required": false, "schema": { "type": "string", "enum": [ "2fa_disabled", + "2fa_insecure", "all" ], "default": "all" @@ -403906,13 +403977,14 @@ }, { "name": "filter", - "description": "

Filter the list of outside collaborators. 2fa_disabled means that only outside collaborators without two-factor authentication enabled will be returned.

", + "description": "

Filter the list of outside collaborators. 2fa_disabled means that only outside collaborators without two-factor authentication enabled will be returned. 2fa_insecure means that only outside collaborators with insecure 2FA methods will be returned.

", "in": "query", "required": false, "schema": { "type": "string", "enum": [ "2fa_disabled", + "2fa_insecure", "all" ], "default": "all" diff --git a/src/rest/data/ghec-2022-11-28/schema.json b/src/rest/data/ghec-2022-11-28/schema.json index 56cecd50d9b0..afcd22afbd6a 100644 --- a/src/rest/data/ghec-2022-11-28/schema.json +++ b/src/rest/data/ghec-2022-11-28/schema.json @@ -256694,6 +256694,76 @@ } ] }, + "credentials": { + "revoke": [ + { + "serverUrl": "https://api.github.com", + "verb": "post", + "requestPath": "/credentials/revoke", + "title": "Revoke a list of credentials", + "category": "credentials", + "subcategory": "revoke", + "parameters": [], + "bodyParameters": [ + { + "type": "array of strings", + "name": "credentials", + "in": "body", + "description": "

A list of credentials to be revoked, up to 1000 per request.

", + "isRequired": true + } + ], + "progAccess": { + "userToServerRest": true, + "serverToServer": true, + "fineGrainedPat": true, + "permissions": [], + "allowPermissionlessAccess": true + }, + "codeExamples": [ + { + "key": "default", + "request": { + "contentType": "application/json", + "description": "Example", + "acceptHeader": "application/vnd.github.v3+json", + "bodyParameters": { + "credentials": [ + "ghp_1234567890abcdef1234567890abcdef12345678", + "ghp_abcdef1234567890abcdef1234567890abcdef12" + ] + } + }, + "response": { + "statusCode": "202", + "contentType": "application/json", + "description": "

Accepted

", + "example": null, + "schema": { + "type": "object" + } + } + } + ], + "previews": [], + "descriptionHTML": "

Submit a list of credentials to be revoked. This endpoint is intended to revoke credentials the caller does not own and may have found exposed on GitHub.com or elsewhere. It can also be used for credentials associated with an old user account that you no longer have access to. Credential owners will be notified of the revocation.

\n

This endpoint currently accepts the following credential types:

\n
    \n
  • Personal access tokens (classic)
    • \n
  • Fine-grained personal access tokens
    • \n
\n

Revoked credentials may impact users on GitHub Free, Pro, & Team and GitHub Enterprise Cloud, and GitHub Enterprise Cloud with Enterprise Managed Users.\nGitHub cannot reactivate any credentials that have been revoked; new credentials will need to be generated.

\n

To prevent abuse, this API is limited to only 60 unauthenticated requests per hour and a max of 1000 tokens per API request.

\n

Note

\n

\nAny authenticated requests will return a 403.

\n
", + "statusCodes": [ + { + "httpStatusCode": "202", + "description": "

Accepted

" + }, + { + "httpStatusCode": "422", + "description": "

Validation failed, or the endpoint has been spammed.

" + }, + { + "httpStatusCode": "500", + "description": "

Internal Error

" + } + ] + } + ] + }, "dependabot": { "alerts": [ { @@ -434268,13 +434338,14 @@ }, { "name": "filter", - "description": "

Filter members returned in the list. 2fa_disabled means that only members without two-factor authentication enabled will be returned. This options is only available for organization owners.

", + "description": "

Filter members returned in the list. 2fa_disabled means that only members without two-factor authentication enabled will be returned. 2fa_insecure means that only members with insecure 2FA methods will be returned. These options are only available for organization owners.

", "in": "query", "required": false, "schema": { "type": "string", "enum": [ "2fa_disabled", + "2fa_insecure", "all" ], "default": "all" @@ -441249,13 +441320,14 @@ }, { "name": "filter", - "description": "

Filter the list of outside collaborators. 2fa_disabled means that only outside collaborators without two-factor authentication enabled will be returned.

", + "description": "

Filter the list of outside collaborators. 2fa_disabled means that only outside collaborators without two-factor authentication enabled will be returned. 2fa_insecure means that only outside collaborators with insecure 2FA methods will be returned.

", "in": "query", "required": false, "schema": { "type": "string", "enum": [ "2fa_disabled", + "2fa_insecure", "all" ], "default": "all" @@ -609336,7 +609408,8 @@ "data": [ { "secret_type": "adafruit_io_key", - "alert_number": 17 + "alert_number": 17, + "reason": "false_positive" } ], "resource_identifier": 17, @@ -609482,6 +609555,16 @@ "alert_number": { "type": "string", "description": "The number of the secret scanning alert that was detected." + }, + "reason": { + "type": "string", + "description": "The reason the user provided for requesting the dismissal.", + "enum": [ + "fixed_later", + "false_positive", + "tests", + "revoked" + ] } } } @@ -609755,7 +609838,8 @@ "data": [ { "secret_type": "adafruit_io_key", - "alert_number": 17 + "alert_number": 17, + "reason": "false_positive" } ], "resource_identifier": 17, @@ -609901,6 +609985,16 @@ "alert_number": { "type": "string", "description": "The number of the secret scanning alert that was detected." + }, + "reason": { + "type": "string", + "description": "The reason the user provided for requesting the dismissal.", + "enum": [ + "fixed_later", + "false_positive", + "tests", + "revoked" + ] } } } @@ -610112,7 +610206,8 @@ "data": [ { "secret_type": "adafruit_io_key", - "alert_number": 17 + "alert_number": 17, + "reason": "false_positive" } ], "resource_identifier": 17, @@ -610213,6 +610308,16 @@ "alert_number": { "type": "string", "description": "The number of the secret scanning alert that was detected." + }, + "reason": { + "type": "string", + "description": "The reason the user provided for requesting the dismissal.", + "enum": [ + "fixed_later", + "false_positive", + "tests", + "revoked" + ] } } } diff --git a/src/rest/data/ghes-3.12-2022-11-28/schema.json b/src/rest/data/ghes-3.12-2022-11-28/schema.json index 52d1362b6697..423446f67fc9 100644 --- a/src/rest/data/ghes-3.12-2022-11-28/schema.json +++ b/src/rest/data/ghes-3.12-2022-11-28/schema.json @@ -340183,13 +340183,14 @@ }, { "name": "filter", - "description": "

Filter members returned in the list. 2fa_disabled means that only members without two-factor authentication enabled will be returned. This options is only available for organization owners.

", + "description": "

Filter members returned in the list. 2fa_disabled means that only members without two-factor authentication enabled will be returned. 2fa_insecure means that only members with insecure 2FA methods will be returned. These options are only available for organization owners.

", "in": "query", "required": false, "schema": { "type": "string", "enum": [ "2fa_disabled", + "2fa_insecure", "all" ], "default": "all" @@ -343490,13 +343491,14 @@ }, { "name": "filter", - "description": "

Filter the list of outside collaborators. 2fa_disabled means that only outside collaborators without two-factor authentication enabled will be returned.

", + "description": "

Filter the list of outside collaborators. 2fa_disabled means that only outside collaborators without two-factor authentication enabled will be returned. 2fa_insecure means that only outside collaborators with insecure 2FA methods will be returned.

", "in": "query", "required": false, "schema": { "type": "string", "enum": [ "2fa_disabled", + "2fa_insecure", "all" ], "default": "all" diff --git a/src/rest/data/ghes-3.13-2022-11-28/schema.json b/src/rest/data/ghes-3.13-2022-11-28/schema.json index 5dca57af5a2b..290538c6c1a7 100644 --- a/src/rest/data/ghes-3.13-2022-11-28/schema.json +++ b/src/rest/data/ghes-3.13-2022-11-28/schema.json @@ -341762,13 +341762,14 @@ }, { "name": "filter", - "description": "

Filter members returned in the list. 2fa_disabled means that only members without two-factor authentication enabled will be returned. This options is only available for organization owners.

", + "description": "

Filter members returned in the list. 2fa_disabled means that only members without two-factor authentication enabled will be returned. 2fa_insecure means that only members with insecure 2FA methods will be returned. These options are only available for organization owners.

", "in": "query", "required": false, "schema": { "type": "string", "enum": [ "2fa_disabled", + "2fa_insecure", "all" ], "default": "all" @@ -345069,13 +345070,14 @@ }, { "name": "filter", - "description": "

Filter the list of outside collaborators. 2fa_disabled means that only outside collaborators without two-factor authentication enabled will be returned.

", + "description": "

Filter the list of outside collaborators. 2fa_disabled means that only outside collaborators without two-factor authentication enabled will be returned. 2fa_insecure means that only outside collaborators with insecure 2FA methods will be returned.

", "in": "query", "required": false, "schema": { "type": "string", "enum": [ "2fa_disabled", + "2fa_insecure", "all" ], "default": "all" diff --git a/src/rest/data/ghes-3.14-2022-11-28/schema.json b/src/rest/data/ghes-3.14-2022-11-28/schema.json index 3a6df351420e..1cb18cb24aeb 100644 --- a/src/rest/data/ghes-3.14-2022-11-28/schema.json +++ b/src/rest/data/ghes-3.14-2022-11-28/schema.json @@ -341774,13 +341774,14 @@ }, { "name": "filter", - "description": "

Filter members returned in the list. 2fa_disabled means that only members without two-factor authentication enabled will be returned. This options is only available for organization owners.

", + "description": "

Filter members returned in the list. 2fa_disabled means that only members without two-factor authentication enabled will be returned. 2fa_insecure means that only members with insecure 2FA methods will be returned. These options are only available for organization owners.

", "in": "query", "required": false, "schema": { "type": "string", "enum": [ "2fa_disabled", + "2fa_insecure", "all" ], "default": "all" @@ -347926,13 +347927,14 @@ }, { "name": "filter", - "description": "

Filter the list of outside collaborators. 2fa_disabled means that only outside collaborators without two-factor authentication enabled will be returned.

", + "description": "

Filter the list of outside collaborators. 2fa_disabled means that only outside collaborators without two-factor authentication enabled will be returned. 2fa_insecure means that only outside collaborators with insecure 2FA methods will be returned.

", "in": "query", "required": false, "schema": { "type": "string", "enum": [ "2fa_disabled", + "2fa_insecure", "all" ], "default": "all" diff --git a/src/rest/data/ghes-3.15-2022-11-28/schema.json b/src/rest/data/ghes-3.15-2022-11-28/schema.json index edd1e0e0de65..e75a5d670f7e 100644 --- a/src/rest/data/ghes-3.15-2022-11-28/schema.json +++ b/src/rest/data/ghes-3.15-2022-11-28/schema.json @@ -345103,13 +345103,14 @@ }, { "name": "filter", - "description": "

Filter members returned in the list. 2fa_disabled means that only members without two-factor authentication enabled will be returned. This options is only available for organization owners.

", + "description": "

Filter members returned in the list. 2fa_disabled means that only members without two-factor authentication enabled will be returned. 2fa_insecure means that only members with insecure 2FA methods will be returned. These options are only available for organization owners.

", "in": "query", "required": false, "schema": { "type": "string", "enum": [ "2fa_disabled", + "2fa_insecure", "all" ], "default": "all" @@ -351282,13 +351283,14 @@ }, { "name": "filter", - "description": "

Filter the list of outside collaborators. 2fa_disabled means that only outside collaborators without two-factor authentication enabled will be returned.

", + "description": "

Filter the list of outside collaborators. 2fa_disabled means that only outside collaborators without two-factor authentication enabled will be returned. 2fa_insecure means that only outside collaborators with insecure 2FA methods will be returned.

", "in": "query", "required": false, "schema": { "type": "string", "enum": [ "2fa_disabled", + "2fa_insecure", "all" ], "default": "all" diff --git a/src/rest/data/ghes-3.16-2022-11-28/schema.json b/src/rest/data/ghes-3.16-2022-11-28/schema.json index a15af2bd8a83..7d5645d6362e 100644 --- a/src/rest/data/ghes-3.16-2022-11-28/schema.json +++ b/src/rest/data/ghes-3.16-2022-11-28/schema.json @@ -350428,13 +350428,14 @@ }, { "name": "filter", - "description": "

Filter members returned in the list. 2fa_disabled means that only members without two-factor authentication enabled will be returned. This options is only available for organization owners.

", + "description": "

Filter members returned in the list. 2fa_disabled means that only members without two-factor authentication enabled will be returned. 2fa_insecure means that only members with insecure 2FA methods will be returned. These options are only available for organization owners.

", "in": "query", "required": false, "schema": { "type": "string", "enum": [ "2fa_disabled", + "2fa_insecure", "all" ], "default": "all" @@ -356607,13 +356608,14 @@ }, { "name": "filter", - "description": "

Filter the list of outside collaborators. 2fa_disabled means that only outside collaborators without two-factor authentication enabled will be returned.

", + "description": "

Filter the list of outside collaborators. 2fa_disabled means that only outside collaborators without two-factor authentication enabled will be returned. 2fa_insecure means that only outside collaborators with insecure 2FA methods will be returned.

", "in": "query", "required": false, "schema": { "type": "string", "enum": [ "2fa_disabled", + "2fa_insecure", "all" ], "default": "all" diff --git a/src/rest/lib/config.json b/src/rest/lib/config.json index 0c0ac931a76f..7115f6f9dbf1 100644 --- a/src/rest/lib/config.json +++ b/src/rest/lib/config.json @@ -47,5 +47,5 @@ ] } }, - "sha": "8af3e59120fdf6294e2d385bdae74b39fa824da5" + "sha": "e7a314cf1c452fbcf55e3be650f1bb7363cad424" } \ No newline at end of file diff --git a/src/search/components/input/SearchBarButton.tsx b/src/search/components/input/SearchBarButton.tsx index 9e89d7148dfe..b689db25932c 100644 --- a/src/search/components/input/SearchBarButton.tsx +++ b/src/search/components/input/SearchBarButton.tsx @@ -1,27 +1,23 @@ -import { useRef } from 'react' import cx from 'classnames' import { IconButton } from '@primer/react' import { CopilotIcon, SearchIcon } from '@primer/octicons-react' import { useTranslation } from 'src/languages/components/useTranslation' -import { SearchOverlay } from './SearchOverlay' import styles from './SearchBarButton.module.scss' -import { useMultiQueryParams } from '../hooks/useMultiQueryParams' +import { QueryParams } from '../hooks/useMultiQueryParams' type Props = { isSearchOpen: boolean setIsSearchOpen: (value: boolean) => void + params: QueryParams + searchButtonRef: React.RefObject } -export function SearchBarButton({ isSearchOpen, setIsSearchOpen }: Props) { +export function SearchBarButton({ isSearchOpen, setIsSearchOpen, params, searchButtonRef }: Props) { const { t } = useTranslation('search') - const { params, updateParams } = useMultiQueryParams() const urlSearchInputQuery = params['search-overlay-input'] - const debug = params.debug === 'true' - - const buttonRef = useRef(null) // Handle click events const handleClick = (e: React.MouseEvent) => { @@ -60,7 +56,7 @@ export function SearchBarButton({ isSearchOpen, setIsSearchOpen }: Props) { {/* On mobile only the IconButton is shown */} {/* Styled to look like an input */}
- ) : ( - { - setIsSearchOpen(false) - }} - /> - )} + ) : null} ) } diff --git a/src/search/components/input/SearchOverlayContainer.tsx b/src/search/components/input/SearchOverlayContainer.tsx new file mode 100644 index 000000000000..103ee815d8fb --- /dev/null +++ b/src/search/components/input/SearchOverlayContainer.tsx @@ -0,0 +1,37 @@ +import { SearchOverlay } from './SearchOverlay' +import { QueryParams } from '../hooks/useMultiQueryParams' + +type Props = { + isSearchOpen: boolean + setIsSearchOpen: (value: boolean) => void + params: QueryParams + updateParams: (updates: Partial) => void + searchButtonRef: React.RefObject +} + +export function SearchOverlayContainer({ + isSearchOpen, + setIsSearchOpen, + params, + updateParams, + searchButtonRef, +}: Props) { + const debug = params.debug === 'true' + + if (isSearchOpen) { + return ( + { + setIsSearchOpen(false) + }} + /> + ) + } + + return null +} diff --git a/src/secret-scanning/data/public-docs.yml b/src/secret-scanning/data/public-docs.yml index 1e808c4abf83..bccaa5bda5ec 100644 --- a/src/secret-scanning/data/public-docs.yml +++ b/src/secret-scanning/data/public-docs.yml @@ -742,6 +742,17 @@ hasPushProtection: true hasValidityCheck: false isduplicate: false +- provider: Block Protocol + supportedSecret: Block Protocol API Key + secretType: block_protocol_api_key + versions: + fpt: '*' + ghec: '*' + isPublic: false + isPrivateWithGhas: true + hasPushProtection: false + hasValidityCheck: false + isduplicate: false - provider: Brevo supportedSecret: Sendinblue API Key secretType: sendinblue_api_key @@ -1074,6 +1085,17 @@ hasPushProtection: false hasValidityCheck: false isduplicate: false +- provider: Datadog + supportedSecret: Datadog RCM + secretType: datadog_rcm + versions: + fpt: '*' + ghec: '*' + isPublic: false + isPrivateWithGhas: true + hasPushProtection: false + hasValidityCheck: false + isduplicate: false - provider: Datastax supportedSecret: Datastax AstraCS Tokens secretType: datastax_astracs_token @@ -1206,6 +1228,28 @@ hasPushProtection: true hasValidityCheck: false isduplicate: false +- provider: Docker + supportedSecret: Docker Swarm Join Token + secretType: docker_swarm_join_token + versions: + fpt: '*' + ghec: '*' + isPublic: false + isPrivateWithGhas: true + hasPushProtection: false + hasValidityCheck: false + isduplicate: false +- provider: Docker + supportedSecret: Docker Swarm Unlock Key + secretType: docker_swarm_unlock_key + versions: + fpt: '*' + ghec: '*' + isPublic: false + isPrivateWithGhas: true + hasPushProtection: false + hasValidityCheck: false + isduplicate: false - provider: Doppler supportedSecret: Doppler Audit Token secretType: doppler_audit_token @@ -1834,6 +1878,17 @@ hasPushProtection: true hasValidityCheck: false isduplicate: false +- provider: Heroku + supportedSecret: Heroku Postgres Connection URL + secretType: heroku_postgres_connection_url + versions: + fpt: '*' + ghec: '*' + isPublic: false + isPrivateWithGhas: true + hasPushProtection: false + hasValidityCheck: false + isduplicate: false - provider: Highnote supportedSecret: Highnote RK Live Key secretType: highnote_rk_live_key diff --git a/src/secret-scanning/lib/config.json b/src/secret-scanning/lib/config.json index 4730e4e20cf7..cc8f82160c0e 100644 --- a/src/secret-scanning/lib/config.json +++ b/src/secret-scanning/lib/config.json @@ -1,5 +1,5 @@ { - "sha": "a9dfd88ea981d4183fb5e8f771e9940baa7a98d3", - "blob-sha": "c94c1e5db1a71673aad3accda99d5a57fe6a9db0", + "sha": "307ded83c57bdf8aa8fa08c9cbfe674bc3100f8f", + "blob-sha": "fa2687dc06b5613280cb25759c73ee7f9d7c6c48", "targetFilename": "code-security/secret-scanning/introduction/supported-secret-scanning-patterns" } \ No newline at end of file diff --git a/src/webhooks/lib/config.json b/src/webhooks/lib/config.json index 474f52a0079f..0a1f08e17263 100644 --- a/src/webhooks/lib/config.json +++ b/src/webhooks/lib/config.json @@ -1,3 +1,3 @@ { - "sha": "8af3e59120fdf6294e2d385bdae74b39fa824da5" + "sha": "e7a314cf1c452fbcf55e3be650f1bb7363cad424" } \ No newline at end of file