From cbb32c592861be2038b354bedaa46b37e93cf389 Mon Sep 17 00:00:00 2001 From: Daniel Compton Date: Tue, 15 Feb 2022 13:33:40 +1300 Subject: [PATCH 01/19] Explain that GITHUB_SHA may not always be the commit that was pushed Fixes https://github.com/github/docs/issues/15302 --- content/actions/learn-github-actions/environment-variables.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/content/actions/learn-github-actions/environment-variables.md b/content/actions/learn-github-actions/environment-variables.md index 315f0e46a1..09bc1a22b6 100644 --- a/content/actions/learn-github-actions/environment-variables.md +++ b/content/actions/learn-github-actions/environment-variables.md @@ -156,7 +156,7 @@ We strongly recommend that actions use environment variables to access the files | `GITHUB_RUN_ID` | {% data reusables.github-actions.run_id_description %} For example, `1658821493`. | | `GITHUB_RUN_NUMBER` | {% data reusables.github-actions.run_number_description %} For example, `3`. | | `GITHUB_SERVER_URL`| The URL of the {% data variables.product.product_name %} server. For example: `https://{% data variables.product.product_url %}`. -| `GITHUB_SHA` | The commit SHA that triggered the workflow. For example, `ffac537e6cbbf934b08745a378932722df287a53`. | +| `GITHUB_SHA` | The commit SHA that triggered the workflow. The value of this commit depends on the event that triggered the workflow. For more information, see [Events that trigger workflows](/actions/using-workflows/events-that-trigger-workflows). For example, `ffac537e6cbbf934b08745a378932722df287a53`. | | `GITHUB_WORKFLOW` | The name of the workflow. For example, `My test workflow`. If the workflow file doesn't specify a `name`, the value of this variable is the full path of the workflow file in the repository. | | `GITHUB_WORKSPACE` | The default working directory on the runner for steps, and the default location of your repository when using the [`checkout`](https://github.com/actions/checkout) action. For example, `/home/runner/work/my-repo-name/my-repo-name`. | {%- if actions-runner-arch-envvars %} @@ -202,4 +202,4 @@ In this example, the two `if` statements check the `os` property of the `runner` If you generate a value in one step of a job, you can use the value in subsequent steps of the same job by assigning the value to an existing or new environment variable and then writing this to the `GITHUB_ENV` environment file. The environment file can be used directly by an action, or from a shell command in the workflow file by using the `run` keyword. For more information, see "[Workflow commands for {% data variables.product.prodname_actions %}](/actions/reference/workflow-commands-for-github-actions/#setting-an-environment-variable)." If you want to pass a value from a step in one job in a workflow to a step in another job in the workflow, you can define the value as a job output. You can then reference this job output from a step in another job. For more information, see "[Workflow syntax for {% data variables.product.prodname_actions %}](/actions/learn-github-actions/workflow-syntax-for-github-actions#jobsjob_idoutputs)." - \ No newline at end of file + From 6798775cd249e145b5d8a1cc0920d89d8c878854 Mon Sep 17 00:00:00 2001 From: Mike Carey <32496966+mike-carey@users.noreply.github.com> Date: Tue, 15 Feb 2022 11:25:33 -0600 Subject: [PATCH 02/19] Update contexts.md --- content/actions/learn-github-actions/contexts.md | 1 + 1 file changed, 1 insertion(+) diff --git a/content/actions/learn-github-actions/contexts.md b/content/actions/learn-github-actions/contexts.md index bf23322ffd..649af6fac4 100644 --- a/content/actions/learn-github-actions/contexts.md +++ b/content/actions/learn-github-actions/contexts.md @@ -183,6 +183,7 @@ The `github` context contains information about the workflow run and the event t | `github.action_path` | `string` | The path where an action is located. This property is only supported in composite actions. You can use this path to access files located in the same repository as the action. | | `github.action_ref` | `string` | For a step executing an action, this is the ref of the action being executed. For example, `v2`. | `github.action_repository` | `string` | For a step executing an action, this is the owner and repository name of the action. For example, `actions/checkout`. +| `github.action_status` | `string` | When within a composite action, the current status of the action. | | `github.actor` | `string` | The username of the user that initiated the workflow run. | | `github.api_url` | `string` | The URL of the {% data variables.product.prodname_dotcom %} REST API. | | `github.base_ref` | `string` | The `base_ref` or target branch of the pull request in a workflow run. This property is only available when the event that triggers a workflow run is either `pull_request` or `pull_request_target`. | From e103e625cff1fb93d087156107bf17d5defebfa5 Mon Sep 17 00:00:00 2001 From: Mike Carey <32496966+mike-carey@users.noreply.github.com> Date: Tue, 15 Feb 2022 11:37:17 -0600 Subject: [PATCH 03/19] Rewords the description --- content/actions/learn-github-actions/contexts.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/actions/learn-github-actions/contexts.md b/content/actions/learn-github-actions/contexts.md index 649af6fac4..dbeec8a7c3 100644 --- a/content/actions/learn-github-actions/contexts.md +++ b/content/actions/learn-github-actions/contexts.md @@ -183,7 +183,7 @@ The `github` context contains information about the workflow run and the event t | `github.action_path` | `string` | The path where an action is located. This property is only supported in composite actions. You can use this path to access files located in the same repository as the action. | | `github.action_ref` | `string` | For a step executing an action, this is the ref of the action being executed. For example, `v2`. | `github.action_repository` | `string` | For a step executing an action, this is the owner and repository name of the action. For example, `actions/checkout`. -| `github.action_status` | `string` | When within a composite action, the current status of the action. | +| `github.action_status` | `string` | For a composite action, the current result of the composite action. | | `github.actor` | `string` | The username of the user that initiated the workflow run. | | `github.api_url` | `string` | The URL of the {% data variables.product.prodname_dotcom %} REST API. | | `github.base_ref` | `string` | The `base_ref` or target branch of the pull request in a workflow run. This property is only available when the event that triggers a workflow run is either `pull_request` or `pull_request_target`. | From 2682eeb7231c3706f468141c05eaae47b0075826 Mon Sep 17 00:00:00 2001 From: Sarah Edwards Date: Wed, 2 Mar 2022 16:35:14 -0800 Subject: [PATCH 04/19] add word --- content/actions/learn-github-actions/environment-variables.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/actions/learn-github-actions/environment-variables.md b/content/actions/learn-github-actions/environment-variables.md index 09bc1a22b6..4a3e2ed9cc 100644 --- a/content/actions/learn-github-actions/environment-variables.md +++ b/content/actions/learn-github-actions/environment-variables.md @@ -156,7 +156,7 @@ We strongly recommend that actions use environment variables to access the files | `GITHUB_RUN_ID` | {% data reusables.github-actions.run_id_description %} For example, `1658821493`. | | `GITHUB_RUN_NUMBER` | {% data reusables.github-actions.run_number_description %} For example, `3`. | | `GITHUB_SERVER_URL`| The URL of the {% data variables.product.product_name %} server. For example: `https://{% data variables.product.product_url %}`. -| `GITHUB_SHA` | The commit SHA that triggered the workflow. The value of this commit depends on the event that triggered the workflow. For more information, see [Events that trigger workflows](/actions/using-workflows/events-that-trigger-workflows). For example, `ffac537e6cbbf934b08745a378932722df287a53`. | +| `GITHUB_SHA` | The commit SHA that triggered the workflow. The value of this commit SHA depends on the event that triggered the workflow. For more information, see [Events that trigger workflows](/actions/using-workflows/events-that-trigger-workflows). For example, `ffac537e6cbbf934b08745a378932722df287a53`. | | `GITHUB_WORKFLOW` | The name of the workflow. For example, `My test workflow`. If the workflow file doesn't specify a `name`, the value of this variable is the full path of the workflow file in the repository. | | `GITHUB_WORKSPACE` | The default working directory on the runner for steps, and the default location of your repository when using the [`checkout`](https://github.com/actions/checkout) action. For example, `/home/runner/work/my-repo-name/my-repo-name`. | {%- if actions-runner-arch-envvars %} From 0eeae0b799b21db219733be29242ce8730135afa Mon Sep 17 00:00:00 2001 From: Mahmoud Hanafy Date: Thu, 3 Mar 2022 16:11:02 +0100 Subject: [PATCH 05/19] Correct link for reviewing dependency changes in a pull request --- .../reviewing-proposed-changes-in-a-pull-request.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/reviewing-proposed-changes-in-a-pull-request.md b/content/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/reviewing-proposed-changes-in-a-pull-request.md index 3635048c07..39ec13a08c 100644 --- a/content/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/reviewing-proposed-changes-in-a-pull-request.md +++ b/content/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/reviewing-proposed-changes-in-a-pull-request.md @@ -66,7 +66,7 @@ For more information on reviewing pull requests in {% data variables.product.pro {% data reusables.dependency-review.beta %} -If the pull request contains changes to dependencies you can use the dependency review for a manifest or lock file to see what has changed and check whether the changes introduce security vulnerabilities. For more information, see "[Reviewing dependency changes in a pull request](/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/incorporating-feedback-in-your-pull-request)." +If the pull request contains changes to dependencies you can use the dependency review for a manifest or lock file to see what has changed and check whether the changes introduce security vulnerabilities. For more information, see "[Reviewing dependency changes in a pull request](/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/reviewing-dependency-changes-in-a-pull-request)." {% data reusables.repositories.changed-files %} From 8bd8331ef8b15c09fa92221a1b85269ef7d3570b Mon Sep 17 00:00:00 2001 From: Joshua Walker <3141202+joshuawalker@users.noreply.github.com> Date: Wed, 9 Mar 2022 23:34:19 +1300 Subject: [PATCH 06/19] Update must know password reusable, add one more instance --- ...ring-your-account-if-you-lose-your-2fa-credentials.md | 9 +++++++-- data/reusables/accounts/you-must-know-your-password.md | 2 +- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/content/authentication/securing-your-account-with-two-factor-authentication-2fa/recovering-your-account-if-you-lose-your-2fa-credentials.md b/content/authentication/securing-your-account-with-two-factor-authentication-2fa/recovering-your-account-if-you-lose-your-2fa-credentials.md index 021e173134..8c265e5235 100644 --- a/content/authentication/securing-your-account-with-two-factor-authentication-2fa/recovering-your-account-if-you-lose-your-2fa-credentials.md +++ b/content/authentication/securing-your-account-with-two-factor-authentication-2fa/recovering-your-account-if-you-lose-your-2fa-credentials.md @@ -22,7 +22,6 @@ shortTitle: Recover an account with 2FA **Warnings**: - {% data reusables.two_fa.support-may-not-help %} -- {% data reusables.accounts.you-must-know-your-password %} {% endwarning %} @@ -32,7 +31,13 @@ shortTitle: Recover an account with 2FA Use one of your recovery codes to automatically regain entry into your account. You may have saved your recovery codes to a password manager or your computer's downloads folder. The default filename for recovery codes is `github-recovery-codes.txt`. For more information about recovery codes, see "[Configuring two-factor authentication recovery methods](/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication-recovery-methods#downloading-your-two-factor-authentication-recovery-codes)." -{% data reusables.two_fa.username-password %} +1. Type your username and password to prompt authentication. + + {% warning %} + + **Warning**: {% data reusables.accounts.you-must-know-your-password %} + + {% endwarning %} {% ifversion fpt or ghec %} 1. Under "Having problems?", click **Use a recovery code or request a reset**. diff --git a/data/reusables/accounts/you-must-know-your-password.md b/data/reusables/accounts/you-must-know-your-password.md index f4795c3909..7e671d4127 100644 --- a/data/reusables/accounts/you-must-know-your-password.md +++ b/data/reusables/accounts/you-must-know-your-password.md @@ -1 +1 @@ -If you protect your personal account with two-factor authentication but do not know your password, you will not be able to generate a one-time password to recover your account. {% data variables.product.company_short %} can send a password reset email to a verified address associated with your account. For more information, see "[Updating your {% data variables.product.prodname_dotcom %} access credentials](/authentication/keeping-your-account-and-data-secure/updating-your-github-access-credentials#requesting-a-new-password)." +If you protect your personal account with two-factor authentication but do not know your password, you will not be able to follow these steps to recover your account. {% data variables.product.company_short %} can send a password reset email to a verified address associated with your account. For more information, see "[Updating your {% data variables.product.prodname_dotcom %} access credentials](/authentication/keeping-your-account-and-data-secure/updating-your-github-access-credentials#requesting-a-new-password)." From c51fa948a1cea9ee6f23db9a1d5508a723021e4f Mon Sep 17 00:00:00 2001 From: Felicity Chapman Date: Wed, 9 Mar 2022 11:40:07 +0000 Subject: [PATCH 07/19] Update landing page, guides page, etc. for code security following addition of GHEC version (#26009) --- content/code-security/guides.md | 5 +++ content/code-security/index.md | 28 ++++++------ data/learning-tracks/code-security.yml | 45 ++++++++++--------- .../code-security/code-examples.yml | 9 ++-- 4 files changed, 48 insertions(+), 39 deletions(-) diff --git a/content/code-security/guides.md b/content/code-security/guides.md index 43a3da3bbf..99bf070513 100644 --- a/content/code-security/guides.md +++ b/content/code-security/guides.md @@ -31,6 +31,7 @@ includeGuides: - /code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/tracking-code-scanning-alerts-in-issues-using-task-lists - /code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning - /code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning-alerts + - /code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning-with-codeql - /code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning - /code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-the-codeql-workflow-for-compiled-languages - /code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/managing-code-scanning-alerts-for-your-repository @@ -38,6 +39,7 @@ includeGuides: - /code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/setting-up-code-scanning-for-a-repository - /code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/triaging-code-scanning-alerts-in-pull-requests - /code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/troubleshooting-the-codeql-workflow + - /code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/viewing-code-scanning-logs - /code-security/code-scanning/integrating-with-code-scanning/about-integration-with-code-scanning - /code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning - /code-security/code-scanning/integrating-with-code-scanning/uploading-a-sarif-file-to-github @@ -45,6 +47,7 @@ includeGuides: - /code-security/code-scanning/using-codeql-code-scanning-with-your-existing-ci-system/configuring-codeql-cli-in-your-ci-system - /code-security/code-scanning/using-codeql-code-scanning-with-your-existing-ci-system/configuring-codeql-runner-in-your-ci-system - /code-security/code-scanning/using-codeql-code-scanning-with-your-existing-ci-system/installing-codeql-cli-in-your-ci-system + - /code-security/code-scanning/using-codeql-code-scanning-with-your-existing-ci-system/migrating-from-the-codeql-runner-to-codeql-cli - /code-security/code-scanning/using-codeql-code-scanning-with-your-existing-ci-system/running-codeql-runner-in-your-ci-system - /code-security/code-scanning/using-codeql-code-scanning-with-your-existing-ci-system/troubleshooting-codeql-runner-in-your-ci-system - /code-security/repository-security-advisories/about-coordinated-disclosure-of-security-vulnerabilities @@ -58,6 +61,8 @@ includeGuides: - /code-security/repository-security-advisories/removing-a-collaborator-from-a-repository-security-advisory - /code-security/repository-security-advisories/withdrawing-a-repository-security-advisory - /code-security/security-overview/about-the-security-overview + - /code-security/security-overview/filtering-alerts-in-the-security-overview + - /code-security/security-overview/viewing-the-security-overview - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/about-dependabot-version-updates - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/automating-dependabot-with-github-actions - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/configuration-options-for-dependency-updates diff --git a/content/code-security/index.md b/content/code-security/index.md index 4cc88fec92..ec13e102f5 100644 --- a/content/code-security/index.md +++ b/content/code-security/index.md @@ -8,17 +8,17 @@ featuredLinks: guides: - /code-security/getting-started/securing-your-repository - /code-security/getting-started/securing-your-organization - - '{% ifversion fpt %}/code-security/repository-security-advisories/creating-a-repository-security-advisory{% endif %}' - - '{% ifversion ghes or ghae %}/code-security/secure-coding/automatically-scanning-your-code-for-vulnerabilities-and-errors/setting-up-code-scanning-for-a-repository{% endif%}' + - '{% ifversion fpt or ghec %}/code-security/repository-security-advisories/creating-a-repository-security-advisory{% endif %}' + - '{% ifversion ghes or ghae %}/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/setting-up-code-scanning-for-a-repository{% endif%}' guideCards: - - '{% ifversion fpt %}/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/configuring-dependabot-security-updates{% endif %}' - - '{% ifversion fpt %}/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-dependabot-version-updates{% endif %}' - - '{% ifversion fpt %}/code-security/secure-coding/automatically-scanning-your-code-for-vulnerabilities-and-errors/setting-up-code-scanning-for-a-repository{% endif %}' - - '{% ifversion ghes %}/code-security/supply-chain-security/understanding-your-software-supply-chain/exploring-the-dependencies-of-a-repository{% endif %}' - - '{% ifversion ghes %}/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/configuring-notifications-for-vulnerable-dependencies{% endif %}' - - '{% ifversion ghes or ghae %}/code-security/secret-security/configuring-secret-scanning-for-your-repositories{% endif %}' - - '{% ifversion ghae %}/code-security/secure-coding/integrating-with-code-scanning/uploading-a-sarif-file-to-github{% endif %}' - - '{% ifversion ghae %}/code-security/secure-coding/using-codeql-code-scanning-with-your-existing-ci-system{% endif %}' + - '{% ifversion fpt or ghec or ghes > 3.2 %}/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/configuring-dependabot-security-updates{% endif %}' + - '{% ifversion fpt or ghec or ghes > 3.2 %}/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-dependabot-version-updates{% endif %}' + - '{% ifversion fpt or ghec or ghes > 3.2 %}/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/setting-up-code-scanning-for-a-repository{% endif %}' + - '{% ifversion ghes < 3.3 %}/code-security/supply-chain-security/understanding-your-software-supply-chain/exploring-the-dependencies-of-a-repository{% endif %}' + - '{% ifversion ghes < 3.3 %}/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/configuring-notifications-for-vulnerable-dependencies{% endif %}' + - '{% ifversion ghes < 3.3 or ghae %}/code-security/secret-scanning/configuring-secret-scanning-for-your-repositories{% endif %}' + - '{% ifversion ghae %}/code-security/code-scanning/integrating-with-code-scanning/uploading-a-sarif-file-to-github{% endif %}' + - '{% ifversion ghae %}/code-security/code-scanning/using-codeql-code-scanning-with-your-existing-ci-system{% endif %}' popular: - '{% ifversion ghes %}/admin/release-notes{% endif %}' - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-alerts-for-vulnerable-dependencies @@ -26,11 +26,11 @@ featuredLinks: - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/keeping-your-actions-up-to-date-with-dependabot - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/configuration-options-for-dependency-updates - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/managing-encrypted-secrets-for-dependabot - - '{% ifversion ghae %}/code-security/secret-security/about-secret-scanning{% endif %}' + - '{% ifversion ghae %}/code-security/secret-scanning/about-secret-scanning{% endif %}' - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/troubleshooting-the-detection-of-vulnerable-dependencies - - '{% ifversion ghes or ghae %}/code-security/secure-coding/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-the-codeql-workflow-for-compiled-languages{% endif %}' - - '{% ifversion ghes or ghae %}/code-security/secure-coding/automatically-scanning-your-code-for-vulnerabilities-and-errors/troubleshooting-the-codeql-workflow{% endif %}' - - '{% ifversion ghes or ghae %}/code-security/secure-coding/automatically-scanning-your-code-for-vulnerabilities-and-errors/running-codeql-code-scanning-in-a-container{% endif %}' + - '{% ifversion ghes < 3.3 or ghae %}/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-the-codeql-workflow-for-compiled-languages{% endif %}' + - '{% ifversion ghes < 3.3 or ghae %}/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/troubleshooting-the-codeql-workflow{% endif %}' + - '{% ifversion ghes < 3.3 or ghae %}/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/running-codeql-code-scanning-in-a-container{% endif %}' changelog: label: security-and-compliance versions: diff --git a/data/learning-tracks/code-security.yml b/data/learning-tracks/code-security.yml index dd4bee8c68..fa02e07ec7 100644 --- a/data/learning-tracks/code-security.yml +++ b/data/learning-tracks/code-security.yml @@ -2,7 +2,7 @@ security_advisories: title: 'Fix and disclose a security vulnerability' description: 'Using repository security advisories to privately fix a reported vulnerability and get a CVE.' - featured_track: '{% ifversion fpt %}true{% else %}false{% endif %}' + featured_track: '{% ifversion fpt or ghec %}true{% else %}false{% endif %}' guides: - /code-security/repository-security-advisories/about-coordinated-disclosure-of-security-vulnerabilities - /code-security/repository-security-advisories/creating-a-repository-security-advisory @@ -13,32 +13,32 @@ security_advisories: - /code-security/repository-security-advisories/withdrawing-a-repository-security-advisory - /code-security/repository-security-advisories/removing-a-collaborator-from-a-repository-security-advisory -# Feature available on dotcom and GHES +# Feature available on dotcom and GHES 3.3+, so articles available on GHAE and earlier GHES hidden to hide the learning track dependabot_alerts: title: 'Get notifications for vulnerable dependencies' description: 'Set up Dependabot to alert you to new vulnerabilities in your dependencies.' guides: - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-alerts-for-vulnerable-dependencies - - '{% ifversion not ghae %}/github/administering-a-repository/managing-repository-settings/managing-security-and-analysis-settings-for-your-repository{% endif %}' + - '{% ifversion fpt or ghec or ghes > 3.2 %}/github/administering-a-repository/managing-repository-settings/managing-security-and-analysis-settings-for-your-repository{% endif %}' - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/viewing-and-updating-vulnerable-dependencies-in-your-repository - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/configuring-notifications-for-vulnerable-dependencies - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/managing-pull-requests-for-dependency-updates - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/troubleshooting-the-detection-of-vulnerable-dependencies - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/troubleshooting-dependabot-errors -# Feature available only on dotcom, so articles available hidden to hide the learning track in other versions +# Feature available on dotcom and GHES 3.3+, so articles available on GHAE and earlier GHES hidden to hide the learning track dependabot_security_updates: title: 'Get pull requests to update your vulnerable dependencies' description: 'Set up Dependabot to create pull requests when new vulnerabilities are reported.' guides: - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-dependabot-security-updates - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/configuring-dependabot-security-updates - - '{% ifversion fpt %}/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/configuring-notifications-for-vulnerable-dependencies{% endif %}' - - '{% ifversion fpt %}/github/administering-a-repository/managing-repository-settings/managing-security-and-analysis-settings-for-your-repository{% endif %}' + - '{% ifversion fpt or ghec or ghes > 3.2 %}/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/configuring-notifications-for-vulnerable-dependencies{% endif %}' + - '{% ifversion fpt or ghec or ghes > 3.2 %}/github/administering-a-repository/managing-repository-settings/managing-security-and-analysis-settings-for-your-repository{% endif %}' - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/managing-pull-requests-for-dependency-updates - - '{% ifversion fpt %}/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/troubleshooting-the-detection-of-vulnerable-dependencies{% endif %}' + - '{% ifversion fpt or ghec or ghes > 3.2 %}/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/troubleshooting-the-detection-of-vulnerable-dependencies{% endif %}' -# Feature available only on dotcom +# Feature available only on dotcom and GHES 3.3+ dependency_version_updates: title: 'Keep your dependencies up-to-date' description: 'Use Dependabot to check for new releases and create pull requests to update your dependencies.' @@ -54,32 +54,34 @@ dependency_version_updates: - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/managing-pull-requests-for-dependency-updates - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/troubleshooting-dependabot-errors -# Feature available in all versions from GHES 3.0 up +# Feature available in GHEC, GHES 3.0 up, and GHAE. Feature limited on FPT so hidden there. secret_scanning: title: 'Scan for secrets' description: 'Set up secret scanning to guard against accidental check-ins of tokens, passwords, and other secrets to your repository.' guides: - - /code-security/secret-scanning/about-secret-scanning - - /code-security/secret-scanning/configuring-secret-scanning-for-your-repositories - - /code-security/secret-scanning/defining-custom-patterns-for-secret-scanning - - /code-security/secret-scanning/managing-alerts-from-secret-scanning + - '{% ifversion not fpt %}/code-security/secret-scanning/about-secret-scanning{% endif %}' + - '{% ifversion not fpt %}/code-security/secret-scanning/configuring-secret-scanning-for-your-repositories{% endif %}' + - '{% ifversion not fpt %}/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning{% endif %}' + - '{% ifversion not fpt %}/code-security/secret-scanning/managing-alerts-from-secret-scanning{% endif %}' + - '{% ifversion not fpt %}/code-security/secret-scanning/secret-scanning-patterns{% endif %}' -# Security overview feature available only on dotcom currently, so other articles hidden to hide the learning path in other versions +# Security overview feature available in GHEC and GHES 3.2+, so other articles hidden to hide the learning path in other versions security_alerts: title: 'Explore and manage security alerts' description: 'Learn where to find and resolve security alerts.' guides: - - /code-security/security-overview/about-the-security-overview - - '{% ifversion fpt %}/code-security/secret-scanning/managing-alerts-from-secret-scanning {% endif %}' - - '{% ifversion fpt %}/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/managing-code-scanning-alerts-for-your-repository{% endif %}' - - '{% ifversion fpt %}/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/triaging-code-scanning-alerts-in-pull-requests{% endif %}' - - '{% ifversion fpt %}/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/viewing-and-updating-vulnerable-dependencies-in-your-repository{% endif %}' + - '{% ifversion ghec or ghes > 3.1 %}/code-security/security-overview/about-the-security-overview {% endif %}' + - '{% ifversion ghec or ghes > 3.1 %}/code-security/security-overview/viewing-the-security-overview {% endif %}' + - '{% ifversion ghec or ghes > 3.1 %}/code-security/secret-scanning/managing-alerts-from-secret-scanning {% endif %}' + - '{% ifversion ghec or ghes > 3.1 %}/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/managing-code-scanning-alerts-for-your-repository{% endif %}' + - '{% ifversion ghec or ghes > 3.1 %}/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/triaging-code-scanning-alerts-in-pull-requests{% endif %}' + - '{% ifversion ghec or ghes > 3.1 %}/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/viewing-and-updating-vulnerable-dependencies-in-your-repository{% endif %}' # Feature available in all versions from GHES 2.22 up code_security_actions: title: 'Run code scanning with GitHub Actions' description: 'Check your default branch and every pull request to keep vulnerabilities and errors out of your repository.' - featured_track: '{% ifversion ghae or ghes > 2.22 %}true{% else %}false{% endif %}' + featured_track: '{% ifversion ghae or ghes %}true{% else %}false{% endif %}' guides: - /code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning - /code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/setting-up-code-scanning-for-a-repository @@ -106,6 +108,5 @@ code_security_ci: - /code-security/code-scanning/using-codeql-code-scanning-with-your-existing-ci-system/about-codeql-code-scanning-in-your-ci-system - /code-security/code-scanning/using-codeql-code-scanning-with-your-existing-ci-system/installing-codeql-cli-in-your-ci-system - /code-security/code-scanning/using-codeql-code-scanning-with-your-existing-ci-system/configuring-codeql-cli-in-your-ci-system - - /code-security/code-scanning/using-codeql-code-scanning-with-your-existing-ci-system/running-codeql-runner-in-your-ci-system - - /code-security/code-scanning/using-codeql-code-scanning-with-your-existing-ci-system/configuring-codeql-runner-in-your-ci-system + - /code-security/code-scanning/using-codeql-code-scanning-with-your-existing-ci-system/migrating-from-the-codeql-runner-to-codeql-cli - /code-security/code-scanning/using-codeql-code-scanning-with-your-existing-ci-system/troubleshooting-codeql-runner-in-your-ci-system diff --git a/data/product-examples/code-security/code-examples.yml b/data/product-examples/code-security/code-examples.yml index e06f436c6f..4a9dc89aaa 100644 --- a/data/product-examples/code-security/code-examples.yml +++ b/data/product-examples/code-security/code-examples.yml @@ -19,9 +19,9 @@ - GitHub Actions # Security policies -- title: Microsoft security policy +- title: Microsoft security policy template description: Example security policy - href: /microsoft/microsoft.github.io/blob/master/SECURITY.MD + href: https://github.com/microsoft/repo-templates/blob/main/shared/SECURITY.md tags: - Security policy - title: Electron security policy @@ -50,8 +50,9 @@ versions: fpt: '*' ghec: '*' + ghes: '>=3.3' -# Dependabot configuration only relevant to GitHub.com +# Dependabot configuration only relevant to GitHub.com and GHES 3.3+ # Convert "languages" to "package-ecosystems" for Dependabot configurations - title: Super linter configuration description: Example Dependabot version updates configuration from the Super linter repository. @@ -69,6 +70,7 @@ versions: fpt: '*' ghec: '*' + ghes: '>=3.3' - title: Dependabot version update PR description: Example pull request generated by the Dependabot version updates configuration in the Super linter repository. @@ -81,3 +83,4 @@ versions: fpt: '*' ghec: '*' + ghes: '>=3.3' From df9481e291a509be54b602bb18bf6988922b2ca3 Mon Sep 17 00:00:00 2001 From: Ramya Parimi <33761166+ramyaparimi@users.noreply.github.com> Date: Wed, 9 Mar 2022 08:48:31 -0600 Subject: [PATCH 08/19] Update move-ready-to-merge-pr.yaml (#26014) --- .github/workflows/move-ready-to-merge-pr.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/move-ready-to-merge-pr.yaml b/.github/workflows/move-ready-to-merge-pr.yaml index f9f5c9871b..535ead7355 100644 --- a/.github/workflows/move-ready-to-merge-pr.yaml +++ b/.github/workflows/move-ready-to-merge-pr.yaml @@ -24,7 +24,7 @@ jobs: - name: move PR uses: alex-page/github-project-automation-plus@bb266ff4dde9242060e2d5418e120a133586d488 with: - project: Docs team reviews + project: Docs open source board column: Triage repo-token: ${{ secrets.DOCUBOT_READORG_REPO_WORKFLOW_SCOPES }} From a186d387ca5dd18873b4530a6cf84f5cf5085e43 Mon Sep 17 00:00:00 2001 From: Mike Surowiec Date: Wed, 9 Mar 2022 09:17:17 -0600 Subject: [PATCH 09/19] fix: don't use brackets for single option glob, fix OS sync action (#26058) --- .github/workflows/azure-preview-env-deploy.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/azure-preview-env-deploy.yml b/.github/workflows/azure-preview-env-deploy.yml index 98ebb266f4..912f08df90 100644 --- a/.github/workflows/azure-preview-env-deploy.yml +++ b/.github/workflows/azure-preview-env-deploy.yml @@ -165,8 +165,8 @@ jobs: rsync -rptovR ./user-code/components/./**/*.{ts,tsx} ./components rsync -rptovR --ignore-missing-args ./user-code/lib/./**/*.{js,ts} ./lib rsync -rptovR --ignore-missing-args ./user-code/middleware/./**/*.{js,ts} ./middleware - rsync -rptovR ./user-code/pages/./**/*.{tsx} ./pages - rsync -rptovR ./user-code/stylesheets/./**/*.{scss} ./stylesheets + rsync -rptovR ./user-code/pages/./**/*.tsx ./pages + rsync -rptovR ./user-code/stylesheets/./**/*.scss ./stylesheets # In addition to making the final image smaller, we also save time by not sending unnecessary files to the docker build context - name: 'Prune for preview env' From 994340bb89a0e015f82e6c816da9addd3f27c72b Mon Sep 17 00:00:00 2001 From: Laura Coursen Date: Wed, 9 Mar 2022 09:30:37 -0600 Subject: [PATCH 10/19] [GHEC version] Version content about setting permissions for adding outside collaborators (#25993) --- ...borators-to-repositories-in-your-organization.md | 8 ++++---- ...viewing-people-with-access-to-your-repository.md | 10 ++++++++-- ...-permissions-for-adding-outside-collaborators.md | 13 ++++++++++--- .../gated-features/restrict-add-collaborator.md | 1 - .../getting-started/managing-org-policies.md | 2 +- lib/redirects/static/redirect-exceptions.txt | 6 ++++++ 6 files changed, 29 insertions(+), 11 deletions(-) delete mode 100644 data/reusables/gated-features/restrict-add-collaborator.md diff --git a/content/organizations/managing-access-to-your-organizations-repositories/adding-outside-collaborators-to-repositories-in-your-organization.md b/content/organizations/managing-access-to-your-organizations-repositories/adding-outside-collaborators-to-repositories-in-your-organization.md index b0595cd814..770c8fe053 100644 --- a/content/organizations/managing-access-to-your-organizations-repositories/adding-outside-collaborators-to-repositories-in-your-organization.md +++ b/content/organizations/managing-access-to-your-organizations-repositories/adding-outside-collaborators-to-repositories-in-your-organization.md @@ -22,7 +22,11 @@ An outside collaborator is a person who is not a member of your organization, bu {% data reusables.organizations.outside-collaborators-use-seats %} +{% ifversion fpt %} +Organizations that use {% data variables.product.prodname_ghe_cloud %} can restrict the ability to invite collaborators. For more information, see "[Setting permissions for adding outside collaborators](/enterprise-cloud@latest/organizations/managing-organization-settings/setting-permissions-for-adding-outside-collaborators)" in the {% data variables.product.prodname_ghe_cloud %} documentation. +{% else %} An organization owner can restrict the ability to invite collaborators. For more information, see "[Setting permissions for adding outside collaborators](/organizations/managing-organization-settings/setting-permissions-for-adding-outside-collaborators)." +{% endif %} {% ifversion ghes %} Before you can add someone as an outside collaborator on a repository, the person must have a user account on {% data variables.product.product_location %}. If your enterprise uses an external authentication system such as SAML or LDAP, the person you want to add must sign in through that system to create an account. If the person does not have access to the authentication system and built-in authentication is enabled for your enterprise, a site admin can create a user account for the person. For more information, see "[Using built-in authentication](/admin/authentication/authenticating-users-for-your-github-enterprise-server-instance/using-built-in-authentication#inviting-users)." @@ -32,10 +36,6 @@ Before you can add someone as an outside collaborator on a repository, the perso If your organization requires two-factor authentication, all outside collaborators must enable two-factor authentication before accepting your invitation to collaborate on a repository. For more information, see "[Requiring two-factor authentication in your organization](/organizations/keeping-your-organization-secure/managing-two-factor-authentication-for-your-organization/requiring-two-factor-authentication-in-your-organization)." {% endif %} -{% ifversion fpt %} -To further support your team's collaboration abilities, you can upgrade to {% data variables.product.prodname_ghe_cloud %}, which includes features like protected branches and code owners on private repositories. {% data reusables.enterprise.link-to-ghec-trial %} -{% endif %} - ## Adding outside collaborators to a repository {% ifversion fpt or ghec or ghes > 3.3 or ghae-issue-5974 %} diff --git a/content/organizations/managing-access-to-your-organizations-repositories/viewing-people-with-access-to-your-repository.md b/content/organizations/managing-access-to-your-organizations-repositories/viewing-people-with-access-to-your-repository.md index 31b96a366c..72b20ec508 100644 --- a/content/organizations/managing-access-to-your-organizations-repositories/viewing-people-with-access-to-your-repository.md +++ b/content/organizations/managing-access-to-your-organizations-repositories/viewing-people-with-access-to-your-repository.md @@ -22,8 +22,6 @@ You can use this information to help off-board people, gather data for complianc {% ifversion fpt %} Organizations that use {% data variables.product.prodname_ghe_cloud %} can also export a CSV list of people who have access to a repository. For more information, see [the {% data variables.product.prodname_ghe_cloud %} documentation](/enterprise-cloud@latest/organizations/managing-access-to-your-organizations-repositories/viewing-people-with-access-to-your-repository). - -{% data reusables.enterprise.link-to-ghec-trial %} {% endif %} {% ifversion fpt or ghec or ghes > 3.3 or ghae-issue-5974 %} @@ -44,6 +42,14 @@ You can see a combined overview of teams and people with access to your reposito {% ifversion ghec or ghes or ghae %} ## Exporting a list of people with access to your repository +{% ifversion ghec %} +{% note %} + +**Note:** Only organizations that use {% data variables.product.prodname_ghe_cloud %} can export a list of people with access to a repository. {% data reusables.enterprise.link-to-ghec-trial %} + +{% endnote %} +{% endif %} + {% data reusables.repositories.navigate-to-repo %} {% data reusables.repositories.accessing-repository-graphs %} {% data reusables.repositories.accessing-repository-people %} diff --git a/content/organizations/managing-organization-settings/setting-permissions-for-adding-outside-collaborators.md b/content/organizations/managing-organization-settings/setting-permissions-for-adding-outside-collaborators.md index 44b80ce85d..223541b244 100644 --- a/content/organizations/managing-organization-settings/setting-permissions-for-adding-outside-collaborators.md +++ b/content/organizations/managing-organization-settings/setting-permissions-for-adding-outside-collaborators.md @@ -1,13 +1,11 @@ --- title: Setting permissions for adding outside collaborators intro: 'To protect your organization''s data and the number of paid licenses used in your organization, you can allow only owners to invite outside collaborators to organization repositories.' -product: '{% data reusables.gated-features.restrict-add-collaborator %}' redirect_from: - /articles/restricting-the-ability-to-add-outside-collaborators-to-organization-repositories - /articles/setting-permissions-for-adding-outside-collaborators - /github/setting-up-and-managing-organizations-and-teams/setting-permissions-for-adding-outside-collaborators versions: - fpt: '*' ghes: '*' ghae: '*' ghec: '*' @@ -17,7 +15,16 @@ topics: shortTitle: Set collaborator policy --- -Organization owners, and members with admin privileges for a repository, can invite outside collaborators to work on the repository. You can also restrict outside collaborator invite permissions to only organization owners. +By default, anyone with admin access to a repository can invite outside collaborators to work on the repository. You can choose to restrict the ability to invite outside collaborators to organization owners only. + + +{% ifversion ghec %} +{% note %} + +**Note:** Only organizations that use {% data variables.product.prodname_ghe_cloud %} can restrict the ability to invite outside collaborators to organization owners. {% data reusables.enterprise.link-to-ghec-trial %} + +{% endnote %} +{% endif %} {% data reusables.organizations.outside-collaborators-use-seats %} diff --git a/data/reusables/gated-features/restrict-add-collaborator.md b/data/reusables/gated-features/restrict-add-collaborator.md deleted file mode 100644 index 63a7c54409..0000000000 --- a/data/reusables/gated-features/restrict-add-collaborator.md +++ /dev/null @@ -1 +0,0 @@ -Restricting the ability to add outside collaborators to owners is available with {% data variables.product.prodname_ghe_cloud %}. For more information, see "[GitHub's products](/articles/githubs-products)." diff --git a/data/reusables/getting-started/managing-org-policies.md b/data/reusables/getting-started/managing-org-policies.md index 717d24f2ed..9951b2f572 100644 --- a/data/reusables/getting-started/managing-org-policies.md +++ b/data/reusables/getting-started/managing-org-policies.md @@ -1,5 +1,5 @@ You can manage permissions and policies for a number of different actions and features in your organization. -For example, to protect your organization's data and number of paid licenses, you can choose to allow only organization owners to invite outside collaborators to organization repositories. You can also choose to allow or prevent the forking of private repositories owned by your organization. For more information, see "[Setting permissions for adding outside collaborators](/organizations/managing-organization-settings/setting-permissions-for-adding-outside-collaborators)" and "[Managing the forking policy for your organization](/organizations/managing-organization-settings/managing-the-forking-policy-for-your-organization)." +For example, to protect your organization's data, you can restrict repository creation in your organization. You can also choose to allow or prevent the forking of private repositories owned by your organization. For more information, see "[Restricting repository creation in your organization](/organizations/managing-organization-settings/restricting-repository-creation-in-your-organization)" and "[Managing the forking policy for your organization](/organizations/managing-organization-settings/managing-the-forking-policy-for-your-organization)." For the full list of settings you can configure for your organization, see "[Managing organization settings](/organizations/managing-organization-settings)." diff --git a/lib/redirects/static/redirect-exceptions.txt b/lib/redirects/static/redirect-exceptions.txt index 84ae925469..d32e59eda4 100644 --- a/lib/redirects/static/redirect-exceptions.txt +++ b/lib/redirects/static/redirect-exceptions.txt @@ -440,3 +440,9 @@ - /github/administering-a-repository/managing-alerts-from-secret-scanning - /code-security/secret-security/managing-alerts-from-secret-scanning - /code-security/secret-scanning/managing-alerts-from-secret-scanning + +/enterprise-cloud@latest/organizations/managing-organization-settings/setting-permissions-for-adding-outside-collaborators +- /articles/restricting-the-ability-to-add-outside-collaborators-to-organization-repositories +- /articles/setting-permissions-for-adding-outside-collaborators +- /github/setting-up-and-managing-organizations-and-teams/setting-permissions-for-adding-outside-collaborators +- /organizations/managing-organization-settings/setting-permissions-for-adding-outside-collaborators \ No newline at end of file From fcda086e138ff59dc4950cbe5cc4ff02e61f703a Mon Sep 17 00:00:00 2001 From: Peter Bengtsson Date: Wed, 9 Mar 2022 11:32:05 -0500 Subject: [PATCH 11/19] make enterprise 3.0 redirects work (#26041) * make enterprise 3.0 redirects work * improve tests and better variable name --- lib/enterprise-server-releases.js | 12 ++- lib/get-redirect.js | 24 ++++-- middleware/archived-enterprise-versions.js | 41 ++++++++++- .../routing/deprecated-enterprise-versions.js | 73 ++++++++++++++++++- tests/unit/get-redirect.js | 43 ++++++++++- 5 files changed, 181 insertions(+), 12 deletions(-) diff --git a/lib/enterprise-server-releases.js b/lib/enterprise-server-releases.js index 77367cb2f3..697e062354 100644 --- a/lib/enterprise-server-releases.js +++ b/lib/enterprise-server-releases.js @@ -14,8 +14,18 @@ export const next = '3.5' export const nextNext = '3.6' export const supported = ['3.4', '3.3', '3.2', '3.1'] + +// This indicates the point where we started treating redirect lookups +// to be a *function* rather than a big *lookup object*. +// This is important distinguish because we need to leverage that +// when dealing with redirects specifically in these archived +// enterprise versions. +// When you're archiving a version, add the new archived number to this +// array and you should never need to touch the `deprecated` array +// on the line just below. +export const deprecatedWithFunctionalRedirects = ['3.0'] export const deprecated = [ - '3.0', + ...deprecatedWithFunctionalRedirects, '2.22', '2.21', '2.20', diff --git a/lib/get-redirect.js b/lib/get-redirect.js index 52810ac88d..849dbaca47 100644 --- a/lib/get-redirect.js +++ b/lib/get-redirect.js @@ -2,21 +2,32 @@ import { languageKeys } from './languages.js' import nonEnterpriseDefaultVersion from './non-enterprise-default-version.js' import { allVersions } from './all-versions.js' -import { latest, supported } from './enterprise-server-releases.js' +import { + latest, + supported, + deprecatedWithFunctionalRedirects, +} from './enterprise-server-releases.js' const languagePrefixRegex = new RegExp(`^/(${languageKeys.join('|')})/`) const nonEnterpriseDefaultVersionPrefix = `/${nonEnterpriseDefaultVersion}` -// Return the new URI if there is one, otherwise return undefined. -export default function getRedirect(uri, context) { - const { redirects, userLanguage } = context +const supportedAndRecentlyDeprecated = [...supported, ...deprecatedWithFunctionalRedirects] +export function splitPathByLanguage(uri, userLanguage) { let language = userLanguage || 'en' let withoutLanguage = uri if (languagePrefixRegex.test(uri)) { language = uri.match(languagePrefixRegex)[1] withoutLanguage = uri.replace(languagePrefixRegex, '/') } + return [language, withoutLanguage] +} + +// Return the new URI if there is one, otherwise return undefined. +export default function getRedirect(uri, context) { + const { redirects, userLanguage } = context + + const [language, withoutLanguage] = splitPathByLanguage(uri, userLanguage) let destination @@ -54,7 +65,6 @@ export default function getRedirect(uri, context) { if (withoutLanguage === '/enterprise-server') { return basicCorrection } - // console.log({ basicCorrection }) } else if (withoutLanguage.startsWith('/enterprise-server@latest')) { // E.g. '/enterprise-server@latest' or '/enterprise-server@latest/3.3/foo' basicCorrection = @@ -67,9 +77,9 @@ export default function getRedirect(uri, context) { } } else if ( withoutLanguage.startsWith('/enterprise/') && - supported.includes(withoutLanguage.split('/')[2]) + supportedAndRecentlyDeprecated.includes(withoutLanguage.split('/')[2]) ) { - // E.g. '/enterprise/3.3' or '/enterprise/3.3/foo' + // E.g. '/enterprise/3.3' or '/enterprise/3.3/foo' or '/enterprise/3.0/foo // If the URL is without a language, and no redirect is necessary, // but it has as version prefix, the language has to be there diff --git a/middleware/archived-enterprise-versions.js b/middleware/archived-enterprise-versions.js index 5263022b79..b8df1506a1 100644 --- a/middleware/archived-enterprise-versions.js +++ b/middleware/archived-enterprise-versions.js @@ -4,6 +4,7 @@ import statsd from '../lib/statsd.js' import { firstVersionDeprecatedOnNewSite, lastVersionWithoutArchivedRedirectsFile, + deprecatedWithFunctionalRedirects, } from '../lib/enterprise-server-releases.js' import patterns from '../lib/patterns.js' import versionSatisfiesRange from '../lib/version-satisfies-range.js' @@ -13,6 +14,7 @@ import got from 'got' import { readCompressedJsonFileFallbackLazily } from '../lib/read-json-file.js' import { cacheControlFactory } from './cache-control.js' import { pathLanguagePrefixed, languagePrefixPathRegex } from '../lib/languages.js' +import getRedirect, { splitPathByLanguage } from '../lib/get-redirect.js' function splitByLanguage(uri) { let language = null @@ -35,6 +37,7 @@ const archivedFrontmatterFallbacks = readCompressedJsonFileFallbackLazily( ) const cacheControl = cacheControlFactory(60 * 60 * 24 * 365) +const noCacheControl = cacheControlFactory(0) // Combine all the things you need to make sure the response is // aggresively cached. @@ -99,6 +102,39 @@ export default async function archivedEnterpriseVersions(req, res, next) { const redirectCode = pathLanguagePrefixed(req.path) ? 301 : 302 + if (deprecatedWithFunctionalRedirects.includes(requestedVersion)) { + const redirectTo = getRedirect(req.path, req.context) + if (redirectTo) { + if (redirectCode === 301) { + cacheControl(res) + } else { + noCacheControl(res) + } + res.removeHeader('set-cookie') + return res.redirect(redirectCode, redirectTo) + } + + const redirectJson = await getRemoteJSON(getProxyPath('redirects.json', requestedVersion), { + retry: retryConfiguration, + // This is allowed to be different compared to the other requests + // we make because downloading the `redirects.json` once is very + // useful because it caches so well. + // And, as of 2021 that `redirects.json` is 10MB so it's more likely + // to time out. + timeout: 1000, + }) + const [language, withoutLanguage] = splitPathByLanguage(req.path, req.context.userLanguage) + const newRedirectTo = redirectJson[withoutLanguage] + if (newRedirectTo) { + if (redirectCode === 301) { + cacheControl(res) + } else { + noCacheControl(res) + } + res.removeHeader('set-cookie') + return res.redirect(redirectCode, `/${language}${newRedirectTo}`) + } + } // redirect language-prefixed URLs like /en/enterprise/2.10 -> /enterprise/2.10 // (this only applies to versions <2.13) if ( @@ -135,7 +171,10 @@ export default async function archivedEnterpriseVersions(req, res, next) { } } - if (versionSatisfiesRange(requestedVersion, `>${lastVersionWithoutArchivedRedirectsFile}`)) { + if ( + versionSatisfiesRange(requestedVersion, `>${lastVersionWithoutArchivedRedirectsFile}`) && + !deprecatedWithFunctionalRedirects.includes(requestedVersion) + ) { const redirectJson = await getRemoteJSON(getProxyPath('redirects.json', requestedVersion), { retry: retryConfiguration, // This is allowed to be different compared to the other requests diff --git a/tests/routing/deprecated-enterprise-versions.js b/tests/routing/deprecated-enterprise-versions.js index 6b6074eef1..affcd7df28 100644 --- a/tests/routing/deprecated-enterprise-versions.js +++ b/tests/routing/deprecated-enterprise-versions.js @@ -1,9 +1,11 @@ +import supertest from 'supertest' +import { describe, jest, test } from '@jest/globals' + import createApp from '../../lib/app.js' import enterpriseServerReleases from '../../lib/enterprise-server-releases.js' import { get, getDOM } from '../helpers/supertest.js' import { SURROGATE_ENUMS } from '../../middleware/set-fastly-surrogate-key.js' -import supertest from 'supertest' -import { jest } from '@jest/globals' +import { PREFERRED_LOCALE_COOKIE_NAME } from '../../middleware/detect-language.js' jest.useFakeTimers('legacy') @@ -89,6 +91,73 @@ describe('enterprise deprecation', () => { }) }) +// Starting with the deprecation of 3.0, it's the first time we deprecate +// enterprise versions since redirects is a *function* rather than a +// lookup in a big object. +describe('recently deprecated redirects', () => { + test('basic enterprise 3.0 redirects', async () => { + const res = await get('/enterprise/3.0') + expect(res.statusCode).toBe(302) + expect(res.headers.location).toBe('/en/enterprise-server@3.0') + expect(res.headers['set-cookie']).toBeUndefined() + // Deliberately no cache control because it is user-dependent + expect(res.headers['cache-control']).toBe('private, no-store') + }) + test('basic enterprise 3.0 redirects by cookie', async () => { + const res = await get('/enterprise/3.0', { + headers: { + Cookie: `${PREFERRED_LOCALE_COOKIE_NAME}=ja`, + }, + }) + expect(res.statusCode).toBe(302) + expect(res.headers.location).toBe('/ja/enterprise-server@3.0') + }) + test('already languaged enterprise 3.0 redirects', async () => { + const res = await get('/en/enterprise/3.0') + expect(res.statusCode).toBe(301) + expect(res.headers.location).toBe('/en/enterprise-server@3.0') + // 301 redirects are safe to cache aggressively + expect(res.headers['set-cookie']).toBeUndefined() + expect(res.headers['cache-control']).toContain('public') + expect(res.headers['cache-control']).toMatch(/max-age=\d+/) + }) + test('redirects enterprise-server 3.0 with actual redirect without language', async () => { + const res = await get( + '/enterprise-server@3.0/github/getting-started-with-github/githubs-products' + ) + expect(res.statusCode).toBe(302) + expect(res.headers['set-cookie']).toBeUndefined() + // Deliberately no cache control because it is user-dependent + expect(res.headers['cache-control']).toBe('private, no-store') + // This is based on + // https://github.com/github/help-docs-archived-enterprise-versions/blob/master/3.0/redirects.json + expect(res.headers.location).toBe( + '/en/enterprise-server@3.0/get-started/learning-about-github/githubs-products' + ) + }) + test('redirects enterprise-server 3.0 with actual redirect with language', async () => { + const res = await get( + '/ja/enterprise-server@3.0/github/getting-started-with-github/githubs-products' + ) + expect(res.statusCode).toBe(301) + expect(res.headers['set-cookie']).toBeUndefined() + expect(res.headers['cache-control']).toContain('public') + expect(res.headers['cache-control']).toMatch(/max-age=\d+/) + // This is based on + // https://github.com/github/help-docs-archived-enterprise-versions/blob/master/3.0/redirects.json + expect(res.headers.location).toBe( + '/ja/enterprise-server@3.0/get-started/learning-about-github/githubs-products' + ) + }) + test('follow redirects enterprise-server 3.0 with actual redirect without language', async () => { + const res = await get( + '/enterprise-server@3.0/github/getting-started-with-github/githubs-products', + { followAllRedirects: true } + ) + expect(res.statusCode).toBe(200) + }) +}) + describe('deprecation banner', () => { test('renders a deprecation warning banner on oldest supported Enterprise version', async () => { const $ = await getDOM(`/en/enterprise/${enterpriseServerReleases.oldestSupported}`) diff --git a/tests/unit/get-redirect.js b/tests/unit/get-redirect.js index ad425e0be3..fd401e4d86 100644 --- a/tests/unit/get-redirect.js +++ b/tests/unit/get-redirect.js @@ -1,6 +1,36 @@ -import getRedirect from '../../lib/get-redirect.js' +import { describe, expect, test } from '@jest/globals' + +import getRedirect, { splitPathByLanguage } from '../../lib/get-redirect.js' import { latest } from '../../lib/enterprise-server-releases.js' +describe('splitPathByLanguage', () => { + test('basic', () => { + const [language, withoutLanguage] = splitPathByLanguage('/foo/') + expect(language).toBe('en') + expect(withoutLanguage).toBe('/foo/') + }) + test('already has /en in it', () => { + const [language, withoutLanguage] = splitPathByLanguage('/en/foo/') + expect(language).toBe('en') + expect(withoutLanguage).toBe('/foo/') + }) + test('basic with different fallback', () => { + const [language, withoutLanguage] = splitPathByLanguage('/foo/', 'ja') + expect(language).toBe('ja') + expect(withoutLanguage).toBe('/foo/') + }) + test('already has /en different fallback', () => { + const [language, withoutLanguage] = splitPathByLanguage('/en/foo/', 'ja') + expect(language).toBe('en') + expect(withoutLanguage).toBe('/foo/') + }) + test('unrecognized prefix is ignored', () => { + const [language, withoutLanguage] = splitPathByLanguage('/sv/foo/') + expect(language).toBe('en') + expect(withoutLanguage).toBe('/sv/foo/') + }) +}) + describe('getRedirect basics', () => { it('should sometimes not correct the version prefix', () => { // This essentially tests legacy entries that come from the @@ -162,4 +192,15 @@ describe('getRedirect basics', () => { ctx.userLanguage = null expect(getRedirect('/foo', ctx)).toBe(`/en/bar`) }) + + it('should work for some deprecated enterprise-server URLs too', () => { + // Starting with enterprise-server 3.0, we have made redirects become + // a *function* rather than a lookup on a massive object. + const ctx = { + pages: {}, + redirects: {}, + } + expect(getRedirect('/enterprise/3.0', ctx)).toBe('/en/enterprise-server@3.0') + expect(getRedirect('/enterprise/3.0/foo', ctx)).toBe('/en/enterprise-server@3.0/foo') + }) }) From 5d5c3e971b7d214121b09818e186ec939b54a14f Mon Sep 17 00:00:00 2001 From: Peter Bengtsson Date: Wed, 9 Mar 2022 11:45:18 -0500 Subject: [PATCH 12/19] add context to liquid rendering in linting tests (#26055) * HACK * back * remove consolelog * remove debugging * remove more debugging --- tests/linting/lint-files.js | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/tests/linting/lint-files.js b/tests/linting/lint-files.js index 95001c216f..0db91779e2 100644 --- a/tests/linting/lint-files.js +++ b/tests/linting/lint-files.js @@ -25,6 +25,7 @@ import allowedVersionOperators from '../../lib/liquid-tags/ifversion-supported-o import semver from 'semver' import { jest } from '@jest/globals' import { getDiffFiles } from '../helpers/diff-files.js' +import loadSiteData from '../../lib/site-data.js' jest.useFakeTimers('legacy') @@ -410,6 +411,9 @@ if ( describe('lint markdown content', () => { if (mdToLint.length < 1) return + + const siteData = loadSiteData() + describe.each(mdToLint)('%s', (markdownRelPath, markdownAbsPath) => { let content, ast, @@ -453,12 +457,14 @@ describe('lint markdown content', () => { } }) + const context = { site: siteData.en.site } + // visit is not async-friendly so we need to do an async map to parse the YML snippets yamlScheduledWorkflows = ( await Promise.all( yamlScheduledWorkflows.map(async (snippet) => { // If we don't parse the Liquid first, yaml loading chokes on {% raw %} tags - const rendered = await renderContent.liquid.parseAndRender(snippet) + const rendered = await renderContent.liquid.parseAndRender(snippet, context) const parsed = yaml.load(rendered) return parsed.on.schedule }) @@ -1031,6 +1037,9 @@ describe('lint GHAE release notes', () => { describe('lint learning tracks', () => { if (learningTracksToLint.length < 1) return + + const siteData = loadSiteData() + describe.each(learningTracksToLint)('%s', (yamlRelPath, yamlAbsPath) => { let dictionary let dictionaryError = false @@ -1066,7 +1075,7 @@ describe('lint learning tracks', () => { const productVersions = getApplicableVersions(data.versions, productTocPath) const featuredTracks = {} - const context = { enterpriseServerVersions } + const context = { enterpriseServerVersions, site: siteData.en.site } // For each of the product's versions, render the learning track data and look for a featured track. await Promise.all( From 28e81ba93b36b0037c11aedc7d0e76ad6ced1a10 Mon Sep 17 00:00:00 2001 From: Grace Park Date: Wed, 9 Mar 2022 09:41:48 -0800 Subject: [PATCH 13/19] adding copy code to code samples in rest docs (#26043) --- components/rest/CodeBlock.tsx | 66 ++++++++++++++++++++++++----- components/rest/RestCodeSamples.tsx | 14 +----- 2 files changed, 56 insertions(+), 24 deletions(-) diff --git a/components/rest/CodeBlock.tsx b/components/rest/CodeBlock.tsx index a9e9fd6386..9ae467cf65 100644 --- a/components/rest/CodeBlock.tsx +++ b/components/rest/CodeBlock.tsx @@ -1,24 +1,68 @@ import cx from 'classnames' +import { CheckIcon, CopyIcon } from '@primer/octicons-react' +import { Tooltip } from '@primer/react' + +import useClipboard from 'components/hooks/useClipboard' import styles from './CodeBlock.module.scss' type Props = { verb?: string + headingLang?: string codeBlock: string highlight?: string } -export function CodeBlock({ verb, codeBlock, highlight }: Props) { +export function CodeBlock({ verb, headingLang, codeBlock, highlight }: Props) { + const [isCopied, setCopied] = useClipboard(codeBlock, { + successDuration: 1400, + }) + return ( - 
-      
-        {verb && (
-          
-            {verb}
-          
-        )}{' '}
-        {codeBlock}
-      
-
+
+ {headingLang && ( +
+ {headingLang === 'JavaScript' ? ( + + {headingLang} ( + + @octokit/core.js + + ) + + ) : ( + `${headingLang}` + )} + + + +
+ )} + 
+        
+          {verb && (
+            
+              {verb}
+            
+          )}{' '}
+          {codeBlock}
+        
+        {!headingLang && (
+          
+            
+          
+        )}
+
+
) } diff --git a/components/rest/RestCodeSamples.tsx b/components/rest/RestCodeSamples.tsx index 6c52c31d97..71c8e7e640 100644 --- a/components/rest/RestCodeSamples.tsx +++ b/components/rest/RestCodeSamples.tsx @@ -18,22 +18,10 @@ export function RestCodeSamples({ slug, xCodeSamples }: Props) { {xCodeSamples.map((sample, index) => { const sampleElements: JSX.Element[] = [] if (sample.lang !== 'Ruby') { - sampleElements.push( - sample.lang === 'JavaScript' ? ( -
- {sample.lang} ( - - @octokit/core.js - - ) -
- ) : ( -
{sample.lang}
- ) - ) sampleElements.push( From 8f0d270d569f56a97a6ed453947c165da7646f01 Mon Sep 17 00:00:00 2001 From: Ethan Palm <56270045+ethanpalm@users.noreply.github.com> Date: Wed, 9 Mar 2022 12:54:34 -0800 Subject: [PATCH 14/19] Add codespaces to product names (#26062) --- contributing/content-style-guide.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/contributing/content-style-guide.md b/contributing/content-style-guide.md index e312c7c593..3dc7b2d444 100644 --- a/contributing/content-style-guide.md +++ b/contributing/content-style-guide.md @@ -322,6 +322,7 @@ Take care to distinguish between product names and product elements. For more in | Product | Element | | --- | --- | | GitHub Actions | an action | +| GitHub Codespaces | a codespace | | GitHub Packages | a package | | GitHub Pages | a GitHub Pages site | @@ -594,7 +595,7 @@ Avoid ending a sentence with a preposition unless the rewritten sentence would s ### Product names -See the “Product names” section of this guide. +See the “[Product names](#product-names)” section of this guide. ### Terms to use or avoid From 58286e0eb6ce1d6dba94313eae99e165ba28744b Mon Sep 17 00:00:00 2001 From: Robert Sese Date: Wed, 9 Mar 2022 16:13:59 -0600 Subject: [PATCH 15/19] Add missing key for GraphQL template reusable (#26045) Co-authored-by: Peter Bengtsson Co-authored-by: Peter Bengtsson --- data/ui.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/data/ui.yml b/data/ui.yml index 98fff7d844..38fa911b1e 100644 --- a/data/ui.yml +++ b/data/ui.yml @@ -90,6 +90,7 @@ contribution_cta: products: graphql: reference: + implements: Implements fields: Fields arguments: Arguments name: Name From b16be00f3e86e44be08ea1930d3628c174355843 Mon Sep 17 00:00:00 2001 From: Grace Park Date: Wed, 9 Mar 2022 15:55:17 -0800 Subject: [PATCH 16/19] adding copy button click event (#26074) --- components/lib/events.ts | 10 ++++++++++ components/rest/CodeBlock.tsx | 4 ++-- 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/components/lib/events.ts b/components/lib/events.ts index 9570a50f96..8bb16ed2b9 100644 --- a/components/lib/events.ts +++ b/components/lib/events.ts @@ -245,6 +245,15 @@ function initClipboardEvent() { }) } +function initCopyButtonEvent() { + document.documentElement.addEventListener('click', (evt) => { + const target = evt.target as HTMLElement + const button = target.closest('.js-btn-copy') as HTMLButtonElement + if (!button) return + sendEvent({ type: EventType.navigate, navigate_label: 'copy icon button' }) + }) +} + function initLinkEvent() { document.documentElement.addEventListener('click', (evt) => { const target = evt.target as HTMLElement @@ -267,6 +276,7 @@ export default function initializeEvents() { initPageAndExitEvent() // must come first initLinkEvent() initClipboardEvent() + initCopyButtonEvent() initPrintEvent() // survey event in ./survey.js // experiment event in ./experiment.js diff --git a/components/rest/CodeBlock.tsx b/components/rest/CodeBlock.tsx index 9ae467cf65..7b91081347 100644 --- a/components/rest/CodeBlock.tsx +++ b/components/rest/CodeBlock.tsx @@ -34,7 +34,7 @@ export function CodeBlock({ verb, headingLang, codeBlock, highlight }: Props) { `${headingLang}` )} - @@ -57,7 +57,7 @@ export function CodeBlock({ verb, headingLang, codeBlock, highlight }: Props) { {!headingLang && ( - From 0dda6a1893ce678d7f424659bee1dbf48d376ab9 Mon Sep 17 00:00:00 2001 From: Grace Park Date: Wed, 9 Mar 2022 16:55:26 -0800 Subject: [PATCH 17/19] remove copy icon from non code samples (#26075) --- components/rest/CodeBlock.tsx | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/components/rest/CodeBlock.tsx b/components/rest/CodeBlock.tsx index 7b91081347..0f8886fdad 100644 --- a/components/rest/CodeBlock.tsx +++ b/components/rest/CodeBlock.tsx @@ -8,6 +8,7 @@ import styles from './CodeBlock.module.scss' type Props = { verb?: string + // Only Code samples should have a copy icon - if there's a headingLang it's a code sample headingLang?: string codeBlock: string highlight?: string @@ -55,13 +56,6 @@ export function CodeBlock({ verb, headingLang, codeBlock, highlight }: Props) { )}{' '} {codeBlock} - {!headingLang && ( - - - - )} ) From 01baeda3c0db2c5de1917ba9b9e86da078830791 Mon Sep 17 00:00:00 2001 From: Peter Bengtsson Date: Wed, 9 Mar 2022 20:57:40 -0500 Subject: [PATCH 18/19] sync serialize sitedata to disk (#25749) * sync serialize sitedata to disk * use os.tmpdir * refactor tests * debugging * use log * debugging * louder about syntax errors * warn-before-tests * louder about disk-caching redirects * less loud * only in development again --- .github/workflows/test.yml | 5 ++++ lib/site-data.js | 43 ++++++++++++++++++++++----- script/warm-before-tests.mjs | 22 ++++++++++++++ tests/content/category-pages.js | 8 +---- tests/content/glossary.js | 7 ++--- tests/content/site-data-references.js | 23 ++++++-------- tests/content/site-data.js | 23 ++------------ tests/unit/liquid.js | 6 +--- 8 files changed, 77 insertions(+), 60 deletions(-) create mode 100755 script/warm-before-tests.mjs diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 909ddc9200..c86acc9c46 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -132,6 +132,11 @@ jobs: - name: Run build script run: npm run build + - name: Warm possible disk caching + env: + NODE_ENV: test + run: ./script/warm-before-tests.mjs + - name: Run tests env: DIFF_FILE: get_diff_files.txt diff --git a/lib/site-data.js b/lib/site-data.js index e48dc9c55b..7734f45f9c 100755 --- a/lib/site-data.js +++ b/lib/site-data.js @@ -1,3 +1,5 @@ +import fs from 'fs' +import os from 'os' import path from 'path' import flat from 'flat' import { get, set } from 'lodash-es' @@ -5,17 +7,42 @@ import languages from './languages.js' import dataDirectory from './data-directory.js' import encodeBracketedParentheses from './encode-bracketed-parentheses.js' -const loadSiteDataFromDir = (dir) => ({ - site: { - data: dataDirectory(path.join(dir, 'data'), { - preprocess: (dataString) => encodeBracketedParentheses(dataString.trimEnd()), - ignorePatterns: [/README\.md$/], - }), - }, +const TEMP_DIRECTORY = process.env.RUNNER_TEMP || os.tmpdir() + +function diskMemoize(prefix, fn) { + const useCache = process.env.NODE_ENV !== 'development' + return (dir) => { + const cacheFileName = `${prefix}.${dir.replace(/[^\w]+/g, '-').toLowerCase() || 'en'}.json` + if (useCache) { + try { + return JSON.parse(fs.readFileSync(cacheFileName, 'utf-8')) + } catch (err) { + if (!(err.code === 'ENOENT' || err instanceof SyntaxError)) throw err + } + } + + const result = fn(dir) + if (useCache) { + fs.writeFileSync(cacheFileName, JSON.stringify(result), 'utf-8') + console.log(`Disk-cache miss on ${cacheFileName}`, new Date()) + } + return result + } +} + +const loadSiteDataFromDir = diskMemoize(path.join(TEMP_DIRECTORY, 'docs-site-data'), (dir) => { + return { + site: { + data: dataDirectory(path.join(dir, 'data'), { + preprocess: (dataString) => encodeBracketedParentheses(dataString.trimEnd()), + ignorePatterns: [/README\.md$/], + }), + }, + } }) export default function loadSiteData() { - // load english site data + // load English site data const siteData = { en: loadSiteDataFromDir(languages.en.dir), } diff --git a/script/warm-before-tests.mjs b/script/warm-before-tests.mjs new file mode 100755 index 0000000000..99bfc4ba03 --- /dev/null +++ b/script/warm-before-tests.mjs @@ -0,0 +1,22 @@ +#!/usr/bin/env node + +// [start-readme] +// +// It runs the warmServer() function because that function can do things +// like writing to disk as a caching mechanism. +// When jest runs tests, it starts multiple concurrent processes, +// even if it runs it serially (`--runInBand`) so it's highly likely +// that two concurrent processes both attempt to writing to +// the same exact file. By running this script before anything +// begins, we can be certain that files that should have been created +// are created. +// +// [end-readme] + +import warmServer from '../lib/warm-server.js' + +main() + +async function main() { + await warmServer() +} diff --git a/tests/content/category-pages.js b/tests/content/category-pages.js index 72a6661659..244ccf4e20 100644 --- a/tests/content/category-pages.js +++ b/tests/content/category-pages.js @@ -17,13 +17,7 @@ const slugger = new GithubSlugger() const contentDir = path.join(__dirname, '../../content') describe('category pages', () => { - let siteData - - beforeAll(async () => { - // Load the English site data - const allSiteData = await loadSiteData() - siteData = allSiteData.en.site - }) + const siteData = loadSiteData().en.site const walkOptions = { globs: ['*/index.md', 'enterprise/*/index.md'], diff --git a/tests/content/glossary.js b/tests/content/glossary.js index 5038586248..12bbae0664 100644 --- a/tests/content/glossary.js +++ b/tests/content/glossary.js @@ -1,10 +1,7 @@ import loadSiteData from '../../lib/site-data.js' describe('glossaries', () => { - let glossaries - beforeAll(async () => { - glossaries = (await loadSiteData()).en.site.data.glossaries - }) + const glossaries = loadSiteData().en.site.data.glossaries test('are broken into external, internal, and candidates', async () => { const keys = Object.keys(glossaries) @@ -41,7 +38,7 @@ describe('glossaries', () => { }) test('non-English external glossary is in correct order', async () => { - const vals = (await loadSiteData()).ja.site.data.glossaries.external + const vals = loadSiteData().ja.site.data.glossaries.external vals.forEach((val, i) => { expect(val.term.localeCompare(vals[i + 1], 'ja')).toBeGreaterThan(0) }) diff --git a/tests/content/site-data-references.js b/tests/content/site-data-references.js index 0c13801baf..8ecfa10fc9 100644 --- a/tests/content/site-data-references.js +++ b/tests/content/site-data-references.js @@ -11,17 +11,12 @@ import { jest } from '@jest/globals' const __dirname = path.dirname(fileURLToPath(import.meta.url)) +const siteData = loadSiteData() +const pages = (await loadPages()).filter((page) => page.languageCode === 'en') + describe('data references', () => { jest.setTimeout(60 * 1000) - let data, pages - - beforeAll(async () => { - data = await loadSiteData() - pages = await loadPages() - pages = pages.filter((page) => page.languageCode === 'en') - }) - test('every data reference found in English content files is defined and has a value', () => { let errors = [] expect(pages.length).toBeGreaterThan(0) @@ -30,7 +25,7 @@ describe('data references', () => { const file = path.join('content', page.relativePath) const pageRefs = getDataReferences(page.markdown) pageRefs.forEach((key) => { - const value = get(data.en, key) + const value = get(siteData.en, key) if (typeof value !== 'string') errors.push({ key, value, file }) }) }) @@ -50,7 +45,7 @@ describe('data references', () => { const { data: metadata } = frontmatter(fileContents, { filepath: page.fullPath }) const metadataRefs = getDataReferences(JSON.stringify(metadata)) metadataRefs.forEach((key) => { - const value = get(data.en, key) + const value = get(siteData.en, key) if (typeof value !== 'string') errors.push({ key, value, metadataFile }) }) }) @@ -62,7 +57,7 @@ describe('data references', () => { test('every data reference found in English reusable files is defined and has a value', async () => { let errors = [] - const allReusables = data.en.site.data.reusables + const allReusables = siteData.en.site.data.reusables const reusables = Object.values(allReusables) expect(reusables.length).toBeGreaterThan(0) @@ -78,7 +73,7 @@ describe('data references', () => { const reusableRefs = getDataReferences(JSON.stringify(reusablesPerFile)) reusableRefs.forEach((key) => { - const value = get(data.en, key) + const value = get(siteData.en, key) if (typeof value !== 'string') errors.push({ key, value, reusableFile }) }) }) @@ -90,7 +85,7 @@ describe('data references', () => { test('every data reference found in English variable files is defined and has a value', async () => { let errors = [] - const allVariables = data.en.site.data.variables + const allVariables = siteData.en.site.data.variables const variables = Object.values(allVariables) expect(variables.length).toBeGreaterThan(0) @@ -106,7 +101,7 @@ describe('data references', () => { const variableRefs = getDataReferences(JSON.stringify(variablesPerFile)) variableRefs.forEach((key) => { - const value = get(data.en, key) + const value = get(siteData.en, key) if (typeof value !== 'string') errors.push({ key, value, variableFile }) }) }) diff --git a/tests/content/site-data.js b/tests/content/site-data.js index 2bf594f529..fa728fe6c4 100644 --- a/tests/content/site-data.js +++ b/tests/content/site-data.js @@ -1,21 +1,17 @@ import { fileURLToPath } from 'url' import path from 'path' -import fs from 'fs' import { get, isPlainObject, has } from 'lodash-es' import flat from 'flat' +import walkSync from 'walk-sync' import { ParseError } from 'liquidjs' import loadSiteData from '../../lib/site-data.js' import patterns from '../../lib/patterns.js' import { liquid } from '../../lib/render-content/index.js' -import walkSync from 'walk-sync' const __dirname = path.dirname(fileURLToPath(import.meta.url)) describe('siteData module (English)', () => { - let data - beforeAll(async () => { - data = await loadSiteData() - }) + const data = loadSiteData() test('makes an object', async () => { expect(isPlainObject(data)).toBe(true) @@ -49,21 +45,6 @@ describe('siteData module (English)', () => { expect(reusable.includes('任意のページの左上で')).toBe(true) }) - test('backfills missing translated site data with English values', async () => { - const newFile = path.join(__dirname, '../../data/newfile.yml') - fs.writeFileSync(newFile, 'newvalue: bar') - try { - const data = loadSiteData() - expect(get(data, 'en.site.data.newfile.newvalue')).toEqual('bar') - expect(get(data, 'ja.site.data.newfile.newvalue')).toEqual('bar') - } finally { - // If an error is thrown above, it will still "bubble up" - // to the jest reporter, but we still always need to clean up - // the temporary file. - fs.unlinkSync(newFile) - } - }) - test('all Liquid tags are valid', async () => { const dataMap = flat(data) for (const key in dataMap) { diff --git a/tests/unit/liquid.js b/tests/unit/liquid.js index 9a3661bc1d..131bb3d8cb 100644 --- a/tests/unit/liquid.js +++ b/tests/unit/liquid.js @@ -191,11 +191,7 @@ describe('liquid template parser', () => { // Create a fake req so we can test the feature versions middleware const req = { language: 'en', query: {} } - let siteData - beforeAll(async () => { - const allSiteData = await loadSiteData() - siteData = allSiteData.en.site - }) + const siteData = loadSiteData().en.site test('does not render in FPT because feature is not available in FPT', async () => { req.context = { From 345047e09d2ee72011f40f755db72e19d382cf19 Mon Sep 17 00:00:00 2001 From: Rohan Mukherjee Date: Thu, 10 Mar 2022 17:37:16 +0530 Subject: [PATCH 19/19] fix: change `tag-ignore` to `tags-ignore` --- .../workflows/section-run-on-specific-branches-or-tags.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data/reusables/actions/workflows/section-run-on-specific-branches-or-tags.md b/data/reusables/actions/workflows/section-run-on-specific-branches-or-tags.md index 2b526c3408..e3a47d5e23 100644 --- a/data/reusables/actions/workflows/section-run-on-specific-branches-or-tags.md +++ b/data/reusables/actions/workflows/section-run-on-specific-branches-or-tags.md @@ -5,7 +5,7 @@ Use the `branches` filter when you want to include branch name patterns or when Use the `tags` filter when you want to include tag name patterns or when you want to both include and exclude tag names patterns. Use the `tags-ignore` filter when you only want to exclude tag name patterns. You cannot use both the `tags` and `tags-ignore` filters for the same event in a workflow. -If you define only `tags`/`tag-ignore` or only `branches`/`branches-ignore`, the workflow won't run for events affecting the undefined Git ref. If you define neither `tags`/`tag-ignore` or `branches`/`branches-ignore`, the workflow will run for events affecting either branches or tags. If you define both `branches`/`branches-ignore` and [`paths`](#onpushpull_requestpull_request_targetpathspaths-ignore), the workflow will only run when both filters are satisfied. +If you define only `tags`/`tags-ignore` or only `branches`/`branches-ignore`, the workflow won't run for events affecting the undefined Git ref. If you define neither `tags`/`tags-ignore` or `branches`/`branches-ignore`, the workflow will run for events affecting either branches or tags. If you define both `branches`/`branches-ignore` and [`paths`](#onpushpull_requestpull_request_targetpathspaths-ignore), the workflow will only run when both filters are satisfied. The `branches`, `branches-ignore`, `tags`, and `tags-ignore` keywords accept glob patterns that use characters like `*`, `**`, `+`, `?`, `!` and others to match more than one branch or tag name. If a name contains any of these characters and you want a literal match, you need to *escape* each of these special characters with `\`. For more information about glob patterns, see the "[Filter pattern cheat sheet](/actions/using-workflows/workflow-syntax-for-github-actions#filter-pattern-cheat-sheet)."