Merge branch 'main' into code-scanning-debug-logs

.github/workflows/close-external-repo-sync-prs.yml

@@ -11,7 +11,7 @@ on:
 jobs:
   invalid-repo-sync-check:
     name: Close external Repo Sync PRs
-    if: ${{ github.repository == 'github/docs' && github.ref == 'refs/heads/repo-sync' }}
+    if: ${{ github.repository == 'github/docs' && github.head_ref == 'repo-sync' }}
     runs-on: ubuntu-latest
     steps:
       - uses: actions/github-script@626af12fe9a53dc2972b48385e7fe7dec79145c9

data/graphql/ghae/schema.docs-ghae.graphql

@@ -2132,6 +2132,16 @@ type CheckRun implements Node & UniformResourceLocatable {
   externalId: String
   id: ID!
 
+  """
+  Whether this check run is required to pass before merging.
+  """
+  isRequired(
+    """
+    The pull request this check is required for
+    """
+    pullRequestId: ID!
+  ): Boolean!
+
   """
   The name of the check for this check run.
   """
@@ -31869,6 +31879,16 @@ type StatusContext implements Node {
   description: String
   id: ID!
 
+  """
+  Whether this status is required to pass before merging.
+  """
+  isRequired(
+    """
+    The pull request this status is required for
+    """
+    pullRequestId: ID!
+  ): Boolean!
+
   """
   The state of this status context.
   """

data/graphql/schema.docs.graphql

@@ -2222,6 +2222,16 @@ type CheckRun implements Node & UniformResourceLocatable {
   externalId: String
   id: ID!
 
+  """
+  Whether this check run is required to pass before merging.
+  """
+  isRequired(
+    """
+    The pull request this check is required for
+    """
+    pullRequestId: ID!
+  ): Boolean!
+
   """
   The name of the check for this check run.
   """
@@ -34802,6 +34812,16 @@ type StatusContext implements Node {
   description: String
   id: ID!
 
+  """
+  Whether this status is required to pass before merging.
+  """
+  isRequired(
+    """
+    The pull request this status is required for
+    """
+    pullRequestId: ID!
+  ): Boolean!
+
   """
   The state of this status context.
   """

data/release-notes/2-21/0.yml

@@ -69,3 +69,4 @@ sections:
     - 'When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results. {% comment %} https://github.com/github/admin-experience/issues/571 {% endcomment %}'
     - 'Security alerts are not reported when pushing to a repository on the command line. (updated 2020-06-23) {% comment %} https://github.com/github/github/issues/143190 {% endcomment %}'
     - 'Audit logs may be attributed to 127.0.0.1 instead of the actual source IP address. (updated 2020-11-02) {% comment %} https://github.com/github/enterprise2/issues/21514 {% endcomment %}'
+    - "Configuring a repository's permission to `Triage` or `Maintain` fails with an error message."

data/release-notes/2-21/1.yml

@@ -17,3 +17,4 @@ sections:
     - 'When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results. {% comment %} https://github.com/github/admin-experience/issues/571 {% endcomment %}'
     - 'Security alerts are not reported when pushing to a repository on the command line. {% comment %} https://github.com/github/github/issues/143190 {% endcomment %}'
     - 'Audit logs may be attributed to 127.0.0.1 instead of the actual source IP address. (updated 2020-11-02) {% comment %} https://github.com/github/enterprise2/issues/21514 {% endcomment %}'
+    - "Configuring a repository's permission to `Triage` or `Maintain` fails with an error message."

data/release-notes/2-21/2.yml

@@ -17,3 +17,4 @@ sections:
     - 'When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results. {% comment %} https://github.com/github/admin-experience/issues/571 {% endcomment %}'
     - 'Security alerts are not reported when pushing to a repository on the command line. {% comment %} https://github.com/github/github/issues/143190 {% endcomment %}'
     - 'Audit logs may be attributed to 127.0.0.1 instead of the actual source IP address. (updated 2020-11-02) {% comment %} https://github.com/github/enterprise2/issues/21514 {% endcomment %}'
+    - "Configuring a repository's permission to `Triage` or `Maintain` fails with an error message."

data/release-notes/2-21/3.yml

@@ -14,3 +14,4 @@ sections:
     - 'When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results. {% comment %} https://github.com/github/admin-experience/issues/571 {% endcomment %}'
     - 'Security alerts are not reported when pushing to a repository on the command line. {% comment %} https://github.com/github/github/issues/143190 {% endcomment %}'
     - 'Audit logs may be attributed to 127.0.0.1 instead of the actual source IP address. (updated 2020-11-02) {% comment %} https://github.com/github/enterprise2/issues/21514 {% endcomment %}'
+    - "Configuring a repository's permission to `Triage` or `Maintain` fails with an error message."

data/release-notes/2-21/4.yml

@@ -24,3 +24,4 @@ sections:
     - 'When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results. {% comment %} https://github.com/github/admin-experience/issues/571 {% endcomment %}'
     - 'Security alerts are not reported when pushing to a repository on the command line. {% comment %} https://github.com/github/github/issues/143190 {% endcomment %}'
     - 'Audit logs may be attributed to 127.0.0.1 instead of the actual source IP address. (updated 2020-11-02) {% comment %} https://github.com/github/enterprise2/issues/21514 {% endcomment %}'
+    - "Configuring a repository's permission to `Triage` or `Maintain` fails with an error message."

data/release-notes/2-21/5.yml

@@ -12,3 +12,4 @@ sections:
     - 'When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results. {% comment %} https://github.com/github/admin-experience/issues/571 {% endcomment %}'
     - 'Security alerts are not reported when pushing to a repository on the command line. {% comment %} https://github.com/github/github/issues/143190 {% endcomment %}'
     - 'Audit logs may be attributed to 127.0.0.1 instead of the actual source IP address. (updated 2020-11-02) {% comment %} https://github.com/github/enterprise2/issues/21514 {% endcomment %}'
+    - "Configuring a repository's permission to `Triage` or `Maintain` fails with an error message."

data/release-notes/2-21/6.yml

@@ -24,3 +24,4 @@ sections:
     - 'When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results. {% comment %} https://github.com/github/admin-experience/issues/571 {% endcomment %}'
     - 'Security alerts are not reported when pushing to a repository on the command line. {% comment %} https://github.com/github/github/issues/143190 {% endcomment %}'
     - 'Audit logs may be attributed to 127.0.0.1 instead of the actual source IP address. (updated 2020-11-02) {% comment %} https://github.com/github/enterprise2/issues/21514 {% endcomment %}'
+    - "Configuring a repository's permission to `Triage` or `Maintain` fails with an error message."

data/release-notes/2-21/7.yml

@@ -3,6 +3,7 @@ sections:
   bugs:
     - 'A service health check caused session growth resulting in filesystem inode exhaustion. {% comment %} https://github.com/github/enterprise2/pull/22481, https://github.com/github/enterprise2/pull/22475 {% endcomment %}'
     - "Upgrading using a hotpatch could fail with an error: `'libdbi1' was not found` {% comment %} https://github.com/github/enterprise2/pull/22556, https://github.com/github/enterprise2/pull/22552 {% endcomment %}"
+    - "Configuring a repository's permission to `Triage` or `Maintain` no longer fails."
   known_issues:
     - 'On a freshly set up GitHub Enterprise Server without any users, an attacker could create the first admin user. {% comment %} https://github.com/github/enterprise2/issues/1889 {% endcomment %}'
     - 'Custom firewall rules are not maintained during an upgrade. {% comment %} https://github.com/github/enterprise2/issues/2823 {% endcomment %}'

data/release-notes/3-0/0.yml

@@ -113,6 +113,7 @@ sections:
         - The format of several log files have changed, including the addition of a PID for different log types. This does not affect how GitHub Enterprise Support uses support bundles to troubleshoot issues.
         - A PATCH request to the webhook configuration API no longer erases the webhook secret.
         - Certain types of pre-receive hooks were failing.
+        - 'The Packages NuGet service now normalizes semantic versions on publish. An invalid semantic version (for example: v1.0.0.0.0.0) is not downloadable by NuGet clients and therefore a NuGet service is expected to normalize those versions (for example: v1.0.0.0.0.0 --> v1.0.0). Any original, non-normalized, version will be available in the `verbatimVersion` field. No changes to client configurations are required.'
 
   known_issues:
     - On a freshly set up {% data variables.product.prodname_ghe_server %} without any users, an attacker could create the first admin user.

data/reusables/notifications/vulnerable-dependency-notification-options.md

@@ -1,14 +1,26 @@
-{% if currentVersion == "free-pro-team@latest" %}
-By default, you will receive notification of new {% data variables.product.prodname_dependabot_alerts %}:
-- by email, an email is sent every time a vulnerability with a critical or high severity is found (**Email each time a vulnerability is found** option)
-- in the user interface, a warning is shown in your repository's file and code views if there are any vulnerable dependencies (**UI alerts** option)
-- on the command line, warnings are displayed as callbacks when you push to repositories with any vulnerable dependencies (**Command Line** option)
-- in your inbox, as web notifications for new vulnerabilities with a critical or high severity (**Web** option)
+{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@3.1" %}
+{% if currentVersion == "free-pro-team@latest"%}By default, you will receive notifications:{% endif %}{% if enterpriseServerVersions contains currentVersion and currentVersion gt "enterprise-server@3.1" %}By default, if your site administrator has configured email for notifications on your instance, you will receive {% data variables.product.prodname_dependabot_alerts %}:{% endif %}
+
+- by email, an email is sent when {% data variables.product.prodname_dependabot %} is enabled for a repository, when a new manifest file is committed to the repository, and when a new vulnerability with a critical or high severity is found (**Email each time a vulnerability is found** option).
+- in the user interface, a warning is shown in your repository's file and code views if there are any vulnerable dependencies (**UI alerts** option).
+- on the command line, warnings are displayed as callbacks when you push to repositories with any vulnerable dependencies (**Command Line** option).
+- in your inbox, as web notifications. A web notification is sent when {% data variables.product.prodname_dependabot %} is enabled for a repository, when a new manifest file is committed to the repository, and when a new vulnerability with a critical or high severity is found (**Web** option).
+- on {% data variables.product.prodname_mobile %}, as web notifications. For more information, see "[Enabling push notifications with GitHub for mobile](/github/managing-subscriptions-and-notifications-on-github/configuring-notifications#enabling-push-notifications-with-github-for-mobile)."
+
+{% note %}
+
+**Note:** The email and web/{% data variables.product.prodname_mobile %} notifications are:
+
+- _per repository_ when {% data variables.product.prodname_dependabot %} is enabled on the repository, or when a new manifest file is committed to the repository.
+
+- _per organization_ when a new vulnerability is discovered.
+
+{% endnote %}
 
 You can customize the way you are notified about {% data variables.product.prodname_dependabot_alerts %}. For example, you can receive a weekly digest email summarizing alerts for up to 10 of your repositories using the **Email a digest summary of vulnerabilities** and **Weekly security email digest** options.
 {% endif %}
 
-{% if enterpriseServerVersions contains currentVersion and currentVersion ver_gt "enterprise-server@2.21" %}
+{% if currentVersion == "enterprise-server@2.22" or currentVersion == "enterprise-server@3.0" or currentVersion == "enterprise-server@3.1" %}
 By default, if your site administrator has configured email for notifications on your instance, you will receive {% data variables.product.prodname_dependabot_alerts %}:
 - by email, an email is sent every time a vulnerability {% if currentVersion ver_gt "enterprise-server@2.23" %}with a critical or high severity {% endif %}is found (**Email each time a vulnerability is found** option)
 - in the user interface, a warning is shown in your repository's file and code views if there are any vulnerable dependencies (**UI alerts** option)

lib/graphql/static/changelog.json

@@ -1,4 +1,18 @@
 [
+  {
+    "schemaChanges": [
+      {
+        "title": "The GraphQL schema includes these changes:",
+        "changes": [
+          "Field `isRequired` was added to object type `CheckRun`",
+          "Field `isRequired` was added to object type `StatusContext`"
+        ]
+      }
+    ],
+    "previewChanges": [],
+    "upcomingChanges": [],
+    "date": "2021-03-18"
+  },
   {
     "schemaChanges": [
       {

lib/graphql/static/schema-dotcom.json

@@ -8340,6 +8340,26 @@
           "kind": "scalars",
           "href": "/graphql/reference/scalars#string"
         },
+        {
+          "name": "isRequired",
+          "description": "<p>Whether this check run is required to pass before merging.</p>",
+          "type": "Boolean!",
+          "id": "boolean",
+          "kind": "scalars",
+          "href": "/graphql/reference/scalars#boolean",
+          "arguments": [
+            {
+              "name": "pullRequestId",
+              "description": "<p>The pull request this check is required for.</p>",
+              "type": {
+                "name": "ID!",
+                "id": "id",
+                "kind": "scalars",
+                "href": "/graphql/reference/scalars#id"
+              }
+            }
+          ]
+        },
         {
           "name": "name",
           "description": "<p>The name of the check for this check run.</p>",
@@ -48997,6 +49017,26 @@
           "kind": "scalars",
           "href": "/graphql/reference/scalars#string"
         },
+        {
+          "name": "isRequired",
+          "description": "<p>Whether this status is required to pass before merging.</p>",
+          "type": "Boolean!",
+          "id": "boolean",
+          "kind": "scalars",
+          "href": "/graphql/reference/scalars#boolean",
+          "arguments": [
+            {
+              "name": "pullRequestId",
+              "description": "<p>The pull request this status is required for.</p>",
+              "type": {
+                "name": "ID!",
+                "id": "id",
+                "kind": "scalars",
+                "href": "/graphql/reference/scalars#id"
+              }
+            }
+          ]
+        },
         {
           "name": "state",
           "description": "<p>The state of this status context.</p>",

lib/graphql/static/schema-ghae.json

@@ -7527,6 +7527,26 @@
           "kind": "scalars",
           "href": "/graphql/reference/scalars#string"
         },
+        {
+          "name": "isRequired",
+          "description": "<p>Whether this check run is required to pass before merging.</p>",
+          "type": "Boolean!",
+          "id": "boolean",
+          "kind": "scalars",
+          "href": "/graphql/reference/scalars#boolean",
+          "arguments": [
+            {
+              "name": "pullRequestId",
+              "description": "<p>The pull request this check is required for.</p>",
+              "type": {
+                "name": "ID!",
+                "id": "id",
+                "kind": "scalars",
+                "href": "/graphql/reference/scalars#id"
+              }
+            }
+          ]
+        },
         {
           "name": "name",
           "description": "<p>The name of the check for this check run.</p>",
@@ -45359,6 +45379,26 @@
           "kind": "scalars",
           "href": "/graphql/reference/scalars#string"
         },
+        {
+          "name": "isRequired",
+          "description": "<p>Whether this status is required to pass before merging.</p>",
+          "type": "Boolean!",
+          "id": "boolean",
+          "kind": "scalars",
+          "href": "/graphql/reference/scalars#boolean",
+          "arguments": [
+            {
+              "name": "pullRequestId",
+              "description": "<p>The pull request this status is required for.</p>",
+              "type": {
+                "name": "ID!",
+                "id": "id",
+                "kind": "scalars",
+                "href": "/graphql/reference/scalars#id"
+              }
+            }
+          ]
+        },
         {
           "name": "state",
           "description": "<p>The state of this status context.</p>",