Merge branch 'main' into education-add-blackboard-lms

Author: scollovati

.devcontainer/devcontainer.json

@@ -19,7 +19,8 @@
       // Set *default* container specific settings.json values on container create.
       "settings": {
         "terminal.integrated.shell.linux": "/bin/bash",
-        "cSpell.language": ",en"
+        "cSpell.language": ",en",
+        "git.autofetch": true
       },
       // Visual Studio Code extensions which help authoring for docs.github.com.
       "extensions": [

.env.example

@@ -20,4 +20,9 @@ BUILD_RECORDS_MAX_CONCURRENT=100
 BUILD_RECORDS_MIN_TIME=
 
 # Set to true to enable the /fastly-cache-test route for debugging Fastly headers
-ENABLE_FASTLY_TESTING=
+ENABLE_FASTLY_TESTING=
+
+# Needed to auth for AI search
+CSE_COPILOT_SECRET=
+CSE_COPILOT_ENDPOINT=https://cse-copilot-staging.service.iad.github.net
+

.github/PULL_REQUEST_TEMPLATE.md

@@ -4,6 +4,7 @@ Thank you for contributing to this project! You must fill out the information be
 
 ### Why:
 
+<!-- Paste the issue link or number here -->
 Closes: 
 
 <!-- If there's an existing issue for your change, please link to it above.
@@ -16,7 +17,6 @@ If you made changes to the `content` directory, a table will populate in a comme
 
 ### Check off the following:
 
-- [ ] I have reviewed my changes in staging, available via the **View deployment** link in this PR's timeline (this link will be available after opening the PR).
-
-  - For content changes, you will also see an automatically generated comment with links directly to pages you've modified. The comment won't appear if your PR only edits files in the `data` directory.
-- [ ] For content changes, I have completed the [self-review checklist](https://docs.github.com/en/contributing/collaborating-on-github-docs/self-review-checklist).
+- [ ] A subject matter expert (SME) has reviewed the technical accuracy of the content in this PR. In most cases, the author can be the SME. Open source contributions may require an SME review from GitHub staff.
+- [ ] The changes in this PR meet [the docs fundamentals that are required for all content](http://docs.github.com/en/contributing/writing-for-github-docs/about-githubs-documentation-fundamentals).
+- [ ] All CI checks are passing and the changes look good in the preview environment.

.github/actions/cache-nextjs/action.yml

@@ -8,7 +8,7 @@ runs:
   using: 'composite'
   steps:
     - name: Cache .next/cache
-      uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0
+      uses: actions/cache@v4
       with:
         path: ${{ github.workspace }}/.next/cache
         # Generate a new cache whenever packages or source files change.

.github/actions/get-docs-early-access/action.yml

@@ -16,7 +16,7 @@ runs:
         BRANCH_NAME: ${{ github.head_ref || github.ref_name }}
         GITHUB_TOKEN: ${{ inputs.token }}
       shell: bash
-      run: node src/early-access/scripts/what-docs-early-access-branch.js
+      run: npm run what-docs-early-access-branch
 
     - name: Clone
       uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1

.github/actions/labeler/action.yml

@@ -23,7 +23,7 @@ runs:
   using: 'composite'
   steps:
     - name: Add label to an issue or pr
-      run: node .github/actions/labeler/labeler.js
+      run: npm run labeler
       shell: bash
       env:
         GITHUB_TOKEN: ${{ inputs.token }}

.github/actions/labeler/labeler.js renamed to .github/actions/labeler/labeler.ts

@@ -1,10 +1,22 @@
 /* See function main in this file for documentation */
 
 import coreLib from '@actions/core'
-
-import github from '#src/workflows/github.js'
-import { getActionContext } from '#src/workflows/action-context.js'
-import { boolEnvVar } from '#src/workflows/get-env-inputs.js'
+import { type Octokit } from '@octokit/rest'
+import { CoreInject } from '@/links/scripts/action-injections'
+
+import github from '#src/workflows/github.ts'
+import { getActionContext } from '#src/workflows/action-context.ts'
+import { boolEnvVar } from '#src/workflows/get-env-inputs.ts'
+
+type Options = {
+  addLabels?: string[]
+  removeLabels?: string[]
+  ignoreIfAssigned?: boolean
+  ignoreIfLabeled?: boolean
+  issue_number?: number
+  owner?: string
+  repo?: string
+}
 
 // When this file is invoked directly from action as opposed to being imported
 if (import.meta.url.endsWith(process.argv[1])) {
@@ -16,28 +28,19 @@ if (import.meta.url.endsWith(process.argv[1])) {
 
   const octokit = github()
 
-  const opts = {
-    addLabels: ADD_LABELS,
-    removeLabels: REMOVE_LABELS,
+  const opts: Options = {
     ignoreIfAssigned: boolEnvVar('IGNORE_IF_ASSIGNED'),
     ignoreIfLabeled: boolEnvVar('IGNORE_IF_LABELED'),
   }
 
   // labels come in comma separated from actions
-  let addLabels
-
-  if (opts.addLabels) {
-    addLabels = [...opts.addLabels.split(',')]
-    opts.addLabels = addLabels.map((l) => l.trim())
+  if (typeof ADD_LABELS === 'string') {
+    opts.addLabels = [...ADD_LABELS.split(',')].map((l) => l.trim())
   } else {
     opts.addLabels = []
   }
-
-  let removeLabels
-
-  if (opts.removeLabels) {
-    removeLabels = [...opts.removeLabels.split(',')]
-    opts.removeLabels = removeLabels.map((l) => l.trim())
+  if (typeof REMOVE_LABELS === 'string') {
+    opts.removeLabels = [...REMOVE_LABELS.split(',')].map((l) => l.trim())
   } else {
     opts.removeLabels = []
   }
@@ -54,7 +57,7 @@ if (import.meta.url.endsWith(process.argv[1])) {
   opts.owner = owner
   opts.repo = repo
 
-  main(coreLib, octokit, opts, {})
+  main(coreLib, octokit, opts)
 }
 
 /*
@@ -69,22 +72,31 @@ if (import.meta.url.endsWith(process.argv[1])) {
  *  ignoreIfAssigned {boolean} don't apply labels if there are assignees
  *  ignoreIfLabeled {boolean} don't apply labels if there are already labels added
  */
-export default async function main(core, octokit, opts = {}) {
+export default async function main(
+  core: typeof coreLib | CoreInject,
+  octokit: Octokit,
+  opts: Options = {},
+) {
   if (opts.addLabels?.length === 0 && opts.removeLabels?.length === 0) {
     core.info('No labels to add or remove specified, nothing to do.')
     return
   }
 
+  if (!opts.issue_number || !opts.owner || !opts.repo) {
+    throw new Error(`Missing required parameters ${JSON.stringify(opts)}`)
+  }
+  const issueOpts = {
+    issue_number: opts.issue_number,
+    owner: opts.owner,
+    repo: opts.repo,
+  }
+
   if (opts.ignoreIfAssigned || opts.ignoreIfLabeled) {
     try {
-      const { data } = await octokit.issues.get({
-        issue_number: opts.issue_number,
-        owner: opts.owner,
-        repo: opts.repo,
-      })
+      const { data } = await octokit.issues.get(issueOpts)
 
       if (opts.ignoreIfAssigned) {
-        if (data.assignees.length > 0) {
+        if (data.assignees?.length) {
           core.info(
             `ignore-if-assigned is true: not applying labels since there's ${data.assignees.length} assignees`,
           )
@@ -105,31 +117,24 @@ export default async function main(core, octokit, opts = {}) {
     }
   }
 
-  if (opts.removeLabels?.length > 0) {
+  if (opts.removeLabels?.length) {
     // removing a label fails if the label isn't already applied
     let appliedLabels = []
 
     try {
-      const { data } = await octokit.issues.get({
-        issue_number: opts.issue_number,
-        owner: opts.owner,
-        repo: opts.repo,
-      })
-
-      appliedLabels = data.labels.map((l) => l.name)
+      const { data } = await octokit.issues.get(issueOpts)
+      appliedLabels = data.labels.map((l) => (typeof l === 'string' ? l : l.name))
     } catch (err) {
       throw new Error(`Error getting issue: ${err}`)
     }
 
-    opts.removeLabels = opts.removeLabels.filter((l) => appliedLabels.includes(l))
+    opts.removeLabels = opts.removeLabels?.filter((l) => appliedLabels.includes(l))
 
     await Promise.all(
       opts.removeLabels.map(async (label) => {
         try {
           await octokit.issues.removeLabel({
-            issue_number: opts.issue_number,
-            owner: opts.owner,
-            repo: opts.repo,
+            ...issueOpts,
             name: label,
           })
         } catch (err) {
@@ -138,17 +143,15 @@ export default async function main(core, octokit, opts = {}) {
       }),
     )
 
-    if (opts.removeLabels.length > 0) {
+    if (opts.removeLabels?.length) {
       core.info(`Removed labels: ${opts.removeLabels.join(', ')}`)
     }
   }
 
-  if (opts.addLabels?.length > 0) {
+  if (opts.addLabels?.length) {
     try {
       await octokit.issues.addLabels({
-        issue_number: opts.issue_number,
-        owner: opts.owner,
-        repo: opts.repo,
+        ...issueOpts,
         labels: opts.addLabels,
       })
 

.github/actions/node-npm-setup/action.yml

@@ -6,7 +6,7 @@ runs:
   using: 'composite'
   steps:
     - name: Cache node_modules
-      uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0
+      uses: actions/cache@v4
       id: cache-node_modules
       env:
         # Default is 10 min, per segment, but we can make it much smaller

.github/actions/precompute-pageinfo/action.yml

@@ -17,16 +17,14 @@ runs:
     # Optionally, you can have it just do A (and not B and C).
 
     - name: Cache .pageinfo-cache.json.br (restore)
-      # You can't use a SHA on these. Only possible with `actions/cache@SHA...`
-      uses: actions/cache/restore@v3
+      uses: actions/cache/restore@v4
       with:
         path: .pageinfo-cache.json.br
         key: pageinfo-cache-
         restore-keys: pageinfo-cache-
 
-    # When we use this composite action from the workflows like
-    # Azure Preview Deploy and Azure Production Deploy, we don't have
-    # any Node installed or any of its packages. I.e. we never
+    # When we use this composite action from deployment workflows
+    # we don't have any Node installed or any of its packages. I.e. we never
     # run `npm ci` in those actions. For security sake.
     # So we can't do things that require Node code.
     # Tests and others will omit the `restore-only` input, but
@@ -40,7 +38,7 @@ runs:
 
     - name: Cache .remotejson-cache (save)
       if: ${{ inputs.restore-only == '' }}
-      uses: actions/cache/save@v3
+      uses: actions/cache/save@v4
       with:
         path: .pageinfo-cache.json.br
         key: pageinfo-cache-${{ github.sha }}

.github/actions/setup-elasticsearch/action.yml

@@ -19,7 +19,7 @@ runs:
     # Cache the elasticsearch image to prevent Docker Hub rate limiting
     - name: Cache Docker layers
       id: cache-docker-layers
-      uses: actions/cache@v2
+      uses: actions/cache@v4
       with:
         path: /tmp/docker-cache
         key: ${{ runner.os }}-elasticsearch-${{ inputs.elasticsearch_version }}

.github/actions/warmup-remotejson-cache/action.yml

@@ -14,16 +14,14 @@ runs:
     # You "wrap" the step that appends to disk and it will possibly retrieve
     # some from the cache, then save it when it's got more in it.
     - name: Cache .remotejson-cache (restore)
-      # You can't use a SHA on these. Only possible with `actions/cache@SHA...`
-      uses: actions/cache/restore@v3
+      uses: actions/cache/restore@v4
       with:
         path: .remotejson-cache
         key: remotejson-cache-
         restore-keys: remotejson-cache-
 
-    # When we use this composite action from the workflows like
-    # Azure Preview Deploy and Azure Production Deploy, we don't have
-    # any Node installed or any of its packages. I.e. we never
+    # When we use this composite action from deployment workflows
+    # we don't have any Node installed or any of its packages. I.e. we never
     # run `npm ci` in those actions. For security sake.
     # So we can't do things that require Node code.
     # Tests and others will omit the `restore-only` input, but
@@ -33,11 +31,11 @@ runs:
     - name: Run script
       if: ${{ inputs.restore-only == '' }}
       shell: bash
-      run: node src/archives/scripts/warmup-remotejson.js
+      run: npm run warmup-remotejson
 
     - name: Cache .remotejson-cache (save)
       if: ${{ inputs.restore-only == '' }}
-      uses: actions/cache/save@v3
+      uses: actions/cache/save@v4
       with:
         path: .remotejson-cache
         key: remotejson-cache-${{ github.sha }}

.github/branch_protection_settings/main.json

@@ -4,7 +4,6 @@
     "url": "https://api.github.com/repos/github/docs-internal/branches/main/protection/required_status_checks",
     "strict": true,
     "contexts": [
-      "Build and deploy Azure preview environment",
       "automated-pipelines",
       "github-apps",
       "graphql",
@@ -41,14 +40,13 @@
       "workflows",
       "lint-code",
       "secret-scanning",
-      "pagelist"
+      "pagelist",
+      "docs-internal-docker-image / docs-internal-docker-image",
+      "docs-internal-docker-security / docs-internal-docker-security",
+      "docs-internal-moda-config-bundle / docs-internal-moda-config-bundle"
     ],
     "contexts_url": "https://api.github.com/repos/github/docs-internal/branches/main/protection/required_status_checks/contexts",
     "checks": [
-      {
-        "context": "Build and deploy Azure preview environment",
-        "app_id": 15368
-      },
       { "context": "automated-pipelines", "app_id": 15368 },
       { "context": "github-apps", "app_id": 15368 },
       { "context": "graphql", "app_id": 15368 },
@@ -85,7 +83,19 @@
       { "context": "workflows", "app_id": 15368 },
       { "context": "lint-code", "app_id": 15368 },
       { "context": "secret-scanning", "app_id": 15368 },
-      { "context": "pagelist", "app_id": 15368 }
+      { "context": "pagelist", "app_id": 15368 },
+      {
+        "context": "docs-internal-docker-image / docs-internal-docker-image",
+        "app_id": 15368
+      },
+      {
+        "context": "docs-internal-docker-security / docs-internal-docker-security",
+        "app_id": 15368
+      },
+      {
+        "context": "docs-internal-moda-config-bundle / docs-internal-moda-config-bundle",
+        "app_id": 15368
+      }
     ]
   },
   "restrictions": {

.github/dependabot.yml

@@ -1,4 +1,10 @@
 version: 2
+registries:
+  ghcr: # Define access for a private registry
+    type: docker-registry
+    url: ghcr.io
+    username: PAT
+    password: ${{secrets.CONTAINER_BUILDER_TOKEN}}
 updates:
   - package-ecosystem: npm
     directory: '/'
@@ -23,11 +29,18 @@ updates:
       - dependency-name: '*'
         update-types:
           ['version-update:semver-patch', 'version-update:semver-minor']
+      - dependency-name: 'github/internal-actions'
 
   - package-ecosystem: 'docker'
+    registries:
+      - ghcr
     directory: '/'
     schedule:
       interval: weekly
       day: thursday
+    groups:
+      baseImages:
+        patterns:
+          - '*'
     ignore:
       - dependency-name: 'node'