pingcap · ti-chi-bot · Aug 3, 2023 · Aug 1, 2023 · Aug 3, 2023
diff --git a/dashboard/dashboard-ops-reverse-proxy.md b/dashboard/dashboard-ops-reverse-proxy.md
@@ -195,9 +195,9 @@ For a deployed cluster:
 
     {{< copyable "shell-regular" >}}
 
-   ```shell
-   tiup cluster reload CLUSTER_NAME -R pd
-   ```
+    ```shell
+    tiup cluster reload CLUSTER_NAME -R pd
+    ```
 
 See [Common TiUP Operations - Modify the configuration](/maintain-tidb-using-tiup.md#modify-the-configuration) for details.
 

diff --git a/dashboard/dashboard-session-sso.md b/dashboard/dashboard-session-sso.md
@@ -19,28 +19,28 @@ TiDB Dashboard supports [OIDC](https://openid.net/connect/)-based Single Sign-On
 
 4. Fill the **OIDC Client ID** and the **OIDC Discovery URL** fields in the form.
 
-   Generally, you can obtain the two fields from the SSO service provider:
+    Generally, you can obtain the two fields from the SSO service provider:
 
-   - OIDC Client ID is also called OIDC Token Issuer.
-   - OIDC Discovery URL is also called OIDC Token Audience.
+    - OIDC Client ID is also called OIDC Token Issuer.
+    - OIDC Discovery URL is also called OIDC Token Audience.
 
 5. Click **Authorize Impersonation** and input the SQL password.
 
-   TiDB Dashboard will store this SQL password and use it to impersonate a normal SQL sign-in after an SSO sign-in is finished.
+    TiDB Dashboard will store this SQL password and use it to impersonate a normal SQL sign-in after an SSO sign-in is finished.
 
-   ![Sample Step](/media/dashboard/dashboard-session-sso-enable-1.png)
+    ![Sample Step](/media/dashboard/dashboard-session-sso-enable-1.png)
 
-   > **Note:**
-   >
-   > The password you have entered will be encrypted and stored. The SSO sign-in will fail after the password of the SQL user is changed. In this case, you can re-enter the password to bring SSO back.
+    > **Note:**
+    >
+    > The password you have entered will be encrypted and stored. The SSO sign-in will fail after the password of the SQL user is changed. In this case, you can re-enter the password to bring SSO back.
 
 6. Click **Authorize and Save**.
 
-   ![Sample Step](/media/dashboard/dashboard-session-sso-enable-2.png)
+    ![Sample Step](/media/dashboard/dashboard-session-sso-enable-2.png)
 
 7. Click **Update** (Update) to save the configuration.
 
-   ![Sample Step](/media/dashboard/dashboard-session-sso-enable-3.png)
+    ![Sample Step](/media/dashboard/dashboard-session-sso-enable-3.png)
 
 Now SSO sign-in has been enabled for TiDB Dashboard.
 
@@ -60,7 +60,7 @@ You can disable the SSO, which will completely erase the stored SQL password:
 
 4. Click **Update** (Update) to save the configuration.
 
-   ![Sample Step](/media/dashboard/dashboard-session-sso-disable.png)
+    ![Sample Step](/media/dashboard/dashboard-session-sso-disable.png)
 
 ### Re-enter the password after a password change
 
@@ -72,7 +72,7 @@ The SSO sign-in will fail once the password of the SQL user is changed. In this
 
 3. In the **Single Sign-On** section, Click **Authorize Impersonation** and input the updated SQL password.
 
-   ![Sample Step](/media/dashboard/dashboard-session-sso-reauthorize.png)
+    ![Sample Step](/media/dashboard/dashboard-session-sso-reauthorize.png)
 
 4. Click **Authorize and Save**.
 
@@ -82,7 +82,7 @@ Once SSO is configured for TiDB Dashboard, you can sign in via SSO by taking fol
 
 1. In the sign-in page of TiDB Dashboard, click **Sign in via Company Account**.
 
-   ![Sample Step](/media/dashboard/dashboard-session-sso-signin.png)
+    ![Sample Step](/media/dashboard/dashboard-session-sso-signin.png)
 
 2. Sign into the system with SSO service configured.
 
@@ -102,51 +102,51 @@ First, create an Okta Application Integration to integrate SSO.
 
 3. Click **Create App Integration**.
 
-   ![Sample Step](/media/dashboard/dashboard-session-sso-okta-1.png)
+    ![Sample Step](/media/dashboard/dashboard-session-sso-okta-1.png)
 
 4. In the poped up dialog, choose **OIDC - OpenID Connect** in **Sign-in method**.
 
 5. Choose **Single-Page Application** in **Application Type**.
 
 6. Click the **Next** button.
 
-   ![Sample Step](/media/dashboard/dashboard-session-sso-okta-2.png)
+    ![Sample Step](/media/dashboard/dashboard-session-sso-okta-2.png)
 
 7. Fill **Sign-in redirect URIs** as follows:
 
-   ```
-   http://DASHBOARD_IP:PORT/dashboard/?sso_callback=1
-   ```
+    ```
+    http://DASHBOARD_IP:PORT/dashboard/?sso_callback=1
+    ```
 
-   Substitute `DASHBOARD_IP:PORT` with the actual domain (or IP address) and port that you use to access the TiDB Dashboard in the browser.
+    Substitute `DASHBOARD_IP:PORT` with the actual domain (or IP address) and port that you use to access the TiDB Dashboard in the browser.
 
 8. Fill **Sign-out redirect URIs** as follows:
 
-   ```
-   http://DASHBOARD_IP:PORT/dashboard/
-   ```
+    ```
+    http://DASHBOARD_IP:PORT/dashboard/
+    ```
 
-   Similarly, substitute `DASHBOARD_IP:PORT` with the actual domain (or IP address) and port.
+    Similarly, substitute `DASHBOARD_IP:PORT` with the actual domain (or IP address) and port.
 
-   ![Sample Step](/media/dashboard/dashboard-session-sso-okta-3.png)
+    ![Sample Step](/media/dashboard/dashboard-session-sso-okta-3.png)
 
 9. Configure what type of users in your organization is allowed for SSO sign-in in the **Assignments** field, and then click **Save** to save the configuration.
 
-   ![Sample Step](/media/dashboard/dashboard-session-sso-okta-4.png)
+    ![Sample Step](/media/dashboard/dashboard-session-sso-okta-4.png)
 
 ### Step 2: Obtain OIDC information and fill in TiDB Dashboard
 
 1. In the Application Integration just created in Okta, click **Sign On**.
 
-   ![Sample Step 1](/media/dashboard/dashboard-session-sso-okta-info-1.png)
+    ![Sample Step 1](/media/dashboard/dashboard-session-sso-okta-info-1.png)
 
 2. Copy values of the **Issuer** and **Audience** fields from the **OpenID Connect ID Token** section.
 
-   ![Sample Step 2](/media/dashboard/dashboard-session-sso-okta-info-2.png)
+    ![Sample Step 2](/media/dashboard/dashboard-session-sso-okta-info-2.png)
 
 3. Open the TiDB Dashboard configuration page, fill **OIDC Client ID** with **Issuer** obtained from the last step and fill **OIDC Discovery URL** with **Audience**. Then finish the authorization and save the configuration. For example:
 
-   ![Sample Step 3](/media/dashboard/dashboard-session-sso-okta-info-3.png)
+    ![Sample Step 3](/media/dashboard/dashboard-session-sso-okta-info-3.png)
 
 Now TiDB Dashboard has been configured to use Okta SSO for sign-in.
 
@@ -160,33 +160,33 @@ Similar to Okta, [Auth0](https://auth0.com/) also provides OIDC SSO identity ser
 
 2. Navigate on the left sidebar **Applications** > **Applications**.
 
-3. Click **Create App Integration**. 
+3. Click **Create App Integration**.
 
-   ![Create Application](/media/dashboard/dashboard-session-sso-auth0-create-app.png)
+    ![Create Application](/media/dashboard/dashboard-session-sso-auth0-create-app.png)
 
     In the popped-up dialog, fill **Name**, for example, "TiDB Dashboard". Choose **Single Page Web Applications** in **Choose an application type**. Click **Create**.
 
 4. Click **Settings**.
 
-   ![Settings](/media/dashboard/dashboard-session-sso-auth0-settings-1.png)
+    ![Settings](/media/dashboard/dashboard-session-sso-auth0-settings-1.png)
 
 5. Fill **Allowed Callback URLs** as follows:
 
-   ```
-   http://DASHBOARD_IP:PORT/dashboard/?sso_callback=1
-   ```
+    ```
+    http://DASHBOARD_IP:PORT/dashboard/?sso_callback=1
+    ```
 
-   Replace `DASHBOARD_IP:PORT` with the actual domain (or IP address) and port that you use to access the TiDB Dashboard in your browser.
+    Replace `DASHBOARD_IP:PORT` with the actual domain (or IP address) and port that you use to access the TiDB Dashboard in your browser.
 
 6. Fill **Allowed Logout URLs** as follows:
 
-   ```
-   http://DASHBOARD_IP:PORT/dashboard/
+    ```
+    http://DASHBOARD_IP:PORT/dashboard/
     ```
 
-   Similarly, replace `DASHBOARD_IP:PORT` with the actual domain (or IP address) and port.
+    Similarly, replace `DASHBOARD_IP:PORT` with the actual domain (or IP address) and port.
 
-   ![Settings](/media/dashboard/dashboard-session-sso-auth0-settings-2.png)
+    ![Settings](/media/dashboard/dashboard-session-sso-auth0-settings-2.png)
 
 7. Keep the default values for other settings and click **Save Changes**.
 
@@ -196,7 +196,7 @@ Similar to Okta, [Auth0](https://auth0.com/) also provides OIDC SSO identity ser
 
 2. Fill **OIDC Discovery URL** with the **Domain** field value prefixed with `https://` and suffixed with `/`, for example, `https://example.us.auth0.com/`. Complete authorization and save the configuration.
 
-   ![Settings](/media/dashboard/dashboard-session-sso-auth0-settings-3.png)
+    ![Settings](/media/dashboard/dashboard-session-sso-auth0-settings-3.png)
 
 Now TiDB Dashboard has been configured to use Auth0 SSO for sign-in.
 
@@ -211,19 +211,19 @@ Now TiDB Dashboard has been configured to use Auth0 SSO for sign-in.
 2. Navigate from the top sidebar **Applications**.
 
 3. Click **Applications - Add**.
-   ![Settings](/media/dashboard/dashboard-session-sso-casdoor-settings-1.png)
+    ![Settings](/media/dashboard/dashboard-session-sso-casdoor-settings-1.png)
 
 4. Fill **Name** and **Display name**, for example, **TiDB Dashboard**.
 
 5. Add **Redirect URLs** as follows:
 
-   ```
-   http://DASHBOARD_IP:PORT/dashboard/?sso_callback=1
-   ```
+    ```
+    http://DASHBOARD_IP:PORT/dashboard/?sso_callback=1
+    ```
+
+    Replace `DASHBOARD_IP:PORT` with the actual domain (or IP address) and port that you use to access the TiDB Dashboard in your browser.
 
-   Replace `DASHBOARD_IP:PORT` with the actual domain (or IP address) and port that you use to access the TiDB Dashboard in your browser.
-
-   ![Settings](/media/dashboard/dashboard-session-sso-casdoor-settings-2.png)
+    ![Settings](/media/dashboard/dashboard-session-sso-casdoor-settings-2.png)
 
 6. Keep the default values for other settings and click **Save & Exit**.
 
@@ -235,6 +235,6 @@ Now TiDB Dashboard has been configured to use Auth0 SSO for sign-in.
 
 2. Fill **OIDC Discovery URL** with the **Domain** field value prefixed with `https://` and suffixed with `/`, for example, `https://casdoor.example.com/`. Complete authorization and save the configuration.
 
-      ![Settings](/media/dashboard/dashboard-session-sso-casdoor-settings-3.png)
+    ![Settings](/media/dashboard/dashboard-session-sso-casdoor-settings-3.png)
 
 Now TiDB Dashboard has been configured to use Casdoor SSO for sign-in.
diff --git a/develop/dev-guide-unstable-result-set.md b/develop/dev-guide-unstable-result-set.md
@@ -70,25 +70,25 @@ Then two values that match this SQL are returned.
 
 The first returned value:
 
-   ```sql
-   +------------+--------------+------------------------+
-   | class      | stuname      | max( `b`.`courscore` ) |
-   +------------+--------------+------------------------+
-   | 2018_CS_01 | MonkeyDLuffy |                   95.5 |
-   | 2018_CS_03 | PatrickStar  |                   99.0 |
-   +------------+--------------+------------------------+
-   ```
+```sql
++------------+--------------+------------------------+
+| class      | stuname      | max( `b`.`courscore` ) |
++------------+--------------+------------------------+
+| 2018_CS_01 | MonkeyDLuffy |                   95.5 |
+| 2018_CS_03 | PatrickStar  |                   99.0 |
++------------+--------------+------------------------+
+```
 
 The second returned value:
 
-   ```sql
-   +------------+--------------+------------------+
-   | class      | stuname      | max(b.courscore) |
-   +------------+--------------+------------------+
-   | 2018_CS_01 | MonkeyDLuffy |             95.5 |
-   | 2018_CS_03 | SpongeBob    |             99.0 |
-   +------------+--------------+------------------+
-   ```
+```sql
++------------+--------------+------------------+
+| class      | stuname      | max(b.courscore) |
++------------+--------------+------------------+
+| 2018_CS_01 | MonkeyDLuffy |             95.5 |
+| 2018_CS_03 | SpongeBob    |             99.0 |
++------------+--------------+------------------+
+```
 
 There are two results because you did **_NOT_** specify how to get the value of the `a`.`stuname` field in SQL, and two results are both satisfied by SQL semantics. It results in an unstable result set. Therefore, if you want to guarantee the stability of the result set of the `GROUP BY` statement, use the `FULL GROUP BY` syntax.
 
@@ -177,59 +177,59 @@ To let `GROUP_CONCAT()` get the result set output in order, you need to add the
 
 1. Excluded `ORDER BY`
 
-   First query:
+    First query:
 
-   {{< copyable "sql" >}}
+    {{< copyable "sql" >}}
 
-   ```sql
-   mysql>  select GROUP_CONCAT( customer_id SEPARATOR ',' ) FROM customer where customer_id like '200002%';
-   +-------------------------------------------------------------------------+
-   | GROUP_CONCAT(customer_id  SEPARATOR ',')                                |
-   +-------------------------------------------------------------------------+
-   | 20000200992,20000200993,20000200994,20000200995,20000200996,20000200... |
-   +-------------------------------------------------------------------------+
-   ```
+    ```sql
+    mysql>  select GROUP_CONCAT( customer_id SEPARATOR ',' ) FROM customer where customer_id like '200002%';
+    +-------------------------------------------------------------------------+
+    | GROUP_CONCAT(customer_id  SEPARATOR ',')                                |
+    +-------------------------------------------------------------------------+
+    | 20000200992,20000200993,20000200994,20000200995,20000200996,20000200... |
+    +-------------------------------------------------------------------------+
+    ```
 
-   Second query:
+    Second query:
 
-   {{< copyable "sql" >}}
+    {{< copyable "sql" >}}
 
-   ```sql
-   mysql>  select GROUP_CONCAT( customer_id SEPARATOR ',' ) FROM customer where customer_id like '200002%';
-   +-------------------------------------------------------------------------+
-   | GROUP_CONCAT(customer_id  SEPARATOR ',')                                |
-   +-------------------------------------------------------------------------+
-   | 20000203040,20000203041,20000203042,20000203043,20000203044,20000203... |
-   +-------------------------------------------------------------------------+
-   ```
+    ```sql
+    mysql>  select GROUP_CONCAT( customer_id SEPARATOR ',' ) FROM customer where customer_id like '200002%';
+    +-------------------------------------------------------------------------+
+    | GROUP_CONCAT(customer_id  SEPARATOR ',')                                |
+    +-------------------------------------------------------------------------+
+    | 20000203040,20000203041,20000203042,20000203043,20000203044,20000203... |
+    +-------------------------------------------------------------------------+
+    ```
 
 2. Include `ORDER BY`
 
-   First query:
+    First query:
 
-   {{< copyable "sql" >}}
+    {{< copyable "sql" >}}
 
-   ```sql
-   mysql>  select GROUP_CONCAT( customer_id order by customer_id SEPARATOR ',' ) FROM customer where customer_id like '200002%';
-   +-------------------------------------------------------------------------+
-   | GROUP_CONCAT(customer_id  SEPARATOR ',')                                |
-   +-------------------------------------------------------------------------+
-   | 20000200000,20000200001,20000200002,20000200003,20000200004,20000200... |
-   +-------------------------------------------------------------------------+
-   ```
+    ```sql
+    mysql>  select GROUP_CONCAT( customer_id order by customer_id SEPARATOR ',' ) FROM customer where customer_id like '200002%';
+    +-------------------------------------------------------------------------+
+    | GROUP_CONCAT(customer_id  SEPARATOR ',')                                |
+    +-------------------------------------------------------------------------+
+    | 20000200000,20000200001,20000200002,20000200003,20000200004,20000200... |
+    +-------------------------------------------------------------------------+
+    ```
 
-   Second query:
+    Second query:
 
-   {{< copyable "sql" >}}
+    {{< copyable "sql" >}}
 
-   ```sql
-   mysql>  select GROUP_CONCAT( customer_id order by customer_id SEPARATOR ',' ) FROM customer where customer_id like '200002%';
-   +-------------------------------------------------------------------------+
-   | GROUP_CONCAT(customer_id  SEPARATOR ',')                                |
-   +-------------------------------------------------------------------------+
-   | 20000200000,20000200001,20000200002,20000200003,20000200004,20000200... |
-   +-------------------------------------------------------------------------+
-   ```
+    ```sql
+    mysql>  select GROUP_CONCAT( customer_id order by customer_id SEPARATOR ',' ) FROM customer where customer_id like '200002%';
+    +-------------------------------------------------------------------------+
+    | GROUP_CONCAT(customer_id  SEPARATOR ',')                                |
+    +-------------------------------------------------------------------------+
+    | 20000200000,20000200001,20000200002,20000200003,20000200004,20000200... |
+    +-------------------------------------------------------------------------+
+    ```
 
 ## Unstable results in `SELECT * FROM T LIMIT N`
 

diff --git a/dm/feature-online-ddl.md b/dm/feature-online-ddl.md
@@ -182,9 +182,9 @@ The SQL statements mostly used by pt-osc and the corresponding operation of DM a
     * DM splits the above `rename` operation into two SQL statements:
 
         ```sql
-         rename test.test4 to test._test4_old;
-         rename test._test4_new to test.test4;
-         ```
+        rename test.test4 to test._test4_old;
+        rename test._test4_new to test.test4;
+        ```
 
     * DM does not execute `rename to _test4_old`. When executing `rename ghost_table to origin table`, DM takes the following steps:
 

diff --git a/enable-tls-between-components.md b/enable-tls-between-components.md
@@ -86,7 +86,7 @@ Currently, it is not supported to only enable encrypted transmission of some spe
 
         Configure in the `tiflash.toml` file, and change the `http_port` item to `https_port`:
 
-         ```toml
+        ```toml
         [security]
         ## The path for certificates. An empty string means that secure connections are disabled.
         # Path of the file that contains a list of trusted SSL CAs. If it is set, the following settings `cert_path` and `key_path` are also needed.