Merge pull request #34152 from github/repo-sync

Repo sync

content/actions/deployment/index.md

@@ -9,6 +9,7 @@ versions:
 children:
   - /about-deployments
   - /deploying-to-your-cloud-provider
+  - /security-hardening-your-deployments
   - /deploying-xcode-applications
 ---
 

content/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect.md

@@ -9,8 +9,6 @@ versions:
 type: tutorial
 topics:
   - Security
-redirect_from:
-  - /actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect
 ---
 
 {% data reusables.actions.enterprise-github-hosted-runners %}

content/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services.md

@@ -9,8 +9,6 @@ versions:
 type: tutorial
 topics:
   - Security
-redirect_from:
-  - /actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services
 ---
 
 {% data reusables.actions.enterprise-github-hosted-runners %}

content/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-azure.md

@@ -9,8 +9,6 @@ versions:
 type: tutorial
 topics:
   - Security
-redirect_from:
-  - /actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-azure
 ---
 
 {% data reusables.actions.enterprise-github-hosted-runners %}

content/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-cloud-providers.md

@@ -9,8 +9,6 @@ versions:
 type: tutorial
 topics:
   - Security
-redirect_from:
-  - /actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-cloud-providers
 ---
 
 {% data reusables.actions.enterprise-github-hosted-runners %}

content/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-google-cloud-platform.md

@@ -9,8 +9,6 @@ versions:
 type: tutorial
 topics:
   - Security
-redirect_from:
-  - /actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-google-cloud-platform
 ---
  
 {% data reusables.actions.enterprise-github-hosted-runners %}

content/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-hashicorp-vault.md

@@ -9,8 +9,6 @@ versions:
 type: tutorial
 topics:
   - Security
-redirect_from:
-  - /actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-hashicorp-vault
 ---
  
 {% data reusables.actions.enterprise-github-hosted-runners %}

content/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-jfrog.md

@@ -9,8 +9,6 @@ type: tutorial
 topics:
   - Security
   - Actions
-redirect_from:
-  - /actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-jfrog
 ---
 
 ## Overview

content/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-pypi.md

@@ -9,8 +9,6 @@ type: tutorial
 topics:
   - Security
   - Actions
-redirect_from:
-  - /actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-pypi
 ---
 
 ## Overview

content/actions/deployment/security-hardening-your-deployments/index.md

@@ -2,8 +2,6 @@
 title: Security hardening your deployments
 shortTitle: Security harden deployments
 intro: Use OpenID Connect within your workflows to authenticate with your cloud provider.
-redirect_from:
-  - /actions/deployment/security-hardening-your-deployments
 versions:
   fpt: '*'
   ghec: '*'
@@ -14,9 +12,8 @@ children:
   - /configuring-openid-connect-in-azure
   - /configuring-openid-connect-in-google-cloud-platform
   - /configuring-openid-connect-in-hashicorp-vault
-  - /configuring-openid-connect-in-jfrog
-  - /configuring-openid-connect-in-pypi
   - /configuring-openid-connect-in-cloud-providers
+  - /configuring-openid-connect-in-pypi
+  - /configuring-openid-connect-in-jfrog
   - /using-openid-connect-with-reusable-workflows
 ---
-

content/actions/deployment/security-hardening-your-deployments/using-openid-connect-with-reusable-workflows.md

@@ -4,7 +4,6 @@ shortTitle: OpenID Connect with reusable workflows
 intro: You can use reusable workflows with OIDC to standardize and security harden your deployment steps.
 redirect_from:
   - /actions/deployment/security-hardening-your-deployments/using-oidc-with-your-reusable-workflows
-  - /actions/deployment/security-hardening-your-deployments/using-openid-connect-with-reusable-workflows
 versions:
   fpt: '*'
   ghec: '*'

content/actions/guides.md

@@ -41,6 +41,7 @@ includeGuides:
   - /actions/using-containerized-services/creating-postgresql-service-containers
   - /actions/deployment/deploying-to-your-cloud-provider/deploying-to-amazon-elastic-container-service
   - /actions/deployment/deploying-to-your-cloud-provider/deploying-to-google-kubernetes-engine
+  - /actions/security-guides/security-hardening-for-github-actions
   - /actions/creating-actions/about-custom-actions
   - /actions/creating-actions/creating-a-javascript-action
   - /actions/creating-actions/creating-a-composite-action

content/actions/index.md

@@ -21,6 +21,11 @@ featuredLinks:
     - /actions/writing-workflows/workflow-syntax-for-github-actions
     - /actions/writing-workflows
     - /actions/examples
+    - /actions/writing-workflows/choosing-when-your-workflow-runs/events-that-trigger-workflows
+    - /actions/writing-workflows/choosing-what-your-workflow-does/contexts
+    - /actions/writing-workflows/choosing-what-your-workflow-does/expressions
+    - /actions/writing-workflows/choosing-what-your-workflow-does/variables
+    - /actions/security-guides/using-secrets-in-github-actions
 changelog:
   label: actions
 redirect_from:
@@ -51,7 +56,7 @@ children:
   - /monitoring-and-troubleshooting-workflows
   - /using-github-hosted-runners
   - /hosting-your-own-runners
-  - /security-for-github-actions
+  - /security-guides
   - /creating-actions
   - /administering-github-actions
   - /guides

content/actions/security-for-github-actions/index.md

@@ -1,15 +0,0 @@
----
-title: Security for GitHub Actions
-shortTitle: Security
-intro: 'Use security best practices with {% data variables.product.prodname_actions %}, and use {% data variables.product.prodname_actions %} to improve the security of your software supply chain.'
-redirect_from:
-  - /actions/security-guides
-versions:
-  fpt: '*'
-  ghes: '*'
-  ghec: '*'
-children:
-  - /security-guides
-  - /using-artifact-attestations
-  - /security-hardening-your-deployments
----

content/actions/security-for-github-actions/using-artifact-attestations/index.md

@@ -1,15 +0,0 @@
----
-title: Using artifact attestations
-shortTitle: Artifact attestations
-intro: Use artifact attestations to establish build provenance for the software you produce and to verify the software you consume.
-versions:
-  fpt: '*'
-  ghes: '*'
-  ghec: '*'
-children:
-  - /using-artifact-attestations-to-establish-provenance-for-builds
-  - /using-artifact-attestations-and-reusable-workflows-to-achieve-slsa-v1-build-level-3
-  - /enforcing-artifact-attestations-with-a-kubernetes-admission-controller
-  - /verifying-attestations-offline
----
-

content/actions/security-guides/automatic-token-authentication.md

@@ -6,7 +6,6 @@ redirect_from:
   - /actions/automating-your-workflow-with-github-actions/authenticating-with-the-github_token
   - /actions/configuring-and-managing-workflows/authenticating-with-the-github_token
   - /actions/reference/authentication-in-a-workflow
-  - /actions/security-guides/automatic-token-authentication
 versions:
   fpt: '*'
   ghes: '*'

content/actions/security-guides/enforcing-artifact-attestations-with-a-kubernetes-admission-controller.md

@@ -1,12 +1,10 @@
 ---
 title: Enforcing artifact attestations with a Kubernetes admission controller
-intro: Use an admission controller to enforce artifact attestations in your Kubernetes cluster.
+intro: 'Use an admission controller to enforce artifact attestations in your Kubernetes cluster.'
 versions:
   fpt: '*'
   ghec: '*'
 shortTitle: Artifact attestations Kubernetes admission controller
-redirect_from:
-  - /actions/security-guides/enforcing-artifact-attestations-with-a-kubernetes-admission-controller
 ---
 
 ## About Kubernetes admission controller

content/actions/security-guides/index.md

@@ -9,7 +9,11 @@ versions:
 children:
   - /security-hardening-for-github-actions
   - /using-secrets-in-github-actions
-  - /automatic-token-authentication
   - /using-githubs-security-features-to-secure-your-use-of-github-actions
+  - /automatic-token-authentication
+  - /using-artifact-attestations-to-establish-provenance-for-builds
+  - /enforcing-artifact-attestations-with-a-kubernetes-admission-controller
+  - /using-artifact-attestations-and-reusable-workflows-to-achieve-slsa-v1-build-level-3
+  - /verifying-attestations-offline
 ---
 

content/actions/security-guides/security-hardening-for-github-actions.md

@@ -5,7 +5,6 @@ intro: 'Good security practices for using {% data variables.product.prodname_act
 redirect_from:
   - /actions/getting-started-with-github-actions/security-hardening-for-github-actions
   - /actions/learn-github-actions/security-hardening-for-github-actions
-  - /actions/security-guides/security-hardening-for-github-actions
 versions:
   fpt: '*'
   ghes: '*'

content/actions/security-guides/using-artifact-attestations-and-reusable-workflows-to-achieve-slsa-v1-build-level-3.md

@@ -1,7 +1,9 @@
 ---
-title: Using artifact attestations and reusable workflows to achieve SLSA v1 Build Level 3
+title: >-
+  Using artifact attestations and reusable workflows to achieve SLSA v1 Build Level 3
 shortTitle: Attest with reusable workflows
-intro: Building software with reusable workflows and artifact attestations can streamline your supply chain security and help you achieve SLSA v1.0 Build Level 3.
+intro: >-
+  Building software with reusable workflows and artifact attestations can streamline your supply chain security and help you achieve SLSA v1.0 Build Level 3.
 type: quick_start
 topics:
   - Actions
@@ -10,8 +12,6 @@ topics:
 versions:
   fpt: '*'
   ghec: '*'
-redirect_from:
-  - /actions/security-guides/using-artifact-attestations-and-reusable-workflows-to-achieve-slsa-v1-build-level-3
 ---
 
 ## Introduction

content/actions/security-guides/using-artifact-attestations-to-establish-provenance-for-builds.md

@@ -1,12 +1,10 @@
 ---
 title: Using artifact attestations to establish provenance for builds
-intro: Artifact attestations enable you to increase the supply chain security of your builds by establishing where and how your software was built.
+intro: 'Artifact attestations enable you to increase the supply chain security of your builds by establishing where and how your software was built.'
 versions:
   fpt: '*'
   ghec: '*'
 shortTitle: Artifact attestations
-redirect_from:
-  - /actions/security-guides/using-artifact-attestations-to-establish-provenance-for-builds
 ---
 
 ## About artifact attestations

content/actions/security-guides/using-githubs-security-features-to-secure-your-use-of-github-actions.md

@@ -6,8 +6,6 @@ versions:
   ghes: '*'
   ghec: '*'
 shortTitle: GitHub security features
-redirect_from:
-  - /actions/security-guides/using-githubs-security-features-to-secure-your-use-of-github-actions
 ---
 
 ## About {% data variables.product.prodname_dotcom %}'s security features

content/actions/security-guides/using-secrets-in-github-actions.md

@@ -10,7 +10,6 @@ redirect_from:
   - /actions/reference/encrypted-secrets
   - /actions/managing-workflows/storing-secrets
   - /actions/security-guides/encrypted-secrets
-  - /actions/security-guides/using-secrets-in-github-actions
 versions:
   fpt: '*'
   ghes: '*'

content/actions/security-guides/verifying-attestations-offline.md

@@ -10,8 +10,6 @@ topics:
 versions:
   fpt: '*'
   ghec: '*'
-redirect_from:
-  - /actions/security-guides/verifying-attestations-offline
 ---
 
 ## Introduction

data/learning-tracks/actions.yml

@@ -8,7 +8,7 @@ getting_started:
     - /actions/writing-workflows/choosing-what-your-workflow-does/finding-and-customizing-actions
     - /actions/using-workflows/about-workflows
     - /actions/using-workflows/reusing-workflows
-    - /actions/security-for-github-actions/security-guides/security-hardening-for-github-actions
+    - /actions/security-guides/security-hardening-for-github-actions
 adopting_github_actions_for_your_enterprise_ghec:
   title: Adopt GitHub Actions for your enterprise
   description: >-
@@ -26,7 +26,7 @@ adopting_github_actions_for_your_enterprise_ghec:
       /admin/managing-github-actions-for-your-enterprise/getting-started-with-github-actions-for-your-enterprise/migrating-your-enterprise-to-github-actions
     - >-
       /admin/managing-github-actions-for-your-enterprise/getting-started-with-github-actions-for-your-enterprise/getting-started-with-github-actions-for-github-enterprise-cloud
-    - /actions/security-for-github-actions/security-guides/security-hardening-for-github-actions
+    - /actions/security-guides/security-hardening-for-github-actions
     - >-
       /billing/managing-billing-for-github-actions/about-billing-for-github-actions
 adopting_github_actions_for_your_enterprise_ghes:
@@ -50,7 +50,7 @@ adopting_github_actions_for_your_enterprise_ghes:
       /admin/managing-github-actions-for-your-enterprise/getting-started-with-github-actions-for-your-enterprise/getting-started-with-github-actions-for-github-enterprise-server
     - >-
       /admin/managing-github-actions-for-your-enterprise/getting-started-with-github-actions-for-your-enterprise/getting-started-with-self-hosted-runners-for-your-enterprise
-    - /actions/security-for-github-actions/security-guides/security-hardening-for-github-actions
+    - /actions/security-guides/security-hardening-for-github-actions
     - >-
       /billing/managing-billing-for-github-actions/about-billing-for-github-actions
 hosting_your_own_runners:

data/learning-tracks/admin.yml

@@ -50,7 +50,7 @@ adopting_github_actions_for_your_enterprise_ghec:
       /admin/managing-github-actions-for-your-enterprise/getting-started-with-github-actions-for-your-enterprise/migrating-your-enterprise-to-github-actions
     - >-
       /admin/managing-github-actions-for-your-enterprise/getting-started-with-github-actions-for-your-enterprise/getting-started-with-github-actions-for-github-enterprise-cloud
-    - /actions/security-for-github-actions/security-guides/security-hardening-for-github-actions
+    - /actions/security-guides/security-hardening-for-github-actions
     - >-
       /billing/managing-billing-for-github-actions/about-billing-for-github-actions
 adopting_github_actions_for_your_enterprise_ghes:
@@ -74,7 +74,7 @@ adopting_github_actions_for_your_enterprise_ghes:
       /admin/managing-github-actions-for-your-enterprise/getting-started-with-github-actions-for-your-enterprise/getting-started-with-github-actions-for-github-enterprise-server
     - >-
       /admin/managing-github-actions-for-your-enterprise/getting-started-with-github-actions-for-your-enterprise/getting-started-with-self-hosted-runners-for-your-enterprise
-    - /actions/security-for-github-actions/security-guides/security-hardening-for-github-actions
+    - /actions/security-guides/security-hardening-for-github-actions
     - >-
       /billing/managing-billing-for-github-actions/about-billing-for-github-actions
 increase_fault_tolerance:

src/frame/tests/secure-files.js

@@ -13,7 +13,8 @@ import { glob } from 'glob'
 const secureFiles = [
   {
     name: 'Security hardening your deployments',
-    path: 'content/actions/security-for-github-actions/security-hardening-your-deployments/**',
+    path: 'content/actions/deployment/security-hardening-your-deployments/**',
+    requiredCodeOwner: 'github/oidc',
   },
   {
     name: 'RAI transparency note reusable directory',