From 515fcfe0c05b04ef6efda8c78ef02cb8025bc762 Mon Sep 17 00:00:00 2001 From: Jesse Houwing Date: Fri, 11 Feb 2022 16:52:34 +0100 Subject: [PATCH 01/52] WIP: Adds the raw powershell equivalents. --- .../workflow-commands-for-github-actions.md | 144 +++++++++++++++++- 1 file changed, 137 insertions(+), 7 deletions(-) diff --git a/content/actions/using-workflows/workflow-commands-for-github-actions.md b/content/actions/using-workflows/workflow-commands-for-github-actions.md index d9c7e21aa1..89dd07ff33 100644 --- a/content/actions/using-workflows/workflow-commands-for-github-actions.md +++ b/content/actions/using-workflows/workflow-commands-for-github-actions.md @@ -26,10 +26,14 @@ Actions can communicate with the runner machine to set environment variables, ou Most workflow commands use the `echo` command in a specific format, while others are invoked by writing to a file. For more information, see ["Environment files".](#environment-files) -``` bash +```bash echo "::workflow-command parameter1={data},parameter2={data}::{command value}" ``` +```pwsh +Write-Output "::workflow-command parameter1={data},parameter2={data}::{command value}" +``` + {% note %} **Note:** Workflow command and parameter names are not case-sensitive. @@ -62,6 +66,16 @@ You can use the `set-output` command in your workflow to set the same value: ``` {% endraw %} +{% raw %} +``` yaml + - name: Set selected color + run: Write-Output "::set-output name=SELECTED_COLOR::green" + id: random-color-generator + - name: Get color + run: Write-Output "The selected color is ${{ steps.random-color-generator.outputs.SELECTED_COLOR }}" +``` +{% endraw %} + The following table shows which toolkit functions are available within a workflow: | Toolkit function | Equivalent workflow command | @@ -95,10 +109,14 @@ Optionally, you can also declare output parameters in an action's metadata file. ### Example -``` bash +```bash echo "::set-output name=action_fruit::strawberry" ``` +```pwsh +Write-Output "::set-output name=action_fruit::strawberry" +``` + ## Setting a debug message ``` @@ -109,10 +127,14 @@ Prints a debug message to the log. You must create a secret named `ACTIONS_STEP_ ### Example -``` bash +```bash echo "::debug::Set the Octocat variable" ``` +```pwsh +Write-Output "::debug::Set the Octocat variable" +``` + {% ifversion fpt or ghes > 3.2 or ghae-issue-4929 or ghec %} ## Setting a notice message @@ -127,10 +149,14 @@ Creates a notice message and prints the message to the log. {% data reusables.ac ### Example -``` bash +```bash echo "::notice file=app.js,line=1,col=5,endColumn=7::Missing semicolon" ``` +```pwsh +Write-Output "::notice file=app.js,line=1,col=5,endColumn=7::Missing semicolon" +``` + {% endif %} ## Setting a warning message @@ -145,10 +171,14 @@ Creates a warning message and prints the message to the log. {% data reusables.a ### Example -``` bash +```bash echo "::warning file=app.js,line=1,col=5,endColumn=7::Missing semicolon" ``` +```pwsh +Write-Output "::warning file=app.js,line=1,col=5,endColumn=7::Missing semicolon" +``` + ## Setting an error message ``` @@ -161,10 +191,14 @@ Creates an error message and prints the message to the log. {% data reusables.ac ### Example -``` bash +```bash echo "::error file=app.js,line=1,col=5,endColumn=7::Missing semicolon" ``` +```pwsh +Write-Output "::error file=app.js,line=1,col=5,endColumn=7::Missing semicolon" +``` + ## Grouping log lines ``` @@ -182,6 +216,12 @@ echo "Inside group" echo "::endgroup::" ``` +```pwsh +echo "::group::My title" +echo "Inside group" +echo "::endgroup::" +``` + ![Foldable group in workflow run log](/assets/images/actions-log-group.png) ## Masking a value in log @@ -200,6 +240,10 @@ When you print `"Mona The Octocat"` in the log, you'll see `"***"`. echo "::add-mask::Mona The Octocat" ``` +```bash +Write-Output "::add-mask::Mona The Octocat" +``` + ### Example masking an environment variable When you print the variable `MY_NAME` or the value `"Mona The Octocat"` in the log, you'll see `"***"` instead of `"Mona The Octocat"`. @@ -209,6 +253,11 @@ MY_NAME="Mona The Octocat" echo "::add-mask::$MY_NAME" ``` +```pwsh +$env:MY_NAME="Mona The Octocat" +Write-Output "::add-mask::$env:MY_NAME" +``` + ## Stopping and starting workflow commands `::stop-commands::{endtoken}` @@ -245,6 +294,22 @@ jobs: echo '::warning:: this is a warning again' ``` +```yaml +jobs: + workflow-command-job: + runs-on: ubuntu-latest + steps: + - name: disable workflow commands + run: | + Write-Output '::warning:: this is a warning' + # PowerShell lacks a simple function to create a hash from a string unfortunately. + $stopMarker = New-Guid + Write-Output "::stop-commands::$stopMarker" + Write-Output '::warning:: this will NOT be a warning' + Write-Output "::$stopMarker::" + Write-Output '::warning:: this is a warning again' +``` + {% endraw %} ## Echoing command outputs @@ -278,6 +343,20 @@ jobs: echo '::set-output name=action_echo::disabled' ``` +```yaml +jobs: + workflow-command-job: + runs-on: ubuntu-latest + steps: + - name: toggle workflow command echoing + run: | + write-output "::set-output name=action_echo::disabled" + write-output "::echo::on" + write-output "::set-output name=action_echo::enabled" + write-output "::echo::off" + write-output "::set-output name=action_echo::disabled" +``` + The step above prints the following lines to the log: ``` @@ -323,11 +402,20 @@ jobs: uses: windows-2019 steps: - shell: powershell - run: echo "mypath" | Out-File -FilePath $env:GITHUB_PATH -Encoding utf8 -Append + run: "mypath" | Out-File -FilePath $env:GITHUB_PATH -Encoding utf8 -Append ``` Alternatively, you can use PowerShell Core (`shell: pwsh`), which defaults to UTF-8. +```yaml +jobs: + legacy-powershell-example: + uses: windows-2019 + steps: + - shell: pwsh + run: "mypath" >> $env:GITHUB_PATH +``` + {% endwarning %} ## Setting an environment variable @@ -336,6 +424,14 @@ Alternatively, you can use PowerShell Core (`shell: pwsh`), which defaults to UT echo "{environment_variable_name}={value}" >> $GITHUB_ENV ``` +``` pwsh +"{environment_variable_name}={value}" >> $env:GITHUB_ENV +``` + +``` powershell +"{environment_variable_name}={value}" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append +``` + You can make an environment variable available to any subsequent steps in a workflow job by defining or updating the environment variable and writing this to the `GITHUB_ENV` environment file. The step that creates or updates the environment variable does not have access to the new value, but all subsequent steps in a job will have access. The names of environment variables are case-sensitive, and you can include punctuation. For more information, see "[Environment variables](/actions/learn-github-actions/environment-variables)." ### Example @@ -354,6 +450,20 @@ steps: ``` {% endraw %} +{% raw %} +``` +steps: + - name: Set the value + id: step_one + run: | + "action_state=yellow" >> $env:GITHUB_ENV + - name: Use the value + id: step_two + run: | + Write-Output "${{ env.action_state }}" # This will output 'yellow' +``` +{% endraw %} + ### Multiline strings For multiline strings, you may use a delimiter with the following syntax. @@ -377,12 +487,27 @@ steps: echo 'EOF' >> $GITHUB_ENV ``` +```yaml +steps: + - name: Set the value + id: step_one + run: | + "JSON_RESPONSE<> $env:GITHUB_ENV + (Invoke-WebRequest -Uri "google.com").Content >> $env:GITHUB_ENV + "EOF" >> $env:GITHUB_ENV + shell: pwsh +``` + ## Adding a system path ``` bash echo "{path}" >> $GITHUB_PATH ``` +``` pwsh +"{path}" >> $env:GITHUB_PATH +``` + Prepends a directory to the system `PATH` variable and automatically makes it available to all subsequent actions in the current job; the currently running action cannot access the updated path variable. To see the currently defined paths for your job, you can use `echo "$PATH"` in a step or an action. ### Example @@ -392,3 +517,8 @@ This example demonstrates how to add the user `$HOME/.local/bin` directory to `P ``` bash echo "$HOME/.local/bin" >> $GITHUB_PATH ``` + +This example demonstrates how to add the user `$env:HOMEPATH/.local/bin` directory to `PATH`: +``` pwsh +"$env:HOMEPATH/.local/bin" >> $env:GITHUB_PATH +``` \ No newline at end of file From bc371b6c41d65087bfe6efb168883daf6a3c18fe Mon Sep 17 00:00:00 2001 From: Jesse Houwing Date: Fri, 11 Feb 2022 17:27:29 +0100 Subject: [PATCH 02/52] Corrected snippet type --- .../using-workflows/workflow-commands-for-github-actions.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/actions/using-workflows/workflow-commands-for-github-actions.md b/content/actions/using-workflows/workflow-commands-for-github-actions.md index 89dd07ff33..4d50013ef6 100644 --- a/content/actions/using-workflows/workflow-commands-for-github-actions.md +++ b/content/actions/using-workflows/workflow-commands-for-github-actions.md @@ -240,7 +240,7 @@ When you print `"Mona The Octocat"` in the log, you'll see `"***"`. echo "::add-mask::Mona The Octocat" ``` -```bash +```pwsh Write-Output "::add-mask::Mona The Octocat" ``` From 76051b0e6263e4de4ed441027224c91b75f72299 Mon Sep 17 00:00:00 2001 From: Martin Lopes Date: Mon, 14 Feb 2022 12:31:35 +1000 Subject: [PATCH 03/52] Testing presentation options --- .../workflow-commands-for-github-actions.md | 174 +++++++++--------- 1 file changed, 89 insertions(+), 85 deletions(-) diff --git a/content/actions/using-workflows/workflow-commands-for-github-actions.md b/content/actions/using-workflows/workflow-commands-for-github-actions.md index 4d50013ef6..08c6e2fdbe 100644 --- a/content/actions/using-workflows/workflow-commands-for-github-actions.md +++ b/content/actions/using-workflows/workflow-commands-for-github-actions.md @@ -26,11 +26,13 @@ Actions can communicate with the runner machine to set environment variables, ou Most workflow commands use the `echo` command in a specific format, while others are invoked by writing to a file. For more information, see ["Environment files".](#environment-files) -```bash +### Example + +```bash{:copy} echo "::workflow-command parameter1={data},parameter2={data}::{command value}" ``` -```pwsh +```PowerShell{:copy} Write-Output "::workflow-command parameter1={data},parameter2={data}::{command value}" ``` @@ -50,14 +52,16 @@ Write-Output "::workflow-command parameter1={data},parameter2={data}::{command v The [actions/toolkit](https://github.com/actions/toolkit) includes a number of functions that can be executed as workflow commands. Use the `::` syntax to run the workflow commands within your YAML file; these commands are then sent to the runner over `stdout`. For example, instead of using code to set an output, as below: -```javascript +```javascript{:copy} core.setOutput('SELECTED_COLOR', 'green'); ``` +### Example: Setting a value + You can use the `set-output` command in your workflow to set the same value: {% raw %} -``` yaml +```bash{:copy} - name: Set selected color run: echo '::set-output name=SELECTED_COLOR::green' id: random-color-generator @@ -67,7 +71,7 @@ You can use the `set-output` command in your workflow to set the same value: {% endraw %} {% raw %} -``` yaml +```PowerShell{:copy} - name: Set selected color run: Write-Output "::set-output name=SELECTED_COLOR::green" id: random-color-generator @@ -99,39 +103,39 @@ The following table shows which toolkit functions are available within a workflo ## Setting an output parameter -``` +Sets an action's output parameter. + +```yaml{:copy} ::set-output name={name}::{value} ``` -Sets an action's output parameter. - Optionally, you can also declare output parameters in an action's metadata file. For more information, see "[Metadata syntax for {% data variables.product.prodname_actions %}](/articles/metadata-syntax-for-github-actions#outputs-for-docker-container-and-javascript-actions)." -### Example +### Example: Setting an output parameter -```bash +```bash{:copy} echo "::set-output name=action_fruit::strawberry" ``` -```pwsh +```PowerShell{:copy} Write-Output "::set-output name=action_fruit::strawberry" ``` ## Setting a debug message -``` +Prints a debug message to the log. You must create a secret named `ACTIONS_STEP_DEBUG` with the value `true` to see the debug messages set by this command in the log. For more information, see "[Enabling debug logging](/actions/managing-workflow-runs/enabling-debug-logging)." + +```yaml{:copy} ::debug::{message} ``` -Prints a debug message to the log. You must create a secret named `ACTIONS_STEP_DEBUG` with the value `true` to see the debug messages set by this command in the log. For more information, see "[Enabling debug logging](/actions/managing-workflow-runs/enabling-debug-logging)." +### Example: Setting a debug message -### Example - -```bash +```bash{:copy} echo "::debug::Set the Octocat variable" ``` -```pwsh +```PowerShell{:copy} Write-Output "::debug::Set the Octocat variable" ``` @@ -139,21 +143,21 @@ Write-Output "::debug::Set the Octocat variable" ## Setting a notice message -``` +Creates a notice message and prints the message to the log. {% data reusables.actions.message-annotation-explanation %} + +```yaml{:copy} ::notice file={name},line={line},endLine={endLine},title={title}::{message} ``` -Creates a notice message and prints the message to the log. {% data reusables.actions.message-annotation-explanation %} - {% data reusables.actions.message-parameters %} -### Example +### Example: Setting a notice message -```bash +```bash{:copy} echo "::notice file=app.js,line=1,col=5,endColumn=7::Missing semicolon" ``` -```pwsh +```PowerShell{:copy} Write-Output "::notice file=app.js,line=1,col=5,endColumn=7::Missing semicolon" ``` @@ -161,109 +165,109 @@ Write-Output "::notice file=app.js,line=1,col=5,endColumn=7::Missing semicolon" ## Setting a warning message -``` +Creates a warning message and prints the message to the log. {% data reusables.actions.message-annotation-explanation %} + +```yaml{:copy} ::warning file={name},line={line},endLine={endLine},title={title}::{message} ``` -Creates a warning message and prints the message to the log. {% data reusables.actions.message-annotation-explanation %} - {% data reusables.actions.message-parameters %} -### Example +### Example: Setting a warning message -```bash +```bash{:copy} echo "::warning file=app.js,line=1,col=5,endColumn=7::Missing semicolon" ``` -```pwsh +```PowerShell{:copy} Write-Output "::warning file=app.js,line=1,col=5,endColumn=7::Missing semicolon" ``` ## Setting an error message -``` +Creates an error message and prints the message to the log. {% data reusables.actions.message-annotation-explanation %} + +```yaml{:copy} ::error file={name},line={line},endLine={endLine},title={title}::{message} ``` -Creates an error message and prints the message to the log. {% data reusables.actions.message-annotation-explanation %} - {% data reusables.actions.message-parameters %} -### Example +### Example: Setting an error message -```bash +```bash{:copy} echo "::error file=app.js,line=1,col=5,endColumn=7::Missing semicolon" ``` -```pwsh +```PowerShell{:copy} Write-Output "::error file=app.js,line=1,col=5,endColumn=7::Missing semicolon" ``` ## Grouping log lines -``` +Creates an expandable group in the log. To create a group, use the `group` command and specify a `title`. Anything you print to the log between the `group` and `endgroup` commands is nested inside an expandable entry in the log. + +```yaml{:copy} ::group::{title} ::endgroup:: ``` -Creates an expandable group in the log. To create a group, use the `group` command and specify a `title`. Anything you print to the log between the `group` and `endgroup` commands is nested inside an expandable entry in the log. +### Example: Grouping log lines -### Example - -```bash +```bash{:copy} echo "::group::My title" echo "Inside group" echo "::endgroup::" ``` -```pwsh -echo "::group::My title" -echo "Inside group" -echo "::endgroup::" +```PowerShell{:copy} +Write-Output "::group::My title" +Write-Output "Inside group" +Write-Output "::endgroup::" ``` ![Foldable group in workflow run log](/assets/images/actions-log-group.png) ## Masking a value in log -``` +```yaml{:copy} ::add-mask::{value} ``` Masking a value prevents a string or variable from being printed in the log. Each masked word separated by whitespace is replaced with the `*` character. You can use an environment variable or string for the mask's `value`. -### Example masking a string +### Example: Masking a string When you print `"Mona The Octocat"` in the log, you'll see `"***"`. -```bash +```bash{:copy} echo "::add-mask::Mona The Octocat" ``` -```pwsh +```PowerShell{:copy} Write-Output "::add-mask::Mona The Octocat" ``` -### Example masking an environment variable +### Example: Masking an environment variable When you print the variable `MY_NAME` or the value `"Mona The Octocat"` in the log, you'll see `"***"` instead of `"Mona The Octocat"`. -```bash +```bash{:copy} MY_NAME="Mona The Octocat" echo "::add-mask::$MY_NAME" ``` -```pwsh +```PowerShell{:copy} $env:MY_NAME="Mona The Octocat" Write-Output "::add-mask::$env:MY_NAME" ``` ## Stopping and starting workflow commands -`::stop-commands::{endtoken}` - Stops processing any workflow commands. This special command allows you to log anything without accidentally running a workflow command. For example, you could stop logging to output an entire script that has comments. +`::stop-commands::{endtoken}` + To stop the processing of workflow commands, pass a unique token to `stop-commands`. To resume processing workflow commands, pass the same token that you used to stop workflow commands. {% warning %} @@ -272,15 +276,15 @@ To stop the processing of workflow commands, pass a unique token to `stop-comman {% endwarning %} -``` +```yaml{:copy} ::{endtoken}:: ``` -### Example stopping and starting workflow commands +### Example: Stopping and starting workflow commands {% raw %} -```yaml +```yaml{:copy} jobs: workflow-command-job: runs-on: ubuntu-latest @@ -294,7 +298,7 @@ jobs: echo '::warning:: this is a warning again' ``` -```yaml +```yaml{:copy} jobs: workflow-command-job: runs-on: ubuntu-latest @@ -314,22 +318,22 @@ jobs: ## Echoing command outputs -``` +Enables or disables echoing of workflow commands. For example, if you use the `set-output` command in a workflow, it sets an output parameter but the workflow run's log does not show the command itself. If you enable command echoing, then the log shows the command, such as `::set-output name={name}::{value}`. + +```yaml{:copy} ::echo::on ::echo::off ``` -Enables or disables echoing of workflow commands. For example, if you use the `set-output` command in a workflow, it sets an output parameter but the workflow run's log does not show the command itself. If you enable command echoing, then the log shows the command, such as `::set-output name={name}::{value}`. - Command echoing is disabled by default. However, a workflow command is echoed if there are any errors processing the command. The `add-mask`, `debug`, `warning`, and `error` commands do not support echoing because their outputs are already echoed to the log. You can also enable command echoing globally by turning on step debug logging using the `ACTIONS_STEP_DEBUG` secret. For more information, see "[Enabling debug logging](/actions/managing-workflow-runs/enabling-debug-logging)". In contrast, the `echo` workflow command lets you enable command echoing at a more granular level, rather than enabling it for every workflow in a repository. -### Example toggling command echoing +### Example: Toggling command echoing -```yaml +```yaml{:copy} jobs: workflow-command-job: runs-on: ubuntu-latest @@ -343,7 +347,7 @@ jobs: echo '::set-output name=action_echo::disabled' ``` -```yaml +```yaml{:copy} jobs: workflow-command-job: runs-on: ubuntu-latest @@ -359,7 +363,7 @@ jobs: The step above prints the following lines to the log: -``` +```yaml{:copy} ::set-output name=action_echo::enabled ::echo::off ``` @@ -376,13 +380,13 @@ The `save-state` command can only be run within an action, and is not available This example uses JavaScript to run the `save-state` command. The resulting environment variable is named `STATE_processID` with the value of `12345`: -``` javascript +```javascript{:copy} console.log('::save-state name=processID::12345') ``` The `STATE_processID` variable is then exclusively available to the cleanup script running under the `main` action. This example runs in `main` and uses JavaScript to display the value assigned to the `STATE_processID` environment variable: -``` javascript +```javascript{:copy} console.log("The running PID from the main action is: " + process.env.STATE_processID); ``` @@ -390,13 +394,13 @@ console.log("The running PID from the main action is: " + process.env.STATE_pro During the execution of a workflow, the runner generates temporary files that can be used to perform certain actions. The path to these files are exposed via environment variables. You will need to use UTF-8 encoding when writing to these files to ensure proper processing of the commands. Multiple commands can be written to the same file, separated by newlines. -{% warning %} +{% note %} -**Warning:** On Windows, legacy PowerShell (`shell: powershell`) does not use UTF-8 by default. +**Note:** On Windows, legacy PowerShell (`shell: powershell`) does not use UTF-8 by default. When using `shell: powershell`, you must specify UTF-8 encoding. For example: -```yaml +```PowerShell{:copy} jobs: legacy-powershell-example: uses: windows-2019 @@ -407,7 +411,7 @@ jobs: Alternatively, you can use PowerShell Core (`shell: pwsh`), which defaults to UTF-8. -```yaml +```PowerShell{:copy} jobs: legacy-powershell-example: uses: windows-2019 @@ -416,19 +420,19 @@ jobs: run: "mypath" >> $env:GITHUB_PATH ``` -{% endwarning %} +{% endnote %} ## Setting an environment variable -``` bash +```bash{:copy} echo "{environment_variable_name}={value}" >> $GITHUB_ENV ``` -``` pwsh +```PowerShell{:copy} "{environment_variable_name}={value}" >> $env:GITHUB_ENV ``` -``` powershell +```PowerShell{:copy} "{environment_variable_name}={value}" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append ``` @@ -437,7 +441,7 @@ You can make an environment variable available to any subsequent steps in a work ### Example {% raw %} -``` +```yaml{:copy} steps: - name: Set the value id: step_one @@ -451,7 +455,7 @@ steps: {% endraw %} {% raw %} -``` +```yaml{:copy} steps: - name: Set the value id: step_one @@ -468,7 +472,7 @@ steps: For multiline strings, you may use a delimiter with the following syntax. -``` +```yaml{:copy} {name}<<{delimiter} {value} {delimiter} @@ -487,7 +491,7 @@ steps: echo 'EOF' >> $GITHUB_ENV ``` -```yaml +```yaml{:copy} steps: - name: Set the value id: step_one @@ -500,25 +504,25 @@ steps: ## Adding a system path -``` bash +Prepends a directory to the system `PATH` variable and automatically makes it available to all subsequent actions in the current job; the currently running action cannot access the updated path variable. To see the currently defined paths for your job, you can use `echo "$PATH"` in a step or an action. + +```bash{:copy} echo "{path}" >> $GITHUB_PATH ``` -``` pwsh +```PowerShell{:copy} "{path}" >> $env:GITHUB_PATH ``` -Prepends a directory to the system `PATH` variable and automatically makes it available to all subsequent actions in the current job; the currently running action cannot access the updated path variable. To see the currently defined paths for your job, you can use `echo "$PATH"` in a step or an action. - ### Example This example demonstrates how to add the user `$HOME/.local/bin` directory to `PATH`: -``` bash +```bash{:copy} echo "$HOME/.local/bin" >> $GITHUB_PATH ``` This example demonstrates how to add the user `$env:HOMEPATH/.local/bin` directory to `PATH`: -``` pwsh +```PowerShell{:copy} "$env:HOMEPATH/.local/bin" >> $env:GITHUB_PATH -``` \ No newline at end of file +``` From 97265eeaf0c5969de5a36c28ef79c2655d31faa5 Mon Sep 17 00:00:00 2001 From: Martin Lopes Date: Mon, 14 Feb 2022 12:39:12 +1000 Subject: [PATCH 04/52] Small updates --- .../workflow-commands-for-github-actions.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/content/actions/using-workflows/workflow-commands-for-github-actions.md b/content/actions/using-workflows/workflow-commands-for-github-actions.md index 08c6e2fdbe..b25a34eaaa 100644 --- a/content/actions/using-workflows/workflow-commands-for-github-actions.md +++ b/content/actions/using-workflows/workflow-commands-for-github-actions.md @@ -333,7 +333,7 @@ You can also enable command echoing globally by turning on step debug logging us ### Example: Toggling command echoing -```yaml{:copy} +```bash{:copy} jobs: workflow-command-job: runs-on: ubuntu-latest @@ -347,10 +347,10 @@ jobs: echo '::set-output name=action_echo::disabled' ``` -```yaml{:copy} +```PowerShell{:copy} jobs: workflow-command-job: - runs-on: ubuntu-latest + runs-on: windows-2019 steps: - name: toggle workflow command echoing run: | @@ -361,7 +361,7 @@ jobs: write-output "::set-output name=action_echo::disabled" ``` -The step above prints the following lines to the log: +The example above prints the following lines to the log: ```yaml{:copy} ::set-output name=action_echo::enabled From e5af39e51a73cdec7be2228a8efaa7a828588698 Mon Sep 17 00:00:00 2001 From: Martin Lopes Date: Mon, 14 Feb 2022 15:17:56 +1000 Subject: [PATCH 05/52] Update workflow-commands-for-github-actions.md --- .../workflow-commands-for-github-actions.md | 50 +++++++++++++------ 1 file changed, 36 insertions(+), 14 deletions(-) diff --git a/content/actions/using-workflows/workflow-commands-for-github-actions.md b/content/actions/using-workflows/workflow-commands-for-github-actions.md index b25a34eaaa..94ebc82a01 100644 --- a/content/actions/using-workflows/workflow-commands-for-github-actions.md +++ b/content/actions/using-workflows/workflow-commands-for-github-actions.md @@ -215,15 +215,26 @@ Creates an expandable group in the log. To create a group, use the `group` comma ### Example: Grouping log lines ```bash{:copy} -echo "::group::My title" -echo "Inside group" -echo "::endgroup::" +jobs: + bash-example: + runs-on: ubuntu-latest + steps: + - name: Group of log lines + run: | + echo "::group::My title" + echo "Inside group" + echo "::endgroup::" ``` ```PowerShell{:copy} -Write-Output "::group::My title" -Write-Output "Inside group" -Write-Output "::endgroup::" +jobs: + powershell-example: + runs-on: windows-latest + steps: + - name: Group of log lines + run: Write-Output "::group::My title" + Write-Output "Inside group" + Write-Output "::endgroup::" ``` ![Foldable group in workflow run log](/assets/images/actions-log-group.png) @@ -253,13 +264,25 @@ Write-Output "::add-mask::Mona The Octocat" When you print the variable `MY_NAME` or the value `"Mona The Octocat"` in the log, you'll see `"***"` instead of `"Mona The Octocat"`. ```bash{:copy} -MY_NAME="Mona The Octocat" -echo "::add-mask::$MY_NAME" +jobs: + bash-example: + runs-on: ubuntu-latest + env: + MY_NAME: "Mona The Octocat" + steps: + - name: bash-version + run: echo "::add-mask::$MY_NAME" ``` ```PowerShell{:copy} -$env:MY_NAME="Mona The Octocat" -Write-Output "::add-mask::$env:MY_NAME" +jobs: + powershell-example: + runs-on: windows-latest + env: + MY_NAME: "Mona The Octocat" + steps: + - name: powershell-version + run: Write-Output "::add-mask::$env:MY_NAME" ``` ## Stopping and starting workflow commands @@ -306,7 +329,6 @@ jobs: - name: disable workflow commands run: | Write-Output '::warning:: this is a warning' - # PowerShell lacks a simple function to create a hash from a string unfortunately. $stopMarker = New-Guid Write-Output "::stop-commands::$stopMarker" Write-Output '::warning:: this will NOT be a warning' @@ -350,7 +372,7 @@ jobs: ```PowerShell{:copy} jobs: workflow-command-job: - runs-on: windows-2019 + runs-on: windows-latest steps: - name: toggle workflow command echoing run: | @@ -403,7 +425,7 @@ When using `shell: powershell`, you must specify UTF-8 encoding. For example: ```PowerShell{:copy} jobs: legacy-powershell-example: - uses: windows-2019 + uses: windows-latest steps: - shell: powershell run: "mypath" | Out-File -FilePath $env:GITHUB_PATH -Encoding utf8 -Append @@ -414,7 +436,7 @@ Alternatively, you can use PowerShell Core (`shell: pwsh`), which defaults to UT ```PowerShell{:copy} jobs: legacy-powershell-example: - uses: windows-2019 + uses: windows-latest steps: - shell: pwsh run: "mypath" >> $env:GITHUB_PATH From 26695527442881ebc82cc25d3f69449e1c6c15ae Mon Sep 17 00:00:00 2001 From: Martin Lopes Date: Tue, 15 Feb 2022 11:57:01 +1000 Subject: [PATCH 06/52] Update workflow-commands-for-github-actions.md --- .../workflow-commands-for-github-actions.md | 44 ++++++++++--------- 1 file changed, 24 insertions(+), 20 deletions(-) diff --git a/content/actions/using-workflows/workflow-commands-for-github-actions.md b/content/actions/using-workflows/workflow-commands-for-github-actions.md index 94ebc82a01..8a1d2cba7b 100644 --- a/content/actions/using-workflows/workflow-commands-for-github-actions.md +++ b/content/actions/using-workflows/workflow-commands-for-github-actions.md @@ -418,28 +418,28 @@ During the execution of a workflow, the runner generates temporary files that ca {% note %} -**Note:** On Windows, legacy PowerShell (`shell: powershell`) does not use UTF-8 by default. - -When using `shell: powershell`, you must specify UTF-8 encoding. For example: +**Note:** PowerShell versions 5.1 and below (`shell: powershell`) do not use UTF-8 by default, so you must specify the UTF-8 encoding. For example: ```PowerShell{:copy} jobs: legacy-powershell-example: - uses: windows-latest + runs-on: windows-latest steps: - shell: powershell - run: "mypath" | Out-File -FilePath $env:GITHUB_PATH -Encoding utf8 -Append + run: | + echo "mypath" | Out-File -FilePath $env:GITHUB_PATH -Encoding utf8 -Append ``` -Alternatively, you can use PowerShell Core (`shell: pwsh`), which defaults to UTF-8. +PowerShell Core versions 6 and higher (`shell: pwsh`) use UTF-8 by default. For example: ```PowerShell{:copy} jobs: - legacy-powershell-example: - uses: windows-latest + powershell-core-example: + runs-on: windows-latest steps: - shell: pwsh - run: "mypath" >> $env:GITHUB_PATH + run: | + echo "mypath" >> $env:GITHUB_PATH ``` {% endnote %} @@ -502,16 +502,9 @@ For multiline strings, you may use a delimiter with the following syntax. #### Example -In this example, we use `EOF` as a delimiter and set the `JSON_RESPONSE` environment variable to the value of the curl response. -```yaml -steps: - - name: Set the value - id: step_one - run: | - echo 'JSON_RESPONSE<> $GITHUB_ENV - curl https://httpbin.org/json >> $GITHUB_ENV - echo 'EOF' >> $GITHUB_ENV -``` +This example uses `EOF` as a delimiter, and sets the `JSON_RESPONSE` environment variable to the value of the `curl` response. + +The following example demonstrates how to do this in PowerShell Core (version 6 and above): ```yaml{:copy} steps: @@ -519,11 +512,22 @@ steps: id: step_one run: | "JSON_RESPONSE<> $env:GITHUB_ENV - (Invoke-WebRequest -Uri "google.com").Content >> $env:GITHUB_ENV + (Invoke-WebRequest -Uri "https://example.lab").Content >> $env:GITHUB_ENV "EOF" >> $env:GITHUB_ENV shell: pwsh ``` +The following example demonstrates how to do this in PowerShell (version 5.1 and below): + +```yaml +steps: + - name: Set the value + id: step_one + run: | + echo 'JSON_RESPONSE<> $GITHUB_ENV + curl https://example.lab >> $GITHUB_ENV + echo 'EOF' >> $GITHUB_ENV +``` ## Adding a system path Prepends a directory to the system `PATH` variable and automatically makes it available to all subsequent actions in the current job; the currently running action cannot access the updated path variable. To see the currently defined paths for your job, you can use `echo "$PATH"` in a step or an action. From 53947436d33fbd3d1cfbd34eac32c4f8a4227669 Mon Sep 17 00:00:00 2001 From: Martin Lopes Date: Fri, 25 Feb 2022 13:44:33 +1000 Subject: [PATCH 07/52] Reformatted codeblocks --- .../workflow-commands-for-github-actions.md | 389 ++++++++++-------- 1 file changed, 210 insertions(+), 179 deletions(-) diff --git a/content/actions/using-workflows/workflow-commands-for-github-actions.md b/content/actions/using-workflows/workflow-commands-for-github-actions.md index 8a1d2cba7b..2bba800074 100644 --- a/content/actions/using-workflows/workflow-commands-for-github-actions.md +++ b/content/actions/using-workflows/workflow-commands-for-github-actions.md @@ -28,13 +28,15 @@ Most workflow commands use the `echo` command in a specific format, while others ### Example -```bash{:copy} -echo "::workflow-command parameter1={data},parameter2={data}::{command value}" -``` +- Using Bash: + ```yaml{:copy} + echo "::workflow-command parameter1={data},parameter2={data}::{command value}" + ``` -```PowerShell{:copy} -Write-Output "::workflow-command parameter1={data},parameter2={data}::{command value}" -``` +- Using PowerShell: + ```yaml{:copy} + Write-Output "::workflow-command parameter1={data},parameter2={data}::{command value}" + ``` {% note %} @@ -60,25 +62,27 @@ core.setOutput('SELECTED_COLOR', 'green'); You can use the `set-output` command in your workflow to set the same value: -{% raw %} -```bash{:copy} - - name: Set selected color - run: echo '::set-output name=SELECTED_COLOR::green' - id: random-color-generator - - name: Get color - run: echo "The selected color is ${{ steps.random-color-generator.outputs.SELECTED_COLOR }}" -``` -{% endraw %} +- Using Bash: + {% raw %} + ```yaml{:copy} + - name: Set selected color + run: echo '::set-output name=SELECTED_COLOR::green' + id: random-color-generator + - name: Get color + run: echo "The selected color is ${{ steps.random-color-generator.outputs.SELECTED_COLOR }}" + ``` + {% endraw %} -{% raw %} -```PowerShell{:copy} - - name: Set selected color - run: Write-Output "::set-output name=SELECTED_COLOR::green" - id: random-color-generator - - name: Get color - run: Write-Output "The selected color is ${{ steps.random-color-generator.outputs.SELECTED_COLOR }}" -``` -{% endraw %} +- Using PowerShell: + {% raw %} + ```yaml{:copy} + - name: Set selected color + run: Write-Output "::set-output name=SELECTED_COLOR::green" + id: random-color-generator + - name: Get color + run: Write-Output "The selected color is ${{ steps.random-color-generator.outputs.SELECTED_COLOR }}" + ``` + {% endraw %} The following table shows which toolkit functions are available within a workflow: @@ -113,13 +117,15 @@ Optionally, you can also declare output parameters in an action's metadata file. ### Example: Setting an output parameter -```bash{:copy} -echo "::set-output name=action_fruit::strawberry" -``` +- Using Bash: + ```yaml{:copy} + echo "::set-output name=action_fruit::strawberry" + ``` -```PowerShell{:copy} -Write-Output "::set-output name=action_fruit::strawberry" -``` +- Using PowerShell: + ```yaml{:copy} + Write-Output "::set-output name=action_fruit::strawberry" + ``` ## Setting a debug message @@ -131,13 +137,15 @@ Prints a debug message to the log. You must create a secret named `ACTIONS_STEP_ ### Example: Setting a debug message -```bash{:copy} -echo "::debug::Set the Octocat variable" -``` +- Using Bash: + ```yaml{:copy} + echo "::debug::Set the Octocat variable" + ``` -```PowerShell{:copy} -Write-Output "::debug::Set the Octocat variable" -``` +- Using PowerShell: + ```yaml{:copy} + Write-Output "::debug::Set the Octocat variable" + ``` {% ifversion fpt or ghes > 3.2 or ghae-issue-4929 or ghec %} @@ -153,13 +161,15 @@ Creates a notice message and prints the message to the log. {% data reusables.ac ### Example: Setting a notice message -```bash{:copy} -echo "::notice file=app.js,line=1,col=5,endColumn=7::Missing semicolon" -``` +- Using Bash: + ```yaml{:copy} + echo "::notice file=app.js,line=1,col=5,endColumn=7::Missing semicolon" + ``` -```PowerShell{:copy} -Write-Output "::notice file=app.js,line=1,col=5,endColumn=7::Missing semicolon" -``` +- Using PowerShell: + ```yaml{:copy} + Write-Output "::notice file=app.js,line=1,col=5,endColumn=7::Missing semicolon" + ``` {% endif %} @@ -175,13 +185,15 @@ Creates a warning message and prints the message to the log. {% data reusables.a ### Example: Setting a warning message -```bash{:copy} -echo "::warning file=app.js,line=1,col=5,endColumn=7::Missing semicolon" -``` +- Using Bash: + ```yaml{:copy} + echo "::warning file=app.js,line=1,col=5,endColumn=7::Missing semicolon" + ``` -```PowerShell{:copy} -Write-Output "::warning file=app.js,line=1,col=5,endColumn=7::Missing semicolon" -``` +- Using PowerShell: + ```yaml{:copy} + Write-Output "::warning file=app.js,line=1,col=5,endColumn=7::Missing semicolon" + ``` ## Setting an error message @@ -195,13 +207,15 @@ Creates an error message and prints the message to the log. {% data reusables.ac ### Example: Setting an error message -```bash{:copy} -echo "::error file=app.js,line=1,col=5,endColumn=7::Missing semicolon" -``` +- Using Bash: + ```yaml{:copy} + echo "::error file=app.js,line=1,col=5,endColumn=7::Missing semicolon" + ``` -```PowerShell{:copy} -Write-Output "::error file=app.js,line=1,col=5,endColumn=7::Missing semicolon" -``` +- Using PowerShell: + ```yaml{:copy} + Write-Output "::error file=app.js,line=1,col=5,endColumn=7::Missing semicolon" + ``` ## Grouping log lines @@ -214,28 +228,30 @@ Creates an expandable group in the log. To create a group, use the `group` comma ### Example: Grouping log lines -```bash{:copy} -jobs: - bash-example: - runs-on: ubuntu-latest - steps: - - name: Group of log lines - run: | - echo "::group::My title" - echo "Inside group" - echo "::endgroup::" -``` +- Using Bash: + ```yaml{:copy} + jobs: + bash-example: + runs-on: ubuntu-latest + steps: + - name: Group of log lines + run: | + echo "::group::My title" + echo "Inside group" + echo "::endgroup::" + ``` -```PowerShell{:copy} -jobs: - powershell-example: - runs-on: windows-latest - steps: - - name: Group of log lines - run: Write-Output "::group::My title" - Write-Output "Inside group" - Write-Output "::endgroup::" -``` +- Using PowerShell: + ```yaml{:copy} + jobs: + powershell-example: + runs-on: windows-latest + steps: + - name: Group of log lines + run: Write-Output "::group::My title" + Write-Output "Inside group" + Write-Output "::endgroup::" + ``` ![Foldable group in workflow run log](/assets/images/actions-log-group.png) @@ -251,39 +267,43 @@ Masking a value prevents a string or variable from being printed in the log. Eac When you print `"Mona The Octocat"` in the log, you'll see `"***"`. -```bash{:copy} -echo "::add-mask::Mona The Octocat" -``` +- Using Bash: + ```yaml{:copy} + echo "::add-mask::Mona The Octocat" + ``` -```PowerShell{:copy} -Write-Output "::add-mask::Mona The Octocat" -``` +- Using PowerShell: + ```yaml{:copy} + Write-Output "::add-mask::Mona The Octocat" + ``` ### Example: Masking an environment variable When you print the variable `MY_NAME` or the value `"Mona The Octocat"` in the log, you'll see `"***"` instead of `"Mona The Octocat"`. -```bash{:copy} -jobs: - bash-example: - runs-on: ubuntu-latest - env: - MY_NAME: "Mona The Octocat" - steps: - - name: bash-version - run: echo "::add-mask::$MY_NAME" -``` +- Using Bash: + ```yaml{:copy} + jobs: + bash-example: + runs-on: ubuntu-latest + env: + MY_NAME: "Mona The Octocat" + steps: + - name: bash-version + run: echo "::add-mask::$MY_NAME" + ``` -```PowerShell{:copy} -jobs: - powershell-example: - runs-on: windows-latest - env: - MY_NAME: "Mona The Octocat" - steps: - - name: powershell-version - run: Write-Output "::add-mask::$env:MY_NAME" -``` +- Using PowerShell: + ```yaml{:copy} + jobs: + powershell-example: + runs-on: windows-latest + env: + MY_NAME: "Mona The Octocat" + steps: + - name: powershell-version + run: Write-Output "::add-mask::$env:MY_NAME" + ``` ## Stopping and starting workflow commands @@ -306,35 +326,36 @@ To stop the processing of workflow commands, pass a unique token to `stop-comman ### Example: Stopping and starting workflow commands {% raw %} +- Using bash: + ```yaml{:copy} + jobs: + workflow-command-job: + runs-on: ubuntu-latest + steps: + - name: disable workflow commands + run: | + echo '::warning:: this is a warning' + echo "::stop-commands::`echo -n ${{ github.token }} | sha256sum | head -c 64`" + echo '::warning:: this will NOT be a warning' + echo "::`echo -n ${{ github.token }} | sha256sum | head -c 64`::" + echo '::warning:: this is a warning again' + ``` -```yaml{:copy} -jobs: - workflow-command-job: - runs-on: ubuntu-latest - steps: - - name: disable workflow commands - run: | - echo '::warning:: this is a warning' - echo "::stop-commands::`echo -n ${{ github.token }} | sha256sum | head -c 64`" - echo '::warning:: this will NOT be a warning' - echo "::`echo -n ${{ github.token }} | sha256sum | head -c 64`::" - echo '::warning:: this is a warning again' -``` - -```yaml{:copy} -jobs: - workflow-command-job: - runs-on: ubuntu-latest - steps: - - name: disable workflow commands - run: | - Write-Output '::warning:: this is a warning' - $stopMarker = New-Guid - Write-Output "::stop-commands::$stopMarker" - Write-Output '::warning:: this will NOT be a warning' - Write-Output "::$stopMarker::" - Write-Output '::warning:: this is a warning again' -``` +- Using PowerShell: + ```yaml{:copy} + jobs: + workflow-command-job: + runs-on: ubuntu-latest + steps: + - name: disable workflow commands + run: | + Write-Output '::warning:: this is a warning' + $stopMarker = New-Guid + Write-Output "::stop-commands::$stopMarker" + Write-Output '::warning:: this will NOT be a warning' + Write-Output "::$stopMarker::" + Write-Output '::warning:: this is a warning again' + ``` {% endraw %} @@ -355,33 +376,35 @@ You can also enable command echoing globally by turning on step debug logging us ### Example: Toggling command echoing -```bash{:copy} -jobs: - workflow-command-job: - runs-on: ubuntu-latest - steps: - - name: toggle workflow command echoing - run: | - echo '::set-output name=action_echo::disabled' - echo '::echo::on' - echo '::set-output name=action_echo::enabled' - echo '::echo::off' - echo '::set-output name=action_echo::disabled' -``` +- Using Bash: + ```yaml{:copy} + jobs: + workflow-command-job: + runs-on: ubuntu-latest + steps: + - name: toggle workflow command echoing + run: | + echo '::set-output name=action_echo::disabled' + echo '::echo::on' + echo '::set-output name=action_echo::enabled' + echo '::echo::off' + echo '::set-output name=action_echo::disabled' + ``` -```PowerShell{:copy} -jobs: - workflow-command-job: - runs-on: windows-latest - steps: - - name: toggle workflow command echoing - run: | - write-output "::set-output name=action_echo::disabled" - write-output "::echo::on" - write-output "::set-output name=action_echo::enabled" - write-output "::echo::off" - write-output "::set-output name=action_echo::disabled" -``` +- Using PowerShell: + ```yaml{:copy} + jobs: + workflow-command-job: + runs-on: windows-latest + steps: + - name: toggle workflow command echoing + run: | + write-output "::set-output name=action_echo::disabled" + write-output "::echo::on" + write-output "::set-output name=action_echo::enabled" + write-output "::echo::off" + write-output "::set-output name=action_echo::disabled" + ``` The example above prints the following lines to the log: @@ -420,7 +443,7 @@ During the execution of a workflow, the runner generates temporary files that ca **Note:** PowerShell versions 5.1 and below (`shell: powershell`) do not use UTF-8 by default, so you must specify the UTF-8 encoding. For example: -```PowerShell{:copy} +```yaml{:copy} jobs: legacy-powershell-example: runs-on: windows-latest @@ -432,7 +455,7 @@ jobs: PowerShell Core versions 6 and higher (`shell: pwsh`) use UTF-8 by default. For example: -```PowerShell{:copy} +```yaml{:copy} jobs: powershell-core-example: runs-on: windows-latest @@ -446,17 +469,20 @@ jobs: ## Setting an environment variable -```bash{:copy} -echo "{environment_variable_name}={value}" >> $GITHUB_ENV -``` +- Using Bash: + ```yaml{:copy} + echo "{environment_variable_name}={value}" >> $GITHUB_ENV + ``` -```PowerShell{:copy} -"{environment_variable_name}={value}" >> $env:GITHUB_ENV -``` +- Using PowerShell version 6 and higher: + ```yaml{:copy} + "{environment_variable_name}={value}" >> $env:GITHUB_ENV + ``` -```PowerShell{:copy} -"{environment_variable_name}={value}" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append -``` +- Using PowerShell version 5.1 and below: + ```yaml{:copy} + "{environment_variable_name}={value}" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append + ``` You can make an environment variable available to any subsequent steps in a workflow job by defining or updating the environment variable and writing this to the `GITHUB_ENV` environment file. The step that creates or updates the environment variable does not have access to the new value, but all subsequent steps in a job will have access. The names of environment variables are case-sensitive, and you can include punctuation. For more information, see "[Environment variables](/actions/learn-github-actions/environment-variables)." @@ -519,7 +545,7 @@ steps: The following example demonstrates how to do this in PowerShell (version 5.1 and below): -```yaml +```yaml{:copy} steps: - name: Set the value id: step_one @@ -532,23 +558,28 @@ steps: Prepends a directory to the system `PATH` variable and automatically makes it available to all subsequent actions in the current job; the currently running action cannot access the updated path variable. To see the currently defined paths for your job, you can use `echo "$PATH"` in a step or an action. -```bash{:copy} -echo "{path}" >> $GITHUB_PATH -``` +- Using Bash: + ```yaml{:copy} + echo "{path}" >> $GITHUB_PATH + ``` -```PowerShell{:copy} -"{path}" >> $env:GITHUB_PATH -``` +- Using PowerShell: + ```yaml{:copy} + "{path}" >> $env:GITHUB_PATH + ``` ### Example This example demonstrates how to add the user `$HOME/.local/bin` directory to `PATH`: -```bash{:copy} -echo "$HOME/.local/bin" >> $GITHUB_PATH -``` +- Using Bash: + ```yaml{:copy} + echo "$HOME/.local/bin" >> $GITHUB_PATH + ``` This example demonstrates how to add the user `$env:HOMEPATH/.local/bin` directory to `PATH`: -```PowerShell{:copy} -"$env:HOMEPATH/.local/bin" >> $env:GITHUB_PATH -``` + +- Using PowerShell: + ```yaml{:copy} + "$env:HOMEPATH/.local/bin" >> $env:GITHUB_PATH + ``` From 1a7217b8795adfa711b97de0137398e96e4c7730 Mon Sep 17 00:00:00 2001 From: Jesse Houwing Date: Fri, 25 Feb 2022 13:28:09 +0100 Subject: [PATCH 08/52] Update workflow-commands-for-github-actions.md --- .../workflow-commands-for-github-actions.md | 163 +++++++++--------- 1 file changed, 85 insertions(+), 78 deletions(-) diff --git a/content/actions/using-workflows/workflow-commands-for-github-actions.md b/content/actions/using-workflows/workflow-commands-for-github-actions.md index 2bba800074..0ff0d843d3 100644 --- a/content/actions/using-workflows/workflow-commands-for-github-actions.md +++ b/content/actions/using-workflows/workflow-commands-for-github-actions.md @@ -29,12 +29,12 @@ Most workflow commands use the `echo` command in a specific format, while others ### Example - Using Bash: - ```yaml{:copy} + ```bash{:copy} echo "::workflow-command parameter1={data},parameter2={data}::{command value}" ``` - Using PowerShell: - ```yaml{:copy} + ```pwsh{:copy} Write-Output "::workflow-command parameter1={data},parameter2={data}::{command value}" ``` @@ -109,7 +109,7 @@ The following table shows which toolkit functions are available within a workflo Sets an action's output parameter. -```yaml{:copy} +```plaintext{:copy} ::set-output name={name}::{value} ``` @@ -118,12 +118,12 @@ Optionally, you can also declare output parameters in an action's metadata file. ### Example: Setting an output parameter - Using Bash: - ```yaml{:copy} + ```bash{:copy} echo "::set-output name=action_fruit::strawberry" ``` - Using PowerShell: - ```yaml{:copy} + ```pwsh{:copy} Write-Output "::set-output name=action_fruit::strawberry" ``` @@ -131,19 +131,19 @@ Optionally, you can also declare output parameters in an action's metadata file. Prints a debug message to the log. You must create a secret named `ACTIONS_STEP_DEBUG` with the value `true` to see the debug messages set by this command in the log. For more information, see "[Enabling debug logging](/actions/managing-workflow-runs/enabling-debug-logging)." -```yaml{:copy} +```plaintext{:copy} ::debug::{message} ``` ### Example: Setting a debug message - Using Bash: - ```yaml{:copy} + ```bash{:copy} echo "::debug::Set the Octocat variable" ``` - Using PowerShell: - ```yaml{:copy} + ```pwsh{:copy} Write-Output "::debug::Set the Octocat variable" ``` @@ -153,7 +153,7 @@ Prints a debug message to the log. You must create a secret named `ACTIONS_STEP_ Creates a notice message and prints the message to the log. {% data reusables.actions.message-annotation-explanation %} -```yaml{:copy} +```plaintext{:copy} ::notice file={name},line={line},endLine={endLine},title={title}::{message} ``` @@ -162,12 +162,12 @@ Creates a notice message and prints the message to the log. {% data reusables.ac ### Example: Setting a notice message - Using Bash: - ```yaml{:copy} + ```bash{:copy} echo "::notice file=app.js,line=1,col=5,endColumn=7::Missing semicolon" ``` - Using PowerShell: - ```yaml{:copy} + ```pwsh{:copy} Write-Output "::notice file=app.js,line=1,col=5,endColumn=7::Missing semicolon" ``` @@ -177,7 +177,7 @@ Creates a notice message and prints the message to the log. {% data reusables.ac Creates a warning message and prints the message to the log. {% data reusables.actions.message-annotation-explanation %} -```yaml{:copy} +```plaintext{:copy} ::warning file={name},line={line},endLine={endLine},title={title}::{message} ``` @@ -186,12 +186,12 @@ Creates a warning message and prints the message to the log. {% data reusables.a ### Example: Setting a warning message - Using Bash: - ```yaml{:copy} + ```bash{:copy} echo "::warning file=app.js,line=1,col=5,endColumn=7::Missing semicolon" ``` - Using PowerShell: - ```yaml{:copy} + ```pwsh{:copy} Write-Output "::warning file=app.js,line=1,col=5,endColumn=7::Missing semicolon" ``` @@ -199,7 +199,7 @@ Creates a warning message and prints the message to the log. {% data reusables.a Creates an error message and prints the message to the log. {% data reusables.actions.message-annotation-explanation %} -```yaml{:copy} +```plaintext{:copy} ::error file={name},line={line},endLine={endLine},title={title}::{message} ``` @@ -208,12 +208,12 @@ Creates an error message and prints the message to the log. {% data reusables.ac ### Example: Setting an error message - Using Bash: - ```yaml{:copy} + ```bash{:copy} echo "::error file=app.js,line=1,col=5,endColumn=7::Missing semicolon" ``` - Using PowerShell: - ```yaml{:copy} + ```pwsh{:copy} Write-Output "::error file=app.js,line=1,col=5,endColumn=7::Missing semicolon" ``` @@ -221,7 +221,7 @@ Creates an error message and prints the message to the log. {% data reusables.ac Creates an expandable group in the log. To create a group, use the `group` command and specify a `title`. Anything you print to the log between the `group` and `endgroup` commands is nested inside an expandable entry in the log. -```yaml{:copy} +```plaintext{:copy} ::group::{title} ::endgroup:: ``` @@ -248,7 +248,8 @@ Creates an expandable group in the log. To create a group, use the `group` comma runs-on: windows-latest steps: - name: Group of log lines - run: Write-Output "::group::My title" + run: | + Write-Output "::group::My title" Write-Output "Inside group" Write-Output "::endgroup::" ``` @@ -257,7 +258,7 @@ Creates an expandable group in the log. To create a group, use the `group` comma ## Masking a value in log -```yaml{:copy} +```plaintext{:copy} ::add-mask::{value} ``` @@ -268,12 +269,12 @@ Masking a value prevents a string or variable from being printed in the log. Eac When you print `"Mona The Octocat"` in the log, you'll see `"***"`. - Using Bash: - ```yaml{:copy} + ```bash{:copy} echo "::add-mask::Mona The Octocat" ``` - Using PowerShell: - ```yaml{:copy} + ```pwsh{:copy} Write-Output "::add-mask::Mona The Octocat" ``` @@ -309,7 +310,9 @@ When you print the variable `MY_NAME` or the value `"Mona The Octocat"` in the l Stops processing any workflow commands. This special command allows you to log anything without accidentally running a workflow command. For example, you could stop logging to output an entire script that has comments. -`::stop-commands::{endtoken}` +```plaintext{:copy} +::stop-commands::{endtoken} +``` To stop the processing of workflow commands, pass a unique token to `stop-commands`. To resume processing workflow commands, pass the same token that you used to stop workflow commands. @@ -319,7 +322,7 @@ To stop the processing of workflow commands, pass a unique token to `stop-comman {% endwarning %} -```yaml{:copy} +```plaintext{:copy} ::{endtoken}:: ``` @@ -363,7 +366,7 @@ To stop the processing of workflow commands, pass a unique token to `stop-comman Enables or disables echoing of workflow commands. For example, if you use the `set-output` command in a workflow, it sets an output parameter but the workflow run's log does not show the command itself. If you enable command echoing, then the log shows the command, such as `::set-output name={name}::{value}`. -```yaml{:copy} +```plaintext{:copy} ::echo::on ::echo::off ``` @@ -376,7 +379,7 @@ You can also enable command echoing globally by turning on step debug logging us ### Example: Toggling command echoing -- Using Bash: +- Using bash: ```yaml{:copy} jobs: workflow-command-job: @@ -408,7 +411,7 @@ You can also enable command echoing globally by turning on step debug logging us The example above prints the following lines to the log: -```yaml{:copy} +```plaintext{:copy} ::set-output name=action_echo::enabled ::echo::off ``` @@ -450,7 +453,7 @@ jobs: steps: - shell: powershell run: | - echo "mypath" | Out-File -FilePath $env:GITHUB_PATH -Encoding utf8 -Append + "mypath" | Out-File -FilePath $env:GITHUB_PATH -Encoding utf8 -Append ``` PowerShell Core versions 6 and higher (`shell: pwsh`) use UTF-8 by default. For example: @@ -462,25 +465,25 @@ jobs: steps: - shell: pwsh run: | - echo "mypath" >> $env:GITHUB_PATH + "mypath" >> $env:GITHUB_PATH ``` {% endnote %} ## Setting an environment variable -- Using Bash: - ```yaml{:copy} +- Using bash: + ```bash{:copy} echo "{environment_variable_name}={value}" >> $GITHUB_ENV ``` - Using PowerShell version 6 and higher: - ```yaml{:copy} + ```pwsh{:copy} "{environment_variable_name}={value}" >> $env:GITHUB_ENV ``` - Using PowerShell version 5.1 and below: - ```yaml{:copy} + ```powershell{:copy} "{environment_variable_name}={value}" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append ``` @@ -488,39 +491,42 @@ You can make an environment variable available to any subsequent steps in a work ### Example -{% raw %} -```yaml{:copy} -steps: - - name: Set the value - id: step_one - run: | - echo "action_state=yellow" >> $GITHUB_ENV - - name: Use the value - id: step_two - run: | - echo "${{ env.action_state }}" # This will output 'yellow' -``` -{% endraw %} +- Using bash: + {% raw %} + ```yaml{:copy} + steps: + - name: Set the value + id: step_one + run: | + echo "action_state=yellow" >> $GITHUB_ENV + - name: Use the value + id: step_two + run: | + echo "${{ env.action_state }}" # This will output 'yellow' + ``` + {% endraw %} -{% raw %} -```yaml{:copy} -steps: - - name: Set the value - id: step_one - run: | - "action_state=yellow" >> $env:GITHUB_ENV - - name: Use the value - id: step_two - run: | - Write-Output "${{ env.action_state }}" # This will output 'yellow' -``` -{% endraw %} +- Using PowerShell: + + {% raw %} + ```yaml{:copy} + steps: + - name: Set the value + id: step_one + run: | + "action_state=yellow" >> $env:GITHUB_ENV + - name: Use the value + id: step_two + run: | + Write-Output "${{ env.action_state }}" # This will output 'yellow' + ``` + {% endraw %} ### Multiline strings For multiline strings, you may use a delimiter with the following syntax. -```yaml{:copy} +```plaintext{:copy} {name}<<{delimiter} {value} {delimiter} @@ -530,11 +536,23 @@ For multiline strings, you may use a delimiter with the following syntax. This example uses `EOF` as a delimiter, and sets the `JSON_RESPONSE` environment variable to the value of the `curl` response. +The following example demonstrates how to do this in Bash: + +```yaml{:copy} +steps: + - name: Set the value in bash + id: step_one + run: | + echo 'JSON_RESPONSE<> $GITHUB_ENV + curl https://example.lab >> $GITHUB_ENV + echo 'EOF' >> $GITHUB_ENV +``` + The following example demonstrates how to do this in PowerShell Core (version 6 and above): ```yaml{:copy} steps: - - name: Set the value + - name: Set the value in pwsh id: step_one run: | "JSON_RESPONSE<> $env:GITHUB_ENV @@ -543,28 +561,17 @@ steps: shell: pwsh ``` -The following example demonstrates how to do this in PowerShell (version 5.1 and below): - -```yaml{:copy} -steps: - - name: Set the value - id: step_one - run: | - echo 'JSON_RESPONSE<> $GITHUB_ENV - curl https://example.lab >> $GITHUB_ENV - echo 'EOF' >> $GITHUB_ENV -``` ## Adding a system path Prepends a directory to the system `PATH` variable and automatically makes it available to all subsequent actions in the current job; the currently running action cannot access the updated path variable. To see the currently defined paths for your job, you can use `echo "$PATH"` in a step or an action. -- Using Bash: - ```yaml{:copy} +- Using bash: + ```bash{:copy} echo "{path}" >> $GITHUB_PATH ``` - Using PowerShell: - ```yaml{:copy} + ```pwrh{:copy} "{path}" >> $env:GITHUB_PATH ``` @@ -572,14 +579,14 @@ Prepends a directory to the system `PATH` variable and automatically makes it av This example demonstrates how to add the user `$HOME/.local/bin` directory to `PATH`: -- Using Bash: - ```yaml{:copy} +- Using bash: + ```bash{:copy} echo "$HOME/.local/bin" >> $GITHUB_PATH ``` This example demonstrates how to add the user `$env:HOMEPATH/.local/bin` directory to `PATH`: - Using PowerShell: - ```yaml{:copy} + ```pwsh{:copy} "$env:HOMEPATH/.local/bin" >> $env:GITHUB_PATH ``` From 54b53009afa799c3dd631272567d0e9a531cd163 Mon Sep 17 00:00:00 2001 From: Jesse Houwing Date: Fri, 25 Feb 2022 14:36:27 +0100 Subject: [PATCH 09/52] 1 Typo! one! ONE! ARGH! --- .../using-workflows/workflow-commands-for-github-actions.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/actions/using-workflows/workflow-commands-for-github-actions.md b/content/actions/using-workflows/workflow-commands-for-github-actions.md index 0ff0d843d3..e473756fe7 100644 --- a/content/actions/using-workflows/workflow-commands-for-github-actions.md +++ b/content/actions/using-workflows/workflow-commands-for-github-actions.md @@ -571,7 +571,7 @@ Prepends a directory to the system `PATH` variable and automatically makes it av ``` - Using PowerShell: - ```pwrh{:copy} + ```pwsh{:copy} "{path}" >> $env:GITHUB_PATH ``` From bb554793a8ca433afcad551a9a66e23ea951d6c7 Mon Sep 17 00:00:00 2001 From: Jesse Houwing Date: Fri, 25 Feb 2022 14:52:19 +0100 Subject: [PATCH 10/52] Example was using ubuntu-latest for pwsh --- .../using-workflows/workflow-commands-for-github-actions.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/actions/using-workflows/workflow-commands-for-github-actions.md b/content/actions/using-workflows/workflow-commands-for-github-actions.md index e473756fe7..11c3c7f7f0 100644 --- a/content/actions/using-workflows/workflow-commands-for-github-actions.md +++ b/content/actions/using-workflows/workflow-commands-for-github-actions.md @@ -348,7 +348,7 @@ To stop the processing of workflow commands, pass a unique token to `stop-comman ```yaml{:copy} jobs: workflow-command-job: - runs-on: ubuntu-latest + runs-on: windows-latest steps: - name: disable workflow commands run: | From 53a274d3c2f38105c9c1460527d0106c304a9554 Mon Sep 17 00:00:00 2001 From: Martin Lopes Date: Thu, 3 Mar 2022 15:35:41 +1000 Subject: [PATCH 11/52] Added tool picker options for powershell and bash --- components/article/ToolPicker.tsx | 4 + content/README.md | 2 +- .../workflow-commands-for-github-actions.md | 570 +++++++++++------- lib/frontmatter.js | 13 +- lib/liquid-tags/extended-markdown.js | 2 + lib/page.js | 2 + lib/schema-event.js | 15 +- 7 files changed, 371 insertions(+), 237 deletions(-) diff --git a/components/article/ToolPicker.tsx b/components/article/ToolPicker.tsx index f00cb6b966..ede5bed03b 100644 --- a/components/article/ToolPicker.tsx +++ b/components/article/ToolPicker.tsx @@ -20,6 +20,8 @@ const supportedTools = [ 'vscode', 'importer_cli', 'graphql', + 'powershell', + 'bash', ] const toolTitles = { webui: 'Web browser', @@ -30,6 +32,8 @@ const toolTitles = { vscode: 'Visual Studio Code', importer_cli: 'GitHub Enterprise Importer CLI', graphql: 'GraphQL API', + powershell: 'PowerShell', + bash: 'Bash', } as Record // Imperatively modify article content to show only the selected tool diff --git a/content/README.md b/content/README.md index 1f37f95462..de6ce8ba17 100644 --- a/content/README.md +++ b/content/README.md @@ -228,7 +228,7 @@ defaultPlatform: linux ### `defaultTool` - Purpose: Override the initial tool selection for a page, where tool refers to the application the reader is using to work with GitHub (such as GitHub.com's web UI, the GitHub CLI, or GitHub Desktop) or the GitHub APIs (such as cURL or the GitHub CLI). For more information about the tool selector, see [Markup reference for GitHub Docs](../contributing/content-markup-reference.md#tool-tags). If this frontmatter is omitted, then the tool-specific content matching the GitHub web UI is shown by default. If a user has indicated a tool preference (by clicking on a tool tab), then the user's preference will be applied instead of the default value. -- Type: `String`, one of: `webui`, `cli`, `desktop`, `curl`, `codespaces`, `vscode`, `importer_cli`, `graphql`. +- Type: `String`, one of: `webui`, `cli`, `desktop`, `curl`, `codespaces`, `vscode`, `importer_cli`, `graphql`, `powershell`, `bash`. - Optional. ```yaml diff --git a/content/actions/using-workflows/workflow-commands-for-github-actions.md b/content/actions/using-workflows/workflow-commands-for-github-actions.md index 11c3c7f7f0..079495aab3 100644 --- a/content/actions/using-workflows/workflow-commands-for-github-actions.md +++ b/content/actions/using-workflows/workflow-commands-for-github-actions.md @@ -10,6 +10,7 @@ redirect_from: - /actions/reference/logging-commands-for-github-actions - /actions/reference/workflow-commands-for-github-actions - /actions/learn-github-actions/workflow-commands-for-github-actions +defaultTool: bash versions: fpt: '*' ghes: '*' @@ -28,15 +29,21 @@ Most workflow commands use the `echo` command in a specific format, while others ### Example -- Using Bash: - ```bash{:copy} - echo "::workflow-command parameter1={data},parameter2={data}::{command value}" - ``` +{% bash %} -- Using PowerShell: - ```pwsh{:copy} - Write-Output "::workflow-command parameter1={data},parameter2={data}::{command value}" - ``` +```bash{:copy} +echo "::workflow-command parameter1={data},parameter2={data}::{command value}" +``` + +{% endbash %} + +{% powershell %} + +```pwsh{:copy} +Write-Output "::workflow-command parameter1={data},parameter2={data}::{command value}" +``` + +{% endpowershell %} {% note %} @@ -62,27 +69,33 @@ core.setOutput('SELECTED_COLOR', 'green'); You can use the `set-output` command in your workflow to set the same value: -- Using Bash: - {% raw %} - ```yaml{:copy} - - name: Set selected color - run: echo '::set-output name=SELECTED_COLOR::green' - id: random-color-generator - - name: Get color - run: echo "The selected color is ${{ steps.random-color-generator.outputs.SELECTED_COLOR }}" - ``` - {% endraw %} +{% bash %} -- Using PowerShell: - {% raw %} - ```yaml{:copy} - - name: Set selected color - run: Write-Output "::set-output name=SELECTED_COLOR::green" - id: random-color-generator - - name: Get color - run: Write-Output "The selected color is ${{ steps.random-color-generator.outputs.SELECTED_COLOR }}" - ``` - {% endraw %} +{% raw %} +```yaml{:copy} + - name: Set selected color + run: echo '::set-output name=SELECTED_COLOR::green' + id: random-color-generator + - name: Get color + run: echo "The selected color is ${{ steps.random-color-generator.outputs.SELECTED_COLOR }}" +``` +{% endraw %} + +{% endbash %} + +{% powershell %} + +{% raw %} +```yaml{:copy} + - name: Set selected color + run: Write-Output "::set-output name=SELECTED_COLOR::green" + id: random-color-generator + - name: Get color + run: Write-Output "The selected color is ${{ steps.random-color-generator.outputs.SELECTED_COLOR }}" +``` +{% endraw %} + +{% endpowershell %} The following table shows which toolkit functions are available within a workflow: @@ -117,15 +130,21 @@ Optionally, you can also declare output parameters in an action's metadata file. ### Example: Setting an output parameter -- Using Bash: - ```bash{:copy} - echo "::set-output name=action_fruit::strawberry" - ``` +{% bash %} -- Using PowerShell: - ```pwsh{:copy} - Write-Output "::set-output name=action_fruit::strawberry" - ``` +```bash{:copy} +echo "::set-output name=action_fruit::strawberry" +``` + +{% endbash %} + +{% powershell %} + +```pwsh{:copy} +Write-Output "::set-output name=action_fruit::strawberry" +``` + +{% endpowershell %} ## Setting a debug message @@ -137,15 +156,21 @@ Prints a debug message to the log. You must create a secret named `ACTIONS_STEP_ ### Example: Setting a debug message -- Using Bash: - ```bash{:copy} - echo "::debug::Set the Octocat variable" - ``` +{% bash %} -- Using PowerShell: - ```pwsh{:copy} - Write-Output "::debug::Set the Octocat variable" - ``` +```bash{:copy} +echo "::debug::Set the Octocat variable" +``` + +{% endbash %} + +{% powershell %} + +```pwsh{:copy} +Write-Output "::debug::Set the Octocat variable" +``` + +{% endpowershell %} {% ifversion fpt or ghes > 3.2 or ghae-issue-4929 or ghec %} @@ -161,16 +186,21 @@ Creates a notice message and prints the message to the log. {% data reusables.ac ### Example: Setting a notice message -- Using Bash: - ```bash{:copy} - echo "::notice file=app.js,line=1,col=5,endColumn=7::Missing semicolon" - ``` +{% bash %} -- Using PowerShell: - ```pwsh{:copy} - Write-Output "::notice file=app.js,line=1,col=5,endColumn=7::Missing semicolon" - ``` +```bash{:copy} +echo "::notice file=app.js,line=1,col=5,endColumn=7::Missing semicolon" +``` +{% endbash %} + +{% powershell %} + +```pwsh{:copy} +Write-Output "::notice file=app.js,line=1,col=5,endColumn=7::Missing semicolon" +``` + +{% endpowershell %} {% endif %} ## Setting a warning message @@ -185,15 +215,20 @@ Creates a warning message and prints the message to the log. {% data reusables.a ### Example: Setting a warning message -- Using Bash: - ```bash{:copy} - echo "::warning file=app.js,line=1,col=5,endColumn=7::Missing semicolon" - ``` +{% bash %} -- Using PowerShell: - ```pwsh{:copy} - Write-Output "::warning file=app.js,line=1,col=5,endColumn=7::Missing semicolon" - ``` +```bash{:copy} +echo "::warning file=app.js,line=1,col=5,endColumn=7::Missing semicolon" +``` +{% endbash %} + +{% powershell %} + +```pwsh{:copy} +Write-Output "::warning file=app.js,line=1,col=5,endColumn=7::Missing semicolon" +``` + +{% endpowershell %} ## Setting an error message @@ -207,16 +242,21 @@ Creates an error message and prints the message to the log. {% data reusables.ac ### Example: Setting an error message -- Using Bash: - ```bash{:copy} - echo "::error file=app.js,line=1,col=5,endColumn=7::Missing semicolon" - ``` +{% bash %} -- Using PowerShell: - ```pwsh{:copy} - Write-Output "::error file=app.js,line=1,col=5,endColumn=7::Missing semicolon" - ``` +```bash{:copy} +echo "::error file=app.js,line=1,col=5,endColumn=7::Missing semicolon" +``` +{% endbash %} + +{% powershell %} + +```pwsh{:copy} +Write-Output "::error file=app.js,line=1,col=5,endColumn=7::Missing semicolon" +``` + +{% endpowershell %} ## Grouping log lines Creates an expandable group in the log. To create a group, use the `group` command and specify a `title`. Anything you print to the log between the `group` and `endgroup` commands is nested inside an expandable entry in the log. @@ -228,31 +268,37 @@ Creates an expandable group in the log. To create a group, use the `group` comma ### Example: Grouping log lines -- Using Bash: - ```yaml{:copy} - jobs: - bash-example: - runs-on: ubuntu-latest - steps: - - name: Group of log lines - run: | - echo "::group::My title" - echo "Inside group" - echo "::endgroup::" - ``` +{% bash %} -- Using PowerShell: - ```yaml{:copy} - jobs: - powershell-example: - runs-on: windows-latest - steps: - - name: Group of log lines - run: | - Write-Output "::group::My title" - Write-Output "Inside group" - Write-Output "::endgroup::" - ``` +```yaml{:copy} +jobs: + bash-example: + runs-on: ubuntu-latest + steps: + - name: Group of log lines + run: | + echo "::group::My title" + echo "Inside group" + echo "::endgroup::" +``` + +{% endbash %} + +{% powershell %} + +```yaml{:copy} +jobs: + powershell-example: + runs-on: windows-latest + steps: + - name: Group of log lines + run: | + Write-Output "::group::My title" + Write-Output "Inside group" + Write-Output "::endgroup::" +``` + +{% endpowershell %} ![Foldable group in workflow run log](/assets/images/actions-log-group.png) @@ -268,43 +314,55 @@ Masking a value prevents a string or variable from being printed in the log. Eac When you print `"Mona The Octocat"` in the log, you'll see `"***"`. -- Using Bash: - ```bash{:copy} - echo "::add-mask::Mona The Octocat" - ``` +{% bash %} -- Using PowerShell: - ```pwsh{:copy} - Write-Output "::add-mask::Mona The Octocat" - ``` +```bash{:copy} +echo "::add-mask::Mona The Octocat" +``` + +{% endbash %} + +{% powershell %} + +```pwsh{:copy} +Write-Output "::add-mask::Mona The Octocat" +``` + +{% endpowershell %} ### Example: Masking an environment variable When you print the variable `MY_NAME` or the value `"Mona The Octocat"` in the log, you'll see `"***"` instead of `"Mona The Octocat"`. -- Using Bash: - ```yaml{:copy} - jobs: - bash-example: - runs-on: ubuntu-latest - env: - MY_NAME: "Mona The Octocat" - steps: - - name: bash-version - run: echo "::add-mask::$MY_NAME" - ``` +{% bash %} -- Using PowerShell: - ```yaml{:copy} - jobs: - powershell-example: - runs-on: windows-latest - env: - MY_NAME: "Mona The Octocat" - steps: - - name: powershell-version - run: Write-Output "::add-mask::$env:MY_NAME" - ``` +```yaml{:copy} +jobs: + bash-example: + runs-on: ubuntu-latest + env: + MY_NAME: "Mona The Octocat" + steps: + - name: bash-version + run: echo "::add-mask::$MY_NAME" +``` + +{% endbash %} + +{% powershell %} + +```yaml{:copy} +jobs: + powershell-example: + runs-on: windows-latest + env: + MY_NAME: "Mona The Octocat" + steps: + - name: powershell-version + run: Write-Output "::add-mask::$env:MY_NAME" +``` + +{% endpowershell %} ## Stopping and starting workflow commands @@ -328,40 +386,48 @@ To stop the processing of workflow commands, pass a unique token to `stop-comman ### Example: Stopping and starting workflow commands -{% raw %} -- Using bash: - ```yaml{:copy} - jobs: - workflow-command-job: - runs-on: ubuntu-latest - steps: - - name: disable workflow commands - run: | - echo '::warning:: this is a warning' - echo "::stop-commands::`echo -n ${{ github.token }} | sha256sum | head -c 64`" - echo '::warning:: this will NOT be a warning' - echo "::`echo -n ${{ github.token }} | sha256sum | head -c 64`::" - echo '::warning:: this is a warning again' - ``` +{% bash %} -- Using PowerShell: - ```yaml{:copy} - jobs: - workflow-command-job: - runs-on: windows-latest - steps: - - name: disable workflow commands - run: | - Write-Output '::warning:: this is a warning' - $stopMarker = New-Guid - Write-Output "::stop-commands::$stopMarker" - Write-Output '::warning:: this will NOT be a warning' - Write-Output "::$stopMarker::" - Write-Output '::warning:: this is a warning again' - ``` +{% raw %} + +```yaml{:copy} +jobs: + workflow-command-job: + runs-on: ubuntu-latest + steps: + - name: disable workflow commands + run: | + echo '::warning:: this is a warning' + echo "::stop-commands::`echo -n ${{ github.token }} | sha256sum | head -c 64`" + echo '::warning:: this will NOT be a warning' + echo "::`echo -n ${{ github.token }} | sha256sum | head -c 64`::" + echo '::warning:: this is a warning again' +``` +{% endraw %} + +{% endbash %} + +{% powershell %} + +{% raw %} +```yaml{:copy} +jobs: + workflow-command-job: + runs-on: windows-latest + steps: + - name: disable workflow commands + run: | + Write-Output '::warning:: this is a warning' + $stopMarker = New-Guid + Write-Output "::stop-commands::$stopMarker" + Write-Output '::warning:: this will NOT be a warning' + Write-Output "::$stopMarker::" + Write-Output '::warning:: this is a warning again' +``` {% endraw %} +{% endpowershell %} ## Echoing command outputs Enables or disables echoing of workflow commands. For example, if you use the `set-output` command in a workflow, it sets an output parameter but the workflow run's log does not show the command itself. If you enable command echoing, then the log shows the command, such as `::set-output name={name}::{value}`. @@ -379,35 +445,41 @@ You can also enable command echoing globally by turning on step debug logging us ### Example: Toggling command echoing -- Using bash: - ```yaml{:copy} - jobs: - workflow-command-job: - runs-on: ubuntu-latest - steps: - - name: toggle workflow command echoing - run: | - echo '::set-output name=action_echo::disabled' - echo '::echo::on' - echo '::set-output name=action_echo::enabled' - echo '::echo::off' - echo '::set-output name=action_echo::disabled' - ``` +{% bash %} -- Using PowerShell: - ```yaml{:copy} - jobs: - workflow-command-job: - runs-on: windows-latest - steps: - - name: toggle workflow command echoing - run: | - write-output "::set-output name=action_echo::disabled" - write-output "::echo::on" - write-output "::set-output name=action_echo::enabled" - write-output "::echo::off" - write-output "::set-output name=action_echo::disabled" - ``` +```yaml{:copy} +jobs: + workflow-command-job: + runs-on: ubuntu-latest + steps: + - name: toggle workflow command echoing + run: | + echo '::set-output name=action_echo::disabled' + echo '::echo::on' + echo '::set-output name=action_echo::enabled' + echo '::echo::off' + echo '::set-output name=action_echo::disabled' +``` + +{% endbash %} + +{% powershell %} + +```yaml{:copy} +jobs: + workflow-command-job: + runs-on: windows-latest + steps: + - name: toggle workflow command echoing + run: | + write-output "::set-output name=action_echo::disabled" + write-output "::echo::on" + write-output "::set-output name=action_echo::enabled" + write-output "::echo::off" + write-output "::set-output name=action_echo::disabled" +``` + +{% endpowershell %} The example above prints the following lines to the log: @@ -418,6 +490,8 @@ The example above prints the following lines to the log: Only the second `set-output` and `echo` workflow commands are included in the log because command echoing was only enabled when they were run. Even though it is not always echoed, the output parameter is set in all cases. + + ## Sending values to the pre and post actions You can use the `save-state` command to create environment variables for sharing with your workflow's `pre:` or `post:` actions. For example, you can create a file with the `pre:` action, pass the file location to the `main:` action, and then use the `post:` action to delete the file. Alternatively, you could create a file with the `main:` action, pass the file location to the `post:` action, and also use the `post:` action to delete the file. @@ -442,6 +516,8 @@ console.log("The running PID from the main action is: " + process.env.STATE_pro During the execution of a workflow, the runner generates temporary files that can be used to perform certain actions. The path to these files are exposed via environment variables. You will need to use UTF-8 encoding when writing to these files to ensure proper processing of the commands. Multiple commands can be written to the same file, separated by newlines. +{% powershell %} + {% note %} **Note:** PowerShell versions 5.1 and below (`shell: powershell`) do not use UTF-8 by default, so you must specify the UTF-8 encoding. For example: @@ -470,57 +546,71 @@ jobs: {% endnote %} +{% endpowershell %} + ## Setting an environment variable -- Using bash: - ```bash{:copy} - echo "{environment_variable_name}={value}" >> $GITHUB_ENV - ``` +{% bash %} + +```bash{:copy} +echo "{environment_variable_name}={value}" >> $GITHUB_ENV +``` + +{% endbash %} + +{% powershell %} - Using PowerShell version 6 and higher: - ```pwsh{:copy} - "{environment_variable_name}={value}" >> $env:GITHUB_ENV - ``` +```pwsh{:copy} +"{environment_variable_name}={value}" >> $env:GITHUB_ENV +``` - Using PowerShell version 5.1 and below: - ```powershell{:copy} - "{environment_variable_name}={value}" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append - ``` +```powershell{:copy} +"{environment_variable_name}={value}" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append +``` + +{% endpowershell %} You can make an environment variable available to any subsequent steps in a workflow job by defining or updating the environment variable and writing this to the `GITHUB_ENV` environment file. The step that creates or updates the environment variable does not have access to the new value, but all subsequent steps in a job will have access. The names of environment variables are case-sensitive, and you can include punctuation. For more information, see "[Environment variables](/actions/learn-github-actions/environment-variables)." ### Example -- Using bash: - {% raw %} - ```yaml{:copy} - steps: - - name: Set the value - id: step_one - run: | - echo "action_state=yellow" >> $GITHUB_ENV - - name: Use the value - id: step_two - run: | - echo "${{ env.action_state }}" # This will output 'yellow' - ``` - {% endraw %} +{% bash %} -- Using PowerShell: +{% raw %} +```yaml{:copy} +steps: + - name: Set the value + id: step_one + run: | + echo "action_state=yellow" >> $GITHUB_ENV + - name: Use the value + id: step_two + run: | + echo "${{ env.action_state }}" # This will output 'yellow' +``` +{% endraw %} - {% raw %} - ```yaml{:copy} - steps: - - name: Set the value - id: step_one - run: | - "action_state=yellow" >> $env:GITHUB_ENV - - name: Use the value - id: step_two - run: | - Write-Output "${{ env.action_state }}" # This will output 'yellow' - ``` - {% endraw %} +{% endbash %} + +{% powershell %} + +{% raw %} +```yaml{:copy} +steps: + - name: Set the value + id: step_one + run: | + "action_state=yellow" >> $env:GITHUB_ENV + - name: Use the value + id: step_two + run: | + Write-Output "${{ env.action_state }}" # This will output 'yellow' +``` +{% endraw %} + +{% endpowershell %} ### Multiline strings @@ -565,28 +655,40 @@ steps: Prepends a directory to the system `PATH` variable and automatically makes it available to all subsequent actions in the current job; the currently running action cannot access the updated path variable. To see the currently defined paths for your job, you can use `echo "$PATH"` in a step or an action. -- Using bash: - ```bash{:copy} - echo "{path}" >> $GITHUB_PATH - ``` +{% bash %} -- Using PowerShell: - ```pwsh{:copy} - "{path}" >> $env:GITHUB_PATH - ``` +```bash{:copy} +echo "{path}" >> $GITHUB_PATH +``` +{% endbash %} + +{% powershell %} + +```pwsh{:copy} +"{path}" >> $env:GITHUB_PATH +``` + +{% endpowershell %} ### Example This example demonstrates how to add the user `$HOME/.local/bin` directory to `PATH`: -- Using bash: - ```bash{:copy} - echo "$HOME/.local/bin" >> $GITHUB_PATH - ``` +{% bash %} + +```bash{:copy} +echo "$HOME/.local/bin" >> $GITHUB_PATH +``` + +{% endbash %} + This example demonstrates how to add the user `$env:HOMEPATH/.local/bin` directory to `PATH`: -- Using PowerShell: - ```pwsh{:copy} - "$env:HOMEPATH/.local/bin" >> $env:GITHUB_PATH - ``` +{% powershell %} + +```pwsh{:copy} +"$env:HOMEPATH/.local/bin" >> $env:GITHUB_PATH +``` + +{% endpowershell %} diff --git a/lib/frontmatter.js b/lib/frontmatter.js index 5f8a673ad6..0d14fabc2f 100644 --- a/lib/frontmatter.js +++ b/lib/frontmatter.js @@ -181,7 +181,18 @@ export const schema = { // Tool-specific content preference defaultTool: { type: 'string', - enum: ['webui', 'cli', 'desktop', 'curl', 'codespaces', 'vscode', 'importer_cli', 'graphql'], + enum: [ + 'webui', + 'cli', + 'desktop', + 'curl', + 'codespaces', + 'vscode', + 'importer_cli', + 'graphql', + 'powershell', + 'bash', + ], }, // Documentation contributed by a third party, such as a GitHub Partner contributor: { diff --git a/lib/liquid-tags/extended-markdown.js b/lib/liquid-tags/extended-markdown.js index 507b8b83c2..20eec54659 100644 --- a/lib/liquid-tags/extended-markdown.js +++ b/lib/liquid-tags/extended-markdown.js @@ -10,6 +10,8 @@ export const tags = { vscode: '', importer_cli: '', graphql: '', + powershell: '', + bash: '', all: '', tip: 'border rounded-1 mb-4 p-3 color-border-accent-emphasis color-bg-accent f5', note: 'border rounded-1 mb-4 p-3 color-border-accent-emphasis color-bg-accent f5', diff --git a/lib/page.js b/lib/page.js index 0041c699ab..6e66b4f02e 100644 --- a/lib/page.js +++ b/lib/page.js @@ -294,6 +294,8 @@ class Page { 'vscode', `importer_cli`, `graphql`, + 'powershell', + 'bash', ].filter((tool) => html.includes(`extended-markdown ${tool}`) || html.includes(`tool-${tool}`)) this.includesToolSpecificContent = this.detectedTools.length > 0 diff --git a/lib/schema-event.js b/lib/schema-event.js index 4d4e94a624..ec9564573e 100644 --- a/lib/schema-event.js +++ b/lib/schema-event.js @@ -146,7 +146,18 @@ const context = { }, application_preference: { type: 'string', - enum: ['webui', 'cli', 'desktop', 'curl', 'codespaces', 'vscode', 'importer_cli', 'graphql'], + enum: [ + 'webui', + 'cli', + 'desktop', + 'curl', + 'codespaces', + 'vscode', + 'importer_cli', + 'graphql', + 'powershell', + 'bash', + ], description: 'The application selected by the user.', }, color_mode_preference: { @@ -449,6 +460,8 @@ const preferenceSchema = { 'vscode', 'importer_cli', 'graphql', + 'powershell', + 'bash', 'dark', 'light', 'auto', From 8361e1e627ad0319ff550cb946add470f8001e01 Mon Sep 17 00:00:00 2001 From: Martin Lopes Date: Thu, 3 Mar 2022 16:49:41 +1000 Subject: [PATCH 12/52] Empty commit for CI From 17ac762d7a414111ecc2e444b1ee0f104cfda0c3 Mon Sep 17 00:00:00 2001 From: Martin Lopes Date: Fri, 4 Mar 2022 12:46:11 +1000 Subject: [PATCH 13/52] Switched to uuidgen, added clearer example messages --- .../workflow-commands-for-github-actions.md | 21 ++++++++++--------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/content/actions/using-workflows/workflow-commands-for-github-actions.md b/content/actions/using-workflows/workflow-commands-for-github-actions.md index 079495aab3..e115e71d54 100644 --- a/content/actions/using-workflows/workflow-commands-for-github-actions.md +++ b/content/actions/using-workflows/workflow-commands-for-github-actions.md @@ -395,13 +395,14 @@ jobs: workflow-command-job: runs-on: ubuntu-latest steps: - - name: disable workflow commands + - name: Disable workflow commands run: | - echo '::warning:: this is a warning' - echo "::stop-commands::`echo -n ${{ github.token }} | sha256sum | head -c 64`" - echo '::warning:: this will NOT be a warning' - echo "::`echo -n ${{ github.token }} | sha256sum | head -c 64`::" - echo '::warning:: this is a warning again' + echo '::warning:: This is a warning message, to demonstrate that commands are being processed.' + stopMarker=$(uuidgen) + echo "::stop-commands::$stopMarker" + echo '::warning:: This will NOT be rendered as a warning, because stop-commands has been invoked.' + echo "::$stopMarker::" + echo '::warning:: This is a warning again, because stop-commands has been turned off.' ``` {% endraw %} @@ -415,14 +416,14 @@ jobs: workflow-command-job: runs-on: windows-latest steps: - - name: disable workflow commands + - name: Disable workflow commands run: | - Write-Output '::warning:: this is a warning' + Write-Output '::warning:: This is a warning message, to demonstrate that commands are being processed.' $stopMarker = New-Guid Write-Output "::stop-commands::$stopMarker" - Write-Output '::warning:: this will NOT be a warning' + Write-Output '::warning:: This will NOT be rendered as a warning, because stop-commands has been invoked.' Write-Output "::$stopMarker::" - Write-Output '::warning:: this is a warning again' + Write-Output '::warning:: This is a warning again, because stop-commands has been turned off.' ``` {% endraw %} From d0f7d0fb606be27f1756d0d02c14fa184624d855 Mon Sep 17 00:00:00 2001 From: Martin Lopes Date: Fri, 4 Mar 2022 13:01:00 +1000 Subject: [PATCH 14/52] Update content-markup-reference.md --- contributing/content-markup-reference.md | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/contributing/content-markup-reference.md b/contributing/content-markup-reference.md index 8d71dffedd..7d8fe5dd2e 100644 --- a/contributing/content-markup-reference.md +++ b/contributing/content-markup-reference.md @@ -196,6 +196,22 @@ These instructions are pertinent to GraphQL API users. {% endgraphql %} ``` +``` +{% powershell %} + +These instructions are pertinent to `pwsh` and `powershell` commands. + +{% endpowershell %} +``` + +``` +{% bash %} + +These instructions are pertinent to Bash shell commands. + +{% endbash %} +``` + You can define a default tool in the frontmatter. For more information, see the [content README](../content/README.md#defaulttool). ## Reusable and variable strings of text From 266e5473448c55cbb6a56f3692fe2365feaf520d Mon Sep 17 00:00:00 2001 From: Martin Lopes Date: Fri, 4 Mar 2022 13:05:21 +1000 Subject: [PATCH 15/52] Update workflow-commands-for-github-actions.md --- .../workflow-commands-for-github-actions.md | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/content/actions/using-workflows/workflow-commands-for-github-actions.md b/content/actions/using-workflows/workflow-commands-for-github-actions.md index e115e71d54..e782c47e65 100644 --- a/content/actions/using-workflows/workflow-commands-for-github-actions.md +++ b/content/actions/using-workflows/workflow-commands-for-github-actions.md @@ -627,7 +627,7 @@ For multiline strings, you may use a delimiter with the following syntax. This example uses `EOF` as a delimiter, and sets the `JSON_RESPONSE` environment variable to the value of the `curl` response. -The following example demonstrates how to do this in Bash: +{% bash %} ```yaml{:copy} steps: @@ -639,7 +639,9 @@ steps: echo 'EOF' >> $GITHUB_ENV ``` -The following example demonstrates how to do this in PowerShell Core (version 6 and above): +{% endbash %} + +{% powershell %} ```yaml{:copy} steps: @@ -652,6 +654,8 @@ steps: shell: pwsh ``` +{% endpowershell %} + ## Adding a system path Prepends a directory to the system `PATH` variable and automatically makes it available to all subsequent actions in the current job; the currently running action cannot access the updated path variable. To see the currently defined paths for your job, you can use `echo "$PATH"` in a step or an action. From ae88a1b0af27f2018504ce10ea9175452541849b Mon Sep 17 00:00:00 2001 From: Martin Lopes Date: Mon, 7 Mar 2022 14:02:22 +1000 Subject: [PATCH 16/52] Update workflow-commands-for-github-actions.md --- .../workflow-commands-for-github-actions.md | 24 +++++++++---------- 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/content/actions/using-workflows/workflow-commands-for-github-actions.md b/content/actions/using-workflows/workflow-commands-for-github-actions.md index e782c47e65..07d38e4321 100644 --- a/content/actions/using-workflows/workflow-commands-for-github-actions.md +++ b/content/actions/using-workflows/workflow-commands-for-github-actions.md @@ -122,7 +122,7 @@ The following table shows which toolkit functions are available within a workflo Sets an action's output parameter. -```plaintext{:copy} +```{:copy} ::set-output name={name}::{value} ``` @@ -150,7 +150,7 @@ Write-Output "::set-output name=action_fruit::strawberry" Prints a debug message to the log. You must create a secret named `ACTIONS_STEP_DEBUG` with the value `true` to see the debug messages set by this command in the log. For more information, see "[Enabling debug logging](/actions/managing-workflow-runs/enabling-debug-logging)." -```plaintext{:copy} +```{:copy} ::debug::{message} ``` @@ -178,7 +178,7 @@ Write-Output "::debug::Set the Octocat variable" Creates a notice message and prints the message to the log. {% data reusables.actions.message-annotation-explanation %} -```plaintext{:copy} +```{:copy} ::notice file={name},line={line},endLine={endLine},title={title}::{message} ``` @@ -207,7 +207,7 @@ Write-Output "::notice file=app.js,line=1,col=5,endColumn=7::Missing semicolon" Creates a warning message and prints the message to the log. {% data reusables.actions.message-annotation-explanation %} -```plaintext{:copy} +```{:copy} ::warning file={name},line={line},endLine={endLine},title={title}::{message} ``` @@ -234,7 +234,7 @@ Write-Output "::warning file=app.js,line=1,col=5,endColumn=7::Missing semicolon" Creates an error message and prints the message to the log. {% data reusables.actions.message-annotation-explanation %} -```plaintext{:copy} +```{:copy} ::error file={name},line={line},endLine={endLine},title={title}::{message} ``` @@ -261,7 +261,7 @@ Write-Output "::error file=app.js,line=1,col=5,endColumn=7::Missing semicolon" Creates an expandable group in the log. To create a group, use the `group` command and specify a `title`. Anything you print to the log between the `group` and `endgroup` commands is nested inside an expandable entry in the log. -```plaintext{:copy} +```{:copy} ::group::{title} ::endgroup:: ``` @@ -304,7 +304,7 @@ jobs: ## Masking a value in log -```plaintext{:copy} +```{:copy} ::add-mask::{value} ``` @@ -368,7 +368,7 @@ jobs: Stops processing any workflow commands. This special command allows you to log anything without accidentally running a workflow command. For example, you could stop logging to output an entire script that has comments. -```plaintext{:copy} +```{:copy} ::stop-commands::{endtoken} ``` @@ -380,7 +380,7 @@ To stop the processing of workflow commands, pass a unique token to `stop-comman {% endwarning %} -```plaintext{:copy} +```{:copy} ::{endtoken}:: ``` @@ -433,7 +433,7 @@ jobs: Enables or disables echoing of workflow commands. For example, if you use the `set-output` command in a workflow, it sets an output parameter but the workflow run's log does not show the command itself. If you enable command echoing, then the log shows the command, such as `::set-output name={name}::{value}`. -```plaintext{:copy} +```{:copy} ::echo::on ::echo::off ``` @@ -484,7 +484,7 @@ jobs: The example above prints the following lines to the log: -```plaintext{:copy} +```{:copy} ::set-output name=action_echo::enabled ::echo::off ``` @@ -617,7 +617,7 @@ steps: For multiline strings, you may use a delimiter with the following syntax. -```plaintext{:copy} +```{:copy} {name}<<{delimiter} {value} {delimiter} From be2e1da85ee8dfb3a163d8bd3a15da0f274861a9 Mon Sep 17 00:00:00 2001 From: Ritesh Patil Date: Tue, 8 Mar 2022 11:53:12 +0000 Subject: [PATCH 17/52] fix: add a note to install the webrick gem for Ruby 3.0 users --- .../testing-your-github-pages-site-locally-with-jekyll.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/content/pages/setting-up-a-github-pages-site-with-jekyll/testing-your-github-pages-site-locally-with-jekyll.md b/content/pages/setting-up-a-github-pages-site-with-jekyll/testing-your-github-pages-site-locally-with-jekyll.md index 0468b92cc8..254fedaebc 100644 --- a/content/pages/setting-up-a-github-pages-site-with-jekyll/testing-your-github-pages-site-locally-with-jekyll.md +++ b/content/pages/setting-up-a-github-pages-site-with-jekyll/testing-your-github-pages-site-locally-with-jekyll.md @@ -50,6 +50,10 @@ Before you can use Jekyll to test a site, you must: ``` 3. To preview your site, in your web browser, navigate to `http://localhost:4000`. +{% note %} +**Note**: If you are using Ruby 3.0 and Jekyll v4.2.x or older, you will need to add the gem "webrick" to your project's Gemfile and run `bundle install` +{% endnote %} + ## Updating the {% data variables.product.prodname_pages %} gem Jekyll is an active open source project that is updated frequently. If the `github-pages` gem on your computer is out of date with the `github-pages` gem on the {% data variables.product.prodname_pages %} server, your site may look different when built locally than when published on {% data variables.product.product_name %}. To avoid this, regularly update the `github-pages` gem on your computer. From 3d1de14fc62bfb7a8b9bdb6876581977bc6a982c Mon Sep 17 00:00:00 2001 From: Jesse Houwing Date: Fri, 11 Mar 2022 14:06:03 +0100 Subject: [PATCH 18/52] Update workflow-commands-for-github-actions.md --- .../using-workflows/workflow-commands-for-github-actions.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/content/actions/using-workflows/workflow-commands-for-github-actions.md b/content/actions/using-workflows/workflow-commands-for-github-actions.md index 07d38e4321..a0304bf2ef 100644 --- a/content/actions/using-workflows/workflow-commands-for-github-actions.md +++ b/content/actions/using-workflows/workflow-commands-for-github-actions.md @@ -429,6 +429,7 @@ jobs: {% endraw %} {% endpowershell %} + ## Echoing command outputs Enables or disables echoing of workflow commands. For example, if you use the `set-output` command in a workflow, it sets an output parameter but the workflow run's log does not show the command itself. If you enable command echoing, then the log shows the command, such as `::set-output name={name}::{value}`. @@ -491,8 +492,6 @@ The example above prints the following lines to the log: Only the second `set-output` and `echo` workflow commands are included in the log because command echoing was only enabled when they were run. Even though it is not always echoed, the output parameter is set in all cases. - - ## Sending values to the pre and post actions You can use the `save-state` command to create environment variables for sharing with your workflow's `pre:` or `post:` actions. For example, you can create a file with the `pre:` action, pass the file location to the `main:` action, and then use the `post:` action to delete the file. Alternatively, you could create a file with the `main:` action, pass the file location to the `post:` action, and also use the `post:` action to delete the file. From a0c0780ae3ba4bc96cb144e5ac8a44a7b530abff Mon Sep 17 00:00:00 2001 From: Ritesh Patil Date: Thu, 17 Mar 2022 05:36:25 +0000 Subject: [PATCH 19/52] fix: resolve suggested changes --- .../testing-your-github-pages-site-locally-with-jekyll.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/content/pages/setting-up-a-github-pages-site-with-jekyll/testing-your-github-pages-site-locally-with-jekyll.md b/content/pages/setting-up-a-github-pages-site-with-jekyll/testing-your-github-pages-site-locally-with-jekyll.md index 254fedaebc..6c243ce6e4 100644 --- a/content/pages/setting-up-a-github-pages-site-with-jekyll/testing-your-github-pages-site-locally-with-jekyll.md +++ b/content/pages/setting-up-a-github-pages-site-with-jekyll/testing-your-github-pages-site-locally-with-jekyll.md @@ -51,7 +51,9 @@ Before you can use Jekyll to test a site, you must: 3. To preview your site, in your web browser, navigate to `http://localhost:4000`. {% note %} -**Note**: If you are using Ruby 3.0 and Jekyll v4.2.x or older, you will need to add the gem "webrick" to your project's Gemfile and run `bundle install` + +**Note:** If you are using Ruby 3.0 and Jekyll 4.2.x or older, you will need to add the `webrick` gem to your project's Gemfile prior to running `bundle install`. + {% endnote %} ## Updating the {% data variables.product.prodname_pages %} gem From 63978b65ee2978eb62ac0ff605994d93bc3cf550 Mon Sep 17 00:00:00 2001 From: Martin Lopes Date: Fri, 18 Mar 2022 09:33:40 +1000 Subject: [PATCH 20/52] Update workflow-commands-for-github-actions.md --- .../using-workflows/workflow-commands-for-github-actions.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/actions/using-workflows/workflow-commands-for-github-actions.md b/content/actions/using-workflows/workflow-commands-for-github-actions.md index a0304bf2ef..8943c34c0c 100644 --- a/content/actions/using-workflows/workflow-commands-for-github-actions.md +++ b/content/actions/using-workflows/workflow-commands-for-github-actions.md @@ -376,7 +376,7 @@ To stop the processing of workflow commands, pass a unique token to `stop-comman {% warning %} -**Warning:** Make sure the token you're using is randomly generated and unique for each run. As demonstrated in the example below, you can generate a unique hash of your `github.token` for each run. +**Warning:** Make sure the token you're using is randomly generated and unique for each run. {% endwarning %} From 464e527261a19e2de876b96191c259385d9e4167 Mon Sep 17 00:00:00 2001 From: CommanderRoot Date: Fri, 18 Mar 2022 10:53:15 +0100 Subject: [PATCH 21/52] chore: replace deprecated String.prototype.substr() .substr() is deprecated so we replace it with .slice() which works similarily but isn't deprecated Signed-off-by: Tobias Speicher --- .github/actions-scripts/projects.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/actions-scripts/projects.js b/.github/actions-scripts/projects.js index 86480f8bf5..249b8e1aef 100644 --- a/.github/actions-scripts/projects.js +++ b/.github/actions-scripts/projects.js @@ -190,7 +190,7 @@ export function generateUpdateProjectNextItemFieldMutation({ // Strip all non-alphanumeric out of the item ID when creating the mutation ID to avoid a GraphQL parsing error // (statistically, this should still give us a unique mutation ID) return ` - set_${fieldID.substr(1)}_item_${item.replaceAll( + set_${fieldID.slice(1)}_item_${item.replaceAll( /[^a-z0-9]/g, '' )}: updateProjectNextItemField(input: { From 06cf952123eeb7a4532e0dad026fb8fa73bde781 Mon Sep 17 00:00:00 2001 From: Brendon Smith Date: Fri, 18 Mar 2022 10:20:40 -0400 Subject: [PATCH 22/52] Document how to use secrets with `if:` conditionals in GitHub Actions workflows (#12722) * :lock: Document how to use secrets with `if:` github/docs#6861 github/docs#12722 - Add a complete workflow example to `jobs..steps[*].if`, demonstrating how to skip a step if a secret is not present - Add an explanation to "Using encrypted secrets in a workflow" - Cross-reference the two pages * :lock: Compare secrets with empty strings in `if:` github/docs#6861 https://github.com/github/docs/pull/12722#discussion_r801011000 Rather than referencing two secrets: 1. `${{ secrets.SECRET_IS_SET }}` 2. `${{ secrets.SECRET_IS_NOT_SET }}`) This commit will update the related section of the docs to reference a single secret (`${{ secrets.SECRET_IS_SET }}`), and will update the `if:` conditionals to compare with empty strings as suggested. * :lock: Add missing `{% raw %}`/`{% endraw %}` github/docs#6861 github/docs#12722 Some `${{ }}` values were converted to `$` in the preview environment. Adding `{% raw %}`/`{% endraw %}` will preserve the raw value. * :lock: Match variable and secret names in examples github/docs#6861 https://github.com/github/docs/pull/12722#discussion_r801011000 This PR adds an example of how to use secrets with `if:` conditionals. The reviewer suggested comparing variable values with empty strings to make the `if:` conditionals clearer. Commit cecdf00 updated the secret names accordingly, but the names of the secret and environment variable may still have been confusing. This commit will update the secret and environment variable names to match the cross-referenced example on the "Encrypted secrets" page. * Update content/actions/using-workflows/workflow-syntax-for-github-actions.md Co-authored-by: hubwriter --- .../security-guides/encrypted-secrets.md | 4 +++ .../workflow-syntax-for-github-actions.md | 25 +++++++++++++++++++ 2 files changed, 29 insertions(+) diff --git a/content/actions/security-guides/encrypted-secrets.md b/content/actions/security-guides/encrypted-secrets.md index e6a4f5b110..d202e8bfb0 100644 --- a/content/actions/security-guides/encrypted-secrets.md +++ b/content/actions/security-guides/encrypted-secrets.md @@ -227,6 +227,10 @@ steps: ``` {% endraw %} +Secrets cannot be directly referenced in `if:` conditionals. Instead, consider setting secrets as job-level environment variables, then referencing the environment variables to conditionally run steps in the job. For more information, see "[Context availability](/actions/learn-github-actions/contexts#context-availability)" and [`jobs..steps[*].if`](/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsif). + +If a secret has not been set, the return value of an expression referencing the secret (such as {% raw %}`${{ secrets.SuperSecret }}`{% endraw %} in the example) will be an empty string. + Avoid passing secrets between processes from the command line, whenever possible. Command-line processes may be visible to other users (using the `ps` command) or captured by [security audit events](https://docs.microsoft.com/windows-server/identity/ad-ds/manage/component-updates/command-line-process-auditing). To help protect secrets, consider using environment variables, `STDIN`, or other mechanisms supported by the target process. If you must pass secrets within a command line, then enclose them within the proper quoting rules. Secrets often contain special characters that may unintentionally affect your shell. To escape these special characters, use quoting with your environment variables. For example: diff --git a/content/actions/using-workflows/workflow-syntax-for-github-actions.md b/content/actions/using-workflows/workflow-syntax-for-github-actions.md index 9f67d03ed7..40e81f395f 100644 --- a/content/actions/using-workflows/workflow-syntax-for-github-actions.md +++ b/content/actions/using-workflows/workflow-syntax-for-github-actions.md @@ -342,6 +342,31 @@ steps: uses: actions/heroku@1.0.0 ``` +#### Example: Using secrets + +Secrets cannot be directly referenced in `if:` conditionals. Instead, consider setting secrets as job-level environment variables, then referencing the environment variables to conditionally run steps in the job. + +If a secret has not been set, the return value of an expression referencing the secret (such as {% raw %}`${{ secrets.SuperSecret }}`{% endraw %} in the example) will be an empty string. + +{% raw %} +```yaml +name: Run a step if a secret has been set +on: push +jobs: + my-jobname: + runs-on: ubuntu-latest + env: + super_secret: ${{ secrets.SuperSecret }} + steps: + - if: ${{ env.super_secret != '' }} + run: echo 'This step will only run if the secret has a value set.' + - if: ${{ env.super_secret == '' }} + run: echo 'This step will only run if the secret does not have a value set.' +``` +{% endraw %} + +For more information, see "[Context availability](/actions/learn-github-actions/contexts#context-availability)" and "[Encrypted secrets](/actions/security-guides/encrypted-secrets)." + ### `jobs..steps[*].name` A name for your step to display on {% data variables.product.prodname_dotcom %}. From 379897a985c55193cc11ed133288cd540820db57 Mon Sep 17 00:00:00 2001 From: Peter Bengtsson Date: Fri, 18 Mar 2022 11:39:10 -0400 Subject: [PATCH 23/52] upgrade eslint plus cousins (#26316) --- package-lock.json | 221 +++++++++++++++++++++------------------------- package.json | 6 +- 2 files changed, 106 insertions(+), 121 deletions(-) diff --git a/package-lock.json b/package-lock.json index cc4d3ba9e6..db07591998 100644 --- a/package-lock.json +++ b/package-lock.json @@ -111,8 +111,8 @@ "@types/react-dom": "^17.0.11", "@types/react-syntax-highlighter": "^13.5.2", "@types/uuid": "^8.3.4", - "@typescript-eslint/eslint-plugin": "5.13.0", - "@typescript-eslint/parser": "5.13.0", + "@typescript-eslint/eslint-plugin": "5.15.0", + "@typescript-eslint/parser": "5.15.0", "async": "^3.2.3", "babel-loader": "^8.2.3", "babel-plugin-styled-components": "^2.0.2", @@ -124,7 +124,7 @@ "csp-parse": "0.0.2", "dedent": "^0.7.0", "domwaiter": "^1.3.0", - "eslint": "8.10.0", + "eslint": "8.11.0", "eslint-config-prettier": "^8.3.0", "eslint-config-standard": "^16.0.3", "eslint-plugin-import": "^2.25.4", @@ -1997,16 +1997,16 @@ "integrity": "sha512-OWORNpfjMsSSUBVrRBVGECkhWcULOAJz9ZW8uK9qgxD+87M7jHRcvh/A96XXNhXTLmKcoYSQtBEX7lHMO7YRwg==" }, "node_modules/@eslint/eslintrc": { - "version": "1.2.0", - "resolved": "https://registry.npmjs.org/@eslint/eslintrc/-/eslintrc-1.2.0.tgz", - "integrity": "sha512-igm9SjJHNEJRiUnecP/1R5T3wKLEJ7pL6e2P+GUSfCd0dGjPYYZve08uzw8L2J8foVHFz+NGu12JxRcU2gGo6w==", + "version": "1.2.1", + "resolved": "https://registry.npmjs.org/@eslint/eslintrc/-/eslintrc-1.2.1.tgz", + "integrity": "sha512-bxvbYnBPN1Gibwyp6NrpnFzA3YtRL3BBAyEAFVIpNTm2Rn4Vy87GA5M4aSn3InRrlsbX5N0GW7XIx+U4SAEKdQ==", "dev": true, "dependencies": { "ajv": "^6.12.4", "debug": "^4.3.2", "espree": "^9.3.1", "globals": "^13.9.0", - "ignore": "^4.0.6", + "ignore": "^5.2.0", "import-fresh": "^3.2.1", "js-yaml": "^4.1.0", "minimatch": "^3.0.4", @@ -2043,9 +2043,9 @@ } }, "node_modules/@eslint/eslintrc/node_modules/globals": { - "version": "13.12.1", - "resolved": "https://registry.npmjs.org/globals/-/globals-13.12.1.tgz", - "integrity": "sha512-317dFlgY2pdJZ9rspXDks7073GpDmXdfbM3vYYp0HAMKGDh1FfWPleI2ljVNLQX5M5lXcAslTcPTrOrMEFOjyw==", + "version": "13.13.0", + "resolved": "https://registry.npmjs.org/globals/-/globals-13.13.0.tgz", + "integrity": "sha512-EQ7Q18AJlPwp3vUDL4mKA0KXrXyNIQyWon6T6XQiBQF0XHvRsiCSrWmmeATpUzdJN2HhWZU6Pdl0a9zdep5p6A==", "dev": true, "dependencies": { "type-fest": "^0.20.2" @@ -2057,15 +2057,6 @@ "url": "https://github.com/sponsors/sindresorhus" } }, - "node_modules/@eslint/eslintrc/node_modules/ignore": { - "version": "4.0.6", - "resolved": "https://registry.npmjs.org/ignore/-/ignore-4.0.6.tgz", - "integrity": "sha512-cyFDKrqc/YdcWFniJhzI42+AzS+gNwmUzOSFcRCQYwySuBBBy/KjuxWLZ/FHEH6Moq1NizMOBWyTcv8O4OZIMg==", - "dev": true, - "engines": { - "node": ">= 4" - } - }, "node_modules/@eslint/eslintrc/node_modules/json-schema-traverse": { "version": "0.4.1", "resolved": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-0.4.1.tgz", @@ -4219,14 +4210,14 @@ } }, "node_modules/@typescript-eslint/eslint-plugin": { - "version": "5.13.0", - "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-5.13.0.tgz", - "integrity": "sha512-vLktb2Uec81fxm/cfz2Hd6QaWOs8qdmVAZXLdOBX6JFJDhf6oDZpMzZ4/LZ6SFM/5DgDcxIMIvy3F+O9yZBuiQ==", + "version": "5.15.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-5.15.0.tgz", + "integrity": "sha512-u6Db5JfF0Esn3tiAKELvoU5TpXVSkOpZ78cEGn/wXtT2RVqs2vkt4ge6N8cRCyw7YVKhmmLDbwI2pg92mlv7cA==", "dev": true, "dependencies": { - "@typescript-eslint/scope-manager": "5.13.0", - "@typescript-eslint/type-utils": "5.13.0", - "@typescript-eslint/utils": "5.13.0", + "@typescript-eslint/scope-manager": "5.15.0", + "@typescript-eslint/type-utils": "5.15.0", + "@typescript-eslint/utils": "5.15.0", "debug": "^4.3.2", "functional-red-black-tree": "^1.0.1", "ignore": "^5.1.8", @@ -4252,14 +4243,14 @@ } }, "node_modules/@typescript-eslint/parser": { - "version": "5.13.0", - "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-5.13.0.tgz", - "integrity": "sha512-GdrU4GvBE29tm2RqWOM0P5QfCtgCyN4hXICj/X9ibKED16136l9ZpoJvCL5pSKtmJzA+NRDzQ312wWMejCVVfg==", + "version": "5.15.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-5.15.0.tgz", + "integrity": "sha512-NGAYP/+RDM2sVfmKiKOCgJYPstAO40vPAgACoWPO/+yoYKSgAXIFaBKsV8P0Cc7fwKgvj27SjRNX4L7f4/jCKQ==", "dev": true, "dependencies": { - "@typescript-eslint/scope-manager": "5.13.0", - "@typescript-eslint/types": "5.13.0", - "@typescript-eslint/typescript-estree": "5.13.0", + "@typescript-eslint/scope-manager": "5.15.0", + "@typescript-eslint/types": "5.15.0", + "@typescript-eslint/typescript-estree": "5.15.0", "debug": "^4.3.2" }, "engines": { @@ -4279,13 +4270,13 @@ } }, "node_modules/@typescript-eslint/scope-manager": { - "version": "5.13.0", - "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-5.13.0.tgz", - "integrity": "sha512-T4N8UvKYDSfVYdmJq7g2IPJYCRzwtp74KyDZytkR4OL3NRupvswvmJQJ4CX5tDSurW2cvCc1Ia1qM7d0jpa7IA==", + "version": "5.15.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-5.15.0.tgz", + "integrity": "sha512-EFiZcSKrHh4kWk0pZaa+YNJosvKE50EnmN4IfgjkA3bTHElPtYcd2U37QQkNTqwMCS7LXeDeZzEqnsOH8chjSg==", "dev": true, "dependencies": { - "@typescript-eslint/types": "5.13.0", - "@typescript-eslint/visitor-keys": "5.13.0" + "@typescript-eslint/types": "5.15.0", + "@typescript-eslint/visitor-keys": "5.15.0" }, "engines": { "node": "^12.22.0 || ^14.17.0 || >=16.0.0" @@ -4296,12 +4287,12 @@ } }, "node_modules/@typescript-eslint/type-utils": { - "version": "5.13.0", - "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-5.13.0.tgz", - "integrity": "sha512-/nz7qFizaBM1SuqAKb7GLkcNn2buRdDgZraXlkhz+vUGiN1NZ9LzkA595tHHeduAiS2MsHqMNhE2zNzGdw43Yg==", + "version": "5.15.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-5.15.0.tgz", + "integrity": "sha512-KGeDoEQ7gHieLydujGEFLyLofipe9PIzfvA/41urz4hv+xVxPEbmMQonKSynZ0Ks2xDhJQ4VYjB3DnRiywvKDA==", "dev": true, "dependencies": { - "@typescript-eslint/utils": "5.13.0", + "@typescript-eslint/utils": "5.15.0", "debug": "^4.3.2", "tsutils": "^3.21.0" }, @@ -4322,9 +4313,9 @@ } }, "node_modules/@typescript-eslint/types": { - "version": "5.13.0", - "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-5.13.0.tgz", - "integrity": "sha512-LmE/KO6DUy0nFY/OoQU0XelnmDt+V8lPQhh8MOVa7Y5k2gGRd6U9Kp3wAjhB4OHg57tUO0nOnwYQhRRyEAyOyg==", + "version": "5.15.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-5.15.0.tgz", + "integrity": "sha512-yEiTN4MDy23vvsIksrShjNwQl2vl6kJeG9YkVJXjXZnkJElzVK8nfPsWKYxcsGWG8GhurYXP4/KGj3aZAxbeOA==", "dev": true, "engines": { "node": "^12.22.0 || ^14.17.0 || >=16.0.0" @@ -4335,13 +4326,13 @@ } }, "node_modules/@typescript-eslint/typescript-estree": { - "version": "5.13.0", - "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-5.13.0.tgz", - "integrity": "sha512-Q9cQow0DeLjnp5DuEDjLZ6JIkwGx3oYZe+BfcNuw/POhtpcxMTy18Icl6BJqTSd+3ftsrfuVb7mNHRZf7xiaNA==", + "version": "5.15.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-5.15.0.tgz", + "integrity": "sha512-Hb0e3dGc35b75xLzixM3cSbG1sSbrTBQDfIScqdyvrfJZVEi4XWAT+UL/HMxEdrJNB8Yk28SKxPLtAhfCbBInA==", "dev": true, "dependencies": { - "@typescript-eslint/types": "5.13.0", - "@typescript-eslint/visitor-keys": "5.13.0", + "@typescript-eslint/types": "5.15.0", + "@typescript-eslint/visitor-keys": "5.15.0", "debug": "^4.3.2", "globby": "^11.0.4", "is-glob": "^4.0.3", @@ -4362,15 +4353,15 @@ } }, "node_modules/@typescript-eslint/utils": { - "version": "5.13.0", - "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-5.13.0.tgz", - "integrity": "sha512-+9oHlPWYNl6AwwoEt5TQryEHwiKRVjz7Vk6kaBeD3/kwHE5YqTGHtm/JZY8Bo9ITOeKutFaXnBlMgSATMJALUQ==", + "version": "5.15.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-5.15.0.tgz", + "integrity": "sha512-081rWu2IPKOgTOhHUk/QfxuFog8m4wxW43sXNOMSCdh578tGJ1PAaWPsj42LOa7pguh173tNlMigsbrHvh/mtA==", "dev": true, "dependencies": { "@types/json-schema": "^7.0.9", - "@typescript-eslint/scope-manager": "5.13.0", - "@typescript-eslint/types": "5.13.0", - "@typescript-eslint/typescript-estree": "5.13.0", + "@typescript-eslint/scope-manager": "5.15.0", + "@typescript-eslint/types": "5.15.0", + "@typescript-eslint/typescript-estree": "5.15.0", "eslint-scope": "^5.1.1", "eslint-utils": "^3.0.0" }, @@ -4404,12 +4395,12 @@ } }, "node_modules/@typescript-eslint/visitor-keys": { - "version": "5.13.0", - "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-5.13.0.tgz", - "integrity": "sha512-HLKEAS/qA1V7d9EzcpLFykTePmOQqOFim8oCvhY3pZgQ8Hi38hYpHd9e5GN6nQBFQNecNhws5wkS9Y5XIO0s/g==", + "version": "5.15.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-5.15.0.tgz", + "integrity": "sha512-+vX5FKtgvyHbmIJdxMJ2jKm9z2BIlXJiuewI8dsDYMp5LzPUcuTT78Ya5iwvQg3VqSVdmxyM8Anj1Jeq7733ZQ==", "dev": true, "dependencies": { - "@typescript-eslint/types": "5.13.0", + "@typescript-eslint/types": "5.15.0", "eslint-visitor-keys": "^3.0.0" }, "engines": { @@ -8444,12 +8435,12 @@ } }, "node_modules/eslint": { - "version": "8.10.0", - "resolved": "https://registry.npmjs.org/eslint/-/eslint-8.10.0.tgz", - "integrity": "sha512-tcI1D9lfVec+R4LE1mNDnzoJ/f71Kl/9Cv4nG47jOueCMBrCCKYXr4AUVS7go6mWYGFD4+EoN6+eXSrEbRzXVw==", + "version": "8.11.0", + "resolved": "https://registry.npmjs.org/eslint/-/eslint-8.11.0.tgz", + "integrity": "sha512-/KRpd9mIRg2raGxHRGwW9ZywYNAClZrHjdueHcrVDuO3a6bj83eoTirCCk0M0yPwOjWYKHwRVRid+xK4F/GHgA==", "dev": true, "dependencies": { - "@eslint/eslintrc": "^1.2.0", + "@eslint/eslintrc": "^1.2.1", "@humanwhocodes/config-array": "^0.9.2", "ajv": "^6.10.0", "chalk": "^4.0.0", @@ -23867,16 +23858,16 @@ "integrity": "sha512-OWORNpfjMsSSUBVrRBVGECkhWcULOAJz9ZW8uK9qgxD+87M7jHRcvh/A96XXNhXTLmKcoYSQtBEX7lHMO7YRwg==" }, "@eslint/eslintrc": { - "version": "1.2.0", - "resolved": "https://registry.npmjs.org/@eslint/eslintrc/-/eslintrc-1.2.0.tgz", - "integrity": "sha512-igm9SjJHNEJRiUnecP/1R5T3wKLEJ7pL6e2P+GUSfCd0dGjPYYZve08uzw8L2J8foVHFz+NGu12JxRcU2gGo6w==", + "version": "1.2.1", + "resolved": "https://registry.npmjs.org/@eslint/eslintrc/-/eslintrc-1.2.1.tgz", + "integrity": "sha512-bxvbYnBPN1Gibwyp6NrpnFzA3YtRL3BBAyEAFVIpNTm2Rn4Vy87GA5M4aSn3InRrlsbX5N0GW7XIx+U4SAEKdQ==", "dev": true, "requires": { "ajv": "^6.12.4", "debug": "^4.3.2", "espree": "^9.3.1", "globals": "^13.9.0", - "ignore": "^4.0.6", + "ignore": "^5.2.0", "import-fresh": "^3.2.1", "js-yaml": "^4.1.0", "minimatch": "^3.0.4", @@ -23906,20 +23897,14 @@ } }, "globals": { - "version": "13.12.1", - "resolved": "https://registry.npmjs.org/globals/-/globals-13.12.1.tgz", - "integrity": "sha512-317dFlgY2pdJZ9rspXDks7073GpDmXdfbM3vYYp0HAMKGDh1FfWPleI2ljVNLQX5M5lXcAslTcPTrOrMEFOjyw==", + "version": "13.13.0", + "resolved": "https://registry.npmjs.org/globals/-/globals-13.13.0.tgz", + "integrity": "sha512-EQ7Q18AJlPwp3vUDL4mKA0KXrXyNIQyWon6T6XQiBQF0XHvRsiCSrWmmeATpUzdJN2HhWZU6Pdl0a9zdep5p6A==", "dev": true, "requires": { "type-fest": "^0.20.2" } }, - "ignore": { - "version": "4.0.6", - "resolved": "https://registry.npmjs.org/ignore/-/ignore-4.0.6.tgz", - "integrity": "sha512-cyFDKrqc/YdcWFniJhzI42+AzS+gNwmUzOSFcRCQYwySuBBBy/KjuxWLZ/FHEH6Moq1NizMOBWyTcv8O4OZIMg==", - "dev": true - }, "json-schema-traverse": { "version": "0.4.1", "resolved": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-0.4.1.tgz", @@ -25740,14 +25725,14 @@ } }, "@typescript-eslint/eslint-plugin": { - "version": "5.13.0", - "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-5.13.0.tgz", - "integrity": "sha512-vLktb2Uec81fxm/cfz2Hd6QaWOs8qdmVAZXLdOBX6JFJDhf6oDZpMzZ4/LZ6SFM/5DgDcxIMIvy3F+O9yZBuiQ==", + "version": "5.15.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-5.15.0.tgz", + "integrity": "sha512-u6Db5JfF0Esn3tiAKELvoU5TpXVSkOpZ78cEGn/wXtT2RVqs2vkt4ge6N8cRCyw7YVKhmmLDbwI2pg92mlv7cA==", "dev": true, "requires": { - "@typescript-eslint/scope-manager": "5.13.0", - "@typescript-eslint/type-utils": "5.13.0", - "@typescript-eslint/utils": "5.13.0", + "@typescript-eslint/scope-manager": "5.15.0", + "@typescript-eslint/type-utils": "5.15.0", + "@typescript-eslint/utils": "5.15.0", "debug": "^4.3.2", "functional-red-black-tree": "^1.0.1", "ignore": "^5.1.8", @@ -25757,52 +25742,52 @@ } }, "@typescript-eslint/parser": { - "version": "5.13.0", - "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-5.13.0.tgz", - "integrity": "sha512-GdrU4GvBE29tm2RqWOM0P5QfCtgCyN4hXICj/X9ibKED16136l9ZpoJvCL5pSKtmJzA+NRDzQ312wWMejCVVfg==", + "version": "5.15.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-5.15.0.tgz", + "integrity": "sha512-NGAYP/+RDM2sVfmKiKOCgJYPstAO40vPAgACoWPO/+yoYKSgAXIFaBKsV8P0Cc7fwKgvj27SjRNX4L7f4/jCKQ==", "dev": true, "requires": { - "@typescript-eslint/scope-manager": "5.13.0", - "@typescript-eslint/types": "5.13.0", - "@typescript-eslint/typescript-estree": "5.13.0", + "@typescript-eslint/scope-manager": "5.15.0", + "@typescript-eslint/types": "5.15.0", + "@typescript-eslint/typescript-estree": "5.15.0", "debug": "^4.3.2" } }, "@typescript-eslint/scope-manager": { - "version": "5.13.0", - "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-5.13.0.tgz", - "integrity": "sha512-T4N8UvKYDSfVYdmJq7g2IPJYCRzwtp74KyDZytkR4OL3NRupvswvmJQJ4CX5tDSurW2cvCc1Ia1qM7d0jpa7IA==", + "version": "5.15.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-5.15.0.tgz", + "integrity": "sha512-EFiZcSKrHh4kWk0pZaa+YNJosvKE50EnmN4IfgjkA3bTHElPtYcd2U37QQkNTqwMCS7LXeDeZzEqnsOH8chjSg==", "dev": true, "requires": { - "@typescript-eslint/types": "5.13.0", - "@typescript-eslint/visitor-keys": "5.13.0" + "@typescript-eslint/types": "5.15.0", + "@typescript-eslint/visitor-keys": "5.15.0" } }, "@typescript-eslint/type-utils": { - "version": "5.13.0", - "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-5.13.0.tgz", - "integrity": "sha512-/nz7qFizaBM1SuqAKb7GLkcNn2buRdDgZraXlkhz+vUGiN1NZ9LzkA595tHHeduAiS2MsHqMNhE2zNzGdw43Yg==", + "version": "5.15.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-5.15.0.tgz", + "integrity": "sha512-KGeDoEQ7gHieLydujGEFLyLofipe9PIzfvA/41urz4hv+xVxPEbmMQonKSynZ0Ks2xDhJQ4VYjB3DnRiywvKDA==", "dev": true, "requires": { - "@typescript-eslint/utils": "5.13.0", + "@typescript-eslint/utils": "5.15.0", "debug": "^4.3.2", "tsutils": "^3.21.0" } }, "@typescript-eslint/types": { - "version": "5.13.0", - "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-5.13.0.tgz", - "integrity": "sha512-LmE/KO6DUy0nFY/OoQU0XelnmDt+V8lPQhh8MOVa7Y5k2gGRd6U9Kp3wAjhB4OHg57tUO0nOnwYQhRRyEAyOyg==", + "version": "5.15.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-5.15.0.tgz", + "integrity": "sha512-yEiTN4MDy23vvsIksrShjNwQl2vl6kJeG9YkVJXjXZnkJElzVK8nfPsWKYxcsGWG8GhurYXP4/KGj3aZAxbeOA==", "dev": true }, "@typescript-eslint/typescript-estree": { - "version": "5.13.0", - "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-5.13.0.tgz", - "integrity": "sha512-Q9cQow0DeLjnp5DuEDjLZ6JIkwGx3oYZe+BfcNuw/POhtpcxMTy18Icl6BJqTSd+3ftsrfuVb7mNHRZf7xiaNA==", + "version": "5.15.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-5.15.0.tgz", + "integrity": "sha512-Hb0e3dGc35b75xLzixM3cSbG1sSbrTBQDfIScqdyvrfJZVEi4XWAT+UL/HMxEdrJNB8Yk28SKxPLtAhfCbBInA==", "dev": true, "requires": { - "@typescript-eslint/types": "5.13.0", - "@typescript-eslint/visitor-keys": "5.13.0", + "@typescript-eslint/types": "5.15.0", + "@typescript-eslint/visitor-keys": "5.15.0", "debug": "^4.3.2", "globby": "^11.0.4", "is-glob": "^4.0.3", @@ -25811,15 +25796,15 @@ } }, "@typescript-eslint/utils": { - "version": "5.13.0", - "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-5.13.0.tgz", - "integrity": "sha512-+9oHlPWYNl6AwwoEt5TQryEHwiKRVjz7Vk6kaBeD3/kwHE5YqTGHtm/JZY8Bo9ITOeKutFaXnBlMgSATMJALUQ==", + "version": "5.15.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-5.15.0.tgz", + "integrity": "sha512-081rWu2IPKOgTOhHUk/QfxuFog8m4wxW43sXNOMSCdh578tGJ1PAaWPsj42LOa7pguh173tNlMigsbrHvh/mtA==", "dev": true, "requires": { "@types/json-schema": "^7.0.9", - "@typescript-eslint/scope-manager": "5.13.0", - "@typescript-eslint/types": "5.13.0", - "@typescript-eslint/typescript-estree": "5.13.0", + "@typescript-eslint/scope-manager": "5.15.0", + "@typescript-eslint/types": "5.15.0", + "@typescript-eslint/typescript-estree": "5.15.0", "eslint-scope": "^5.1.1", "eslint-utils": "^3.0.0" }, @@ -25836,12 +25821,12 @@ } }, "@typescript-eslint/visitor-keys": { - "version": "5.13.0", - "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-5.13.0.tgz", - "integrity": "sha512-HLKEAS/qA1V7d9EzcpLFykTePmOQqOFim8oCvhY3pZgQ8Hi38hYpHd9e5GN6nQBFQNecNhws5wkS9Y5XIO0s/g==", + "version": "5.15.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-5.15.0.tgz", + "integrity": "sha512-+vX5FKtgvyHbmIJdxMJ2jKm9z2BIlXJiuewI8dsDYMp5LzPUcuTT78Ya5iwvQg3VqSVdmxyM8Anj1Jeq7733ZQ==", "dev": true, "requires": { - "@typescript-eslint/types": "5.13.0", + "@typescript-eslint/types": "5.15.0", "eslint-visitor-keys": "^3.0.0" }, "dependencies": { @@ -29136,12 +29121,12 @@ } }, "eslint": { - "version": "8.10.0", - "resolved": "https://registry.npmjs.org/eslint/-/eslint-8.10.0.tgz", - "integrity": "sha512-tcI1D9lfVec+R4LE1mNDnzoJ/f71Kl/9Cv4nG47jOueCMBrCCKYXr4AUVS7go6mWYGFD4+EoN6+eXSrEbRzXVw==", + "version": "8.11.0", + "resolved": "https://registry.npmjs.org/eslint/-/eslint-8.11.0.tgz", + "integrity": "sha512-/KRpd9mIRg2raGxHRGwW9ZywYNAClZrHjdueHcrVDuO3a6bj83eoTirCCk0M0yPwOjWYKHwRVRid+xK4F/GHgA==", "dev": true, "requires": { - "@eslint/eslintrc": "^1.2.0", + "@eslint/eslintrc": "^1.2.1", "@humanwhocodes/config-array": "^0.9.2", "ajv": "^6.10.0", "chalk": "^4.0.0", diff --git a/package.json b/package.json index a5c015c13a..d593750624 100644 --- a/package.json +++ b/package.json @@ -113,8 +113,8 @@ "@types/react-dom": "^17.0.11", "@types/react-syntax-highlighter": "^13.5.2", "@types/uuid": "^8.3.4", - "@typescript-eslint/eslint-plugin": "5.13.0", - "@typescript-eslint/parser": "5.13.0", + "@typescript-eslint/eslint-plugin": "5.15.0", + "@typescript-eslint/parser": "5.15.0", "async": "^3.2.3", "babel-loader": "^8.2.3", "babel-plugin-styled-components": "^2.0.2", @@ -126,7 +126,7 @@ "csp-parse": "0.0.2", "dedent": "^0.7.0", "domwaiter": "^1.3.0", - "eslint": "8.10.0", + "eslint": "8.11.0", "eslint-config-prettier": "^8.3.0", "eslint-config-standard": "^16.0.3", "eslint-plugin-import": "^2.25.4", From 9a6184d64a315daf5df85dbb389e09bade5ea969 Mon Sep 17 00:00:00 2001 From: Mariam <15mariams@github.com> Date: Fri, 18 Mar 2022 11:29:39 -0700 Subject: [PATCH 24/52] Update partner-secret-list-public-repo.md (#26322) --- .../reusables/secret-scanning/partner-secret-list-public-repo.md | 1 + 1 file changed, 1 insertion(+) diff --git a/data/reusables/secret-scanning/partner-secret-list-public-repo.md b/data/reusables/secret-scanning/partner-secret-list-public-repo.md index 87d68a1614..7bf2691f9b 100644 --- a/data/reusables/secret-scanning/partner-secret-list-public-repo.md +++ b/data/reusables/secret-scanning/partner-secret-list-public-repo.md @@ -58,6 +58,7 @@ MessageBird | MessageBird API Key Meta | Facebook Access Token npm | npm Access Token NuGet | NuGet API Key +Octopus Deploy | Octopus Deploy API Key OpenAI | OpenAI API Key Palantir | Palantir JSON Web Token PlanetScale | PlanetScale Database Password From 30e72fb2d436c375ee9d67a48afcd2b32875d181 Mon Sep 17 00:00:00 2001 From: docubot <67483024+docubot@users.noreply.github.com> Date: Fri, 18 Mar 2022 11:56:43 -0700 Subject: [PATCH 25/52] New translation batch for pt (#26323) * Add crowdin translations * Run script/i18n/homogenize-frontmatter.js * Run script/i18n/fix-translation-errors.js * Run script/i18n/lint-translation-files.js --check parsing * Run script/i18n/lint-translation-files.js --check rendering * run script/i18n/reset-files-with-broken-liquid-tags.js --language=pt * run script/i18n/reset-known-broken-translation-files.js Co-authored-by: Robert Sese --- .../configuring-notifications.md | 2 +- .../managing-notifications-from-your-inbox.md | 4 +- ...analysis-settings-for-your-user-account.md | 2 +- ...on-levels-for-a-user-account-repository.md | 2 +- ...uring-openid-connect-in-hashicorp-vault.md | 4 +- .../actions/learn-github-actions/contexts.md | 2 +- .../security-guides/encrypted-secrets.md | 4 + .../workflow-syntax-for-github-actions.md | 25 +++ ...ub-advanced-security-in-your-enterprise.md | 2 +- ...enabling-dependabot-for-your-enterprise.md | 4 +- .../about-enterprise-configuration.md | 2 +- .../about-code-scanning-alerts.md | 8 + ...ode-scanning-alerts-for-your-repository.md | 30 +++- ...nning-alerts-in-issues-using-task-lists.md | 11 +- ...g-code-scanning-alerts-in-pull-requests.md | 9 +- .../about-dependabot-alerts.md} | 7 +- ...ilities-in-the-github-advisory-database.md | 11 +- ...ng-notifications-for-dependabot-alerts.md} | 7 +- ...isories-in-the-github-advisory-database.md | 1 + .../dependabot/dependabot-alerts/index.md | 24 +++ ...viewing-and-updating-dependabot-alerts.md} | 9 +- .../about-dependabot-security-updates.md | 3 +- ...configuring-dependabot-security-updates.md | 3 +- .../dependabot-security-updates/index.md | 20 +++ .../about-dependabot-version-updates.md | 69 ++++++++ ...on-options-for-the-dependabot.yml-file.md} | 10 +- ...configuring-dependabot-version-updates.md} | 9 +- .../customizing-dependency-updates.md | 5 +- .../dependabot-version-updates/index.md | 26 +++ ...ndencies-configured-for-version-updates.md | 3 +- .../content/code-security/dependabot/index.md | 23 +++ ...tomating-dependabot-with-github-actions.md | 2 + .../working-with-dependabot/index.md | 24 +++ ...your-actions-up-to-date-with-dependabot.md | 5 +- ...naging-encrypted-secrets-for-dependabot.md | 3 +- ...ng-pull-requests-for-dependency-updates.md | 5 +- .../troubleshooting-dependabot-errors.md | 12 +- ...he-detection-of-vulnerable-dependencies.md | 93 +++++++++++ .../github-security-features.md | 4 +- .../securing-your-organization.md | 6 +- .../securing-your-repository.md | 6 +- .../pt-BR/content/code-security/guides.md | 1 - .../pt-BR/content/code-security/index.md | 1 + .../about-the-security-overview.md | 16 +- .../supply-chain-security/index.md | 2 - .../about-dependabot-version-updates.md | 68 -------- .../index.md | 29 ---- .../about-managing-vulnerable-dependencies.md | 46 ------ .../index.md | 36 ---- ...he-detection-of-vulnerable-dependencies.md | 124 -------------- .../about-dependency-review.md | 2 +- .../about-supply-chain-security.md | 154 ++++++++++++++++++ .../about-the-dependency-graph.md | 4 +- ...loring-the-dependencies-of-a-repository.md | 11 +- .../index.md | 10 +- .../troubleshooting-the-dependency-graph.md | 62 +++++++ ...ating-a-github-app-using-url-parameters.md | 38 ++--- .../creating-a-github-app.md | 2 +- .../authorizing-oauth-apps.md | 6 +- .../creating-an-oauth-app.md | 2 +- .../modifying-a-github-app.md | 2 +- .../webhooks/webhook-events-and-payloads.md | 2 +- .../about-githubs-use-of-your-data.md | 2 +- ...se-settings-for-your-private-repository.md | 4 +- ...-up-a-trial-of-github-enterprise-server.md | 2 +- .../creating-and-highlighting-code-blocks.md | 3 +- .../creating-diagrams.md | 127 ++++++++++++++- .../creating-a-project.md | 2 +- .../customizing-your-project-views.md | 2 +- .../using-insights-with-projects.md | 2 +- ...analysis-settings-for-your-organization.md | 7 +- ...ing-the-audit-log-for-your-organization.md | 4 +- ...om-repository-roles-for-an-organization.md | 42 ++--- .../working-with-the-rubygems-registry.md | 2 +- ...r-github-pages-site-locally-with-jekyll.md | 6 + ...anding-connections-between-repositories.md | 2 +- .../working-with-non-code-files.md | 57 ++++++- .../content/rest/reference/deploy_keys.md | 17 ++ .../content/rest/reference/deployments.md | 2 +- .../pt-BR/content/rest/reference/index.md | 1 + ...-against-modern-slavery-and-child-labor.md | 2 +- .../github-community-guidelines.md | 48 +++--- .../github-data-protection-agreement.md | 4 +- translations/pt-BR/data/features/mermaid.yml | 6 +- .../data/learning-tracks/code-security.yml | 38 ++--- .../code-security/code-examples.yml | 2 +- .../enterprise-server/3-2/0-rc1.yml | 44 ++--- .../release-notes/enterprise-server/3-2/0.yml | 44 ++--- .../enterprise-server/3-3/0-rc1.yml | 2 +- .../release-notes/enterprise-server/3-3/0.yml | 2 +- .../enterprise-server/3-4/0-rc1.yml | 64 ++++---- .../release-notes/enterprise-server/3-4/0.yml | 64 ++++---- .../github-ae/2021-06/2021-12-06.yml | 28 ++-- .../actions/github-token-expiration.md | 2 +- .../reusables/actions/message-parameters.md | 2 +- .../actions/oidc-permissions-token.md | 2 +- .../oidc-updating-workflow-overview.md | 10 +- .../actions/perform-blob-storage-precheck.md | 2 +- .../code-scanning/alert-default-branch.md | 1 + .../filter-non-default-branches.md | 1 + .../dependabot/private-dependencies-note.md | 2 +- .../dependabot/result-discrepancy.md | 1 + .../github-reviews-security-advisories.md | 2 +- .../security-alert-delivery-options.md | 2 +- .../keys.md => deploy_keys/deploy_keys.md} | 2 - ...pository_vulnerability_alert_short_desc.md | 2 +- 106 files changed, 1135 insertions(+), 647 deletions(-) rename translations/pt-BR/content/code-security/{supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-alerts-for-vulnerable-dependencies.md => dependabot/dependabot-alerts/about-dependabot-alerts.md} (93%) rename translations/pt-BR/content/code-security/{supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies => dependabot/dependabot-alerts}/browsing-security-vulnerabilities-in-the-github-advisory-database.md (90%) rename translations/pt-BR/content/code-security/{supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/configuring-notifications-for-vulnerable-dependencies.md => dependabot/dependabot-alerts/configuring-notifications-for-dependabot-alerts.md} (91%) rename translations/pt-BR/content/code-security/{supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies => dependabot/dependabot-alerts}/editing-security-advisories-in-the-github-advisory-database.md (95%) create mode 100644 translations/pt-BR/content/code-security/dependabot/dependabot-alerts/index.md rename translations/pt-BR/content/code-security/{supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/viewing-and-updating-vulnerable-dependencies-in-your-repository.md => dependabot/dependabot-alerts/viewing-and-updating-dependabot-alerts.md} (94%) rename translations/pt-BR/content/code-security/{supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies => dependabot/dependabot-security-updates}/about-dependabot-security-updates.md (92%) rename translations/pt-BR/content/code-security/{supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies => dependabot/dependabot-security-updates}/configuring-dependabot-security-updates.md (96%) create mode 100644 translations/pt-BR/content/code-security/dependabot/dependabot-security-updates/index.md create mode 100644 translations/pt-BR/content/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates.md rename translations/pt-BR/content/code-security/{supply-chain-security/keeping-your-dependencies-updated-automatically/configuration-options-for-dependency-updates.md => dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file.md} (98%) rename translations/pt-BR/content/code-security/{supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-dependabot-version-updates.md => dependabot/dependabot-version-updates/configuring-dependabot-version-updates.md} (93%) rename translations/pt-BR/content/code-security/{supply-chain-security/keeping-your-dependencies-updated-automatically => dependabot/dependabot-version-updates}/customizing-dependency-updates.md (92%) create mode 100644 translations/pt-BR/content/code-security/dependabot/dependabot-version-updates/index.md rename translations/pt-BR/content/code-security/{supply-chain-security/keeping-your-dependencies-updated-automatically => dependabot/dependabot-version-updates}/listing-dependencies-configured-for-version-updates.md (84%) create mode 100644 translations/pt-BR/content/code-security/dependabot/index.md rename translations/pt-BR/content/code-security/{supply-chain-security/keeping-your-dependencies-updated-automatically => dependabot/working-with-dependabot}/automating-dependabot-with-github-actions.md (99%) create mode 100644 translations/pt-BR/content/code-security/dependabot/working-with-dependabot/index.md rename translations/pt-BR/content/code-security/{supply-chain-security/keeping-your-dependencies-updated-automatically => dependabot/working-with-dependabot}/keeping-your-actions-up-to-date-with-dependabot.md (87%) rename translations/pt-BR/content/code-security/{supply-chain-security/keeping-your-dependencies-updated-automatically => dependabot/working-with-dependabot}/managing-encrypted-secrets-for-dependabot.md (93%) rename translations/pt-BR/content/code-security/{supply-chain-security/keeping-your-dependencies-updated-automatically => dependabot/working-with-dependabot}/managing-pull-requests-for-dependency-updates.md (91%) rename translations/pt-BR/content/code-security/{supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies => dependabot/working-with-dependabot}/troubleshooting-dependabot-errors.md (90%) create mode 100644 translations/pt-BR/content/code-security/dependabot/working-with-dependabot/troubleshooting-the-detection-of-vulnerable-dependencies.md delete mode 100644 translations/pt-BR/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/about-dependabot-version-updates.md delete mode 100644 translations/pt-BR/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/index.md delete mode 100644 translations/pt-BR/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-managing-vulnerable-dependencies.md delete mode 100644 translations/pt-BR/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/index.md delete mode 100644 translations/pt-BR/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/troubleshooting-the-detection-of-vulnerable-dependencies.md create mode 100644 translations/pt-BR/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-supply-chain-security.md create mode 100644 translations/pt-BR/content/code-security/supply-chain-security/understanding-your-software-supply-chain/troubleshooting-the-dependency-graph.md create mode 100644 translations/pt-BR/content/rest/reference/deploy_keys.md create mode 100644 translations/pt-BR/data/reusables/code-scanning/alert-default-branch.md create mode 100644 translations/pt-BR/data/reusables/code-scanning/filter-non-default-branches.md create mode 100644 translations/pt-BR/data/reusables/dependabot/result-discrepancy.md rename translations/pt-BR/data/reusables/rest-reference/{deployments/keys.md => deploy_keys/deploy_keys.md} (91%) diff --git a/translations/pt-BR/content/account-and-profile/managing-subscriptions-and-notifications-on-github/setting-up-notifications/configuring-notifications.md b/translations/pt-BR/content/account-and-profile/managing-subscriptions-and-notifications-on-github/setting-up-notifications/configuring-notifications.md index 286b7b089f..066ef4eb97 100644 --- a/translations/pt-BR/content/account-and-profile/managing-subscriptions-and-notifications-on-github/setting-up-notifications/configuring-notifications.md +++ b/translations/pt-BR/content/account-and-profile/managing-subscriptions-and-notifications-on-github/setting-up-notifications/configuring-notifications.md @@ -134,7 +134,7 @@ Email notifications from {% data variables.product.product_location %} contain t | `To` field | This field connects directly to the thread.{% ifversion not ghae %} If you reply to the email, you'll add a new comment to the conversation.{% endif %} | | `Cc` address | {% data variables.product.product_name %} will `Cc` you if you're subscribed to a conversation. The second `Cc` email address matches the notification reason. The suffix for these notification reasons is {% data variables.notifications.cc_address %}. The possible notification reasons are:
  • `assign`: You were assigned to an issue or pull request.
  • `author`: You created an issue or pull request.
  • `ci_activity`: A {% data variables.product.prodname_actions %} workflow run that you triggered was completed.
  • `comment`: You commented on an issue or pull request.
  • `manual`: There was an update to an issue or pull request you manually subscribed to.
  • `mention`: You were mentioned on an issue or pull request.
  • `push`: Someone committed to a pull request you're subscribed to.
  • `review_requested`: You or a team you're a member of was requested to review a pull request.
    • {% ifversion fpt or ghes or ghae-issue-4864 or ghec %}
  • `security_alert`: {% data variables.product.prodname_dotcom %} detected a vulnerability in a repository you receive alerts for.
    • {% endif %}
  • `state_change`: An issue or pull request you're subscribed to was either closed or opened.
  • `subscribed`: There was an update in a repository you're watching.
  • `team_mention`: A team you belong to was mentioned on an issue or pull request.
  • `your_activity`: You opened, commented on, or closed an issue or pull request.
| | `mailing list` field | This field identifies the name of the repository and its owner. The format of this address is always `..{% data variables.command_line.backticks %}`. |{% ifversion fpt or ghes or ghae-issue-4864 or ghec %} -| `X-GitHub-Severity` field | {% data reusables.repositories.security-alerts-x-github-severity %} The possible severity levels are:
  • `low`
  • `moderate`
  • `high`
  • `critical`
For more information, see "[About alerts for vulnerable dependencies](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)." |{% endif %} +| `X-GitHub-Severity` field | {% data reusables.repositories.security-alerts-x-github-severity %} The possible severity levels are:
  • `low`
  • `moderate`
  • `high`
  • `critical`
For more information, see "[About {% data variables.product.prodname_dependabot_alerts %}](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)." |{% endif %} ## Choosing your notification settings diff --git a/translations/pt-BR/content/account-and-profile/managing-subscriptions-and-notifications-on-github/viewing-and-triaging-notifications/managing-notifications-from-your-inbox.md b/translations/pt-BR/content/account-and-profile/managing-subscriptions-and-notifications-on-github/viewing-and-triaging-notifications/managing-notifications-from-your-inbox.md index 222e531c9a..e523fc897f 100644 --- a/translations/pt-BR/content/account-and-profile/managing-subscriptions-and-notifications-on-github/viewing-and-triaging-notifications/managing-notifications-from-your-inbox.md +++ b/translations/pt-BR/content/account-and-profile/managing-subscriptions-and-notifications-on-github/viewing-and-triaging-notifications/managing-notifications-from-your-inbox.md @@ -174,7 +174,7 @@ Se você usar {% data variables.product.prodname_dependabot %} para manter suas - `reason:security_alert` para mostrar notificações para {% data variables.product.prodname_dependabot_alerts %} e pull requests das atualizações de segurança. - `author:app/dependabot` para mostrar as notificações geradas por {% data variables.product.prodname_dependabot %}. Isto inclui {% data variables.product.prodname_dependabot_alerts %}, pull requests para atualizações de segurança e pull requests para atualizações de versão. -Para obter mais informações sobre {% data variables.product.prodname_dependabot %}, consulte "[Sobre o gerenciamento de dependências vulneráveis](/github/managing-security-vulnerabilities/about-managing-vulnerable-dependencies)". +Para obter mais informações sobre {% data variables.product.prodname_dependabot %}, consulte "[Sobre {% data variables.product.prodname_dependabot_alerts %}](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)." {% endif %} {% ifversion ghes < 3.3 or ghae-issue-4864 %} @@ -183,7 +183,7 @@ Se você usar {% data variables.product.prodname_dependabot %} para falar sobre - `is:repository_vulnerability_alert` - `reason:security_alert` -Para obter mais informações sobre {% data variables.product.prodname_dependabot %}, consulte "[Sobre alertas para dependências vulneráveis](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)". +Para obter mais informações sobre {% data variables.product.prodname_dependabot %}, consulte "[Sobre {% data variables.product.prodname_dependabot_alerts %}](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)." {% endif %} {% endif %} diff --git a/translations/pt-BR/content/account-and-profile/setting-up-and-managing-your-github-user-account/managing-user-account-settings/managing-security-and-analysis-settings-for-your-user-account.md b/translations/pt-BR/content/account-and-profile/setting-up-and-managing-your-github-user-account/managing-user-account-settings/managing-security-and-analysis-settings-for-your-user-account.md index 78305fdf52..1657138a5c 100644 --- a/translations/pt-BR/content/account-and-profile/setting-up-and-managing-your-github-user-account/managing-user-account-settings/managing-security-and-analysis-settings-for-your-user-account.md +++ b/translations/pt-BR/content/account-and-profile/setting-up-and-managing-your-github-user-account/managing-user-account-settings/managing-security-and-analysis-settings-for-your-user-account.md @@ -50,5 +50,5 @@ Para obter uma visão geral da segurança do repositório, consulte "[Proteger s ## Leia mais - "[Sobre o gráfico de dependências](/github/visualizing-repository-data-with-graphs/about-the-dependency-graph)" -- "[Gerenciar vulnerabilidades nas dependências do seu projeto](/github/managing-security-vulnerabilities/managing-vulnerabilities-in-your-projects-dependencies)" +- "[Sobre {% data variables.product.prodname_dependabot_alerts %}](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)" - "[Manter suas dependências atualizadas automaticamente](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically)" diff --git a/translations/pt-BR/content/account-and-profile/setting-up-and-managing-your-github-user-account/managing-user-account-settings/permission-levels-for-a-user-account-repository.md b/translations/pt-BR/content/account-and-profile/setting-up-and-managing-your-github-user-account/managing-user-account-settings/permission-levels-for-a-user-account-repository.md index dd4e45d9fa..2ffb6eda9d 100644 --- a/translations/pt-BR/content/account-and-profile/setting-up-and-managing-your-github-user-account/managing-user-account-settings/permission-levels-for-a-user-account-repository.md +++ b/translations/pt-BR/content/account-and-profile/setting-up-and-managing-your-github-user-account/managing-user-account-settings/permission-levels-for-a-user-account-repository.md @@ -48,7 +48,7 @@ O proprietário do repositório tem controle total do repositório. Além das a | Personalizar a visualização das mídias sociais do repositório | "[Personalizar a visualização das mídias sociais do seu repositório](/github/administering-a-repository/customizing-your-repositorys-social-media-preview)" | | Criar um modelo a partir do repositório | "[Criando um repositório de modelo](/github/creating-cloning-and-archiving-repositories/creating-a-template-repository)"{% ifversion fpt or ghes or ghae-issue-4864 or ghec %} | Controle o acesso a {% data variables.product.prodname_dependabot_alerts %} para dependências vulneráveis | "[Gerenciar as configurações de segurança e análise do repositório](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#granting-access-to-security-alerts)" |{% endif %}{% ifversion fpt or ghec %} -| Ignorar {% data variables.product.prodname_dependabot_alerts %} no repositório | "[Visualizar e atualizar dependências vulneráveis no seu repositório](/github/managing-security-vulnerabilities/viewing-and-updating-vulnerable-dependencies-in-your-repository)" | +| Ignorar {% data variables.product.prodname_dependabot_alerts %} no repositório | "[Viewing {% data variables.product.prodname_dependabot_alerts %} for vulnerable dependencies](/github/managing-security-vulnerabilities/viewing-and-updating-vulnerable-dependencies-in-your-repository)" | | Gerenciar o uso de dados para um repositório privado | "[Gerenciar as configurações de uso de dados para o seu repositório privado](/get-started/privacy-on-github/managing-data-use-settings-for-your-private-repository)" {% endif %} | Definir os proprietários do código do repositório | "[Sobre proprietários do código](/github/creating-cloning-and-archiving-repositories/about-code-owners)" | diff --git a/translations/pt-BR/content/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-hashicorp-vault.md b/translations/pt-BR/content/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-hashicorp-vault.md index 3f672a99b9..037b3ac69b 100644 --- a/translations/pt-BR/content/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-hashicorp-vault.md +++ b/translations/pt-BR/content/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-hashicorp-vault.md @@ -45,8 +45,8 @@ Para atualizar seus fluxos de trabalho para o OIDC, você deverá fazer duas alt Para adicionar a integração do OIDC a seus fluxos de trabalho que lhes permitem acessar os segredos no Vault, você deverá adicionar as seguintes alterações de código: -- Grant permission to fetch the token from the {% data variables.product.prodname_dotcom %} OIDC provider: - - O fluxo de trabalho precisa de configurações de `permissions:` com o valor `id-token` definido como `write`. This lets you fetch the OIDC token from every job in the workflow. +- Conceder permissão para obter o token do provedor do OIDC de {% data variables.product.prodname_dotcom %}: + - O fluxo de trabalho precisa de configurações de `permissions:` com o valor `id-token` definido como `write`. Isso permite obter o token do OIDC de cada trabalho do fluxo de trabalho. - Solicite o JWT do provedor do OIDC {% data variables.product.prodname_dotcom %} e apresente-o ao HashiCorp Vault para receber um token de acesso: - Você pode usar o kit de ferramentas [Actions](https://github.com/actions/toolkit/) para buscar os tokens para o seu trabalho, ou você pode usar a ação [`hashicorp/vault-action`](https://github.com/hashicorp/vault-action) para buscar o JWT e receber o token de acesso do Vault. diff --git a/translations/pt-BR/content/actions/learn-github-actions/contexts.md b/translations/pt-BR/content/actions/learn-github-actions/contexts.md index 243e59d6a5..0f9b257762 100644 --- a/translations/pt-BR/content/actions/learn-github-actions/contexts.md +++ b/translations/pt-BR/content/actions/learn-github-actions/contexts.md @@ -180,7 +180,7 @@ O contexto `github` context contém informações sobre a execução do fluxo de | `github.action_path` | `string` | O caminho onde uma ação está localizada. Esta propriedade só é compatível com ações compostas. Você pode usar este caminho para acessar arquivos localizados no mesmo repositório da ação. | | `github.action_ref` | `string` | Para uma etapa executando uma ação, este é o ref da ação que está sendo executada. Por exemplo, `v2`. | | `github.action_repository` | `string` | Para uma etpa que executa uma ação, este é o nome do proprietário e do repositório da ação. Por exemplo, `actions/checkout`. | -| `github.action_status` | `string` | For a composite action, the current result of the composite action. | +| `github.action_status` | `string` | Para uma ação composta, o resultado atual da ação composta. | | `github.actor` | `string` | O nome de usuário que iniciou a execução do fluxo de trabalho. | | `github.api_url` | `string` | A URL da API REST de {% data variables.product.prodname_dotcom %}. | | `github.base_ref` | `string` | `base_ref` ou branch alvo da pull request em uma execução de fluxo de trabalho. Esta propriedade só está disponível quando o evento que aciona a execução de um fluxo de trabalho for `pull_request` ou `pull_request_target`. | diff --git a/translations/pt-BR/content/actions/security-guides/encrypted-secrets.md b/translations/pt-BR/content/actions/security-guides/encrypted-secrets.md index 4251ab38ab..b9e44ac4cb 100644 --- a/translations/pt-BR/content/actions/security-guides/encrypted-secrets.md +++ b/translations/pt-BR/content/actions/security-guides/encrypted-secrets.md @@ -226,6 +226,10 @@ steps: ``` {% endraw %} +Secrets cannot be directly referenced in `if:` conditionals. Instead, consider setting secrets as job-level environment variables, then referencing the environment variables to conditionally run steps in the job. For more information, see "[Context availability](/actions/learn-github-actions/contexts#context-availability)" and [`jobs..steps[*].if`](/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsif). + +If a secret has not been set, the return value of an expression referencing the secret (such as {% raw %}`${{ secrets.SuperSecret }}`{% endraw %} in the example) will be an empty string. + Evite a transmissão de segredos entre processos da linha de comando sempre que possível. Os processos da linha de comando podem ser visíveis para outros usuários (usando o comando `ps`) ou capturado por [eventos de auditoria de segurança](https://docs.microsoft.com/windows-server/identity/ad-ds/manage/component-updates/command-line-process-auditing). Para ajudar a proteger os segredos, considere o uso de variáveis de ambiente, `STDIN`, ou outros mecanismos compatíveis com o processo de destino. Se você passar segredos dentro de uma linha de comando, inclua-os dentro das regras de aspas corretas. Muitas vezes, os segredos contêm caracteres especiais que não intencionalmente podem afetar o seu shell. Para escapar desses caracteres especiais, use aspas com suas variáveis de ambiente. Por exemplo: diff --git a/translations/pt-BR/content/actions/using-workflows/workflow-syntax-for-github-actions.md b/translations/pt-BR/content/actions/using-workflows/workflow-syntax-for-github-actions.md index e56c991866..59f2df6e10 100644 --- a/translations/pt-BR/content/actions/using-workflows/workflow-syntax-for-github-actions.md +++ b/translations/pt-BR/content/actions/using-workflows/workflow-syntax-for-github-actions.md @@ -342,6 +342,31 @@ steps: uses: actions/heroku@1.0.0 ``` +#### Example: Using secrets + +Secrets cannot be directly referenced in `if:` conditionals. Instead, consider setting secrets as job-level environment variables, then referencing the environment variables to conditionally run steps in the job. + +If a secret has not been set, the return value of an expression referencing the secret (such as {% raw %}`${{ secrets.SuperSecret }}`{% endraw %} in the example) will be an empty string. + +{% raw %} +```yaml +name: Run a step if a secret has been set +on: push +jobs: + my-jobname: + runs-on: ubuntu-latest + env: + super_secret: ${{ secrets.SuperSecret }} + steps: + - if: ${{ env.super_secret != '' }} + run: echo 'This step will only run if the secret has a value set.' + - if: ${{ env.super_secret == '' }} + run: echo 'This step will only run if the secret does not have a value set.' +``` +{% endraw %} + +For more information, see "[Context availability](/actions/learn-github-actions/contexts#context-availability)" and "[Encrypted secrets](/actions/security-guides/encrypted-secrets)." + ### `jobs..steps[*].name` Nome da etapa no {% data variables.product.prodname_dotcom %}. diff --git a/translations/pt-BR/content/admin/code-security/managing-github-advanced-security-for-your-enterprise/deploying-github-advanced-security-in-your-enterprise.md b/translations/pt-BR/content/admin/code-security/managing-github-advanced-security-for-your-enterprise/deploying-github-advanced-security-in-your-enterprise.md index a5e5a5c0f2..658a39db40 100644 --- a/translations/pt-BR/content/admin/code-security/managing-github-advanced-security-for-your-enterprise/deploying-github-advanced-security-in-your-enterprise.md +++ b/translations/pt-BR/content/admin/code-security/managing-github-advanced-security-for-your-enterprise/deploying-github-advanced-security-in-your-enterprise.md @@ -271,7 +271,7 @@ O GitHub ajuda você a evitar o uso de software de terceiros que contém vulnera | Ferramenta Gerenciamento de Dependência | Descrição | | ---------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Alertas de Dependabot | Você pode acompanhar as dependências do seu repositório e receber alertas de dependências do Dependabot quando sua empresa detectar dependências vulneráveis. Para obter mais informações, consulte "[Sobre alertas para dependências vulneráveis](/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-alerts-for-vulnerable-dependencies)" | +| Alertas de Dependabot | Você pode acompanhar as dependências do seu repositório e receber alertas de dependências do Dependabot quando sua empresa detectar dependências vulneráveis. Para obter mais informações, consulte "[Sobre {% data variables.product.prodname_dependabot_alerts %}](/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-alerts-for-vulnerable-dependencies)". | | Gráfico de Dependência | O gráfico de dependências é um resumo do manifesto e bloqueia arquivos armazenados em um repositório. Ele mostra os ecossistemas e pacotes dos quais a sua base de código depende (suas dependências) e os repositórios e pacotes que dependem do seu projeto (suas dependências). Para obter mais informações, consulte "[Sobre o gráfico de dependência](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph)". |{% ifversion ghes > 3.1 or ghec %} | Revisão de Dependência | Se um pull request tiver alterações nas dependências, você poderá ver um resumo do que alterou e se há vulnerabilidades conhecidas em qualquer uma das dependências. Para obter mais informações, consulte "[Sobre a revisão de dependências](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review)" ou "[Revisando as alterações de dependência em um pull requestl](/github/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/reviewing-dependency-changes-in-a-pull-request)". |{% endif %} {% ifversion ghec or ghes > 3.2 %} | Atualizações de segurança do Dependabot | O dependabot pode corrigir dependências vulneráveis levantando pull requests com atualizações de segurança. Para obter mais informações, consulte "[Sobre atualizações de segurança do Dependabot](/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-dependabot-security-updates)". | diff --git a/translations/pt-BR/content/admin/configuration/configuring-github-connect/enabling-dependabot-for-your-enterprise.md b/translations/pt-BR/content/admin/configuration/configuring-github-connect/enabling-dependabot-for-your-enterprise.md index 73dd13372c..2c14eff6db 100644 --- a/translations/pt-BR/content/admin/configuration/configuring-github-connect/enabling-dependabot-for-your-enterprise.md +++ b/translations/pt-BR/content/admin/configuration/configuring-github-connect/enabling-dependabot-for-your-enterprise.md @@ -49,7 +49,7 @@ Também é possível sincronizar os dados de vulnerabilidade manualmente a qualq Quando {% data variables.product.product_location %} recebe informações sobre uma vulnerabilidade, ele identifica repositórios em {% data variables.product.product_location %} que usam a versão afetada da dependência e gera {% data variables.product.prodname_dependabot_alerts %}. Você pode escolher se quer ou não notificar os usuários automaticamente sobre o novo {% data variables.product.prodname_dependabot_alerts %}. -Para repositórios com {% data variables.product.prodname_dependabot_alerts %} habilitado, a digitalização é acionada em qualquer push para o branch padrão que contém um arquivo de manifesto ou arquivo de bloqueio. Além disso, quando um novo registro de vulnerabilidade é adicionado a {% data variables.product.product_location %}, {% data variables.product.product_name %} digitaliza todos os repositórios existentes em {% data variables.product.product_location %} e gera alertas para qualquer repositório que seja vulnerável. Para obter mais informações, consulte "[Sobre alertas para dependências vulneráveis](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)" +Para repositórios com {% data variables.product.prodname_dependabot_alerts %} habilitado, a digitalização é acionada em qualquer push para o branch padrão que contém um arquivo de manifesto ou arquivo de bloqueio. Além disso, quando um novo registro de vulnerabilidade é adicionado a {% data variables.product.product_location %}, {% data variables.product.product_name %} digitaliza todos os repositórios existentes em {% data variables.product.product_location %} e gera alertas para qualquer repositório que seja vulnerável. Para obter mais informações, consulte "[Sobre {% data variables.product.prodname_dependabot_alerts %}](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)". {% ifversion ghes > 3.2 %} ### Sobre {% data variables.product.prodname_dependabot_updates %} @@ -67,7 +67,7 @@ Após habilitar {% data variables.product.prodname_dependabot_alerts %}, você p Com {% data variables.product.prodname_dependabot_updates %}, {% data variables.product.company_short %} cria automaticamente pull requests para atualizar dependências de duas maneiras. - **{% data variables.product.prodname_dependabot_version_updates %}**: Os usuários adicionam um arquivo de configuração de {% data variables.product.prodname_dependabot %} ao repositório para habilitar {% data variables.product.prodname_dependabot %} e criar pull requests quando uma nova versão de uma dependência monitorada for lançada. Para obter mais informações, consulte "[Sobre {% data variables.product.prodname_dependabot_version_updates %}](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/about-dependabot-version-updates)". -- **{% data variables.product.prodname_dependabot_security_updates %}**: Os usuários alternam uma configuração de repositório para habilitar {% data variables.product.prodname_dependabot %} para criar pull requests quando {% data variables.product.prodname_dotcom %} detecta uma vulnerabilidade em uma das dependências do gráfico de dependências para o repositório. Para obter mais informações, consulte "[Sobre alertas para dependências vulneráveis](/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-alerts-for-vulnerable-dependencies)" e[Sobre {% data variables.product.prodname_dependabot_security_updates %}](/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-dependabot-security-updates)". +- **{% data variables.product.prodname_dependabot_security_updates %}**: Os usuários alternam uma configuração de repositório para habilitar {% data variables.product.prodname_dependabot %} para criar pull requests quando {% data variables.product.prodname_dotcom %} detecta uma vulnerabilidade em uma das dependências do gráfico de dependências para o repositório. For more information, see "[About {% data variables.product.prodname_dependabot_alerts %}](/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-alerts-for-vulnerable-dependencies)" and "[About {% data variables.product.prodname_dependabot_security_updates %}](/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-dependabot-security-updates)." {% endif %} ## Habilitando {% data variables.product.prodname_dependabot_alerts %} diff --git a/translations/pt-BR/content/admin/configuration/configuring-your-enterprise/about-enterprise-configuration.md b/translations/pt-BR/content/admin/configuration/configuring-your-enterprise/about-enterprise-configuration.md index 9bfc92c849..a9ae13741b 100644 --- a/translations/pt-BR/content/admin/configuration/configuring-your-enterprise/about-enterprise-configuration.md +++ b/translations/pt-BR/content/admin/configuration/configuring-your-enterprise/about-enterprise-configuration.md @@ -23,7 +23,7 @@ shortTitle: Sobre a configuração {% endif %} {% ifversion ghae %} -To get started with {% data variables.product.product_name %}, you first need to deploy {% data variables.product.product_name %}. For more information, see "[Deploying {% data variables.product.product_name %}](/admin/configuration/configuring-your-enterprise/deploying-github-ae)." +Para dar os primeiros passos com {% data variables.product.product_name %}, primeiro você precisa implantar o {% data variables.product.product_name %}. Para obter mais informações, consulte "[Implantando {% data variables.product.product_name %}](/admin/configuration/configuring-your-enterprise/deploying-github-ae)". Na primeira vez que você acessar a sua empresa, você realizará uma configuração inicial para preparar {% data variables.product.product_name %} para ser usado. A configuração inicial inclui conectar a sua empresa a um provedor de identidade (IdP), efetuando a autenticação com SAML SSO, configurando políticas para repositórios e organizações na sua empresa e configurando SMTP para e-mails de saída. Para obter mais informações, consulte "[Inicializar {% data variables.product.prodname_ghe_managed %}](/admin/configuration/initializing-github-ae)". diff --git a/translations/pt-BR/content/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning-alerts.md b/translations/pt-BR/content/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning-alerts.md index 3d628cfa43..60fc384867 100644 --- a/translations/pt-BR/content/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning-alerts.md +++ b/translations/pt-BR/content/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning-alerts.md @@ -27,7 +27,15 @@ By default, {% data variables.product.prodname_code_scanning %} analyzes your co Each alert highlights a problem with the code and the name of the tool that identified it. You can see the line of code that triggered the alert, as well as properties of the alert, such as the alert severity{% ifversion fpt or ghes > 3.1 or ghae or ghec %}, security severity,{% endif %} and the nature of the problem. Alerts also tell you when the issue was first introduced. For alerts identified by {% data variables.product.prodname_codeql %} analysis, you will also see information on how to fix the problem. +{% ifversion fpt or ghec or ghes > 3.4 or ghae-issue-6249 %} +{% data reusables.code-scanning.alert-default-branch %} +{% endif %} + +{% ifversion fpt or ghec or ghes > 3.4 or ghae-issue-6249 %} ![Example alert from {% data variables.product.prodname_code_scanning %}](/assets/images/help/repository/code-scanning-alert.png) +{% else %} +![Example alert from {% data variables.product.prodname_code_scanning %}](/assets/images/enterprise/3.4/repository/code-scanning-alert.png) +{% endif %} If you set up {% data variables.product.prodname_code_scanning %} using {% data variables.product.prodname_codeql %}, you can also find data-flow problems in your code. Data-flow analysis finds potential security issues in code, such as: using data insecurely, passing dangerous arguments to functions, and leaking sensitive information. diff --git a/translations/pt-BR/content/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/managing-code-scanning-alerts-for-your-repository.md b/translations/pt-BR/content/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/managing-code-scanning-alerts-for-your-repository.md index 51cb41963c..0e85203a99 100644 --- a/translations/pt-BR/content/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/managing-code-scanning-alerts-for-your-repository.md +++ b/translations/pt-BR/content/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/managing-code-scanning-alerts-for-your-repository.md @@ -45,8 +45,16 @@ Por padrão, a página de verificação de código de alertas é filtrada para m {% else %} ![Lista de alertas de {% data variables.product.prodname_code_scanning %}](/assets/images/enterprise/3.1/help/repository/code-scanning-click-alert.png) {% endif %} -1. Opcionalmente, se o alerta destacar um problema com o fluxo de dados, clique em **Mostrar caminhos** para exibir o caminho da fonte de dados até o destino onde é usado. ![O link "Exibir caminhos" em um alerta](/assets/images/help/repository/code-scanning-show-paths.png) -1. Alertas da análise de {% data variables.product.prodname_codeql %} incluem uma descrição do problema. Clique em **Mostrar mais** para obter orientação sobre como corrigir seu código. ![Detalhes para um alerta](/assets/images/help/repository/code-scanning-alert-details.png) +{% ifversion fpt or ghec or ghes > 3.4 or ghae-issue-6249 %} + {% data reusables.code-scanning.alert-default-branch %} + ![The "Affected branches" section in an alert](/assets/images/help/repository/code-scanning-affected-branches.png){% endif %} +1. Opcionalmente, se o alerta destacar um problema com o fluxo de dados, clique em **Mostrar caminhos** para exibir o caminho da fonte de dados até o destino onde é usado. + {% ifversion fpt or ghec or ghes > 3.4 or ghae-issue-6249 %} + ![O link "Exibir caminhos" em um alerta](/assets/images/help/repository/code-scanning-show-paths.png) + {% else %} + ![O link "Exibir caminhos" em um alerta](/assets/images/enterprise/3.4/repository/code-scanning-show-paths.png) + {% endif %} +2. Alertas da análise de {% data variables.product.prodname_codeql %} incluem uma descrição do problema. Clique em **Mostrar mais** para obter orientação sobre como corrigir seu código. ![Detalhes para um alerta](/assets/images/help/repository/code-scanning-alert-details.png) Para obter mais informações, consulte "[Sobre alertas de {% data variables.product.prodname_code_scanning %}](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning-alerts)". @@ -75,6 +83,10 @@ O benefício de usar filtros de palavra-chave é que apenas os valores com resul Se você inserir vários filtros, a visualização mostrará alertas que correspondem a _todos_ esses filtros. Por exemplo, `is:closed severity:high branch:main` só exibirá alertas de alta gravidade fechados e que estão presentes no branch `principal`. A exceção são os filtros relacionados a refs (`ref`, `branch` e `pr`): `is:open branch:main branch:next` irá mostrar alertas abertos do branch `principal` do `próximo` branch. +{% ifversion fpt or ghec or ghes > 3.4 or ghae-issue-6249 %} +{% data reusables.code-scanning.filter-non-default-branches %} +{% endif %} + {% ifversion fpt or ghes > 3.3 or ghec %} Você pode prefixar o filtro `tag` com `-` para excluir resultados com essa tag. Por exemplo, `-tag:style` mostra apenas alertas que não têm a tag `estilo`{% if codeql-ml-queries %} e `-tag:experimental` omitirá todos os alertas experimentais. Para obter mais informações, consulte "[Sobre alertas de{% data variables.product.prodname_code_scanning %}](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning-alerts#about-experimental-alerts)."{% else %}.{% endif %} @@ -91,11 +103,12 @@ Você pode usar o filtro "Apenas alertas no código do aplicativo" ou a palavra- Você pode pesquisar na lista de alertas. Isso é útil se houver um grande número de alertas no seu repositório, ou, por exemplo, se você não souber o nome exato de um alerta. {% data variables.product.product_name %} realiza a pesquisa de texto livre: - O nome do alerta -- A descrição do alerta - Os detalhes do alerta (isso também inclui as informações ocultas da visualização por padrão na seção ocultável **Mostrar mais**) - + {% ifversion fpt or ghec or ghes > 3.4 or ghae-issue-6249 %} ![Informações de alerta usadas em pesquisas](/assets/images/help/repository/code-scanning-free-text-search-areas.png) - + {% else %} + ![Informações de alerta usadas em pesquisas](/assets/images/enterprise/3.4/repository/code-scanning-free-text-search-areas.png) +{% endif %} | Pesquisa compatível | Exemplo de sintaxe | Resultados | | -------------------------------------------------------- | ------------------ | ----------------------------------------------------------------------- | | Pesquisa de uma palavra | `injeção` | Retorna todos os alertas que contêm a palavra `injeção` | @@ -108,7 +121,7 @@ Você pode pesquisar na lista de alertas. Isso é útil se houver um grande núm **Dicas:** - A busca múltipla de palavras é equivalente a uma busca OU. -- A busca E retornará resultados em que os termos da pesquisa são encontrados _em qualquer lugar_, em qualquer ordem no nome do alerta, descrição ou detalhes. +- The AND search will return results where the search terms are found _anywhere_, in any order in the alert name or details. {% endtip %} @@ -137,7 +150,7 @@ Se você tem permissão de escrita em um repositório, você pode visualizar ale Você pode usar{% ifversion fpt or ghes > 3.1 or ghae or ghec %} a pesquisa de texto livre ou{% endif %} os filtros para exibir um subconjunto de alertas e, em seguida, marcar, por sua vez, todos os alertas correspondentes como fechados. -Alertas podem ser corrigidos em um branch, mas não em outro. Você pode usar o menu suspenso "Branch", no resumo dos alertas, para verificar se um alerta é corrigido em um branch específico. +Alertas podem ser corrigidos em um branch, mas não em outro. You can use the "Branch" filter, on the summary of alerts, to check whether an alert is fixed in a particular branch. {% ifversion fpt or ghes > 3.1 or ghae or ghec %} ![Filtrar alertas por branch](/assets/images/help/repository/code-scanning-branch-filter.png) @@ -145,6 +158,9 @@ Alertas podem ser corrigidos em um branch, mas não em outro. Você pode usar o ![Filtrar alertas por branch](/assets/images/enterprise/3.1/help/repository/code-scanning-branch-filter.png) {% endif %} +{% ifversion fpt or ghec or ghes > 3.4 or ghae-issue-6249 %} +{% data reusables.code-scanning.filter-non-default-branches %} +{% endif %} ## Ignorar ou excluir alertas Há duas formas de fechar um alerta. Você pode corrigir o problema no código ou pode ignorar o alerta. Como alternativa, se você tiver permissões de administrador para o repositório, será possível excluir alertas. Excluir alertas é útil em situações em que você configurou uma ferramenta {% data variables.product.prodname_code_scanning %} e, em seguida, decidiu removê-la ou em situações em que você configurou a análise de {% data variables.product.prodname_codeql %} com um conjunto de consultas maior do que você deseja continuar usando, e, em seguida, você removeu algumas consultas da ferramenta. Em ambos os casos, excluir alertas permite limpar os seus resultados de {% data variables.product.prodname_code_scanning %}. Você pode excluir alertas da lista de resumo dentro da aba **Segurança**. diff --git a/translations/pt-BR/content/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/tracking-code-scanning-alerts-in-issues-using-task-lists.md b/translations/pt-BR/content/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/tracking-code-scanning-alerts-in-issues-using-task-lists.md index 6823f32df7..c4aeda1fe1 100644 --- a/translations/pt-BR/content/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/tracking-code-scanning-alerts-in-issues-using-task-lists.md +++ b/translations/pt-BR/content/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/tracking-code-scanning-alerts-in-issues-using-task-lists.md @@ -39,7 +39,11 @@ Você pode usar mais de um problema para rastrear o mesmo alerta de {% data vari - Uma seção "rastreado em" também será exibida na página de alerta correspondente. + {% ifversion fpt or ghec or ghes > 3.4 or ghae-issue-6249 %} ![A anotação rastreada na página de alerta de digitalização do código](/assets/images/help/repository/code-scanning-alert-tracked-in-pill.png) + {% else %} + ![A anotação rastreada na página de alerta de digitalização do código](/assets/images/enterprise/3.4/repository/code-scanning-alert-tracked-in-pill.png) + {% endif %} - No problema de rastreado, {% data variables.product.prodname_dotcom %} exibe um ícone do selo de segurança na lista de tarefas e no hovercard. @@ -64,7 +68,12 @@ O status do alerta rastreado não mudará se você alterar o status da caixa de {% data reusables.code-scanning.explore-alert %} 1. Opcionalmente, para encontrar o alerta a rastrear, você pode usar a pesquisa de texto livre ou os menus suspensos para filtrar e localizar o alerta. Para obter mais informações, consulte "[Gerenciar alertas de varredura de código para seu repositório](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/managing-code-scanning-alerts-for-your-repository#filtering-code-scanning-alerts). " {% endif %} -1. Na parte superior da página, no lado direito, clique em **Criar problema**. ![Crie um problema de rastreamento para o alerta de digitalização de código](/assets/images/help/repository/code-scanning-create-issue-for-alert.png) +1. Na parte superior da página, no lado direito, clique em **Criar problema**. + {% ifversion fpt or ghec or ghes > 3.4 or ghae-issue-6249 %} + ![Crie um problema de rastreamento para o alerta de digitalização de código](/assets/images/help/repository/code-scanning-create-issue-for-alert.png) + {% else %} + ![Crie um problema de rastreamento para o alerta de digitalização de código](/assets/images/enterprise/3.4/repository/code-scanning-create-issue-for-alert.png) + {% endif %} {% data variables.product.prodname_dotcom %} cria automaticamente um problema para acompanhar o alerta e adiciona o alerta como um item da lista de tarefas. {% data variables.product.prodname_dotcom %} preenche o problema: - O título contém o nome do alerta de {% data variables.product.prodname_code_scanning %}. diff --git a/translations/pt-BR/content/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/triaging-code-scanning-alerts-in-pull-requests.md b/translations/pt-BR/content/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/triaging-code-scanning-alerts-in-pull-requests.md index a7458d34b7..76ad288ab5 100644 --- a/translations/pt-BR/content/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/triaging-code-scanning-alerts-in-pull-requests.md +++ b/translations/pt-BR/content/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/triaging-code-scanning-alerts-in-pull-requests.md @@ -74,10 +74,17 @@ Se você tiver permissão de gravação para o repositório, algumas anotações Para ver mais informações sobre um alerta, os usuários com permissão de gravação podem clicar no link **Mostrar mais detalhes**, exibido na anotação. Isso permite que você veja todos os contextos e metadados fornecidos pela ferramenta em uma exibição de alerta. No exemplo abaixo, você pode ver tags que mostram a gravidade, o tipo e as enumerações de fraquezas comuns relevantes (CWEs) para o problema. A vista mostra também quais commits introduziram o problema. +{% ifversion fpt or ghec or ghes > 3.4 or ghae-issue-6249 %} +{% data reusables.code-scanning.alert-default-branch %} +{% endif %} + Na visualização detalhada de um alerta, algumas ferramentas de {% data variables.product.prodname_code_scanning %}, como a análise de {% data variables.product.prodname_codeql %} também incluem uma descrição do problema e um link **Mostrar mais** para obter orientações sobre como corrigir seu código. +{% ifversion fpt or ghec or ghes > 3.4 or ghae-issue-6249 %} ![Descrição do alerta e link para mostrar mais informações](/assets/images/help/repository/code-scanning-pr-alert.png) - +{% else %} +![Descrição do alerta e link para mostrar mais informações](/assets/images/enterprise/3.4/repository/code-scanning-pr-alert.png) +{% endif %} ## Corrigir de um alerta no seu pull request Qualquer pessoa com acesso push a um pull request pode corrigir um alerta de {% data variables.product.prodname_code_scanning %} que seja identificado nesse pull request. Se você fizer commit de alterações na solicitação do pull request, isto acionará uma nova execução das verificações do pull request. Se suas alterações corrigirem o problema, o alerta será fechado e a anotação removida. diff --git a/translations/pt-BR/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-alerts-for-vulnerable-dependencies.md b/translations/pt-BR/content/code-security/dependabot/dependabot-alerts/about-dependabot-alerts.md similarity index 93% rename from translations/pt-BR/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-alerts-for-vulnerable-dependencies.md rename to translations/pt-BR/content/code-security/dependabot/dependabot-alerts/about-dependabot-alerts.md index 19e990d76e..95506700a3 100644 --- a/translations/pt-BR/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-alerts-for-vulnerable-dependencies.md +++ b/translations/pt-BR/content/code-security/dependabot/dependabot-alerts/about-dependabot-alerts.md @@ -1,11 +1,12 @@ --- -title: Sobre alertas para dependências vulneráveis +title: About Dependabot alerts intro: 'O {% data variables.product.product_name %} envia {% data variables.product.prodname_dependabot_alerts %} quando detectamos vulnerabilidades que afetam o seu repositório.' redirect_from: - /articles/about-security-alerts-for-vulnerable-dependencies - /github/managing-security-vulnerabilities/about-security-alerts-for-vulnerable-dependencies - /github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies - /code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies + - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-alerts-for-vulnerable-dependencies versions: fpt: '*' ghes: '*' @@ -82,7 +83,7 @@ Para repositórios em que {% data variables.product.prodname_dependabot_security ## Acesso a {% data variables.product.prodname_dependabot_alerts %} -É possível ver todos os alertas que afetam um determinado projeto{% ifversion fpt or ghec %} na aba Segurança do repositório ou{% endif %} no gráfico de dependências do repositório. Para obter mais informações, consulte "[Visualizar e atualizar dependências vulneráveis no seu repositório](/github/managing-security-vulnerabilities/viewing-and-updating-vulnerable-dependencies-in-your-repository). " +É possível ver todos os alertas que afetam um determinado projeto{% ifversion fpt or ghec %} na aba Segurança do repositório ou{% endif %} no gráfico de dependências do repositório. For more information, see "[Viewing {% data variables.product.prodname_dependabot_alerts %} for vulnerable dependencies](/github/managing-security-vulnerabilities/viewing-and-updating-vulnerable-dependencies-in-your-repository)." Por padrão, notificamos as pessoas com permissões de administrador nos repositórios afetados sobre os novos {% data variables.product.prodname_dependabot_alerts %}. {% ifversion fpt or ghec %}{% data variables.product.product_name %} nunca divulga publicamente vulnerabilidades identificadas para qualquer repositório. Você também pode tornar o {% data variables.product.prodname_dependabot_alerts %} visível para pessoas ou repositórios de trabalho de equipes adicionais que você possui ou para os quais tem permissões de administrador. Para obter mais informações, consulte "[Gerenciar configurações de segurança e análise do repositório](/github/administering-a-repository/managing-security-and-analysis-settings-for-your-repository#granting-access-to-security-alerts)". {% endif %} @@ -96,5 +97,5 @@ Você também pode ver todos os {% data variables.product.prodname_dependabot_al ## Leia mais - "[Sobre {% data variables.product.prodname_dependabot_security_updates %}](/github/managing-security-vulnerabilities/about-dependabot-security-updates)" -- "[Exibir e atualizar dependências vulneráveis no repositório](/articles/viewing-and-updating-vulnerable-dependencies-in-your-repository)"{% endif %} +- "[Viewing {% data variables.product.prodname_dependabot_alerts %} for vulnerable dependencies](/articles/viewing-and-updating-vulnerable-dependencies-in-your-repository)"{% endif %} {% ifversion fpt or ghec %}- "[Privacidade em {% data variables.product.prodname_dotcom %}](/get-started/privacy-on-github)"{% endif %} diff --git a/translations/pt-BR/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/browsing-security-vulnerabilities-in-the-github-advisory-database.md b/translations/pt-BR/content/code-security/dependabot/dependabot-alerts/browsing-security-vulnerabilities-in-the-github-advisory-database.md similarity index 90% rename from translations/pt-BR/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/browsing-security-vulnerabilities-in-the-github-advisory-database.md rename to translations/pt-BR/content/code-security/dependabot/dependabot-alerts/browsing-security-vulnerabilities-in-the-github-advisory-database.md index b2d452d22f..470dd7e449 100644 --- a/translations/pt-BR/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/browsing-security-vulnerabilities-in-the-github-advisory-database.md +++ b/translations/pt-BR/content/code-security/dependabot/dependabot-alerts/browsing-security-vulnerabilities-in-the-github-advisory-database.md @@ -6,6 +6,7 @@ miniTocMaxHeadingLevel: 3 redirect_from: - /github/managing-security-vulnerabilities/browsing-security-vulnerabilities-in-the-github-advisory-database - /code-security/supply-chain-security/browsing-security-vulnerabilities-in-the-github-advisory-database + - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/browsing-security-vulnerabilities-in-the-github-advisory-database versions: fpt: '*' ghec: '*' @@ -36,7 +37,7 @@ As consultorias revisadas por {% data variables.product.company_short %} são vu Analisamos cuidadosamente cada consultoria com relação à sua validade. Cada consultoria revisada por {% data variables.product.company_short %} tem uma descrição completa e contém informações de pacote e ecossistema. -Se você habilitar {% data variables.product.prodname_dependabot_alerts %} para os seus repositórios, você será notificado automaticamente quando uma nova consultoria revisada por {% data variables.product.company_short %} afetar pacotes dos quais você depende. Para obter mais informações, consulte "[Sobre alertas para dependências vulneráveis](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)" +Se você habilitar {% data variables.product.prodname_dependabot_alerts %} para os seus repositórios, você será notificado automaticamente quando uma nova consultoria revisada por {% data variables.product.company_short %} afetar pacotes dos quais você depende. For more information, see "[About {% data variables.product.prodname_dependabot_alerts %}](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)." ### Sobre consultorias não revisadas @@ -107,14 +108,14 @@ Você pode procurar no banco de dados e usar qualificadores para limitar sua bus ## Visualizar seus repositórios vulneráveis -Para qualquer consultoria revisada por {% data variables.product.company_short %} no {% data variables.product.prodname_advisory_database %}, você pode ver qual dos seus repositórios são afetados por essa vulnerabilidade de segurança. Para ver um repositório vulnerável, você deve ter acesso a {% data variables.product.prodname_dependabot_alerts %} para esse repositório. Para obter mais informações, consulte "[Sobre alertas para dependências vulneráveis](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies#access-to-dependabot-alerts)" +Para qualquer consultoria revisada por {% data variables.product.company_short %} no {% data variables.product.prodname_advisory_database %}, você pode ver qual dos seus repositórios são afetados por essa vulnerabilidade de segurança. Para ver um repositório vulnerável, você deve ter acesso a {% data variables.product.prodname_dependabot_alerts %} para esse repositório. Para obter mais informações, consulte "[Sobre {% data variables.product.prodname_dependabot_alerts %}](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies#access-to-dependabot-alerts)". 1. Navegue até https://github.com/advisories. 2. Clique em uma consultoria. 3. Na parte superior da página da consultoria, clique em **Alertas do dependabot**. ![Alertas do Dependabot](/assets/images/help/security/advisory-database-dependabot-alerts.png) -4. Opcionalmente, para filtrar a lista, use a barra de pesquisa ou os menus suspensos. O menu suspenso "Organização" permite filtrar {% data variables.product.prodname_dependabot_alerts %} por proprietário (organização ou usuário). ![Barra de pesquisa e menus suspensos para filtrar alertas](/assets/images/help/security/advisory-database-dependabot-alerts-filters.png) -5. Para mais detalhes sobre a vulnerabilidade e para aconselhamento sobre como corrigir o repositório vulnerável clique no nome do repositório. +4. Opcionalmente, para filtrar a lista, use a barra de pesquisa ou os menus suspensos. The "Organization" drop-down menu allows you to filter the {% data variables.product.prodname_dependabot_alerts %} per owner (organization or user). ![Barra de pesquisa e menus suspensos para filtrar alertas](/assets/images/help/security/advisory-database-dependabot-alerts-filters.png) +5. For more details about the vulnerability, and for advice on how to fix the vulnerable repository, click the repository name. ## Leia mais -- [Definição de "vulnerabilidade"](https://www.cve.org/ResourcesSupport/Glossary#vulnerability) da MITRE +- MITRE's [definition of "vulnerability"](https://www.cve.org/ResourcesSupport/Glossary#vulnerability) diff --git a/translations/pt-BR/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/configuring-notifications-for-vulnerable-dependencies.md b/translations/pt-BR/content/code-security/dependabot/dependabot-alerts/configuring-notifications-for-dependabot-alerts.md similarity index 91% rename from translations/pt-BR/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/configuring-notifications-for-vulnerable-dependencies.md rename to translations/pt-BR/content/code-security/dependabot/dependabot-alerts/configuring-notifications-for-dependabot-alerts.md index b6c03a41f0..3e24decd97 100644 --- a/translations/pt-BR/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/configuring-notifications-for-vulnerable-dependencies.md +++ b/translations/pt-BR/content/code-security/dependabot/dependabot-alerts/configuring-notifications-for-dependabot-alerts.md @@ -1,10 +1,11 @@ --- -title: Configurar notificações para dependências vulneráveis -shortTitle: Configurar notificações +title: Configuring notifications for Dependabot alerts +shortTitle: Configure notifications intro: 'Otimize a forma como você recebe notificações sobre {% data variables.product.prodname_dependabot_alerts %}.' redirect_from: - /github/managing-security-vulnerabilities/configuring-notifications-for-vulnerable-dependencies - /code-security/supply-chain-security/configuring-notifications-for-vulnerable-dependencies + - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/configuring-notifications-for-vulnerable-dependencies versions: fpt: '*' ghes: '*' @@ -59,7 +60,7 @@ Você pode definir as configurações de notificação para si mesmo ou para sua ## Como reduzir o ruído das notificações para dependências vulneráveis -Se você estiver preocupado em receber muitas notificações para {% data variables.product.prodname_dependabot_alerts %}, recomendamos que você opte pelo resumo semanal de e-mail ou desabilite as notificações enquanto mantém {% data variables.product.prodname_dependabot_alerts %} habilitado. Você ainda pode navegar para ver seu {% data variables.product.prodname_dependabot_alerts %} na aba Segurança do seu repositório. Para obter mais informações, consulte "[Visualizar e atualizar dependências vulneráveis no seu repositório](/github/managing-security-vulnerabilities/viewing-and-updating-vulnerable-dependencies-in-your-repository). " +Se você estiver preocupado em receber muitas notificações para {% data variables.product.prodname_dependabot_alerts %}, recomendamos que você opte pelo resumo semanal de e-mail ou desabilite as notificações enquanto mantém {% data variables.product.prodname_dependabot_alerts %} habilitado. Você ainda pode navegar para ver seu {% data variables.product.prodname_dependabot_alerts %} na aba Segurança do seu repositório. For more information, see "[Viewing {% data variables.product.prodname_dependabot_alerts %} for vulnerable dependencies](/github/managing-security-vulnerabilities/viewing-and-updating-vulnerable-dependencies-in-your-repository)." ## Leia mais diff --git a/translations/pt-BR/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/editing-security-advisories-in-the-github-advisory-database.md b/translations/pt-BR/content/code-security/dependabot/dependabot-alerts/editing-security-advisories-in-the-github-advisory-database.md similarity index 95% rename from translations/pt-BR/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/editing-security-advisories-in-the-github-advisory-database.md rename to translations/pt-BR/content/code-security/dependabot/dependabot-alerts/editing-security-advisories-in-the-github-advisory-database.md index 91ee6a0a3e..ec50e929e1 100644 --- a/translations/pt-BR/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/editing-security-advisories-in-the-github-advisory-database.md +++ b/translations/pt-BR/content/code-security/dependabot/dependabot-alerts/editing-security-advisories-in-the-github-advisory-database.md @@ -3,6 +3,7 @@ title: Editando consultorias de segurança no banco de dados consultivo do GitHu intro: 'Você pode enviar melhorias para qualquer consultoria publicada no {% data variables.product.prodname_advisory_database %}.' redirect_from: - /code-security/security-advisories/editing-security-advisories-in-the-github-advisory-database + - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/editing-security-advisories-in-the-github-advisory-database versions: fpt: '*' ghec: '*' diff --git a/translations/pt-BR/content/code-security/dependabot/dependabot-alerts/index.md b/translations/pt-BR/content/code-security/dependabot/dependabot-alerts/index.md new file mode 100644 index 0000000000..6cf2febdbf --- /dev/null +++ b/translations/pt-BR/content/code-security/dependabot/dependabot-alerts/index.md @@ -0,0 +1,24 @@ +--- +title: Identifying vulnerabilities in your project's dependencies with Dependabot alerts +shortTitle: Alertas do Dependabot +intro: '{% data variables.product.prodname_dependabot %} generates {% data variables.product.prodname_dependabot_alerts %} when known vulnerabilites are detected in dependencies that your project uses.' +allowTitleToDifferFromFilename: true +versions: + fpt: '*' + ghes: '*' + ghae: issue-4864 + ghec: '*' +topics: + - Dependabot + - Alerts + - Vulnerabilities + - Repositories + - Dependencies +children: + - /browsing-security-vulnerabilities-in-the-github-advisory-database + - /editing-security-advisories-in-the-github-advisory-database + - /about-dependabot-alerts + - /viewing-and-updating-dependabot-alerts + - /configuring-notifications-for-dependabot-alerts +--- + diff --git a/translations/pt-BR/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/viewing-and-updating-vulnerable-dependencies-in-your-repository.md b/translations/pt-BR/content/code-security/dependabot/dependabot-alerts/viewing-and-updating-dependabot-alerts.md similarity index 94% rename from translations/pt-BR/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/viewing-and-updating-vulnerable-dependencies-in-your-repository.md rename to translations/pt-BR/content/code-security/dependabot/dependabot-alerts/viewing-and-updating-dependabot-alerts.md index b7079728ce..ed46ed10ed 100644 --- a/translations/pt-BR/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/viewing-and-updating-vulnerable-dependencies-in-your-repository.md +++ b/translations/pt-BR/content/code-security/dependabot/dependabot-alerts/viewing-and-updating-dependabot-alerts.md @@ -1,12 +1,13 @@ --- -title: Exibir e atualizar dependências vulneráveis no repositório +title: Viewing and updating Dependabot alerts intro: 'Se o {% data variables.product.product_name %} descobrir dependências vulneráveis no seu projeto, você poderá visualizá-las na aba de alertas do Dependabot no seu repositório. Em seguida, você pode atualizar seu projeto para resolver ou descartar a vulnerabilidade.' redirect_from: - /articles/viewing-and-updating-vulnerable-dependencies-in-your-repository - /github/managing-security-vulnerabilities/viewing-and-updating-vulnerable-dependencies-in-your-repository - /code-security/supply-chain-security/viewing-and-updating-vulnerable-dependencies-in-your-repository + - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/viewing-and-updating-vulnerable-dependencies-in-your-repository permissions: Repository administrators and organization owners can view and update dependencies. -shortTitle: Visualizar as dependências vulneráveis +shortTitle: View Dependabot alerts versions: fpt: '*' ghes: '*' @@ -25,7 +26,7 @@ topics: {% data reusables.dependabot.beta-security-and-version-updates %} {% data reusables.dependabot.enterprise-enable-dependabot %} -A aba de {% data variables.product.prodname_dependabot_alerts %} do seu repositório lista todos os {% data variables.product.prodname_dependabot_alerts %}{% ifversion fpt or ghec or ghes > 3.2 %} abertos e fechados correspondentes a {% data variables.product.prodname_dependabot_security_updates %}{% endif %}. Você pode{% ifversion fpt or ghec or ghes > 3.4 or ghae-issue-5638 %} filtrar alertas por pacote, ecossistema ou manifesto. Você também pode{% endif %} ordernar a lista de alertas, além de poder clicar em alertas específicos para mais detalhes. Para obter mais informações, consulte "[Sobre alertas para dependências vulneráveis](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)" +A aba de {% data variables.product.prodname_dependabot_alerts %} do seu repositório lista todos os {% data variables.product.prodname_dependabot_alerts %}{% ifversion fpt or ghec or ghes > 3.2 %} abertos e fechados correspondentes a {% data variables.product.prodname_dependabot_security_updates %}{% endif %}. Você pode{% ifversion fpt or ghec or ghes > 3.4 or ghae-issue-5638 %} filtrar alertas por pacote, ecossistema ou manifesto. Você também pode{% endif %} ordernar a lista de alertas, além de poder clicar em alertas específicos para mais detalhes. For more information, see "[About {% data variables.product.prodname_dependabot_alerts %}](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)." {% ifversion fpt or ghec or ghes > 3.2 %} É possível habilitar atualizações de segurança automáticas para qualquer repositório que usa o {% data variables.product.prodname_dependabot_alerts %} e o gráfico de dependências. Para obter mais informações, consulte "[Sobre {% data variables.product.prodname_dependabot_security_updates %}](/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-dependabot-security-updates)." @@ -98,7 +99,7 @@ Cada alerta de {% data variables.product.prodname_dependabot %} tem um identific ## Leia mais -- "[Sobre alertas para dependências vulneráveis](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)"{% ifversion fpt or ghec or ghes > 3.2 %} +- "[About {% data variables.product.prodname_dependabot_alerts %}](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)"{% ifversion fpt or ghec or ghes > 3.2 %} - "[Configurar {% data variables.product.prodname_dependabot_security_updates %}](/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/configuring-dependabot-security-updates)"{% endif %} - "[Gerenciar as configurações de segurança e análise para o seu repositório](/github/administering-a-repository/managing-security-and-analysis-settings-for-your-repository)" - "[Solução de problemas na detecção de dependências vulneráveis](/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/troubleshooting-the-detection-of-vulnerable-dependencies)"{% ifversion fpt or ghec or ghes > 3.2 %} diff --git a/translations/pt-BR/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-dependabot-security-updates.md b/translations/pt-BR/content/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates.md similarity index 92% rename from translations/pt-BR/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-dependabot-security-updates.md rename to translations/pt-BR/content/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates.md index b1e68c193b..4cd70ce83e 100644 --- a/translations/pt-BR/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-dependabot-security-updates.md +++ b/translations/pt-BR/content/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates.md @@ -6,6 +6,7 @@ redirect_from: - /github/managing-security-vulnerabilities/about-github-dependabot-security-updates - /github/managing-security-vulnerabilities/about-dependabot-security-updates - /code-security/supply-chain-security/about-dependabot-security-updates + - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-dependabot-security-updates versions: fpt: '*' ghec: '*' @@ -27,7 +28,7 @@ topics: ## Sobre o {% data variables.product.prodname_dependabot_security_updates %} -{% data variables.product.prodname_dependabot_security_updates %} torna mais fácil para você corrigir dependências vulneráveis no seu repositório. Se você habilitar este recurso, quando um alerta de {% data variables.product.prodname_dependabot %} for criado para uma dependência vulnerável no gráfico de dependências do seu repositório, {% data variables.product.prodname_dependabot %} tenta corrigir isso automaticamente. Para obter mais informações, consulte "[Sobre alertas para dependências vulneráveis de](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)" e "[Configurar {% data variables.product.prodname_dependabot_security_updates %}](/github/managing-security-vulnerabilities/configuring-dependabot-security-updates)". +{% data variables.product.prodname_dependabot_security_updates %} torna mais fácil para você corrigir dependências vulneráveis no seu repositório. Se você habilitar este recurso, quando um alerta de {% data variables.product.prodname_dependabot %} for criado para uma dependência vulnerável no gráfico de dependências do seu repositório, {% data variables.product.prodname_dependabot %} tenta corrigir isso automaticamente. Para obter mais informações, consulte "[Sobre {% data variables.product.prodname_dependabot_alerts %}](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)" e "[Configurando {% data variables.product.prodname_dependabot_security_updates %}](/github/managing-security-vulnerabilities/configuring-dependabot-security-updates)". {% data variables.product.prodname_dotcom %} pode enviar {% data variables.product.prodname_dependabot_alerts %} para repositórios afetados por uma vulnerabilidade revelada por uma consultoria de segurança de {% data variables.product.prodname_dotcom %} recentemente publicada. {% data reusables.security-advisory.link-browsing-advisory-db %} diff --git a/translations/pt-BR/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/configuring-dependabot-security-updates.md b/translations/pt-BR/content/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates.md similarity index 96% rename from translations/pt-BR/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/configuring-dependabot-security-updates.md rename to translations/pt-BR/content/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates.md index a981e8a150..3c0fb8b5df 100644 --- a/translations/pt-BR/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/configuring-dependabot-security-updates.md +++ b/translations/pt-BR/content/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates.md @@ -9,6 +9,7 @@ redirect_from: - /github/managing-security-vulnerabilities/configuring-github-dependabot-security-updates - /github/managing-security-vulnerabilities/configuring-dependabot-security-updates - /code-security/supply-chain-security/configuring-dependabot-security-updates + - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/configuring-dependabot-security-updates versions: fpt: '*' ghec: '*' @@ -76,6 +77,6 @@ O {% data variables.product.prodname_dependabot_security_updates %} exige config ## Leia mais -- "[Sobre alertas para dependências vulneráveis](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)"{% ifversion fpt or ghec %} +- "[About {% data variables.product.prodname_dependabot_alerts %}](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)"{% ifversion fpt or ghec %} - "[Gerenciando configurações de uso de dados para o seu repositório privado](/get-started/privacy-on-github/managing-data-use-settings-for-your-private-repository)"{% endif %} - "[Ecossistemas de pacotes compatíveis](/github/visualizing-repository-data-with-graphs/about-the-dependency-graph#supported-package-ecosystems)" diff --git a/translations/pt-BR/content/code-security/dependabot/dependabot-security-updates/index.md b/translations/pt-BR/content/code-security/dependabot/dependabot-security-updates/index.md new file mode 100644 index 0000000000..059029a0d5 --- /dev/null +++ b/translations/pt-BR/content/code-security/dependabot/dependabot-security-updates/index.md @@ -0,0 +1,20 @@ +--- +title: Automatically updating dependencies with known vulnerabilities with Dependabot security updates +intro: '{% data variables.product.prodname_dependabot %} can help you fix vulnerable dependencies by automatically raising pull requests to update dependencies to secure versions.' +allowTitleToDifferFromFilename: true +versions: + fpt: '*' + ghec: '*' + ghes: '>3.2' +topics: + - Repositories + - Dependabot + - Security updates + - Dependencies + - Pull requests +shortTitle: Atualizações de segurança do Dependabot +children: + - /about-dependabot-security-updates + - /configuring-dependabot-security-updates +--- + diff --git a/translations/pt-BR/content/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates.md b/translations/pt-BR/content/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates.md new file mode 100644 index 0000000000..e15c567eb8 --- /dev/null +++ b/translations/pt-BR/content/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates.md @@ -0,0 +1,69 @@ +--- +title: About Dependabot version updates +intro: 'You can use {% data variables.product.prodname_dependabot %} to keep the packages you use updated to the latest versions.' +redirect_from: + - /github/administering-a-repository/about-dependabot + - /github/administering-a-repository/about-github-dependabot + - /github/administering-a-repository/about-github-dependabot-version-updates + - /github/administering-a-repository/about-dependabot-version-updates + - /code-security/supply-chain-security/about-dependabot-version-updates + - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/upgrading-from-dependabotcom-to-github-native-dependabot + - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/about-dependabot-version-updates +versions: + fpt: '*' + ghec: '*' + ghes: '> 3.2' +type: overview +topics: + - Dependabot + - Version updates + - Repositories + - Dependencies + - Pull requests +shortTitle: Atualizações de versão do Dependabot +--- + +{% data reusables.dependabot.beta-security-and-version-updates %} +{% data reusables.dependabot.enterprise-enable-dependabot %} + +## About {% data variables.product.prodname_dependabot_version_updates %} + +{% data variables.product.prodname_dependabot %} takes the effort out of maintaining your dependencies. You can use it to ensure that your repository automatically keeps up with the latest releases of the packages and applications it depends on. + +You enable {% data variables.product.prodname_dependabot_version_updates %} by checking a configuration file into your repository. The configuration file specifies the location of the manifest, or of other package definition files, stored in your repository. {% data variables.product.prodname_dependabot %} uses this information to check for outdated packages and applications. {% data variables.product.prodname_dependabot %} determines if there is a new version of a dependency by looking at the semantic versioning ([semver](https://semver.org/)) of the dependency to decide whether it should update to that version. For certain package managers, {% data variables.product.prodname_dependabot_version_updates %} also supports vendoring. Vendored (or cached) dependencies are dependencies that are checked in to a specific directory in a repository rather than referenced in a manifest. Vendored dependencies are available at build time even if package servers are unavailable. {% data variables.product.prodname_dependabot_version_updates %} can be configured to check vendored dependencies for new versions and update them if necessary. + +When {% data variables.product.prodname_dependabot %} identifies an outdated dependency, it raises a pull request to update the manifest to the latest version of the dependency. For vendored dependencies, {% data variables.product.prodname_dependabot %} raises a pull request to replace the outdated dependency with the new version directly. You check that your tests pass, review the changelog and release notes included in the pull request summary, and then merge it. For more information, see "[Configuring {% data variables.product.prodname_dependabot %} version updates](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-dependabot-version-updates)." + +If you enable _security updates_, {% data variables.product.prodname_dependabot %} also raises pull requests to update vulnerable dependencies. Para obter mais informações, consulte "[Sobre {% data variables.product.prodname_dependabot_security_updates %}](/github/managing-security-vulnerabilities/about-dependabot-security-updates)." + +{% data reusables.dependabot.pull-request-security-vs-version-updates %} + +{% data reusables.dependabot.dependabot-tos %} + +## Frequency of {% data variables.product.prodname_dependabot %} pull requests + +You specify how often to check each ecosystem for new versions in the configuration file: daily, weekly, or monthly. + +{% data reusables.dependabot.initial-updates %} + +If you've enabled security updates, you'll sometimes see extra pull requests for security updates. These are triggered by a {% data variables.product.prodname_dependabot %} alert for a dependency on your default branch. {% data variables.product.prodname_dependabot %} automatically raises a pull request to update the vulnerable dependency. + +## Supported repositories and ecosystems + + +You can configure version updates for repositories that contain a dependency manifest or lock file for one of the supported package managers. For some package managers, you can also configure vendoring for dependencies. For more information, see "[Configuration options for the dependabot.yml file](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/configuration-options-for-dependency-updates#vendor)." +{% note %} + +{% data reusables.dependabot.private-dependencies-note %} + +{% data variables.product.prodname_dependabot %} doesn't support private {% data variables.product.prodname_dotcom %} dependencies for all package managers. See the details in the table below. + +{% endnote %} + +{% data reusables.dependabot.supported-package-managers %} + +If your repository already uses an integration for dependency management, you will need to disable this before enabling {% data variables.product.prodname_dependabot %}. {% ifversion fpt or ghec %}For more information, see "[About integrations](/github/customizing-your-github-workflow/about-integrations)."{% endif %} + +## About notifications for {% data variables.product.prodname_dependabot %} version updates + +You can filter your notifications on {% data variables.product.company_short %} to show notifications for pull requests created by {% data variables.product.prodname_dependabot %}. Para obter mais informações, consulte "[Gerenciando notificações de sua caixa de entrada](/github/managing-subscriptions-and-notifications-on-github/managing-notifications-from-your-inbox)". diff --git a/translations/pt-BR/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/configuration-options-for-dependency-updates.md b/translations/pt-BR/content/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file.md similarity index 98% rename from translations/pt-BR/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/configuration-options-for-dependency-updates.md rename to translations/pt-BR/content/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file.md index 741b68509d..0f93f44637 100644 --- a/translations/pt-BR/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/configuration-options-for-dependency-updates.md +++ b/translations/pt-BR/content/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file.md @@ -1,10 +1,12 @@ --- -title: Opções de configuração para atualizações de dependências +title: Configuration options for the dependabot.yml file intro: 'Informações detalhadas para todas as opções que você pode usar para personalizar como o {% data variables.product.prodname_dependabot %} mantém seus repositórios.' permissions: 'People with write permissions to a repository can configure {% data variables.product.prodname_dependabot %} for the repository.' +allowTitleToDifferFromFilename: true redirect_from: - /github/administering-a-repository/configuration-options-for-dependency-updates - /code-security/supply-chain-security/configuration-options-for-dependency-updates + - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/configuration-options-for-dependency-updates miniTocMaxHeadingLevel: 3 versions: fpt: '*' @@ -17,7 +19,7 @@ topics: - Repositories - Dependencies - Pull requests -shortTitle: Opções de configuração +shortTitle: Configure dependabot.yml --- {% data reusables.dependabot.beta-security-and-version-updates %} @@ -27,7 +29,7 @@ shortTitle: Opções de configuração O arquivo de configuração do {% data variables.product.prodname_dependabot %} , *dependabot.yml*, usa a sintaxe YAML. Se você não souber o que é YAMLe quiser saber mais, consulte "[Aprender a usar YAML em cinco minutos](https://www.codeproject.com/Articles/1214409/Learn-YAML-in-five-minutes)". -Você deve armazenar este arquivo no diretório `.github` do seu repositório. Ao adicionar ou atualizar o arquivo *dependabot.yml* , isso aciona uma verificação imediata de atualizações de versão. Para obter mais informações e exemplos, consulte "[Habilitando e desabilitando as atualizações da versão de {% data variables.product.prodname_dependabot %}](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-dependabot-version-updates#enabling-dependabot-version-updates)". +Você deve armazenar este arquivo no diretório `.github` do seu repositório. Ao adicionar ou atualizar o arquivo *dependabot.yml* , isso aciona uma verificação imediata de atualizações de versão. For more information and an example, see "[Configuring {% data variables.product.prodname_dependabot %} version updates](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-dependabot-version-updates#enabling-dependabot-version-updates)." Quaisquer opções que também afetem as atualizações de segurança são usadas na próxima vez que um alerta de segurança acionar um pull request para uma atualização de segurança. Para obter mais informações, consulte "[Configurando {% data variables.product.prodname_dependabot_security_updates %}](/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/configuring-dependabot-security-updates)." @@ -187,7 +189,7 @@ Use a opção `allow` para personalizar quais dependências são atualizadas. Is | -------------------- | --------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------- | | `direta` | Todas | Todas as dependências explicitamente definidas. | | `indireta` | `bundler`, `pip`, `composer`, `cargo` | Dependências de dependências diretas (também conhecidas como sub-dependências ou dependências transitórias). | - | `todos` | Todas | Todas as dependências explicitamente definidas. Para `bundler`, `pip`, `composer`, `cargo`, também as dependências de dependências diretas. | + | `tudo` | Todas | Todas as dependências explicitamente definidas. Para `bundler`, `pip`, `composer`, `cargo`, também as dependências de dependências diretas. | | `produção` | `bundler`, `composer`, `mix`, `maven`, `npm`, `pip` | Apenas dependências no "Grupo de dependência de produção". | | `desenvolvimento` | `bundler`, `composer`, `mix`, `maven`, `npm`, `pip` | Somente dependências no "grupo de dependência do desenvolvimento". | diff --git a/translations/pt-BR/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-dependabot-version-updates.md b/translations/pt-BR/content/code-security/dependabot/dependabot-version-updates/configuring-dependabot-version-updates.md similarity index 93% rename from translations/pt-BR/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-dependabot-version-updates.md rename to translations/pt-BR/content/code-security/dependabot/dependabot-version-updates/configuring-dependabot-version-updates.md index 70a3742479..4700dec98a 100644 --- a/translations/pt-BR/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-dependabot-version-updates.md +++ b/translations/pt-BR/content/code-security/dependabot/dependabot-version-updates/configuring-dependabot-version-updates.md @@ -1,11 +1,12 @@ --- -title: Habilitando e desabilitando as atualizações da versão do Dependabot +title: Configuring Dependabot version updates intro: 'Você pode configurar seu repositório para que o {% data variables.product.prodname_dependabot %} atualize automaticamente os pacotes que você usa.' permissions: 'People with write permissions to a repository can enable or disable {% data variables.product.prodname_dependabot_version_updates %} for the repository.' redirect_from: - /github/administering-a-repository/enabling-and-disabling-version-updates - /code-security/supply-chain-security/enabling-and-disabling-version-updates - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-version-updates + - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-dependabot-version-updates versions: fpt: '*' ghec: '*' @@ -17,7 +18,7 @@ topics: - Repositories - Dependencies - Pull requests -shortTitle: Habilitar e desabilitar atualizações +shortTitle: Configure version updates --- @@ -34,7 +35,7 @@ Você habilita {% data variables.product.prodname_dependabot_version_updates %}, ## Habilitar {% data variables.product.prodname_dependabot_version_updates %} -{% data reusables.dependabot.create-dependabot-yml %} Para obter informações, consulte "[Opções de configuração para atualizações de dependência](/github/administering-a-repository/configuration-options-for-dependency-updates)." +{% data reusables.dependabot.create-dependabot-yml %} For information, see "[Configuration options for the dependabot.yml file](/github/administering-a-repository/configuration-options-for-dependency-updates)." 1. Adicione uma `versão`. 1. Opcionalmente, se você tiver dependências em um registro privado, adicione uma seção de `registros` que contém detalhes de autenticação. 1. Adicione uma seção de `atualizações` com uma entrada para cada gerenciador de pacotes que você deseja que {% data variables.product.prodname_dependabot %} monitore. @@ -138,4 +139,4 @@ updates: update-types: ["version-update:semver-patch"] ``` -Para obter mais informações sobre as verificações para preferências de ignore existentes, consulte "[Opções de configuração para atualizações de dependências](/github/administering-a-repository/configuration-options-for-dependency-updates#ignore)". +For more information about checking for existing ignore preferences, see "[Configuration options for the dependabot.yml file](/github/administering-a-repository/configuration-options-for-dependency-updates#ignore)." diff --git a/translations/pt-BR/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/customizing-dependency-updates.md b/translations/pt-BR/content/code-security/dependabot/dependabot-version-updates/customizing-dependency-updates.md similarity index 92% rename from translations/pt-BR/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/customizing-dependency-updates.md rename to translations/pt-BR/content/code-security/dependabot/dependabot-version-updates/customizing-dependency-updates.md index ce35b8b783..833ac4f45d 100644 --- a/translations/pt-BR/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/customizing-dependency-updates.md +++ b/translations/pt-BR/content/code-security/dependabot/dependabot-version-updates/customizing-dependency-updates.md @@ -5,6 +5,7 @@ permissions: 'People with write permissions to a repository can configure {% dat redirect_from: - /github/administering-a-repository/customizing-dependency-updates - /code-security/supply-chain-security/customizing-dependency-updates + - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/customizing-dependency-updates versions: fpt: '*' ghec: '*' @@ -34,7 +35,7 @@ Depois que você habilitou as atualizações de versão, você pode personalizar - Alterar o número máximo de pull requests abertos para atualizações de versão a partir do padrão de 5: `open-pull-requests-limit` - Abrir pull requests para atualizações de versão para atingir um branch específico, em vez do branch padrão: `target-branch` -Para obter mais informações sobre as opções de configuração, consulte "[Opções de configuração para atualizações de dependências](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/configuration-options-for-dependency-updates)". +For more information about the configuration options, see "[Configuration options for the dependabot.yml file](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/configuration-options-for-dependency-updates)." Ao atualizar o arquivo *dependabot.yml* no seu repositório, o {% data variables.product.prodname_dependabot %} executa uma verificação imediata com a nova configuração. Dentro de minutos você verá uma lista atualizada de dependências na aba **{% data variables.product.prodname_dependabot %}**. Isso pode demorar mais se o repositório tiver muitas dependências. Você também pode ver novas pull requests para atualizações de versão. Para obter mais informações, consulte "[Listando dependências configuradas para atualizações da versão](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/listing-dependencies-configured-for-version-updates)". @@ -140,4 +141,4 @@ updates: ## Mais exemplos -Para obter mais exemplos, consulte "[Opções de configuração para atualizações de dependências](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/configuration-options-for-dependency-updates)". +For more examples, see "[Configuration options for the dependabot.yml file](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/configuration-options-for-dependency-updates)." diff --git a/translations/pt-BR/content/code-security/dependabot/dependabot-version-updates/index.md b/translations/pt-BR/content/code-security/dependabot/dependabot-version-updates/index.md new file mode 100644 index 0000000000..d6014060b7 --- /dev/null +++ b/translations/pt-BR/content/code-security/dependabot/dependabot-version-updates/index.md @@ -0,0 +1,26 @@ +--- +title: Keeping your dependencies updated automatically with Dependabot version updates +intro: 'You can use {% data variables.product.prodname_dependabot %} to automatically keep the dependencies and packages used in your repository updated to the latest version, even when they don’t have any known vulnerabilities.' +allowTitleToDifferFromFilename: true +redirect_from: + - /github/administering-a-repository/keeping-your-dependencies-updated-automatically + - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically +versions: + fpt: '*' + ghec: '*' + ghes: '>3.2' +topics: + - Repositories + - Dependabot + - Version updates + - Dependencies + - Pull requests +children: + - /about-dependabot-version-updates + - /configuring-dependabot-version-updates + - /listing-dependencies-configured-for-version-updates + - /customizing-dependency-updates + - /configuration-options-for-the-dependabot.yml-file +shortTitle: Atualizações de versão do Dependabot +--- + diff --git a/translations/pt-BR/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/listing-dependencies-configured-for-version-updates.md b/translations/pt-BR/content/code-security/dependabot/dependabot-version-updates/listing-dependencies-configured-for-version-updates.md similarity index 84% rename from translations/pt-BR/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/listing-dependencies-configured-for-version-updates.md rename to translations/pt-BR/content/code-security/dependabot/dependabot-version-updates/listing-dependencies-configured-for-version-updates.md index 9bfa039596..bfd5f66530 100644 --- a/translations/pt-BR/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/listing-dependencies-configured-for-version-updates.md +++ b/translations/pt-BR/content/code-security/dependabot/dependabot-version-updates/listing-dependencies-configured-for-version-updates.md @@ -4,6 +4,7 @@ intro: 'Você pode visualizar as dependências que {% data variables.product.pro redirect_from: - /github/administering-a-repository/listing-dependencies-configured-for-version-updates - /code-security/supply-chain-security/listing-dependencies-configured-for-version-updates + - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/listing-dependencies-configured-for-version-updates versions: fpt: '*' ghec: '*' @@ -22,7 +23,7 @@ shortTitle: Listar dependências configuradas ## Visualizando dependências monitoradas por {% data variables.product.prodname_dependabot %} -Depois de habilitar as atualizações de versão, você pode confirmar que a sua configuração está correta usando a aba **{% data variables.product.prodname_dependabot %}** no gráfico de dependências para o repositório. Para obter mais informações, consulte "[Habilitando e desabilitando as atualizações da versão de {% data variables.product.prodname_dependabot %}](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-dependabot-version-updates)". +Depois de habilitar as atualizações de versão, você pode confirmar que a sua configuração está correta usando a aba **{% data variables.product.prodname_dependabot %}** no gráfico de dependências para o repositório. For more information, see "[Configuring {% data variables.product.prodname_dependabot %} version updates](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-dependabot-version-updates)." {% data reusables.repositories.navigate-to-repo %} {% data reusables.repositories.accessing-repository-graphs %} diff --git a/translations/pt-BR/content/code-security/dependabot/index.md b/translations/pt-BR/content/code-security/dependabot/index.md new file mode 100644 index 0000000000..cb1f4984f9 --- /dev/null +++ b/translations/pt-BR/content/code-security/dependabot/index.md @@ -0,0 +1,23 @@ +--- +title: Keeping your supply chain secure with Dependabot +shortTitle: Dependabot +intro: 'Monitor vulnerabilities in dependencies used in your project{% ifversion fpt or ghec or ghes > 3.2 %} and keep your dependencies up-to-date{% endif %} with {% data variables.product.prodname_dependabot %}.' +allowTitleToDifferFromFilename: true +versions: + fpt: '*' + ghes: '*' + ghae: issue-4864 + ghec: '*' +topics: + - Dependabot + - Alerts + - Vulnerabilities + - Repositories + - Dependencies +children: + - /dependabot-alerts + - /dependabot-security-updates + - /dependabot-version-updates + - /working-with-dependabot +--- + diff --git a/translations/pt-BR/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/automating-dependabot-with-github-actions.md b/translations/pt-BR/content/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions.md similarity index 99% rename from translations/pt-BR/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/automating-dependabot-with-github-actions.md rename to translations/pt-BR/content/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions.md index 3347986c1d..ea6083fd93 100644 --- a/translations/pt-BR/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/automating-dependabot-with-github-actions.md +++ b/translations/pt-BR/content/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions.md @@ -17,6 +17,8 @@ topics: - Dependencies - Pull requests shortTitle: Use o Dependabot com ações +redirect_from: + - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/automating-dependabot-with-github-actions --- {% data reusables.dependabot.beta-security-and-version-updates %} diff --git a/translations/pt-BR/content/code-security/dependabot/working-with-dependabot/index.md b/translations/pt-BR/content/code-security/dependabot/working-with-dependabot/index.md new file mode 100644 index 0000000000..2ff0dbc0da --- /dev/null +++ b/translations/pt-BR/content/code-security/dependabot/working-with-dependabot/index.md @@ -0,0 +1,24 @@ +--- +title: Working with Dependabot +shortTitle: Work with Dependabot +intro: 'Guidance and recommendations for working with {% data variables.product.prodname_dependabot %}, such as managing pull requests raised by {% data variables.product.prodname_dependabot %}, using {% data variables.product.prodname_actions %} with {% data variables.product.prodname_dependabot %}, and troubleshooting {% data variables.product.prodname_dependabot %} errors.' +versions: + fpt: '*' + ghec: '*' + ghes: '>3.2' +topics: + - Repositories + - Dependabot + - Version updates + - Security updates + - Dependencies + - Pull requests +children: + - /managing-pull-requests-for-dependency-updates + - /automating-dependabot-with-github-actions + - /keeping-your-actions-up-to-date-with-dependabot + - /managing-encrypted-secrets-for-dependabot + - /troubleshooting-the-detection-of-vulnerable-dependencies + - /troubleshooting-dependabot-errors +--- + diff --git a/translations/pt-BR/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/keeping-your-actions-up-to-date-with-dependabot.md b/translations/pt-BR/content/code-security/dependabot/working-with-dependabot/keeping-your-actions-up-to-date-with-dependabot.md similarity index 87% rename from translations/pt-BR/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/keeping-your-actions-up-to-date-with-dependabot.md rename to translations/pt-BR/content/code-security/dependabot/working-with-dependabot/keeping-your-actions-up-to-date-with-dependabot.md index 7552586d98..f4bda796b6 100644 --- a/translations/pt-BR/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/keeping-your-actions-up-to-date-with-dependabot.md +++ b/translations/pt-BR/content/code-security/dependabot/working-with-dependabot/keeping-your-actions-up-to-date-with-dependabot.md @@ -5,6 +5,7 @@ redirect_from: - /github/administering-a-repository/keeping-your-actions-up-to-date-with-github-dependabot - /github/administering-a-repository/keeping-your-actions-up-to-date-with-dependabot - /code-security/supply-chain-security/keeping-your-actions-up-to-date-with-dependabot + - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/keeping-your-actions-up-to-date-with-dependabot versions: fpt: '*' ghec: '*' @@ -36,7 +37,7 @@ Ações são frequentemente atualizadas com correções de bugs e novos recursos 1. Defina um `schedule.interval` para especificar quantas vezes procurar por novas versões. {% data reusables.dependabot.check-in-dependabot-yml %} Se você tiver editado um arquivo existente, salve suas alterações. -Você também pode habilitar o {% data variables.product.prodname_dependabot_version_updates %} em bifurcações. Para obter mais informações, consulte "[Habilitando e desabilitando as atualizações da versão de {% data variables.product.prodname_dependabot %}](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-dependabot-version-updates#enabling-version-updates-on-forks)". +Você também pode habilitar o {% data variables.product.prodname_dependabot_version_updates %} em bifurcações. For more information, see "[Configuring {% data variables.product.prodname_dependabot %} version updates](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-dependabot-version-updates#enabling-version-updates-on-forks)." ### Exemplo de arquivo *dependabot.yml* para {% data variables.product.prodname_actions %} @@ -57,7 +58,7 @@ updates: ## Configurando o {% data variables.product.prodname_dependabot_version_updates %} para ações -Ao habilitar {% data variables.product.prodname_dependabot_version_updates %} para ações, você deve especificar valores para `package-ecosystem`, `directory` e `schedule.interval`. Há muitas propriedades opcionais adicionais que você pode definir para personalizar ainda mais suas atualizações de versão. Para obter mais informações, consulte "[Opções de configuração para atualizações de dependências](/github/administering-a-repository/configuration-options-for-dependency-updates)". +Ao habilitar {% data variables.product.prodname_dependabot_version_updates %} para ações, você deve especificar valores para `package-ecosystem`, `directory` e `schedule.interval`. Há muitas propriedades opcionais adicionais que você pode definir para personalizar ainda mais suas atualizações de versão. For more information, see "[Configuration options for the dependabot.yml file](/github/administering-a-repository/configuration-options-for-dependency-updates)." ## Leia mais diff --git a/translations/pt-BR/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/managing-encrypted-secrets-for-dependabot.md b/translations/pt-BR/content/code-security/dependabot/working-with-dependabot/managing-encrypted-secrets-for-dependabot.md similarity index 93% rename from translations/pt-BR/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/managing-encrypted-secrets-for-dependabot.md rename to translations/pt-BR/content/code-security/dependabot/working-with-dependabot/managing-encrypted-secrets-for-dependabot.md index 0281f2e30b..f3765ffd50 100644 --- a/translations/pt-BR/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/managing-encrypted-secrets-for-dependabot.md +++ b/translations/pt-BR/content/code-security/dependabot/working-with-dependabot/managing-encrypted-secrets-for-dependabot.md @@ -4,6 +4,7 @@ intro: 'Você pode armazenar informações confidenciais como, por exemplo, senh redirect_from: - /github/administering-a-repository/managing-encrypted-secrets-for-dependabot - /code-security/supply-chain-security/managing-encrypted-secrets-for-dependabot + - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/managing-encrypted-secrets-for-dependabot versions: fpt: '*' ghec: '*' @@ -33,7 +34,7 @@ password: ${{secrets.MY_ARTIFACTORY_PASSWORD}} ``` {% endraw %} -Para obter mais informações, consulte "[Opções de configuração para atualizações de dependências](/github/administering-a-repository/configuration-options-for-dependency-updates#configuration-options-for-private-registries)". +For more information, see "[Configuration options for the dependabot.yml file](/github/administering-a-repository/configuration-options-for-dependency-updates#configuration-options-for-private-registries)." ### Nomear os seus segredos diff --git a/translations/pt-BR/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/managing-pull-requests-for-dependency-updates.md b/translations/pt-BR/content/code-security/dependabot/working-with-dependabot/managing-pull-requests-for-dependency-updates.md similarity index 91% rename from translations/pt-BR/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/managing-pull-requests-for-dependency-updates.md rename to translations/pt-BR/content/code-security/dependabot/working-with-dependabot/managing-pull-requests-for-dependency-updates.md index d3b2dcda12..dab90a241a 100644 --- a/translations/pt-BR/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/managing-pull-requests-for-dependency-updates.md +++ b/translations/pt-BR/content/code-security/dependabot/working-with-dependabot/managing-pull-requests-for-dependency-updates.md @@ -4,6 +4,7 @@ intro: 'Você gerencia pull requests criadas por {% data variables.product.prodn redirect_from: - /github/administering-a-repository/managing-pull-requests-for-dependency-updates - /code-security/supply-chain-security/managing-pull-requests-for-dependency-updates + - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/managing-pull-requests-for-dependency-updates versions: fpt: '*' ghec: '*' @@ -41,7 +42,7 @@ Se você tem muitas dependências para gerenciar, você pode querer personalizar ## Alterando a estratégia de rebase para pull requests {% data variables.product.prodname_dependabot %} -Por padrão, o {% data variables.product.prodname_dependabot %} faz o rebasamento automaticamente das pull requests para resolver quaisquer conflitos. Se você preferir lidar com conflitos de merge manualmente, pode desativar isso usando a opção `rebase-strategy`. Para obter detalhes, consulte "[Opções de configuração para atualizações de dependências](/github/administering-a-repository/configuration-options-for-dependency-updates#rebase-strategy)". +Por padrão, o {% data variables.product.prodname_dependabot %} faz o rebasamento automaticamente das pull requests para resolver quaisquer conflitos. Se você preferir lidar com conflitos de merge manualmente, pode desativar isso usando a opção `rebase-strategy`. For details, see "[Configuration options for the dependabot.yml file](/github/administering-a-repository/configuration-options-for-dependency-updates#rebase-strategy)." ## Gerenciando pull requests {% data variables.product.prodname_dependabot %} com comandos de comentário @@ -62,4 +63,4 @@ Você pode usar qualquer um dos seguintes comandos em um pull request de {% data {% data variables.product.prodname_dependabot %} reagirá com um emoji "positivo" para reconhecer o comando e pode responder com um comentário no pull request. Embora {% data variables.product.prodname_dependabot %} normalmente responda rapidamente, alguns comandos podem levar vários minutos para serem concluídos se {% data variables.product.prodname_dependabot %} estiver ocupado processando outras atualizações ou comandos. -Se você executar algum comando para ignorar dependências ou versões, o {% data variables.product.prodname_dependabot %} armazena centralmente as preferências para o repositório. Embora esta seja uma solução rápida, para repositórios com mais de um colaborador é melhor definir explicitamente as dependências e versões para ignorar no arquivo de configuração. Isso facilita que todos os colaboradores vejam por que uma determinada dependência não está sendo atualizada automaticamente. Para obter mais informações, consulte "[Opções de configuração para atualizações de dependências](/github/administering-a-repository/configuration-options-for-dependency-updates#ignore)". +Se você executar algum comando para ignorar dependências ou versões, o {% data variables.product.prodname_dependabot %} armazena centralmente as preferências para o repositório. Embora esta seja uma solução rápida, para repositórios com mais de um colaborador é melhor definir explicitamente as dependências e versões para ignorar no arquivo de configuração. Isso facilita que todos os colaboradores vejam por que uma determinada dependência não está sendo atualizada automaticamente. For more information, see "[Configuration options for the dependabot.yml file](/github/administering-a-repository/configuration-options-for-dependency-updates#ignore)." diff --git a/translations/pt-BR/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/troubleshooting-dependabot-errors.md b/translations/pt-BR/content/code-security/dependabot/working-with-dependabot/troubleshooting-dependabot-errors.md similarity index 90% rename from translations/pt-BR/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/troubleshooting-dependabot-errors.md rename to translations/pt-BR/content/code-security/dependabot/working-with-dependabot/troubleshooting-dependabot-errors.md index 2fd57be3ac..93305cd5ad 100644 --- a/translations/pt-BR/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/troubleshooting-dependabot-errors.md +++ b/translations/pt-BR/content/code-security/dependabot/working-with-dependabot/troubleshooting-dependabot-errors.md @@ -6,6 +6,7 @@ redirect_from: - /github/managing-security-vulnerabilities/troubleshooting-github-dependabot-errors - /github/managing-security-vulnerabilities/troubleshooting-dependabot-errors - /code-security/supply-chain-security/troubleshooting-dependabot-errors + - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/troubleshooting-dependabot-errors versions: fpt: '*' ghec: '*' @@ -76,7 +77,7 @@ Pull requests para atualizações de segurança atuam para atualizar uma depend Cada aplicativo com dependências tem um gráfico de dependências, ou seja, um gráfico direcionado acíclico de cada versão de pacote da qual o aplicativo depende direta ou indiretamente. Toda vez que uma dependência é atualizada, este gráfico deve ser resolvido. Caso contrário, o aplicativo não será criado. Quando um ecossistema tem um gráfico de dependência profundo e complexo, por exemplo, npm e RubyGems, geralmente é impossível atualizar uma única dependência sem atualizar todo o ecossistema. -A melhor maneira de evitar esse problema é manter-se atualizado com as versões mais recentes, habilitando, por exemplo, as atualizações de versões. Isso aumenta a probabilidade de que uma vulnerabilidade em uma dependência possa ser resolvida por meio de uma atualização simples que não afete o gráfico de dependência. Para obter mais informações, consulte "[Habilitando e desabilitando as atualizações da versão de {% data variables.product.prodname_dependabot %}](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-dependabot-version-updates)". +A melhor maneira de evitar esse problema é manter-se atualizado com as versões mais recentes, habilitando, por exemplo, as atualizações de versões. Isso aumenta a probabilidade de que uma vulnerabilidade em uma dependência possa ser resolvida por meio de uma atualização simples que não afete o gráfico de dependência. For more information, see "[Configuring {% data variables.product.prodname_dependabot %} version updates](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-dependabot-version-updates)." ### {% data variables.product.prodname_dependabot %} não consegue atualizar para a versão necessária, pois já existe um pull request aberto para a última versão @@ -90,13 +91,13 @@ Existem duas opções: você pode revisar o pull request aberto e fazer o merge Este erro é difícil de ser corrigido. Se a atualização de uma versão expirar, você poderá especificar as dependências mais importantes para atualizar usando o parâmetro `permitir` ou, como alternativa, você pode usar o parâmetro `ignorar` para excluir algumas dependências de atualizações. Atualizar sua configuração pode permitir que {% data variables.product.prodname_dependabot %} revise a atualização da versão e gere o pull request no tempo disponível. -Se uma atualização de segurança expirar, você pode reduzir as chances de isso acontecer mantendo as dependências atualizadas, por exemplo, habilitando atualizações de versão. Para obter mais informações, consulte "[Habilitando e desabilitando as atualizações da versão de {% data variables.product.prodname_dependabot %}](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-dependabot-version-updates)". +Se uma atualização de segurança expirar, você pode reduzir as chances de isso acontecer mantendo as dependências atualizadas, por exemplo, habilitando atualizações de versão. For more information, see "[Configuring {% data variables.product.prodname_dependabot %} version updates](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-dependabot-version-updates)." ### {% data variables.product.prodname_dependabot %} não consegue abrir mais nenhum pull request Há um limite no número de pull requests abertos que {% data variables.product.prodname_dependabot %} irá gerar. Quando este limite é atingido, nenhum pull request novo será aberto e este erro será relatado. A melhor maneira de resolver este erro é revisar e fazer merge alguns dos pull requests abertos. -Existem limites separados para solicitações de atualização de versões e segurança, para que os pull requests de atualização de versão aberta não possam bloquear a criação de uma solicitação de atualização de segurança. O limite para pull requests de atualização de segurança é 10. Por padrão, o limite para atualizações de versão é 5, mas você pode alterá-lo usando o parâmetro `open-pull-requests-limit` no arquivo de configuração. Para obter mais informações, consulte "[Opções de configuração para atualizações de dependências](/github/administering-a-repository/configuration-options-for-dependency-updates#open-pull-requests-limit)". +Existem limites separados para solicitações de atualização de versões e segurança, para que os pull requests de atualização de versão aberta não possam bloquear a criação de uma solicitação de atualização de segurança. O limite para pull requests de atualização de segurança é 10. Por padrão, o limite para atualizações de versão é 5, mas você pode alterá-lo usando o parâmetro `open-pull-requests-limit` no arquivo de configuração. For more information, see "[Configuration options for the dependabot.yml file](/github/administering-a-repository/configuration-options-for-dependency-updates#open-pull-requests-limit)." A melhor maneira de resolver este erro é fazer o merge ou fechar alguns dos pull requests existentes e acionar um novo pull request manualmente. Para obter mais informações, consulte "[Acionar um pull request de {% data variables.product.prodname_dependabot %} manualmente](#triggering-a-dependabot-pull-request-manually)". @@ -121,3 +122,8 @@ Se você desbloquear {% data variables.product.prodname_dependabot %}, você pod - **Atualizações de segurança**—exibe o alerta de {% data variables.product.prodname_dependabot %}, que mostra o erro que você corrigiu e clique em **Criar atualização de segurança de {% data variables.product.prodname_dependabot %}**. - **Atualização de versão**—na aba **Insights** do repositório, clique no **Gráfico de dependência** e, em seguida, clique na aba **Dependabot**. Clique em **Última verificação*há* hora** para ver o arquivo de registro que {% data variables.product.prodname_dependabot %} gerou durante a última verificação de atualizações de versão. Clique em **Verificar atualizações**. + +## Leia mais + +- "[Troubleshooting the dependency graph](/code-security/supply-chain-security/understanding-your-software-supply-chain/troubleshooting-the-dependency-graph)" +- "[Solução de problemas na detecção de dependências vulneráveis](/code-security/dependabot/working-with-dependabot/troubleshooting-the-detection-of-vulnerable-dependencies)" diff --git a/translations/pt-BR/content/code-security/dependabot/working-with-dependabot/troubleshooting-the-detection-of-vulnerable-dependencies.md b/translations/pt-BR/content/code-security/dependabot/working-with-dependabot/troubleshooting-the-detection-of-vulnerable-dependencies.md new file mode 100644 index 0000000000..8df9657bb7 --- /dev/null +++ b/translations/pt-BR/content/code-security/dependabot/working-with-dependabot/troubleshooting-the-detection-of-vulnerable-dependencies.md @@ -0,0 +1,93 @@ +--- +title: Troubleshooting the detection of vulnerable dependencies +intro: 'If the dependency information reported by {% data variables.product.product_name %} is not what you expected, there are a number of points to consider, and various things you can check.' +shortTitle: Troubleshoot vulnerability detection +redirect_from: + - /github/managing-security-vulnerabilities/troubleshooting-the-detection-of-vulnerable-dependencies + - /code-security/supply-chain-security/troubleshooting-the-detection-of-vulnerable-dependencies + - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/troubleshooting-the-detection-of-vulnerable-dependencies +versions: + fpt: '*' + ghes: '*' + ghae: issue-4864 + ghec: '*' +type: how_to +topics: + - Dependabot + - Alerts + - Troubleshooting + - Errors + - Security updates + - Dependencies + - Vulnerabilities + - CVEs + - Repositories +--- + +{% data reusables.dependabot.beta-security-and-version-updates %} +{% data reusables.dependabot.result-discrepancy %} + +## Why do some dependencies seem to be missing? + +{% data variables.product.prodname_dotcom %} generates and displays dependency data differently than other tools. Consequently, if you've been using another tool to identify dependencies you will almost certainly see different results. Consider the following: + +* {% data variables.product.prodname_advisory_database %} is one of the data sources that {% data variables.product.prodname_dotcom %} uses to identify vulnerable dependencies. It's a free, curated database of vulnerability information for common package ecosystems on {% data variables.product.prodname_dotcom %}. It includes both data reported directly to {% data variables.product.prodname_dotcom %} from {% data variables.product.prodname_security_advisories %}, as well as official feeds and community sources. This data is reviewed and curated by {% data variables.product.prodname_dotcom %} to ensure that false or unactionable information is not shared with the development community. {% data reusables.security-advisory.link-browsing-advisory-db %} +* The dependency graph parses all known package manifest files in a user’s repository. For example, for npm it will parse the _package-lock.json_ file. It constructs a graph of all of the repository’s dependencies and public dependents. This happens when you enable the dependency graph and when anyone pushes to the default branch, and it includes commits that makes changes to a supported manifest format. For more information, see "[About the dependency graph](/github/visualizing-repository-data-with-graphs/about-the-dependency-graph)" and "[Troubleshooting the dependency graph](/code-security/supply-chain-security/understanding-your-software-supply-chain/troubleshooting-the-dependency-graph)." +* {% data variables.product.prodname_dependabot %} scans any push, to the default branch, that contains a manifest file. When a new vulnerability record is added, it scans all existing repositories and generates an alert for each vulnerable repository. {% data variables.product.prodname_dependabot_alerts %} are aggregated at the repository level, rather than creating one alert per vulnerability. For more information, see "[About {% data variables.product.prodname_dependabot_alerts %}](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)." +* {% ifversion fpt or ghec or ghes > 3.2 %}{% data variables.product.prodname_dependabot_security_updates %} are triggered when you receive an alert about a vulnerable dependency in your repository. Where possible, {% data variables.product.prodname_dependabot %} creates a pull request in your repository to upgrade the vulnerable dependency to the minimum possible secure version needed to avoid the vulnerability. For more information, see "[About {% data variables.product.prodname_dependabot_security_updates %}](/github/managing-security-vulnerabilities/about-dependabot-security-updates)" and "[Troubleshooting {% data variables.product.prodname_dependabot %} errors](/github/managing-security-vulnerabilities/troubleshooting-dependabot-errors)." + + {% endif %}{% data variables.product.prodname_dependabot %} doesn't scan repositories for vulnerable dependencies on a schedule, but rather when something changes. For example, a scan is triggered when a new dependency is added ({% data variables.product.prodname_dotcom %} checks for this on every push), or when a new vulnerability is added to the advisory database{% ifversion ghes or ghae-issue-4864 %} and synchronized to {% data variables.product.product_location %}{% endif %}. For more information, see "[About {% data variables.product.prodname_dependabot_alerts %}](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies#detection-of-vulnerable-dependencies)." + +## Do {% data variables.product.prodname_dependabot_alerts %} only relate to vulnerable dependencies in manifests and lockfiles? + +{% data variables.product.prodname_dependabot_alerts %} advise you about dependencies you should update, including transitive dependencies, where the version can be determined from a manifest or a lockfile. {% ifversion fpt or ghec or ghes > 3.2 %}{% data variables.product.prodname_dependabot_security_updates %} only suggest a change where {% data variables.product.prodname_dependabot %} can directly "fix" the dependency, that is, when these are: +* Direct dependencies explicitly declared in a manifest or lockfile +* Transitive dependencies declared in a lockfile{% endif %} + +**Check**: Is the uncaught vulnerability for a component that's not specified in the repository's manifest or lockfile? + +## Why don't I get vulnerability alerts for some ecosystems? + +{% data variables.product.prodname_dotcom %} limits its support for vulnerability alerts to a set of ecosystems where we can provide high-quality, actionable data. Curated vulnerabilities in the {% data variables.product.prodname_advisory_database %}, the dependency graph, {% ifversion fpt or ghec %}{% data variables.product.prodname_dependabot %} security updates, {% endif %}and {% data variables.product.prodname_dependabot_alerts %} are provided for several ecosystems, including Java’s Maven, JavaScript’s npm and Yarn, .NET’s NuGet, Python’s pip, Ruby's RubyGems, and PHP’s Composer. We'll continue to add support for more ecosystems over time. For an overview of the package ecosystems that we support, see "[About the dependency graph](/github/visualizing-repository-data-with-graphs/about-the-dependency-graph#supported-package-ecosystems)." + +It's worth noting that {% data variables.product.prodname_dotcom %} Security Advisories may exist for other ecosystems. The information in a security advisory is provided by the maintainers of a particular repository. This data is not curated in the same way as information for the supported ecosystems. {% ifversion fpt or ghec %}For more information, see "[About {% data variables.product.prodname_dotcom %} Security Advisories](/github/managing-security-vulnerabilities/about-github-security-advisories)."{% endif %} + +**Check**: Does the uncaught vulnerability apply to an unsupported ecosystem? + +## Does {% data variables.product.prodname_dependabot %} generate alerts for vulnerabilities that have been known for many years? + +The {% data variables.product.prodname_advisory_database %} was launched in November 2019, and initially back-filled to include vulnerability information for the supported ecosystems, starting from 2017. When adding CVEs to the database, we prioritize curating newer CVEs, and CVEs affecting newer versions of software. + +Some information on older vulnerabilities is available, especially where these CVEs are particularly widespread, however some old vulnerabilities are not included in the {% data variables.product.prodname_advisory_database %}. If there's a specific old vulnerability that you need to be included in the database, contact {% data variables.contact.contact_support %}. + +**Check**: Does the uncaught vulnerability have a publish date earlier than 2017 in the National Vulnerability Database? + +## Why does {% data variables.product.prodname_advisory_database %} use a subset of published vulnerability data? + +Some third-party tools use uncurated CVE data that isn't checked or filtered by a human. This means that CVEs with tagging or severity errors, or other quality issues, will cause more frequent, more noisy, and less useful alerts. + +Since {% data variables.product.prodname_dependabot %} uses curated data in the {% data variables.product.prodname_advisory_database %}, the volume of alerts may be lower, but the alerts you do receive will be accurate and relevant. + +{% ifversion fpt or ghec %} +## Does each dependency vulnerability generate a separate alert? + +When a dependency has multiple vulnerabilities, an alert is generated for each vulnerability at the level of advisory plus manifest. + +![Screenshot of the {% data variables.product.prodname_dependabot_alerts %} tab showing two alerts from the same package with different manifests.](/assets/images/help/repository/dependabot-alerts-view.png) + +Legacy {% data variables.product.prodname_dependabot_alerts %} were grouped into a single aggregated alert with all the vulnerabilities for the same dependency. If you navigate to a link to a legacy {% data variables.product.prodname_dependabot %} alert, you will be redirected to the {% data variables.product.prodname_dependabot_alerts %} tab filtered to display vulnerabilities for that dependent package and manifest. + +![Screenshot of the {% data variables.product.prodname_dependabot_alerts %} tab showing the filtered alerts from navigating to a legacy {% data variables.product.prodname_dependabot %} alert.](/assets/images/help/repository/legacy-dependabot-alerts-view.png) + +The {% data variables.product.prodname_dependabot_alerts %} count in {% data variables.product.prodname_dotcom %} shows a total for the number of alerts, which is the number of vulnerabilities, not the number of dependencies. + +**Check**: If there is a discrepancy in the totals you are seeing, check that you are not comparing alert numbers with dependency numbers. Also check that you are viewing all alerts and not a subset of filtered alerts. +{% endif %} + +## Leia mais + +- "[Sobre {% data variables.product.prodname_dependabot_alerts %}](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)" +- "[Viewing {% data variables.product.prodname_dependabot_alerts %} for vulnerable dependencies](/github/managing-security-vulnerabilities/viewing-and-updating-vulnerable-dependencies-in-your-repository)" +- "[Gerenciar as configurações de segurança e análise para o seu repositório](/github/administering-a-repository/managing-security-and-analysis-settings-for-your-repository)" +- "[Troubleshooting the dependency graph](/code-security/supply-chain-security/understanding-your-software-supply-chain/troubleshooting-the-dependency-graph)"{% ifversion fpt or ghec or ghes > 3.2 %} +- "[Solucionar problemas de {% data variables.product.prodname_dependabot %}](/github/managing-security-vulnerabilities/troubleshooting-dependabot-errors)"{% endif %} diff --git a/translations/pt-BR/content/code-security/getting-started/github-security-features.md b/translations/pt-BR/content/code-security/getting-started/github-security-features.md index 6ab7f8f602..2d4b87fd94 100644 --- a/translations/pt-BR/content/code-security/getting-started/github-security-features.md +++ b/translations/pt-BR/content/code-security/getting-started/github-security-features.md @@ -37,7 +37,7 @@ Discute em particular e corrige vulnerabilidades de segurança no código do seu ### {% data variables.product.prodname_dependabot_alerts %} e atualizações de segurança -Ver alertas sobre dependências conhecidas por conter vulnerabilidades de segurança e escolher se deseja gerar pull requests para atualizar essas dependências automaticamente. Para obter mais informações, consulte "[Sobre alertas de dependências vulneráveis](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies) e "[Sobre {% data variables.product.prodname_dependabot_security_updates %}](/github/managing-security-vulnerabilities/about-dependabot-security-updates)". +Ver alertas sobre dependências conhecidas por conter vulnerabilidades de segurança e escolher se deseja gerar pull requests para atualizar essas dependências automaticamente. For more information, see "[About {% data variables.product.prodname_dependabot_alerts %}](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)" and "[About {% data variables.product.prodname_dependabot_security_updates %}](/github/managing-security-vulnerabilities/about-dependabot-security-updates)." {% endif %} {% ifversion ghes < 3.3 or ghae-issue-4864 %} @@ -45,7 +45,7 @@ Ver alertas sobre dependências conhecidas por conter vulnerabilidades de segura {% data reusables.dependabot.dependabot-alerts-beta %} -Exibir alertas sobre dependências conhecidas por conter vulnerabilidades de segurança e gerenciar esses alertas. Para obter mais informações, consulte "[Sobre alertas para dependências vulneráveis](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)" +Exibir alertas sobre dependências conhecidas por conter vulnerabilidades de segurança e gerenciar esses alertas. Para obter mais informações, consulte "[Sobre {% data variables.product.prodname_dependabot_alerts %}](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)". {% endif %} {% ifversion fpt or ghec or ghes > 3.2 %} diff --git a/translations/pt-BR/content/code-security/getting-started/securing-your-organization.md b/translations/pt-BR/content/code-security/getting-started/securing-your-organization.md index e8a9671f16..bec4ce8a43 100644 --- a/translations/pt-BR/content/code-security/getting-started/securing-your-organization.md +++ b/translations/pt-BR/content/code-security/getting-started/securing-your-organization.md @@ -48,7 +48,7 @@ Você pode criar uma política de segurança padrão que será exibida em qualqu {% data reusables.dependabot.dependabot-alerts-beta %} {% data reusables.dependabot.dependabot-alerts-dependency-graph-enterprise %} -Para obter mais informações, consulte "[Sobre alertas para dependências vulneráveis](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)," "[Explorar as dependências de um repositório](/code-security/supply-chain-security/exploring-the-dependencies-of-a-repository#enabling-and-disabling-the-dependency-graph-for-a-private-repository) e "[Gerenciar configurações de segurança e análise para sua organização](/organizations/keeping-your-organization-secure/managing-security-and-analysis-settings-for-your-organization)". +For more information, see "[About {% data variables.product.prodname_dependabot_alerts %}](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)," "[Exploring the dependencies of a repository](/code-security/supply-chain-security/exploring-the-dependencies-of-a-repository#enabling-and-disabling-the-dependency-graph-for-a-private-repository)," and "[Managing security and analysis settings for your organization](/organizations/keeping-your-organization-secure/managing-security-and-analysis-settings-for-your-organization)." {% endif %} {% ifversion fpt or ghes > 3.1 or ghae-issue-4864 or ghec %} @@ -79,7 +79,7 @@ Para obter mais informações, consulte "[Sobre {% data variables.product.prodna Você pode habilitar {% data variables.product.prodname_dependabot %} para aumentar automaticamente os pull requests para manter suas dependências atualizadas. Para obter mais informações, consulte "[Sobre {% data variables.product.prodname_dependabot_version_updates %}](/code-security/supply-chain-security/about-dependabot-version-updates)". -Para habilitar {% data variables.product.prodname_dependabot_version_updates %}, você deve criar um arquivo de configuração *dependabot.yml*. Para obter mais informações, consulte "[Habilitando e desabilitando as atualizações da versão de {% data variables.product.prodname_dependabot %}](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-dependabot-version-updates)". +Para habilitar {% data variables.product.prodname_dependabot_version_updates %}, você deve criar um arquivo de configuração *dependabot.yml*. For more information, see "[Configuring {% data variables.product.prodname_dependabot %} version updates](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-dependabot-version-updates)." {% endif %} @@ -135,7 +135,7 @@ Para obter mais informações, consulte "[Gerenciar configurações de seguranç ## Próximas etapas {% ifversion fpt or ghes > 3.1 or ghec %}Você pode visualizar, filtrar e organizar alertas de segurança em repositórios pertencentes à sua organização na visão geral de segurança. Para obter mais informações, consulte "[Sobre a visão geral de segurança](/code-security/security-overview/about-the-security-overview)".{% endif %} -Você pode visualizar e gerenciar alertas de funcionalidades de segurança para resolver dependências e vulnerabilidades no seu código. Para obter mais informações, consulte {% ifversion fpt or ghes or ghec %} "[Visualizar e atualizar as dependências vulneráveis no seu repositório](/code-security/supply-chain-security/viewing-and-updating-vulnerable-dependencies-in-your-repository),"{% endif %} {% ifversion fpt or ghec or ghes > 3.2 %}"[Gerenciar pull requests para atualizações de dependência](/code-security/supply-chain-security/managing-pull-requests-for-dependency-updates)," {% endif %}"[Gernciar {% data variables.product.prodname_code_scanning %} para o seu repositório](/code-security/secure-coding/managing-code-scanning-alerts-for-your-repository)," e "[Gerenciar alertas de {% data variables.product.prodname_secret_scanning %}](/code-security/secret-security/managing-alerts-from-secret-scanning)." +Você pode visualizar e gerenciar alertas de funcionalidades de segurança para resolver dependências e vulnerabilidades no seu código. For more information, see {% ifversion fpt or ghes or ghec %} "[Viewing {% data variables.product.prodname_dependabot_alerts %} for vulnerable dependencies](/code-security/supply-chain-security/viewing-and-updating-vulnerable-dependencies-in-your-repository),"{% endif %} {% ifversion fpt or ghec or ghes > 3.2 %}"[Managing pull requests for dependency updates](/code-security/supply-chain-security/managing-pull-requests-for-dependency-updates)," {% endif %}"[Managing {% data variables.product.prodname_code_scanning %} for your repository](/code-security/secure-coding/managing-code-scanning-alerts-for-your-repository)," and "[Managing alerts from {% data variables.product.prodname_secret_scanning %}](/code-security/secret-security/managing-alerts-from-secret-scanning)." {% ifversion fpt or ghec %}Se você tiver uma vulnerabilidade de segurança, você poderá criar uma consultoria de segurança para discutir em privado e corrigir a vulnerabilidade. Para obter mais informações, consulte "[Sobre {% data variables.product.prodname_security_advisories %}](/code-security/security-advisories/about-github-security-advisories)" e " "[Criar uma consultoria de segurança](/code-security/security-advisories/creating-a-security-advisory)". {% endif %} diff --git a/translations/pt-BR/content/code-security/getting-started/securing-your-repository.md b/translations/pt-BR/content/code-security/getting-started/securing-your-repository.md index f60cff5d8e..0cb11f2ed8 100644 --- a/translations/pt-BR/content/code-security/getting-started/securing-your-repository.md +++ b/translations/pt-BR/content/code-security/getting-started/securing-your-repository.md @@ -75,7 +75,7 @@ Para obter mais informações, consulte "[Explorar as dependências de um reposi {% data reusables.dependabot.dependabot-alerts-beta %} {% data reusables.dependabot.dependabot-alerts-dependency-graph-enterprise %} -Para obter mais informações, consulte "[Sobre alertas para dependências vulneráveis](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies){% ifversion fpt or ghec %}" e[Gerenciar as configurações de segurança e análise da sua conta de usuário](/github/setting-up-and-managing-your-github-user-account/managing-security-and-analysis-settings-for-your-user-account){% endif %}." +For more information, see "[About {% data variables.product.prodname_dependabot_alerts %}](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies){% ifversion fpt or ghec %}" and "[Managing security and analysis settings for your user account](/github/setting-up-and-managing-your-github-user-account/managing-security-and-analysis-settings-for-your-user-account){% endif %}." {% endif %} @@ -111,7 +111,7 @@ Para obter mais informações, consulte "[Sobre {% data variables.product.prodna Você pode habilitar {% data variables.product.prodname_dependabot %} para aumentar automaticamente os pull requests para manter suas dependências atualizadas. Para obter mais informações, consulte "[Sobre {% data variables.product.prodname_dependabot_version_updates %}](/code-security/supply-chain-security/about-dependabot-version-updates)". -Para habilitar {% data variables.product.prodname_dependabot_version_updates %}, você deve criar um arquivo de configuração *dependabot.yml*. Para obter mais informações, consulte "[Habilitando e desabilitando as atualizações da versão de {% data variables.product.prodname_dependabot %}](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-dependabot-version-updates)". +Para habilitar {% data variables.product.prodname_dependabot_version_updates %}, você deve criar um arquivo de configuração *dependabot.yml*. For more information, see "[Configuring {% data variables.product.prodname_dependabot %} version updates](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-dependabot-version-updates)." {% endif %} @@ -132,7 +132,7 @@ Você pode configurar {% data variables.product.prodname_code_scanning %} para i {% endif %} ## Próximas etapas -Você pode visualizar e gerenciar alertas de funcionalidades de segurança para resolver dependências e vulnerabilidades no seu código. Para obter mais informações, consulte {% ifversion fpt or ghes or ghec %} "[Visualizar e atualizar as dependências vulneráveis no seu repositório](/code-security/supply-chain-security/viewing-and-updating-vulnerable-dependencies-in-your-repository),"{% endif %} {% ifversion fpt or ghec or ghes > 3.2 %}"[Gerenciar pull requests para atualizações de dependência](/code-security/supply-chain-security/managing-pull-requests-for-dependency-updates)," {% endif %}"[Gernciar {% data variables.product.prodname_code_scanning %} para o seu repositório](/code-security/secure-coding/managing-code-scanning-alerts-for-your-repository)," e "[Gerenciar alertas de {% data variables.product.prodname_secret_scanning %}](/code-security/secret-security/managing-alerts-from-secret-scanning)." +Você pode visualizar e gerenciar alertas de funcionalidades de segurança para resolver dependências e vulnerabilidades no seu código. For more information, see {% ifversion fpt or ghes or ghec %} "[Viewing {% data variables.product.prodname_dependabot_alerts %} for vulnerable dependencies](/code-security/supply-chain-security/viewing-and-updating-vulnerable-dependencies-in-your-repository),"{% endif %} {% ifversion fpt or ghec or ghes > 3.2 %}"[Managing pull requests for dependency updates](/code-security/supply-chain-security/managing-pull-requests-for-dependency-updates)," {% endif %}"[Managing {% data variables.product.prodname_code_scanning %} for your repository](/code-security/secure-coding/managing-code-scanning-alerts-for-your-repository)," and "[Managing alerts from {% data variables.product.prodname_secret_scanning %}](/code-security/secret-security/managing-alerts-from-secret-scanning)." {% ifversion fpt or ghec %}Se você tiver uma vulnerabilidade de segurança, você poderá criar uma consultoria de segurança para discutir em privado e corrigir a vulnerabilidade. Para obter mais informações, consulte "[Sobre {% data variables.product.prodname_security_advisories %}](/code-security/security-advisories/about-github-security-advisories)" e " "[Criar uma consultoria de segurança](/code-security/security-advisories/creating-a-security-advisory)". {% endif %} diff --git a/translations/pt-BR/content/code-security/guides.md b/translations/pt-BR/content/code-security/guides.md index 1ab696bf24..a45a3085d7 100644 --- a/translations/pt-BR/content/code-security/guides.md +++ b/translations/pt-BR/content/code-security/guides.md @@ -75,7 +75,6 @@ includeGuides: - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/managing-pull-requests-for-dependency-updates - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-alerts-for-vulnerable-dependencies - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-dependabot-security-updates - - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-managing-vulnerable-dependencies - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/browsing-security-vulnerabilities-in-the-github-advisory-database - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/editing-security-advisories-in-the-github-advisory-database - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/configuring-dependabot-security-updates diff --git a/translations/pt-BR/content/code-security/index.md b/translations/pt-BR/content/code-security/index.md index fc213944f8..66b325c347 100644 --- a/translations/pt-BR/content/code-security/index.md +++ b/translations/pt-BR/content/code-security/index.md @@ -54,6 +54,7 @@ children: - /code-scanning - /repository-security-advisories - /supply-chain-security + - /dependabot - /security-overview - /guides --- diff --git a/translations/pt-BR/content/code-security/security-overview/about-the-security-overview.md b/translations/pt-BR/content/code-security/security-overview/about-the-security-overview.md index 8413a306b3..47fef99fe6 100644 --- a/translations/pt-BR/content/code-security/security-overview/about-the-security-overview.md +++ b/translations/pt-BR/content/code-security/security-overview/about-the-security-overview.md @@ -28,7 +28,7 @@ shortTitle: Sobre a visão geral de segurança Você pode usar a visão geral de segurança para uma visão de alto nível do status de segurança da sua organização ou para identificar repositórios problemáticos que exigem intervenção. É possível visualizar as informações de segurança de tipo agregado ou específico do repositório na visão geral de segurança. Você também pode usar a visão geral de segurança para ver quais funcionalidades de segurança são habilitadas para os repositórios e para configurar quaisquer funcionalidades de segurança disponíveis que não estão em uso atualmente. -A visão geral de segurança indica se {% ifversion fpt or ghes > 3.1 or ghec %}os recursos de segurança{% endif %}{% ifversion ghae %}{% data variables.product.prodname_GH_advanced_security %}{% endif %} estão habilitados para os repositórios pertencentes à sua organização e consolida os alertas para cada recurso.{% ifversion fpt or ghes > 3.1 or ghec %} As funcionalidades de segurança incluem funcionalidaes de {% data variables.product.prodname_GH_advanced_security %} como, por exemplo, {% data variables.product.prodname_code_scanning %} e {% data variables.product.prodname_secret_scanning %}, bem como {% data variables.product.prodname_dependabot_alerts %}.{% endif %} Para obter mais informações sobre as funcionalidades de {% data variables.product.prodname_GH_advanced_security %} conuslte "[Sobre {% data variables.product.prodname_GH_advanced_security %}](/get-started/learning-about-github/about-github-advanced-security)."{% ifversion fpt or ghes > 3.1 or ghec %} Para obter mais informações sobre {% data variables.product.prodname_dependabot_alerts %}, consulte "[Sobre alertas para dependências de vulnerabilidade](/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-alerts-for-vulnerable-dependencies#dependabot-alerts-for-vulnerable-dependencies)."{% endif %} +The security overview indicates whether {% ifversion fpt or ghes > 3.1 or ghec %}security{% endif %}{% ifversion ghae %}{% data variables.product.prodname_GH_advanced_security %}{% endif %} features are enabled for repositories owned by your organization and consolidates alerts for each feature.{% ifversion fpt or ghes > 3.1 or ghec %} Security features include {% data variables.product.prodname_GH_advanced_security %} features, such as {% data variables.product.prodname_code_scanning %} and {% data variables.product.prodname_secret_scanning %}, as well as {% data variables.product.prodname_dependabot_alerts %}.{% endif %} For more information about {% data variables.product.prodname_GH_advanced_security %} features, see "[About {% data variables.product.prodname_GH_advanced_security %}](/get-started/learning-about-github/about-github-advanced-security)."{% ifversion fpt or ghes > 3.1 or ghec %} For more information about {% data variables.product.prodname_dependabot_alerts %}, see "[About {% data variables.product.prodname_dependabot_alerts %}](/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-alerts-for-vulnerable-dependencies#dependabot-alerts-for-vulnerable-dependencies)."{% endif %} Para obter mais informações sobre como proteger seu código nos níveis do repositório e da organização, consulte "[Protegendo seu repositório](/code-security/getting-started/securing-your-repository)" e "[Protegendo sua organização](/code-security/getting-started/securing-your-organization)". @@ -50,13 +50,13 @@ Para cada repositório na visão de segurança, você verá ícones para cada ti ![Ícones na visão geral de segurança](/assets/images/help/organizations/security-overview-icons.png) -| Ícone | Significado | -| ------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| {% octicon "code-square" aria-label="Code scanning alerts" %} | Alertas de {% data variables.product.prodname_code_scanning_capc %}. Para obter mais informações, consulte "[Sobre {% data variables.product.prodname_code_scanning %}](/code-security/secure-coding/about-code-scanning) | -| {% octicon "key" aria-label="Secret scanning alerts" %} | Alertas de {% data variables.product.prodname_secret_scanning_caps %}. Para obter mais informações, consulte "[Sobre {% data variables.product.prodname_secret_scanning %}](/code-security/secret-security/about-secret-scanning) | -| {% octicon "hubot" aria-label="Dependabot alerts" %} | {% data variables.product.prodname_dependabot_alerts %}. Para obter mais informações, consulte "[Sobre alertas para dependências vulneráveis](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)" | -| {% octicon "check" aria-label="Check" %} | O recurso de segurança está habilitado, mas não envia alertas neste repositório. | -| {% octicon "x" aria-label="x" %} | O recurso de segurança não é compatível com este repositório. | +| Ícone | Significado | +| ------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| {% octicon "code-square" aria-label="Code scanning alerts" %} | Alertas de {% data variables.product.prodname_code_scanning_capc %}. Para obter mais informações, consulte "[Sobre {% data variables.product.prodname_code_scanning %}](/code-security/secure-coding/about-code-scanning) | +| {% octicon "key" aria-label="Secret scanning alerts" %} | Alertas de {% data variables.product.prodname_secret_scanning_caps %}. Para obter mais informações, consulte "[Sobre {% data variables.product.prodname_secret_scanning %}](/code-security/secret-security/about-secret-scanning) | +| {% octicon "hubot" aria-label="Dependabot alerts" %} | {% data variables.product.prodname_dependabot_alerts %}. For more information, see "[About {% data variables.product.prodname_dependabot_alerts %}](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)." | +| {% octicon "check" aria-label="Check" %} | O recurso de segurança está habilitado, mas não envia alertas neste repositório. | +| {% octicon "x" aria-label="x" %} | O recurso de segurança não é compatível com este repositório. | A visão geral de segurança exibe alertas ativos criados por funcionalidades de segurança. Se não houver alertas na visão geral de segurança de um repositório, as vulnerabilidades de segurança não detectadas ou erros de código ainda poderão existir. diff --git a/translations/pt-BR/content/code-security/supply-chain-security/index.md b/translations/pt-BR/content/code-security/supply-chain-security/index.md index 751448abcd..613365f18f 100644 --- a/translations/pt-BR/content/code-security/supply-chain-security/index.md +++ b/translations/pt-BR/content/code-security/supply-chain-security/index.md @@ -16,8 +16,6 @@ topics: - Repositories children: - /understanding-your-software-supply-chain - - /keeping-your-dependencies-updated-automatically - - /managing-vulnerabilities-in-your-projects-dependencies - /end-to-end-supply-chain --- diff --git a/translations/pt-BR/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/about-dependabot-version-updates.md b/translations/pt-BR/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/about-dependabot-version-updates.md deleted file mode 100644 index a48c403418..0000000000 --- a/translations/pt-BR/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/about-dependabot-version-updates.md +++ /dev/null @@ -1,68 +0,0 @@ ---- -title: Sobre as atualizações da versão do Dependabot -intro: 'Você pode usar o {% data variables.product.prodname_dependabot %} para manter os pacotes que usa atualizados para as versões mais recentes.' -redirect_from: - - /github/administering-a-repository/about-dependabot - - /github/administering-a-repository/about-github-dependabot - - /github/administering-a-repository/about-github-dependabot-version-updates - - /github/administering-a-repository/about-dependabot-version-updates - - /code-security/supply-chain-security/about-dependabot-version-updates - - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/upgrading-from-dependabotcom-to-github-native-dependabot -versions: - fpt: '*' - ghec: '*' - ghes: '> 3.2' -type: overview -topics: - - Dependabot - - Version updates - - Repositories - - Dependencies - - Pull requests -shortTitle: Atualizações de versão do Dependabot ---- - -{% data reusables.dependabot.beta-security-and-version-updates %} -{% data reusables.dependabot.enterprise-enable-dependabot %} - -## Sobre o {% data variables.product.prodname_dependabot_version_updates %} - -O {% data variables.product.prodname_dependabot %} facilita a manutenção de suas dependências. Você pode usá-lo para garantir que seu repositório se mantenha atualizado automaticamente com as versões mais recentes dos pacotes e aplicações do qual ele depende. - -Você habilita o {% data variables.product.prodname_dependabot_version_updates %} verificando um arquivo de configuração no seu repositório. O arquivo de configuração especifica a localização do manifesto ou de outros arquivos de definição de pacote, armazenados no seu repositório. O {% data variables.product.prodname_dependabot %} usa essas informações para verificar pacotes e aplicativos desatualizados. {% data variables.product.prodname_dependabot %} determina se há uma nova versão de uma dependência observando a versão semântica ([semver](https://semver.org/)) da dependência para decidir se deve atualizar para essa versão. Para certos gerentes de pacote, {% data variables.product.prodname_dependabot_version_updates %} também é compatível com armazenamento. Dependências de vendor (ou armazenadas) são dependências registradas em um diretório específico em um repositório, em vez de referenciadas em um manifesto. Dependências de vendor estão disponíveis no tempo de criação, ainda que os servidores de pacote estejam indisponíveis. {% data variables.product.prodname_dependabot_version_updates %} pode ser configurado para verificar as dependências de vendor para novas versões e atualizá-las, se necessário. - -Quando {% data variables.product.prodname_dependabot %} identifica uma dependência desatualizada, ele cria uma pull request para atualizar o manifesto para a última versão da dependência. Para dependências de vendor, {% data variables.product.prodname_dependabot %} levanta um pull request para substituir diretamente a dependência desatualizada pela nova versão. Você verifica se os seus testes passam, revisa o changelog e lança observações incluídas no resumo do pull request e, em seguida, faz a mesclagem. Para obter mais informações, consulte "[Habilitando e desabilitando as atualizações da versão de {% data variables.product.prodname_dependabot %}](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-dependabot-version-updates)". - -Se você habilitar _Atualizações de segurança_, {% data variables.product.prodname_dependabot %} também eleva pull requests para atualizar dependências vulneráveis. Para obter mais informações, consulte "[Sobre {% data variables.product.prodname_dependabot_security_updates %}](/github/managing-security-vulnerabilities/about-dependabot-security-updates)." - -{% data reusables.dependabot.pull-request-security-vs-version-updates %} - -{% data reusables.dependabot.dependabot-tos %} - -## Frequência de {% data variables.product.prodname_dependabot %} pull requests - -Você especifica com que frequência verifica cada ecossistema para novas versões no arquivo de configuração: diariamente, semanalmente ou mensalmente. - -{% data reusables.dependabot.initial-updates %} - -Se tiver habilitado atualizações de segurança, às vezes você verá atualizações de segurança extras de pull requests. Elas são acionadas por um alerta de {% data variables.product.prodname_dependabot %} para uma dependência de seu branch padrão. {% data variables.product.prodname_dependabot %} gera automaticamente um pull request para atualizar a dependência vulnerável. - -## Repositórios e ecossistemas suportados - - -É possível configurar atualizações de versão para repositórios que contenham um manifesto de dependência ou arquivo de bloqueio para um dos gerentes de pacotes suportados. Para alguns gerenciadores de pacotes, você também pode configurar o armazenamento para dependências. Para obter mais informações, consulte "[Opções de configuração para atualizações de dependências](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/configuration-options-for-dependency-updates#vendor)". -{% note %} - -{% data reusables.dependabot.private-dependencies-note %} - -{% data variables.product.prodname_dependabot %} não é compatível com as dependências privadas de {% data variables.product.prodname_dotcom %} para todos os gerenciadores de pacote. Veja os detalhes na tabela abaixo. - -{% endnote %} - -{% data reusables.dependabot.supported-package-managers %} - -Se o seu repositório já usa uma integração para gerenciamento de dependências, você precisará desativar isso antes de habilitar o {% data variables.product.prodname_dependabot %}. {% ifversion fpt or ghec %}Para obter mais informações, consulte "[Sobre integrações](/github/customizing-your-github-workflow/about-integrations)."{% endif %} - -## Sobre notificações para atualizações de versão para {% data variables.product.prodname_dependabot %} - -Você pode filtrar suas notificações em {% data variables.product.company_short %} para mostrar as notificações para pull requests criados por {% data variables.product.prodname_dependabot %}. Para obter mais informações, consulte "[Gerenciando notificações de sua caixa de entrada](/github/managing-subscriptions-and-notifications-on-github/managing-notifications-from-your-inbox)". diff --git a/translations/pt-BR/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/index.md b/translations/pt-BR/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/index.md deleted file mode 100644 index 255783e4f8..0000000000 --- a/translations/pt-BR/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/index.md +++ /dev/null @@ -1,29 +0,0 @@ ---- -title: Manter suas dependências atualizadas automaticamente -intro: 'O {% data variables.product.prodname_dependabot %} pode manter as dependências do seu repositório automaticamente.' -redirect_from: - - /github/administering-a-repository/keeping-your-dependencies-updated-automatically -versions: - fpt: '*' - ghec: '*' - ghes: '>3.2' -topics: - - Repositories - - Dependabot - - Version updates - - Dependencies - - Pull requests -children: - - /about-dependabot-version-updates - - /enabling-and-disabling-dependabot-version-updates - - /listing-dependencies-configured-for-version-updates - - /managing-pull-requests-for-dependency-updates - - /automating-dependabot-with-github-actions - - /managing-encrypted-secrets-for-dependabot - - /customizing-dependency-updates - - /configuration-options-for-dependency-updates - - /keeping-your-actions-up-to-date-with-dependabot -shortTitle: Atualização automática de dependências ---- - -{% data reusables.dependabot.beta-security-and-version-updates %} diff --git a/translations/pt-BR/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-managing-vulnerable-dependencies.md b/translations/pt-BR/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-managing-vulnerable-dependencies.md deleted file mode 100644 index d147a4cd56..0000000000 --- a/translations/pt-BR/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-managing-vulnerable-dependencies.md +++ /dev/null @@ -1,46 +0,0 @@ ---- -title: Sobre a gestão de dependências vulneráveis -intro: '{% data variables.product.product_name %} ajuda você a evitar o uso de software de terceiros que contém vulnerabilidades conhecidas.' -redirect_from: - - /github/managing-security-vulnerabilities/about-managing-vulnerable-dependencies - - /code-security/supply-chain-security/about-managing-vulnerable-dependencies -versions: - fpt: '*' - ghes: '>=3.2' - ghae: issue-4864 - ghec: '*' -type: overview -topics: - - Dependabot - - Dependency graph - - Dependency review - - Vulnerabilities - - Repositories - - Dependencies - - Pull requests -shortTitle: Dependências vulneráveis ---- - - - -{% data variables.product.product_name %} fornece as ferramentas a seguir para remover e evitar dependências vulneráveis. - -## Gráfico de dependências -O gráfico de dependências é um resumo do manifesto e bloqueia arquivos armazenados em um repositório. Ele mostra os ecossistemas e pacotes dos quais a sua base de código depende (suas dependências) e os repositórios e pacotes que dependem do seu projeto (suas dependências). As informações no gráfico de dependências são usadas pela revisão das dependências e {% data variables.product.prodname_dependabot %}. Para obter mais informações, consulte "[Sobre o gráfico de dependência](/github/visualizing-repository-data-with-graphs/about-the-dependency-graph)". - -## Revisão de dependência - -{% data reusables.dependency-review.beta %} - -Ao verificar as revisões de dependências nos pull requests, você pode evitar a introdução de vulnerabilidades de dependências na sua base de código. Se os pull requests adicionarem uma dependência vulnerável, ou alterarem a dependência a uma versão vulnerável, isso será destacado na revisão de dependências. Você pode alterar a dependência para uma versão alterada antes de realizar o merge do pull request. Para obter mais informações, consulte "[Sobre a revisão de dependências](/code-security/supply-chain-security/about-dependency-review)". - -## {% data variables.product.prodname_dependabot_alerts %} -{% data variables.product.product_name %} pode criar {% data variables.product.prodname_dependabot_alerts %} quando detectar dependências vulneráveis no seu repositório. O alerta é exibido na aba Segurança do repositório. O alerta inclui um link para o arquivo afetado no projeto, e informações sobre uma versão corrigida. {% data variables.product.product_name %} também notifica os mantenedores do repositório, de acordo com as suas preferências de notificação. Para obter mais informações, consulte "[Sobre alertas para dependências vulneráveis](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)" - -{% ifversion fpt or ghec or ghes > 3.2 %} -## {% data variables.product.prodname_dependabot_security_updates %} -Quando {% data variables.product.product_name %} gera um alerta de {% data variables.product.prodname_dependabot %} para uma dependência vulnerável no seu repositório, {% data variables.product.prodname_dependabot %} pode tentar corrigir automaticamente para você. {% data variables.product.prodname_dependabot_security_updates %} são pull requests gerados automaticamente que atualizam uma dependência vulnerável para uma versão fixa. Para obter mais informações, consulte "[Sobre {% data variables.product.prodname_dependabot_security_updates %}](/github/managing-security-vulnerabilities/about-dependabot-security-updates)." - -## {% data variables.product.prodname_dependabot_version_updates %} -Habilitar {% data variables.product.prodname_dependabot_version_updates %} remove o esforço de manter suas dependências. Com {% data variables.product.prodname_dependabot_version_updates %}, sempre que {% data variables.product.prodname_dotcom %} identifica uma dependência desatualizada, ele cria um pull request para atualizar o manifesto para a última versão da dependência. Em contrapartida, {% data variables.product.prodname_dependabot_security_updates %} apenas cria pull requests para corrigir dependências vulneráveis. Para obter mais informações, consulte "[Sobre atualizações da versão do Dependabot](/github/administering-a-repository/about-dependabot-version-updates)". -{% endif %} diff --git a/translations/pt-BR/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/index.md b/translations/pt-BR/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/index.md deleted file mode 100644 index 70acd4f9f5..0000000000 --- a/translations/pt-BR/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/index.md +++ /dev/null @@ -1,36 +0,0 @@ ---- -title: Gerenciar vulnerabilidades nas dependências de seu projeto -intro: 'Você pode acompanhar as dependências do seu repositório e receber {% data variables.product.prodname_dependabot_alerts %} quando {% data variables.product.product_name %} detectar dependências vulneráveis.' -redirect_from: - - /articles/updating-your-project-s-dependencies - - /articles/updating-your-projects-dependencies - - /articles/managing-security-vulnerabilities-in-your-projects-dependencies - - /articles/managing-vulnerabilities-in-your-projects-dependencies - - /github/managing-security-vulnerabilities/managing-vulnerabilities-in-your-projects-dependencies -versions: - fpt: '*' - ghes: '*' - ghae: issue-4864 - ghec: '*' -topics: - - Repositories - - Dependabot - - Version updates - - Dependencies - - Pull requests - - Vulnerabilities - - Alerts -children: - - /about-managing-vulnerable-dependencies - - /browsing-security-vulnerabilities-in-the-github-advisory-database - - /editing-security-advisories-in-the-github-advisory-database - - /about-alerts-for-vulnerable-dependencies - - /configuring-notifications-for-vulnerable-dependencies - - /about-dependabot-security-updates - - /configuring-dependabot-security-updates - - /viewing-and-updating-vulnerable-dependencies-in-your-repository - - /troubleshooting-the-detection-of-vulnerable-dependencies - - /troubleshooting-dependabot-errors -shortTitle: Corrigir dependências vulneráveis ---- - diff --git a/translations/pt-BR/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/troubleshooting-the-detection-of-vulnerable-dependencies.md b/translations/pt-BR/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/troubleshooting-the-detection-of-vulnerable-dependencies.md deleted file mode 100644 index 0a8f3f1809..0000000000 --- a/translations/pt-BR/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/troubleshooting-the-detection-of-vulnerable-dependencies.md +++ /dev/null @@ -1,124 +0,0 @@ ---- -title: Solução de problemas de detecção de dependências vulneráveis -intro: 'Se as informações sobre dependências relatadas por {% data variables.product.product_name %} não são o que você esperava, há uma série de pontos a considerar, e várias coisas que você pode verificar.' -shortTitle: Detecção de solução de problemas -redirect_from: - - /github/managing-security-vulnerabilities/troubleshooting-the-detection-of-vulnerable-dependencies - - /code-security/supply-chain-security/troubleshooting-the-detection-of-vulnerable-dependencies -versions: - fpt: '*' - ghes: '*' - ghae: issue-4864 - ghec: '*' -type: how_to -topics: - - Dependabot - - Alerts - - Troubleshooting - - Errors - - Security updates - - Dependencies - - Vulnerabilities - - Dependency graph - - Alerts - - CVEs - - Repositories ---- - -{% data reusables.dependabot.beta-security-and-version-updates %} - -Os resultados da detecção de dependências relatados pelo {% data variables.product.product_name %} podem ser diferentes dos resultados retornados por outras ferramentas. Existem boas razões para isso e é útil entender como {% data variables.product.prodname_dotcom %} determina as dependências para o seu projeto. - -## Por que algumas dependências parecem estar faltando? - -O {% data variables.product.prodname_dotcom %} gera e exibe dados de dependência de maneira diferente de outras ferramentas. Consequentemente, se você usou outra ferramenta para identificar dependências, quase certamente verá resultados diferentes. Considere o seguinte: - -* {% data variables.product.prodname_advisory_database %} é uma das fontes de dados que {% data variables.product.prodname_dotcom %} usa para identificar dependências vulneráveis. É um banco de dados gratuito e curado com informações sobre vulnerabilidade para ecossistemas de pacote comum em {% data variables.product.prodname_dotcom %}. Inclui tanto dados relatados diretamente para {% data variables.product.prodname_dotcom %} de {% data variables.product.prodname_security_advisories %} quanto os feeds oficiais e as fontes comunitárias. Estes dados são revisados e curados por {% data variables.product.prodname_dotcom %} para garantir que informações falsas ou não acionáveis não sejam compartilhadas com a comunidade de desenvolvimento. {% data reusables.security-advisory.link-browsing-advisory-db %} -* O gráfico de dependências analisa todos os arquivos conhecidos de manifesto de pacote no repositório de um usuário. Por exemplo, para o npm, ele irá analisar o arquivo _package-lock.json_. Ele constrói um gráfico de todas as dependências do repositório e dependências públicas. Isso acontece quando você habilita o gráfico de dependências e quando alguém faz push para o branch-padrão, e inclui commits que fazem alterações em um formato de manifesto compatível. Para obter mais informações, consulte "[Sobre o gráfico de dependência](/github/visualizing-repository-data-with-graphs/about-the-dependency-graph)". -* {% data variables.product.prodname_dependabot %} verifica qualquer push, para o branch-padrão, que contém um arquivo de manifesto. Quando um novo registro de vulnerabilidade é adicionado, ele verifica todos os repositórios existentes e gera um alerta para cada repositório vulnerável. {% data variables.product.prodname_dependabot_alerts %} são agregados ao nível do repositório, em vez de criar um alerta por vulnerabilidade. Para obter mais informações, consulte "[Sobre alertas para dependências vulneráveis](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)" -* {% ifversion fpt or ghec or ghes > 3.2 %}{% data variables.product.prodname_dependabot_security_updates %} são acionados quando você recebe um alerta sobre uma dependência vulnerável no repositório. Sempre que possível, {% data variables.product.prodname_dependabot %} cria um pull request no repositório para atualizar a dependência vulnerável à versão mínima segura necessária para evitar a vulnerabilidade. Para obter mais informações, consulte "[Sobre {% data variables.product.prodname_dependabot_security_updates %}](/github/managing-security-vulnerabilities/about-dependabot-security-updates)" e "[Solução de problemas de {% data variables.product.prodname_dependabot %}](/github/managing-security-vulnerabilities/troubleshooting-dependabot-errors)". - - {% endif %}{% data variables.product.prodname_dependabot %} não pesquisa repositórios com relação a dependências vulneráveis de uma programação, mas o faz quando algo muda. Por exemplo, aciona-se uma varredura quando uma nova dependência é adicionada ({% data variables.product.prodname_dotcom %} verifica isso em cada push), ou quando uma nova vulnerabilidade é adicionada ao banco de dados da consultoria{% ifversion ghes or ghae-issue-4864 %} e sincronizado com {% data variables.product.product_location %}{% endif %}. Para obter mais informações, consulte "[Sobre alertas para dependências vulneráveis](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies#detection-of-vulnerable-dependencies)" - -## Por que não recebo alertas de vulnerabilidade em alguns ecossistemas? - -O {% data variables.product.prodname_dotcom %} limita seu suporte a alertas de vulnerabilidade a um conjunto de ecossistemas onde podemos fornecer dados de alta qualidade e relevantes. As vulnerabilidades curadas no {% data variables.product.prodname_advisory_database %}, o gráfico de dependências, {% ifversion fpt or ghec %}{% data variables.product.prodname_dependabot %} atualizações de segurança, {% endif %}e {% data variables.product.prodname_dependabot_alerts %} são fornecidos para vários ecossistemas, incluindo o Maven do Javaen, o npm do JavaScript e o Yarn, Nuget do .NET's, Pip Python, RubyGems e PHP Composer. Nós continuaremos a adicionar suporte para mais ecossistemas ao longo do tempo. Para uma visão geral dos ecossistemas de pacotes suportados por nós, consulte "[Sobre o gráfico de dependências](/github/visualizing-repository-data-with-graphs/about-the-dependency-graph#supported-package-ecosystems)". - -Vale a pena observar que as consultorias de segurança de {% data variables.product.prodname_dotcom %} podem existir para outros ecossistemas. As informações em uma consultoria de segurança são fornecidas pelos mantenedores de um determinado repositório. Estes dados não são curados da mesma forma que as informações relativas aos ecossistemas suportados. {% ifversion fpt or ghec %}Para obter mais informações, consulte "[Sobre consultorias de segurança de {% data variables.product.prodname_dotcom %}](/github/managing-security-vulnerabilities/about-github-security-advisories){% endif %} - -**Verificar**: A vulnerabilidade não capturada se aplica a um ecossistema não suportado? - -## O gráfico de dependências só encontra dependências nos manifestos e nos arquivos de bloquei? - -O gráfico de dependências inclui informações sobre dependências explicitamente declaradas em seu ambiente. Ou seja, dependências que são especificadas em um manifesto ou um arquivo de bloqueio. O gráfico de dependências, geralmente, também inclui dependências transitivas, mesmo quando não são especificadas em um arquivo de travamento analisando as dependências das dependências em um arquivo de manifesto. - -Os {% data variables.product.prodname_dependabot_alerts %} aconselham você com relação a dependências que você deve atualizar, incluindo dependências transitivas, em que a versão pode ser determinada a partir de um manifesto ou de um arquivo de bloqueio. {% ifversion fpt or ghec or ghes > 3.2 %}{% data variables.product.prodname_dependabot_security_updates %} sugere apenas uma mudança em que {% data variables.product.prodname_dependabot %} pode "corrigir" diretamente a dependência, ou seja, quando são: -* Dependências diretas, que são definidas explicitamente em um manifesto ou arquivo de bloqueio -* Dependências transitórias declaradas em um arquivo de bloqueio{% endif %} - -O gráfico de dependências não inclui dependências de "soltas". Dependências "soltas" são arquivos individuais copiados de outra fonte e verificados no repositório diretamente ou dentro de um arquivo (como um arquivo ZIP ou JAR), em vez de ser referenciadas pelo manifesto ou arquivo de bloqueio do gerenciador de pacotes. - -**Verifique**: A vulnerabilidade não detectada para um componente não especificado no manifesto ou no arquivo de bloqueio do repositório? - -## O gráfico de dependências detecta dependências especificadas usando variáveis? - -O gráfico de dependências analisa como são carregados para {% data variables.product.prodname_dotcom %}. O gráfico de dependência não tem acesso ao ambiente de construção do projeto. Portanto, ele não pode resolver variáveis usadas dentro dos manifestos. Se você usar variáveis dentro de um manifesto para especificar o nome, ou mais comumente, a versão de uma dependência, essa dependência não será incluída no gráfico de dependências. - -**Verifique**: A dependência ausente é declarada no manifesto usando uma variável para seu nome ou versão? - -## Existem limites que afetam os dados do gráfico de dependências? - -Sim, o gráfico de dependências tem duas categorias de limites: - -1. **Limites de processamento** - - Eles afetam o gráfico de dependências exibido dentro de {% data variables.product.prodname_dotcom %} e também impedem que sejam criados {% data variables.product.prodname_dependabot_alerts %}. - - Manifestos com tamanho superior a 0.5 MB são processados apenas para contas corporativas. Para outras contas, manifestos acima de 0,5 MB são ignorados e não criarão {% data variables.product.prodname_dependabot_alerts %}. - - Por padrão, o {% data variables.product.prodname_dotcom %} não processará mais de 20 manifestos por repositório. {% data variables.product.prodname_dependabot_alerts %} não foi criado para manifestos acima deste limite. Se você precisar aumentar o limite, entre em contato com {% data variables.contact.contact_support %}. - -2. **Limites de visualização** - - Eles afetam o que é exibido no gráfico de dependências dentro de {% data variables.product.prodname_dotcom %}. No entanto, eles não afetam {% data variables.product.prodname_dependabot_alerts %} que foram criados. - - A exibição de dependências do gráfico de dependências em um repositório só exibe 100 manifestos. De modo geral, isso é adequado, já que é significativamente maior do que o limite de processamento descrito acima. Em situações em que o limite de processamento é superior a 100, os {% data variables.product.prodname_dependabot_alerts %} são criados para quaisquer manifestos que não são mostrados dentro de {% data variables.product.prodname_dotcom %}. - -**Verifique**: A dependência que falta está em um arquivo de manifesto superior a 0,5 MB ou em um repositório com um grande número de manifestos? - -## O {% data variables.product.prodname_dependabot %} gera alertas de vulnerabilidades que são conhecidas há muitos anos? - -O {% data variables.product.prodname_advisory_database %} foi lançado em novembro de 2019 e preencheu, inicialmente, a inclusão de informações de vulnerabilidade para os ecossistemas compatíveis a partir de 2017. Ao adicionar CVEs ao banco de dados, priorizamos a curadoria de CVEs mais recentes e CVEs que afetam versões mais recentes do software. - -Algumas informações sobre vulnerabilidades mais antigas estão disponíveis, especialmente quando estes CVEs estão particularmente disseminados. No entanto algumas vulnerabilidades antigas não estão incluídas no {% data variables.product.prodname_advisory_database %}. Se houver uma vulnerabilidade antiga específica que você precisar incluir no banco de dados, entre em contato com {% data variables.contact.contact_support %}. - -**Verifique**: A vulnerabilidade não detectada tem uma data de publicação anterior a 2017 no Banco de Dados Nacional de Vulnerabilidade? - -## Por que o {% data variables.product.prodname_advisory_database %} usa um subconjunto de dados de vulnerabilidade publicada? - -Algumas ferramentas de terceiros usam dados de CVE não descurados que não são verificados ou filtrados por um ser humano. Isto significa que os CVEs com erros de etiqueta ou de gravidade, ou outros problemas de qualidade, gerarão alertas mais frequentes, mais ruidosos e menos úteis. - -Uma vez que {% data variables.product.prodname_dependabot %} usa dados curados em {% data variables.product.prodname_advisory_database %}, o volume de alertas pode ser menor, mas os alertas que você recebe serão precisos e relevantes. - -{% ifversion fpt or ghec %} -## Cada vulnerabilidade de dependência gera um alerta separado? - -Quando uma dependência tem várias vulnerabilidades, gera-se um alerta para cada vulnerabilidade no nível da consultoria mais manifesto. - -![Captura de tela da aba de {% data variables.product.prodname_dependabot_alerts %} que mostra dois alertas do mesmo pacote com manifestos diferentes.](/assets/images/help/repository/dependabot-alerts-view.png) - -O legado de {% data variables.product.prodname_dependabot_alerts %} foi agrupado em um único alerta agregado com todas as vulnerabilidades para a mesma dependência. Se você acessar um link para um alerta de legadode {% data variables.product.prodname_dependabot %}, você será redirecionado para a aba de {% data variables.product.prodname_dependabot_alerts %} filtrada para exibir vulnerabilidades para esse pacote e manifesto dependente. - -![Captura de tela da aba {% data variables.product.prodname_dependabot_alerts %} que mostra os alertas filtrados da navegação até um alerta de legado de {% data variables.product.prodname_dependabot %}.](/assets/images/help/repository/legacy-dependabot-alerts-view.png) - -A contagem de {% data variables.product.prodname_dependabot_alerts %} em {% data variables.product.prodname_dotcom %} mostra um total para o número de alertas, que é o número de vulnerabilidades, não o número de dependências. - -**Verifique**: Se houver discrepância no total que você está vendo, verifique se você não está comparando números de alerta com números de dependência. Também verifique se você está visualizando todos os alertas e não um subconjunto de alertas filtrados. -{% endif %} - -## Leia mais - -- "[Sobre alertas para dependências vulneráveis](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)" -- "[Visualizar e atualizar dependências vulneráveis no seu repositório](/github/managing-security-vulnerabilities/viewing-and-updating-vulnerable-dependencies-in-your-repository)" -- "[Gerenciar as configurações de segurança e análise do repositório](/github/administering-a-repository/managing-security-and-analysis-settings-for-your-repository)"{% ifversion fpt or ghec or ghes > 3.2 %} -- "[Solucionar problemas de {% data variables.product.prodname_dependabot %}](/github/managing-security-vulnerabilities/troubleshooting-dependabot-errors)"{% endif %} diff --git a/translations/pt-BR/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review.md b/translations/pt-BR/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review.md index c551d7a07f..302942fcde 100644 --- a/translations/pt-BR/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review.md +++ b/translations/pt-BR/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review.md @@ -41,7 +41,7 @@ A revisão de dependências está disponível quando o gráfico de dependências Ao verificar as revisões de dependências em um pull request e alterar todas as dependências sinalizadas como vulneráveis, você pode evitar que vulnerabilidades sejam adicionadas ao seu projeto. Para obter mais informações sobre como funciona a revisão de dependências, consulte "[Revisar as alterações de dependência em um pull request](/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/reviewing-dependency-changes-in-a-pull-request)". -{% data variables.product.prodname_dependabot_alerts %} encontrará vulnerabilidades que já estão nas suas dependências, mas é muito melhor evitar a introdução de possíveis problemas do que corrigir problemas em uma data posterior. Para obter mais informações sobre {% data variables.product.prodname_dependabot_alerts %}, consulte "[Sobre alertas para dependências vulneráveis](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies#dependabot-alerts-for-vulnerable-dependencies)". +{% data variables.product.prodname_dependabot_alerts %} encontrará vulnerabilidades que já estão nas suas dependências, mas é muito melhor evitar a introdução de possíveis problemas do que corrigir problemas em uma data posterior. Para obter mais informações sobre {% data variables.product.prodname_dependabot_alerts %}, consulte "[Sobre {% data variables.product.prodname_dependabot_alerts %}](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies#dependabot-alerts-for-vulnerable-dependencies)." A revisão de dependências é compatível com as mesmas linguagens e os mesmos ecossistemas de gestão de pacotes do gráfico de dependência. Para obter mais informações, consulte "[Sobre o gráfico de dependência](/github/visualizing-repository-data-with-graphs/about-the-dependency-graph#supported-package-ecosystems)". diff --git a/translations/pt-BR/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-supply-chain-security.md b/translations/pt-BR/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-supply-chain-security.md new file mode 100644 index 0000000000..330130e1ac --- /dev/null +++ b/translations/pt-BR/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-supply-chain-security.md @@ -0,0 +1,154 @@ +--- +title: Sobre a segurança da cadeia de suprimento +intro: '{% data variables.product.product_name %} helps you secure your supply chain, from understanding the dependencies in your environment, to knowing about vulnerabilities in those dependencies{% ifversion fpt or ghec or ghes > 3.2 %}, and patching them{% endif %}.' +miniTocMaxHeadingLevel: 3 +shortTitle: Segurança da cadeia de suprimento +redirect_from: + - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies +versions: + fpt: '*' + ghes: '*' + ghae: issue-4864 + ghec: '*' +type: overview +topics: + - Advanced Security + - Dependency review + - Dependency graph + - Vulnerabilities + - Dependencies + - Pull requests + - Repositories +--- + +## About supply chain security at GitHub + +With the accelerated use of open source, most projects depend on hundreds of open-source dependencies. This poses a security problem: what if the dependencies you're using are vulnerable? You could be putting your users at risk of a supply chain attack. One of the most important things you can do to protect your supply chain is to patch your vulnerabilities. + +You add dependencies directly to your supply chain when you specify them in a manifest file or a lockfile. Dependencies can also be included transitively, that is, even if you don’t specify a particular dependency, but a dependency of yours uses it, then you’re also dependent on that dependency. + +{% data variables.product.product_name %} offers a range of features to help you understand the dependencies in your environment{% ifversion ghes < 3.3 or ghae %} and know about vulnerabilities in those dependencies{% endif %}{% ifversion fpt or ghec or ghes > 3.2 %}, know about vulnerabilities in those dependencies, and patch them{% endif %}. + +The supply chain features on {% data variables.product.product_name %} are: +- **Gráfico de dependências** +{% ifversion fpt or ghec or ghes > 3.1 or ghae %}- **Dependency review**{% endif %} +- **{% data variables.product.prodname_dependabot_alerts %} ** +{% ifversion fpt or ghec or ghes > 3.2 %}- **{% data variables.product.prodname_dependabot_updates %}** + - **{% data variables.product.prodname_dependabot_security_updates %}** + - **{% data variables.product.prodname_dependabot_version_updates %}**{% endif %} + +The dependency graph is central to supply chain security. The dependency graph identifies all upstream dependencies and public downstream dependents of a repository or package. You can see your repository’s dependencies and some of their properties, like vulnerability information, on the dependency graph for the repository. + +{% ifversion fpt or ghec or ghes > 3.1 or ghae %} +Other supply chain features on {% data variables.product.prodname_dotcom %} rely on the information provided by the dependency graph. + +- Dependency review uses the dependency graph to identify dependency changes and help you understand the security impact of these changes when you review pull requests. +- {% data variables.product.prodname_dependabot %} cross-references dependency data provided by the dependency graph with the list of known vulnerabilities published in the {% data variables.product.prodname_advisory_database %}, scans your dependecies and generates {% data variables.product.prodname_dependabot_alerts %} when a potential vulnerability is detected. +{% ifversion fpt or ghec or ghes > 3.2 %}- {% data variables.product.prodname_dependabot_security_updates %} use the dependency graph and {% data variables.product.prodname_dependabot_alerts %} to help you update dependencies with known vulnerabilities in your repository. + +{% data variables.product.prodname_dependabot_version_updates %} don't use the dependency graph and rely on the semantic versioning of dependencies instead. {% data variables.product.prodname_dependabot_version_updates %} help you keep your dependencies updated, even when they don’t have any vulnerabilities. +{% endif %} +{% endif %} + +{% ifversion ghes < 3.2 %} +{% data variables.product.prodname_dependabot %} cross-references dependency data provided by the dependency graph with the list of known vulnerabilities published in the {% data variables.product.prodname_advisory_database %}, scans your dependencies and generates {% data variables.product.prodname_dependabot_alerts %} when a potential vulnerability is detected. + {% endif %} + +## Feature overview + +### What is the dependency graph + +To generate the dependency graph, {% data variables.product.company_short %} looks at a repository’s explicit dependencies declared in the manifest and lockfiles. When enabled, the dependency graph automatically parses all known package manifest files in the repository, and uses this to construct a graph with known dependency names and versions. + +- The dependency graph includes information on your _direct_ dependencies and _transitive_ dependencies. +- The dependency graph is automatically updated when you push a commit to {% data variables.product.company_short %} that changes or adds a supported manifest or lock file to the default branch, and when anyone pushes a change to the repository of one of your dependencies. +- You can see the dependency graph by opening the repository's main page on {% data variables.product.product_name %}, and navigating to the **Insights** tab. + +For more information about the dependency graph, see "[About the dependency graph](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph)." + +{% ifversion fpt or ghec or ghes > 3.1 or ghae %} +### What is dependency review + +Dependency review helps reviewers and contributors understand dependency changes and their security impact in every pull request. + +- Dependency review tells you which dependencies were added, removed, or updated, in a pull request. You can use the release dates, popularity of dependencies, and vulnerability information to help you decide whether to accept the change. +- You can see the dependency review for a pull request by showing the rich diff on the **Files Changed** tab. + +For more information about dependency review, see "[About dependency review](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review)." + +{% endif %} + +### What is Dependabot + +{% data variables.product.prodname_dependabot %} keeps your dependencies up to date by informing you of any security vulnerabilities in your dependencies{% ifversion fpt or ghec or ghes > 3.2 or ghae %}, and automatically opens pull requests to upgrade your dependencies to the next available secure version when a {% data variables.product.prodname_dependabot %} alert is triggered, or to the latest version when a release is published{% else %} so that you can update that dependency{% endif %}. + +{% ifversion fpt or ghec or ghes > 3.2 %} +The term "{% data variables.product.prodname_dependabot %}" encompasses the following features: +- {% data variables.product.prodname_dependabot_alerts %}—Displayed notification on the **Security** tab for the repository, and in the repository's dependency graph. O alerta inclui um link para o arquivo afetado no projeto, e informações sobre uma versão corrigida. +- {% data variables.product.prodname_dependabot_updates %}: + - {% data variables.product.prodname_dependabot_security_updates %}—Triggered updates to upgrade your dependencies to a secure version when an alert is triggered. + - {% data variables.product.prodname_dependabot_version_updates %}—Scheduled updates to keep your dependencies up to date with the latest version. +{% endif %} + +#### What are Dependabot alerts + +{% data variables.product.prodname_dependabot_alerts %} highlight repositories affected by a newly discovered vulnerability based on the dependency graph and the {% data variables.product.prodname_advisory_database %}, which contains the versions on known vulnerability lists. + +- {% data variables.product.prodname_dependabot %} faz a digitalização para detectar dependências vulneráveis e envia {% data variables.product.prodname_dependabot_alerts %} quando: +{% ifversion fpt or ghec %} + - A new vulnerability is added to the {% data variables.product.prodname_advisory_database %}.{% else %} + - São sincronizados novos dados de consultoria com {% data variables.product.product_location %} a cada hora a partir de {% data variables.product.prodname_dotcom_the_website %}. {% data reusables.security-advisory.link-browsing-advisory-db %}{% endif %} + - The dependency graph for the repository changes. +- {% data variables.product.prodname_dependabot_alerts %} are displayed {% ifversion fpt or ghec or ghes > 3.0 %} on the **Security** tab for the repository and{% endif %} in the repository's dependency graph. O alerta inclui {% ifversion fpt or ghec or ghes > 3.0 %} um link para o arquivo afetado no projeto, e {% endif %}informações sobre uma versão fixa. + +For more information about {% data variables.product.prodname_dependabot_alerts %}, see "[About alerts for vulnerable dependencies](/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-alerts-for-vulnerable-dependencies)." + +{% ifversion fpt or ghec or ghes > 3.2 %} +#### What are Dependabot updates + +There are two types of {% data variables.product.prodname_dependabot_updates %}: {% data variables.product.prodname_dependabot %} _security_ updates and _version_ updates. {% data variables.product.prodname_dependabot %} generates automatic pull requests to update your dependencies in both cases, but there are several differences. + +{% data variables.product.prodname_dependabot_security_updates %}: + - Triggered by a {% data variables.product.prodname_dependabot %} alert + - Update dependencies to the minimum version that resolves a known vulnerability + - Supported for ecosystems the dependency graph supports + +{% data variables.product.prodname_dependabot_version_updates %}: + - Run on a schedule you configure + - Update dependencies to the latest version that matches the configuration + - Supported for a different group of ecosystems + +For more information about {% data variables.product.prodname_dependabot_updates %}, see "[About {% data variables.product.prodname_dependabot_security_updates %}](/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-dependabot-security-updates)" and "[About {% data variables.product.prodname_dependabot_version_updates %}](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/about-dependabot-version-updates)." +{% endif %} + +## Feature availability + +{% ifversion fpt or ghec %} + +Public repositories: +- **Dependency graph**—enabled by default and cannot be disabled. +- **Dependency review**—enabled by default and cannot be disabled. +- **{% data variables.product.prodname_dependabot_alerts %}**—not enabled by default. {% data variables.product.prodname_dotcom %} detects vulnerable dependencies and displays information in the dependency graph, but does not generate {% data variables.product.prodname_dependabot_alerts %} by default. Repository owners or people with admin access can enable {% data variables.product.prodname_dependabot_alerts %}. You can also enable or disable Dependabot alerts for all repositories owned by your user account or organization. For more information, see "[Managing security and analysis settings for your user account](/account-and-profile/setting-up-and-managing-your-github-user-account/managing-user-account-settings/managing-security-and-analysis-settings-for-your-user-account)" or "[Managing security and analysis settings for your organization](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization)." + +Private repositories: +- **Dependency graph**—not enabled by default. The feature can be enabled by repository administrators. Para obter mais informações, consulte "[Explorar as dependências de um repositório](/code-security/supply-chain-security/understanding-your-software-supply-chain/exploring-the-dependencies-of-a-repository#enabling-and-disabling-the-dependency-graph-for-a-private-repository)". +{% ifversion fpt %} +- **Dependency review**—available in private repositories owned by organizations that use {% data variables.product.prodname_ghe_cloud %} and have a license for {% data variables.product.prodname_GH_advanced_security %}. Para obter mais informações, consulte a [documentação de {% data variables.product.prodname_ghe_cloud %}](/enterprise-cloud@latest/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review). +{% elsif ghec %} +- **Dependency review**—available in private repositories owned by organizations provided you have a license for {% data variables.product.prodname_GH_advanced_security %} and the dependency graph enabled. For more information, see "[About {% data variables.product.prodname_GH_advanced_security %}](/get-started/learning-about-github/about-github-advanced-security)" and "[Exploring the dependencies of a repository](/code-security/supply-chain-security/understanding-your-software-supply-chain/exploring-the-dependencies-of-a-repository#enabling-and-disabling-the-dependency-graph-for-a-private-repository)." +{% endif %} +- **{% data variables.product.prodname_dependabot_alerts %}**—not enabled by default. Os proprietários de repositórios privados ou pessoas com acesso de administrador, podem habilitar o {% data variables.product.prodname_dependabot_alerts %} ativando o gráfico de dependências e {% data variables.product.prodname_dependabot_alerts %} para seus repositórios. You can also enable or disable Dependabot alerts for all repositories owned by your user account or organization. For more information, see "[Managing security and analysis settings for your user account](/account-and-profile/setting-up-and-managing-your-github-user-account/managing-user-account-settings/managing-security-and-analysis-settings-for-your-user-account)" or "[Managing security and analysis settings for your organization](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization)." + +Any repository type: +- **{% data variables.product.prodname_dependabot_security_updates %}**—not enabled by default. É possível habilitar o {% data variables.product.prodname_dependabot_security_updates %} para qualquer repositório que use {% data variables.product.prodname_dependabot_alerts %} e o gráfico de dependências. Para obter mais informações, consulte "[Sobre {% data variables.product.prodname_dependabot_security_updates %}](/github/managing-security-vulnerabilities/about-dependabot-security-updates)." +- **{% data variables.product.prodname_dependabot_version_updates %}**—not enabled by default. People with write permissions to a repository can enable {% data variables.product.prodname_dependabot_version_updates %}. Para obter mais informações sobre habilitar atualizações de segurança, consulte "[Configurar {% data variables.product.prodname_dependabot_security_updates %}](/github/managing-security-vulnerabilities/configuring-dependabot-security-updates)." +{% endif %} + +{% ifversion ghes or ghae %} +- **Dependency graph** and **{% data variables.product.prodname_dependabot_alerts %}**—not enabled by default. Both features are configured at an enterprise level by the enterprise owner. For more information, see {% ifversion ghes %}"[Enabling the dependency graph for your enterprise](/admin/code-security/managing-supply-chain-security-for-your-enterprise/enabling-the-dependency-graph-for-your-enterprise)" and {% endif %}"[Enabling {% data variables.product.prodname_dependabot %} for your enterprise](/admin/configuration/configuring-github-connect/enabling-dependabot-for-your-enterprise)." +- **Dependency review**—available when dependency graph is enabled for {% data variables.product.product_location %} and {% data variables.product.prodname_advanced_security %} is enabled for the organization or repository. For more information, see "[About {% data variables.product.prodname_GH_advanced_security %}](/get-started/learning-about-github/about-github-advanced-security)." +{% endif %} +{% ifversion ghes > 3.2 %} +- **{% data variables.product.prodname_dependabot_security_updates %}**—not enabled by default. É possível habilitar o {% data variables.product.prodname_dependabot_security_updates %} para qualquer repositório que use {% data variables.product.prodname_dependabot_alerts %} e o gráfico de dependências. Para obter mais informações, consulte "[Sobre {% data variables.product.prodname_dependabot_security_updates %}](/github/managing-security-vulnerabilities/about-dependabot-security-updates)." +- **{% data variables.product.prodname_dependabot_version_updates %}**—not enabled by default. People with write permissions to a repository can enable {% data variables.product.prodname_dependabot_version_updates %}. Para obter mais informações sobre habilitar atualizações de segurança, consulte "[Configurar {% data variables.product.prodname_dependabot_security_updates %}](/github/managing-security-vulnerabilities/configuring-dependabot-security-updates)." +{% endif %} diff --git a/translations/pt-BR/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph.md b/translations/pt-BR/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph.md index 28cf2102f3..28a634fca7 100644 --- a/translations/pt-BR/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph.md +++ b/translations/pt-BR/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph.md @@ -56,7 +56,7 @@ Você pode usar o gráfico de dependências para: - Explorar os repositórios dos quais o seu código depende{% ifversion fpt or ghec %} e aqueles que dependem dele{% endif %}. Para obter mais informações, consulte "[Explorar as dependências de um repositório](/github/visualizing-repository-data-with-graphs/exploring-the-dependencies-of-a-repository)". {% ifversion fpt or ghec %} - Visualizar um resumo das dependências usadas nos repositórios da sua organização em um único painel. Para obter mais informações, consulte "[Visualizar informações na organização](/articles/viewing-insights-for-your-organization#viewing-organization-dependency-insights)".{% endif %} -- Ver e atualizar dependências vulneráveis no seu repositório. Para obter mais informações, consulte "[Sobre alertas para dependências vulneráveis](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)". {% ifversion fpt or ghes > 3.1 or ghec %} +- Ver e atualizar dependências vulneráveis no seu repositório. For more information, see "[About {% data variables.product.prodname_dependabot_alerts %}](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)."{% ifversion fpt or ghes > 3.1 or ghec %} - Veja as informações sobre dependências vulneráveis em pull requests. Para obter mais informações, consulte "[Revisar as alterações de dependências em um pull request](/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/reviewing-dependency-changes-in-a-pull-request)".{% endif %} ## Habilitar o gráfico de dependências @@ -111,5 +111,5 @@ Os formatos recomendados definem explicitamente quais versões são usadas para - "[Gráfico de dependências](https://en.wikipedia.org/wiki/Dependency_graph)" na Wikipedia - "[Explorar as dependências de um repositório](/github/visualizing-repository-data-with-graphs/exploring-the-dependencies-of-a-repository)"{% ifversion fpt or ghec %} - "[Visualizar informações da sua organização](/organizations/collaborating-with-groups-in-organizations/viewing-insights-for-your-organization)"{% endif %} -- "[Visualizar e atualizar dependências vulneráveis no seu repositório](/github/managing-security-vulnerabilities/viewing-and-updating-vulnerable-dependencies-in-your-repository)" +- "[Viewing {% data variables.product.prodname_dependabot_alerts %} for vulnerable dependencies](/github/managing-security-vulnerabilities/viewing-and-updating-vulnerable-dependencies-in-your-repository)" - "[Solução de problemas na detecção de dependências vulneráveis](/github/managing-security-vulnerabilities/troubleshooting-the-detection-of-vulnerable-dependencies)" diff --git a/translations/pt-BR/content/code-security/supply-chain-security/understanding-your-software-supply-chain/exploring-the-dependencies-of-a-repository.md b/translations/pt-BR/content/code-security/supply-chain-security/understanding-your-software-supply-chain/exploring-the-dependencies-of-a-repository.md index dd788c0e89..4f5f873dbb 100644 --- a/translations/pt-BR/content/code-security/supply-chain-security/understanding-your-software-supply-chain/exploring-the-dependencies-of-a-repository.md +++ b/translations/pt-BR/content/code-security/supply-chain-security/understanding-your-software-supply-chain/exploring-the-dependencies-of-a-repository.md @@ -40,7 +40,7 @@ Os proprietários das empresas podem configurar o gráfico de dependências a n ### Vista de dependências {% ifversion fpt or ghec %} -As dependências são agrupadas por ecossistema. Você pode expandir sua dependência para visualizar suas dependências. Para dependências em repositórios públicos hospedadas no {% data variables.product.product_name %}, você também pode clicar em uma dependência para visualizar o repositório. Dependências de repositórios privados, pacotes privados ou arquivos não reconhecidos são exibidos em texto sem formatação. +As dependências são agrupadas por ecossistema. Você pode expandir sua dependência para visualizar suas dependências. Dependências de repositórios privados, pacotes privados ou arquivos não reconhecidos são exibidos em texto sem formatação. If the package manager for the dependency is in a public repository, {% data variables.product.product_name %} will display a link to that repository. Se foram detectadas vulnerabilidades no repositório, estas são exibidas na parte superior da visualização para usuários com acesso ao {% data variables.product.prodname_dependabot_alerts %}. @@ -83,7 +83,10 @@ Você pode desabilitar o gráfico de dependências a qualquer momento clicando e ## Alterar o pacote "Usado por" -Se o gráfico de dependências estiver habilitado e o seu repositório contiver um pacote publicado em um ecossistema de pacote compatível, {% data variables.product.prodname_dotcom %} exibirá uma seção "Usado por" na barra lateral da aba do **Código** do seu repositório. Para obter mais informações sobre os ecossistemas de pacotes compatíveis, consulte "[Sobre o gráfico de dependências](/github/visualizing-repository-data-with-graphs/about-the-dependency-graph#supported-package-ecosystems)". +You may notice some repositories have a "Used by" section in the sidebar of the **Code** tab. Your repository will have a "Used by" section if: + * The dependency graph is enabled for the repository (see the above section for more details). + * Your repository contains a package that is published on a [supported package ecosystem](/github/visualizing-repository-data-with-graphs/about-the-dependency-graph#supported-package-ecosystems). + * Within the ecosystem, your package has a link to a _public_ repository where the source is stored. A seção "Usado por" mostra o número de referências públicas ao pacote que foi encontrado, e exibe os avatares de alguns dos proprietários dos projetos dependentes. @@ -112,7 +115,7 @@ Se um arquivo de manifesto ou de bloqueio não for processado, suas dependência ## Leia mais - "[Sobre o gráfico de dependências](/github/visualizing-repository-data-with-graphs/about-the-dependency-graph)" -- "[Visualizar e atualizar dependências vulneráveis no seu repositório](/github/managing-security-vulnerabilities/viewing-and-updating-vulnerable-dependencies-in-your-repository)"{% ifversion fpt or ghec %} -- "[Visualizar informações da organização](/organizations/collaborating-with-groups-in-organizations/viewing-insights-for-your-organization)" +- "[Viewing {% data variables.product.prodname_dependabot_alerts %} for vulnerable dependencies](/github/managing-security-vulnerabilities/viewing-and-updating-vulnerable-dependencies-in-your-repository)"{% ifversion fpt or ghec %} +- "[Visualizar informações da sua organização](/organizations/collaborating-with-groups-in-organizations/viewing-insights-for-your-organization)" - "[Entender como o {% data variables.product.prodname_dotcom %} usa e protege seus dados](/get-started/privacy-on-github)" {% endif %} diff --git a/translations/pt-BR/content/code-security/supply-chain-security/understanding-your-software-supply-chain/index.md b/translations/pt-BR/content/code-security/supply-chain-security/understanding-your-software-supply-chain/index.md index 2446fd7749..750ffd8773 100644 --- a/translations/pt-BR/content/code-security/supply-chain-security/understanding-your-software-supply-chain/index.md +++ b/translations/pt-BR/content/code-security/supply-chain-security/understanding-your-software-supply-chain/index.md @@ -9,10 +9,12 @@ topics: - Dependency graph - Dependencies - Repositories -children: - - /about-the-dependency-graph - - /exploring-the-dependencies-of-a-repository - - /about-dependency-review shortTitle: Entenda sua cadeia de suprimentos +children: + - /about-supply-chain-security + - /about-the-dependency-graph + - /about-dependency-review + - /exploring-the-dependencies-of-a-repository + - /troubleshooting-the-dependency-graph --- diff --git a/translations/pt-BR/content/code-security/supply-chain-security/understanding-your-software-supply-chain/troubleshooting-the-dependency-graph.md b/translations/pt-BR/content/code-security/supply-chain-security/understanding-your-software-supply-chain/troubleshooting-the-dependency-graph.md new file mode 100644 index 0000000000..a8755cefb6 --- /dev/null +++ b/translations/pt-BR/content/code-security/supply-chain-security/understanding-your-software-supply-chain/troubleshooting-the-dependency-graph.md @@ -0,0 +1,62 @@ +--- +title: Solução de problemas para o gráfico de dependências +intro: 'If the dependency information reported by the dependency graph is not what you expected, there are a number of points to consider, and various things you can check.' +shortTitle: Troubleshoot dependency graph +versions: + fpt: '*' + ghes: '*' + ghae: issue-4864 + ghec: '*' +type: how_to +topics: + - Troubleshooting + - Errors + - Dependencies + - Vulnerabilities + - Dependency graph + - CVEs + - Repositories +--- + +{% data reusables.dependabot.result-discrepancy %} + +## O gráfico de dependências só encontra dependências nos manifestos e nos arquivos de bloquei? + +O gráfico de dependências inclui informações sobre dependências explicitamente declaradas em seu ambiente. Ou seja, dependências que são especificadas em um manifesto ou um arquivo de bloqueio. O gráfico de dependências, geralmente, também inclui dependências transitivas, mesmo quando não são especificadas em um arquivo de travamento analisando as dependências das dependências em um arquivo de manifesto. + +O gráfico de dependências não inclui dependências de "soltas". Dependências "soltas" são arquivos individuais copiados de outra fonte e verificados no repositório diretamente ou dentro de um arquivo (como um arquivo ZIP ou JAR), em vez de ser referenciadas pelo manifesto ou arquivo de bloqueio do gerenciador de pacotes. + +**Check**: Is the missing dependency for a component that's not specified in the repository's manifest or lockfile? + +## O gráfico de dependências detecta dependências especificadas usando variáveis? + +O gráfico de dependências analisa como são carregados para {% data variables.product.prodname_dotcom %}. O gráfico de dependência não tem acesso ao ambiente de construção do projeto. Portanto, ele não pode resolver variáveis usadas dentro dos manifestos. Se você usar variáveis dentro de um manifesto para especificar o nome, ou mais comumente, a versão de uma dependência, essa dependência não será incluída no gráfico de dependências. + +**Verifique**: A dependência ausente é declarada no manifesto usando uma variável para seu nome ou versão? + +## Existem limites que afetam os dados do gráfico de dependências? + +Sim, o gráfico de dependências tem duas categorias de limites: + +1. **Limites de processamento** + + Eles afetam o gráfico de dependências exibido dentro de {% data variables.product.prodname_dotcom %} e também impedem que sejam criados {% data variables.product.prodname_dependabot_alerts %}. + + Manifestos com tamanho superior a 0.5 MB são processados apenas para contas corporativas. Para outras contas, manifestos acima de 0,5 MB são ignorados e não criarão {% data variables.product.prodname_dependabot_alerts %}. + + Por padrão, o {% data variables.product.prodname_dotcom %} não processará mais de 20 manifestos por repositório. {% data variables.product.prodname_dependabot_alerts %} não foi criado para manifestos acima deste limite. Se você precisar aumentar o limite, entre em contato com {% data variables.contact.contact_support %}. + +2. **Limites de visualização** + + Eles afetam o que é exibido no gráfico de dependências dentro de {% data variables.product.prodname_dotcom %}. No entanto, eles não afetam {% data variables.product.prodname_dependabot_alerts %} que foram criados. + + A exibição de dependências do gráfico de dependências em um repositório só exibe 100 manifestos. De modo geral, isso é adequado, já que é significativamente maior do que o limite de processamento descrito acima. Em situações em que o limite de processamento é superior a 100, os {% data variables.product.prodname_dependabot_alerts %} são criados para quaisquer manifestos que não são mostrados dentro de {% data variables.product.prodname_dotcom %}. + +**Verifique**: A dependência que falta está em um arquivo de manifesto superior a 0,5 MB ou em um repositório com um grande número de manifestos? + +## Leia mais + +- "[Sobre o gráfico de dependências](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph)" +- "[Gerenciar as configurações de segurança e análise para o seu repositório](/github/administering-a-repository/managing-security-and-analysis-settings-for-your-repository)" +- "[Solução de problemas na detecção de dependências vulneráveis](/code-security/dependabot/working-with-dependabot/troubleshooting-the-detection-of-vulnerable-dependencies)"{% ifversion fpt or ghec or ghes > 3.2 %} +- "[Solucionar problemas de {% data variables.product.prodname_dependabot %}](/github/managing-security-vulnerabilities/troubleshooting-dependabot-errors)"{% endif %} diff --git a/translations/pt-BR/content/developers/apps/building-github-apps/creating-a-github-app-using-url-parameters.md b/translations/pt-BR/content/developers/apps/building-github-apps/creating-a-github-app-using-url-parameters.md index bca802dfb3..8eaf17a767 100644 --- a/translations/pt-BR/content/developers/apps/building-github-apps/creating-a-github-app-using-url-parameters.md +++ b/translations/pt-BR/content/developers/apps/building-github-apps/creating-a-github-app-using-url-parameters.md @@ -59,39 +59,39 @@ Lista completa de parâmetros de consulta, permissões e eventos disponíveis en Você pode selecionar permissões em uma string de consultas usando o nome da permissão na tabela a seguir como o nome do parâmetro de consulta e o tipo de permissão como valor da consulta. Por exemplo, para selecionar permissões de `Leitura & gravação` na interface de usuário para `conteúdo`, sua string de consulta incluiria `&contents=write`. Para selecionar as permissões `Somente leitura` na interface de usuário para `bloquear`, sua string de consulta incluiria `&blocking=read`. Para selecionar `sem acesso` na interface do usuário para `verificações`, sua string de consulta não incluiria a permissão `verificações`. -| Permissão | Descrição | -| -------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Permissão | Descrição | +| -------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | [`administração`](/rest/reference/permissions-required-for-github-apps/#permission-on-administration) | Concede acesso a vários pontos finais para administração de organização e repositório. Pode ser: `nenhum`, `leitura` ou `gravação`.{% ifversion fpt or ghec %} | [`bloqueio`](/rest/reference/permissions-required-for-github-apps/#permission-on-blocking) | Concede acesso à [API de usuários de bloqueio](/rest/reference/users#blocking). Pode ser: `nenhum`, `leitura` ou `gravação`.{% endif %} | [`Verificações`](/rest/reference/permissions-required-for-github-apps/#permission-on-checks) | Concede acesso à [API de verificação](/rest/reference/checks). Pode ser: `nenhum`, `leitura` ou `gravação`.{% ifversion ghes < 3.4 %} | `content_references` | Concede acesso ao ponto final "[Criar um anexo de conteúdo](/rest/reference/apps#create-a-content-attachment). Pode ser: `nenhum`, `leitura` ou `gravação`.{% endif %} -| [`Conteúdo`](/rest/reference/permissions-required-for-github-apps/#permission-on-contents) | Concede acesso a vários pontos finais que permitem modificar o conteúdo do repositório. Pode ser: `nenhum`, `leitura` ou `gravação`. | +| [`Conteúdo`](/rest/reference/permissions-required-for-github-apps/#permission-on-contents) | Concede acesso a vários pontos finais que permitem modificar o conteúdo do repositório. Pode ser: `nenhum`, `leitura` ou `gravação`. | | [`Implantações`](/rest/reference/permissions-required-for-github-apps/#permission-on-deployments) | Concede acesso à [API de implementação](/rest/reference/repos#deployments). Pode ser: `nenhum`, `leitura` ou `gravação`.{% ifversion fpt or ghes or ghec %} | [`emails`](/rest/reference/permissions-required-for-github-apps/#permission-on-emails) | Concede acesso à [API de e-mails](/rest/reference/users#emails). Pode ser: `nenhum`, `leitura` ou `gravação`.{% endif %} -| [`seguidores`](/rest/reference/permissions-required-for-github-apps/#permission-on-followers) | Concede acesso à [API de seguidores](/rest/reference/users#followers). Pode ser: `nenhum`, `leitura` ou `gravação`. | -| [`gpg_keys`](/rest/reference/permissions-required-for-github-apps/#permission-on-gpg-keys) | Concede acesso à [API de chaves de GPG](/rest/reference/users#gpg-keys). Pode ser: `nenhum`, `leitura` ou `gravação`. | -| [`Problemas`](/rest/reference/permissions-required-for-github-apps/#permission-on-issues) | Concede acesso à [API de problemas](/rest/reference/issues). Pode ser: `nenhum`, `leitura` ou `gravação`. | -| [`chaves`](/rest/reference/permissions-required-for-github-apps/#permission-on-keys) | Concede acesso à [API de chaves públicas](/rest/reference/users#keys). Pode ser: `nenhum`, `leitura` ou `gravação`. | +| [`seguidores`](/rest/reference/permissions-required-for-github-apps/#permission-on-followers) | Concede acesso à [API de seguidores](/rest/reference/users#followers). Pode ser: `nenhum`, `leitura` ou `gravação`. | +| [`gpg_keys`](/rest/reference/permissions-required-for-github-apps/#permission-on-gpg-keys) | Concede acesso à [API de chaves de GPG](/rest/reference/users#gpg-keys). Pode ser: `nenhum`, `leitura` ou `gravação`. | +| [`Problemas`](/rest/reference/permissions-required-for-github-apps/#permission-on-issues) | Concede acesso à [API de problemas](/rest/reference/issues). Pode ser: `nenhum`, `leitura` ou `gravação`. | +| [`chaves`](/rest/reference/permissions-required-for-github-apps/#permission-on-keys) | Concede acesso à [API de chaves públicas](/rest/reference/users#keys). Pode ser: `nenhum`, `leitura` ou `gravação`. | | [`members`](/rest/reference/permissions-required-for-github-apps/#permission-on-members) | Concede acesso para gerenciar os membros de uma organização. Pode ser: `nenhum`, `leitura` ou `gravação`.{% ifversion fpt or ghec %} -| [`metadados`](/rest/reference/permissions-required-for-github-apps/#metadata-permissions) | Concede acesso a pontos finais somente leitura que não vazam dados confidenciais. Pode ser `leitura ` ou `nenhum`. O padrão é `leitura`, ao definir qualquer permissão, ou `nenhum` quando você não especificar nenhuma permissão para o {% data variables.product.prodname_github_app %}. | +| [`metadados`](/rest/reference/permissions-required-for-github-apps/#metadata-permissions) | Concede acesso a pontos finais somente leitura que não vazam dados confidenciais. Pode ser `leitura ` ou `nenhum`. O padrão é `leitura`, ao definir qualquer permissão, ou `nenhum` quando você não especificar nenhuma permissão para o {% data variables.product.prodname_github_app %}. | | [`organization_administration`](/rest/reference/permissions-required-for-github-apps/#permission-on-organization-administration) | Concede acesso ao ponto final "[Atualizar uma organização](/rest/reference/orgs#update-an-organization)" ponto final e Pa [API de restrições de interação da organização](/rest/reference/interactions#set-interaction-restrictions-for-an-organization). Pode ser: `nenhum`, `leitura` ou `gravação`.{% endif %} -| [`organization_hooks`](/rest/reference/permissions-required-for-github-apps/#permission-on-organization-hooks) | Concede acesso à [API de webhooks da organização](/rest/reference/orgs#webhooks/). Pode ser: `nenhum`, `leitura` ou `gravação`. | -| `organization_plan` | Concede acesso para obter informações sobre o plano de uma organização usando o ponto final "[Obter uma organização](/rest/reference/orgs#get-an-organization)". Pode ser: `nenhum` ou `leitura`. | +| [`organization_hooks`](/rest/reference/permissions-required-for-github-apps/#permission-on-organization-hooks) | Concede acesso à [API de webhooks da organização](/rest/reference/orgs#webhooks/). Pode ser: `nenhum`, `leitura` ou `gravação`. | +| `organization_plan` | Concede acesso para obter informações sobre o plano de uma organização usando o ponto final "[Obter uma organização](/rest/reference/orgs#get-an-organization)". Pode ser: `nenhum` ou `leitura`. | | [`organization_projects`](/rest/reference/permissions-required-for-github-apps/#permission-on-organization-projects) | Concede acesso à [API de Projetos](/rest/reference/projects). Pode ser: `nenhum`, `leitura`, `gravação` ou `administrador`.{% ifversion fpt or ghec %} | [`organization_user_blocking`](/rest/reference/permissions-required-for-github-apps/#permission-on-organization-projects) | Concede acesso à [API de usuários de bloqueio da organização](/rest/reference/orgs#blocking). Pode ser: `nenhum`, `leitura` ou `gravação`.{% endif %} -| [`Páginas`](/rest/reference/permissions-required-for-github-apps/#permission-on-pages) | Concede acesso à [API de páginas](/rest/reference/repos#pages). Pode ser: `nenhum`, `leitura` ou `gravação`. | -| `plano` | Concede acesso para obter informações sobre o plano de um usuário do GitHub que usa o ponto final "[Obter um usuário](/rest/reference/users#get-a-user)". Pode ser: `nenhum` ou `leitura`. | -| [`pull_requests`](/rest/reference/permissions-required-for-github-apps/#permission-on-pull-requests) | Concede acesso a vários pontos finais do pull request. Pode ser: `nenhum`, `leitura` ou `gravação`. | -| [`repository_hooks`](/rest/reference/permissions-required-for-github-apps/#permission-on-repository-hooks) | Concede acesso à [API de webhooks do repositório](/rest/reference/repos#hooks). Pode ser: `nenhum`, `leitura` ou `gravação`. | +| [`Páginas`](/rest/reference/permissions-required-for-github-apps/#permission-on-pages) | Concede acesso à [API de páginas](/rest/reference/repos#pages). Pode ser: `nenhum`, `leitura` ou `gravação`. | +| `plano` | Concede acesso para obter informações sobre o plano de um usuário do GitHub que usa o ponto final "[Obter um usuário](/rest/reference/users#get-a-user)". Pode ser: `nenhum` ou `leitura`. | +| [`pull_requests`](/rest/reference/permissions-required-for-github-apps/#permission-on-pull-requests) | Concede acesso a vários pontos finais do pull request. Pode ser: `nenhum`, `leitura` ou `gravação`. | +| [`repository_hooks`](/rest/reference/permissions-required-for-github-apps/#permission-on-repository-hooks) | Concede acesso à [API de webhooks do repositório](/rest/reference/repos#hooks). Pode ser: `nenhum`, `leitura` ou `gravação`. | | [`repository_projects`](/rest/reference/permissions-required-for-github-apps/#permission-on-repository-projects) | Concede acesso à [API de Projetos](/rest/reference/projects). Pode ser: `nenhum`, `leitura`, `gravação` ou `administrador`.{% ifversion fpt or ghes or ghec %} | [`secret_scanning_alerts`](/rest/reference/permissions-required-for-github-apps/#permission-on-secret-scanning-alerts) | Concede acesso à [API de varredura de segredo](/rest/reference/secret-scanning). Pode ser: `none`, `read` ou `write`.{% endif %}{% ifversion fpt or ghes or ghec %} | [`security_events`](/rest/reference/permissions-required-for-github-apps/#permission-on-security-events) | Concede acesso à [API de varredura de código](/rest/reference/code-scanning/). Pode ser: `nenhum`, `leitura` ou `gravação`.{% endif %} -| [`single_file`](/rest/reference/permissions-required-for-github-apps/#permission-on-single-file) | Concede acesso à [API de conteúdo](/rest/reference/repos#contents). Pode ser: `nenhum`, `leitura` ou `gravação`. | -| [`estrela`](/rest/reference/permissions-required-for-github-apps/#permission-on-starring) | Concede acesso à [API estrelada](/rest/reference/activity#starring). Pode ser: `nenhum`, `leitura` ou `gravação`. | -| [`Status`](/rest/reference/permissions-required-for-github-apps/#permission-on-statuses) | Concede acesso à [API de status](/rest/reference/commits#commit-statuses). Pode ser: `nenhum`, `leitura` ou `gravação`. | +| [`single_file`](/rest/reference/permissions-required-for-github-apps/#permission-on-single-file) | Concede acesso à [API de conteúdo](/rest/reference/repos#contents). Pode ser: `nenhum`, `leitura` ou `gravação`. | +| [`estrela`](/rest/reference/permissions-required-for-github-apps/#permission-on-starring) | Concede acesso à [API estrelada](/rest/reference/activity#starring). Pode ser: `nenhum`, `leitura` ou `gravação`. | +| [`Status`](/rest/reference/permissions-required-for-github-apps/#permission-on-statuses) | Concede acesso à [API de status](/rest/reference/commits#commit-statuses). Pode ser: `nenhum`, `leitura` ou `gravação`. | | [`team_discussions`](/rest/reference/permissions-required-for-github-apps/#permission-on-team-discussions) | Concede acesso à [API de discussões de equipe](/rest/reference/teams#discussions) e à [API de comentários de discussão de equipe](/rest/reference/teams#discussion-comments). Pode ser: `nenhum`, `leitura` ou `gravação`.{% ifversion fpt or ghes or ghae-issue-4864 or ghec %} -| `vulnerability_alerts` | Concede acesso a alertas de segurança para dependências vulneráveis em um repositório. Consulte "[Sobre alertas para dependências vulneráveis](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies/)" para saber mais. Pode ser: `none` ou `read`.{% endif %} -| `inspecionando` | Concede acesso à lista e alterações de repositórios que um usuário assinou. Pode ser: `nenhum`, `leitura` ou `gravação`. | +| `vulnerability_alerts` | Grants access to receive {% data variables.product.prodname_dependabot_alerts %} for vulnerable dependencies in a repository. See "[About {% data variables.product.prodname_dependabot_alerts %}](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies/)" to learn more. Pode ser: `none` ou `read`.{% endif %} +| `inspecionando` | Concede acesso à lista e alterações de repositórios que um usuário assinou. Pode ser: `nenhum`, `leitura` ou `gravação`. | ## Eventos webhook do {% data variables.product.prodname_github_app %} diff --git a/translations/pt-BR/content/developers/apps/building-github-apps/creating-a-github-app.md b/translations/pt-BR/content/developers/apps/building-github-apps/creating-a-github-app.md index c027b5ccd3..eb7f4722a3 100644 --- a/translations/pt-BR/content/developers/apps/building-github-apps/creating-a-github-app.md +++ b/translations/pt-BR/content/developers/apps/building-github-apps/creating-a-github-app.md @@ -47,7 +47,7 @@ topics: {% endif %} 1. Por padrão, para melhorar a segurança de seus aplicativos, seus aplicativos usarão os tokens de autorização do usuário. Para optar por não usar tokens do usuário expirados, você deverá desmarcar "Expirar tokens de autorização do usuário". Para saber mais sobre como configurar o fluxo de atualização do token e os benefícios de expirar os tokens do usuário, consulte "[Atualizando tokens de acesso do usuário para o servidor](/apps/building-github-apps/refreshing-user-to-server-access-tokens/)." ![Opção para expirar os tokens dos usuários durante a configuração dos aplicativos GitHub](/assets/images/github-apps/expire-user-tokens-selection.png) 1. Se seu aplicativo autoriza usuários a usar o fluxo OAuth, você pode selecionar **Solicitar autorização de usuário (OAuth) durante a instalação** para permitir que pessoas autorizem o aplicativo ao instalá-lo, economizando uma etapa. Se você selecionar esta opção, a "URL de configuração" irá tornar-se indisponível e os usuários serão redirecionados para a "URL de retorno de chamada de autorização do usuário" após a instalação do aplicativo. Consulte "[Autorizando usuários durante a instalação](/apps/installing-github-apps/#authorizing-users-during-installation)" para obter mais informações. ![Request user authorization during installation](/assets/images/github-apps/github_apps_request_auth_upon_install.png){% if device-flow-is-opt-in %} -1. If your GitHub App will use the device flow to identify and authorize users, click **Enable Device Flow**. For more information about the device flow, see "[Authorizing OAuth Apps](/developers/apps/building-oauth-apps/authorizing-oauth-apps#device-flow)." ![Screenshot showing field for enabling device flow](/assets/images/oauth-apps/enable-device-flow.png){% endif %} +1. If your GitHub App will use the device flow to identify and authorize users, click **Enable Device Flow**. Para obter mais informações sobre o fluxo do dispositivo, consulte "[Autorizando aplicativos OAuth](/developers/apps/building-oauth-apps/authorizing-oauth-apps#device-flow)". ![Screenshot showing field for enabling device flow](/assets/images/oauth-apps/enable-device-flow.png){% endif %} 1. Se for necessária uma configuração adicional após a instalação, adicione um "Configurar URL" para redirecionar os usuários após a instalação do seu aplicativo. ![Campo para a URL de configuração do seu aplicativo GitHub ](/assets/images/github-apps/github_apps_setup_url.png) {% note %} diff --git a/translations/pt-BR/content/developers/apps/building-oauth-apps/authorizing-oauth-apps.md b/translations/pt-BR/content/developers/apps/building-oauth-apps/authorizing-oauth-apps.md index 71abd4c26f..536a60b8f8 100644 --- a/translations/pt-BR/content/developers/apps/building-oauth-apps/authorizing-oauth-apps.md +++ b/translations/pt-BR/content/developers/apps/building-oauth-apps/authorizing-oauth-apps.md @@ -128,7 +128,7 @@ O fluxo de dispositivos permite que você autorize usuários para um aplicativo {% if device-flow-is-opt-in %} -Before you can use the device flow to authorize and identify users, you must first enable it in your app's settings. For more information about enabling the device flow in your app, see "[Modifying an OAuth App](/developers/apps/managing-oauth-apps/modifying-an-oauth-app)" for OAuth Apps and "[Modifying a GitHub App](/developers/apps/managing-github-apps/modifying-a-github-app)" for GitHub Apps. +Antes de usar o fluxo do dispositivo para autorizar e identificar usuários, primeiro habilite-o nas configurações do aplicativo. Para obter mais informações sobre como habilitar o fluxo do dispositivo no seu aplicativo, consulte "[Modificando um aplicativo OAuth](/developers/apps/managing-oauth-apps/modifying-an-oauth-app)" para aplicativos OAuth e "[Modificando um aplicativo GitHub](/developers/apps/managing-github-apps/modifying-a-github-app)" para aplicativos GitHub. {% endif %} @@ -261,8 +261,8 @@ Se você fizer mais de uma solicitação de token de acesso (`POST {% data varia | `unsupported_grant_type` | O tipo de concessão deve ser `urn:ietf:params:oauth:grant-type:device_code` e incluído como um parâmetro de entrada quando você faz a sondagem da solicitação do token do OAuth `POST {% data variables.product.oauth_host_code %}/login/oauth/oaccess_token`. | | `incorrect_client_credentials` | Para o fluxo do dispositivo, você deve passar o ID de cliente do aplicativo, que pode ser encontrado na página de configurações do aplicativo. O `client_secret` não é necessário para o fluxo do dispositivo. | | `incorrect_device_code` | O device_code fornecido não é válido. | -| `access_denied` | When a user clicks cancel during the authorization process, you'll receive a `access_denied` error and the user won't be able to use the verification code again.{% if device-flow-is-opt-in %} -| `device_flow_disabled` | Device flow has not been enabled in the app's settings. For more information, see "[Device flow](#device-flow)."{% endif %} +| `access_denied` | Quando um usuário clica em cancelar durante o processo de autorização, você receberá um erro de `access_denied` e o usuário não poderá usar o código de verificação novamente.{% if device-flow-is-opt-in %} +| `device_flow_disabled` | O fluxo do dispositivo não foi habilitado nas configurações do aplicativo. Para obter mais informações, consulte "[fluxo do dispositivo](#device-flow)".{% endif %} Para obter mais informações, consulte "[Concessão de Autorização do Dispositivo OAuth 2.0](https://tools.ietf.org/html/rfc8628#section-3.5)". diff --git a/translations/pt-BR/content/developers/apps/building-oauth-apps/creating-an-oauth-app.md b/translations/pt-BR/content/developers/apps/building-oauth-apps/creating-an-oauth-app.md index bab6e680a4..7c33e21ab7 100644 --- a/translations/pt-BR/content/developers/apps/building-oauth-apps/creating-an-oauth-app.md +++ b/translations/pt-BR/content/developers/apps/building-oauth-apps/creating-an-oauth-app.md @@ -50,5 +50,5 @@ topics: {% endnote %} {% endif %}{% if device-flow-is-opt-in %} -1. If your OAuth App will use the device flow to identify and authorize users, click **Enable Device Flow**. For more information about the device flow, see "[Authorizing OAuth Apps](/developers/apps/building-oauth-apps/authorizing-oauth-apps#device-flow)." ![Screenshot showing field for enabling device flow](/assets/images/oauth-apps/enable-device-flow.png){% endif %} +1. Se o seu aplicativo OAuth usar o fluxo do dispositivo para identificar e autorizar usuários, clique em **Habilitar fluxo do dispositivo**. Para obter mais informações sobre o fluxo do dispositivo, consulte "[Autorizando aplicativos OAuth](/developers/apps/building-oauth-apps/authorizing-oauth-apps#device-flow)". ![Screenshot showing field for enabling device flow](/assets/images/oauth-apps/enable-device-flow.png){% endif %} 2. Clique em **Register application** (Registrar aplicativo). ![Botão para registrar um aplicativo](/assets/images/oauth-apps/oauth_apps_register_application.png) diff --git a/translations/pt-BR/content/developers/apps/managing-github-apps/modifying-a-github-app.md b/translations/pt-BR/content/developers/apps/managing-github-apps/modifying-a-github-app.md index a4f1679f50..278d92386c 100644 --- a/translations/pt-BR/content/developers/apps/managing-github-apps/modifying-a-github-app.md +++ b/translations/pt-BR/content/developers/apps/managing-github-apps/modifying-a-github-app.md @@ -19,5 +19,5 @@ topics: {% data reusables.user-settings.github_apps %} {% data reusables.user-settings.modify_github_app %} 5. Em "Informações básicas", modifique as informações do aplicativo GitHub que você gostaria de alterar. ![Basic information section for your GitHub App](/assets/images/github-apps/github_apps_basic_information.png){% if device-flow-is-opt-in %} -1. If your GitHub App will use the device flow to identify and authorize users, click **Enable device flow**. For more information about the device flow, see "[Authorizing OAuth Apps](/developers/apps/building-oauth-apps/authorizing-oauth-apps#device-flow)." ![Screenshot showing field for enabling device flow](/assets/images/oauth-apps/enable-device-flow.png){% endif %} +1. Se o seu aplicativo GitHub usar o fluxo do dispositivo para identificar e autorizar usuários, clique em **Habilitar fluxo do dispositivo**. Para obter mais informações sobre o fluxo do dispositivo, consulte "[Autorizando aplicativos OAuth](/developers/apps/building-oauth-apps/authorizing-oauth-apps#device-flow)". ![Screenshot showing field for enabling device flow](/assets/images/oauth-apps/enable-device-flow.png){% endif %} 6. Clique em **Save changes** (Salvar alterações). ![Botão para salvar alterações para o seu aplicativo GitHub](/assets/images/github-apps/github_apps_save_changes.png) diff --git a/translations/pt-BR/content/developers/webhooks-and-events/webhooks/webhook-events-and-payloads.md b/translations/pt-BR/content/developers/webhooks-and-events/webhooks/webhook-events-and-payloads.md index ed641e68df..202063cae2 100644 --- a/translations/pt-BR/content/developers/webhooks-and-events/webhooks/webhook-events-and-payloads.md +++ b/translations/pt-BR/content/developers/webhooks-and-events/webhooks/webhook-events-and-payloads.md @@ -1246,7 +1246,7 @@ Este evento ocorre quando um {% data variables.product.prodname_github_app %} en Atividade relacionada a uma consultoria de segurança que foi revisada por {% data variables.product.company_short %}. Uma consultoria de segurança revisada por {% data variables.product.company_short %} fornece informações sobre vulnerabilidades relacionadas à segurança no software em {% data variables.product.prodname_dotcom %}. -O conjunto de dados consultivos de segurança também alimentam o GitHub {% data variables.product.prodname_dependabot_alerts %}. Para obter mais informações, consulte "[Sobre alertas para dependências vulneráveis](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies/)" +O conjunto de dados consultivos de segurança também alimentam o GitHub {% data variables.product.prodname_dependabot_alerts %}. Para obter mais informações, consulte "[Sobre {% data variables.product.prodname_dependabot_alerts %}](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies/)". ### Disponibilidade diff --git a/translations/pt-BR/content/get-started/privacy-on-github/about-githubs-use-of-your-data.md b/translations/pt-BR/content/get-started/privacy-on-github/about-githubs-use-of-your-data.md index 93c37f4c99..3c2a75885c 100644 --- a/translations/pt-BR/content/get-started/privacy-on-github/about-githubs-use-of-your-data.md +++ b/translations/pt-BR/content/get-started/privacy-on-github/about-githubs-use-of-your-data.md @@ -28,7 +28,7 @@ Anunciaremos novos recursos importantes que usam metadados ou dados agregados no ## Como os dados melhoram as recomendações de segurança -Para dar um exemplo de como os dados podem ser usados, podemos detectar e alertar você para uma vulnerabilidade de segurança nas dependências do seu repositório público. Para obter mais informações, consulte "[Sobre alertas para dependências vulneráveis](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)" +Para dar um exemplo de como os dados podem ser usados, podemos detectar e alertar você para uma vulnerabilidade de segurança nas dependências do seu repositório público. Para obter mais informações, consulte "[Sobre {% data variables.product.prodname_dependabot_alerts %}](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)". Para detectar possíveis vulnerabilidades de segurança, o {% data variables.product.product_name %} verifica o conteúdo do arquivo de manifesto de dependência para extrair uma lista de dependências do seu projeto. diff --git a/translations/pt-BR/content/get-started/privacy-on-github/managing-data-use-settings-for-your-private-repository.md b/translations/pt-BR/content/get-started/privacy-on-github/managing-data-use-settings-for-your-private-repository.md index 2abf438204..17197d6896 100644 --- a/translations/pt-BR/content/get-started/privacy-on-github/managing-data-use-settings-for-your-private-repository.md +++ b/translations/pt-BR/content/get-started/privacy-on-github/managing-data-use-settings-for-your-private-repository.md @@ -16,7 +16,7 @@ shortTitle: Gerenciar o uso de dados para repositório privado ## Sobre o uso de dados para seu repositório privado -Ao habilitar o uso de dados para seu repositório privado, poderá acessar o gráfico de dependências, em que você pode acompanhar as dependências do repositório e receber {% data variables.product.prodname_dependabot_alerts %} quando o {% data variables.product.product_name %} detectar dependências vulneráveis. Para obter mais informações, consulte "[Sobre alertas para dependências vulneráveis](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies#dependabot-alerts-for-vulnerable-dependencies)" +Ao habilitar o uso de dados para seu repositório privado, poderá acessar o gráfico de dependências, em que você pode acompanhar as dependências do repositório e receber {% data variables.product.prodname_dependabot_alerts %} quando o {% data variables.product.product_name %} detectar dependências vulneráveis. For more information, see "[About {% data variables.product.prodname_dependabot_alerts %}](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies#dependabot-alerts-for-vulnerable-dependencies)." ## Habilitar ou desabilitar os recursos de uso de dados @@ -31,5 +31,5 @@ Ao habilitar o uso de dados para seu repositório privado, poderá acessar o gr ## Leia mais - "[Sobre o uso de seus dados pelo {% data variables.product.prodname_dotcom %}](/articles/about-github-s-use-of-your-data)" -- "[Visualizar e atualizar dependências vulneráveis no seu repositório](/github/managing-security-vulnerabilities/viewing-and-updating-vulnerable-dependencies-in-your-repository)" +- "[Viewing {% data variables.product.prodname_dependabot_alerts %} for vulnerable dependencies](/github/managing-security-vulnerabilities/viewing-and-updating-vulnerable-dependencies-in-your-repository)" - "[Gerenciar as configurações de segurança e análise para o seu repositório](/github/administering-a-repository/managing-security-and-analysis-settings-for-your-repository)" diff --git a/translations/pt-BR/content/get-started/signing-up-for-github/setting-up-a-trial-of-github-enterprise-server.md b/translations/pt-BR/content/get-started/signing-up-for-github/setting-up-a-trial-of-github-enterprise-server.md index ffaf48e6e8..63a70e2fe5 100644 --- a/translations/pt-BR/content/get-started/signing-up-for-github/setting-up-a-trial-of-github-enterprise-server.md +++ b/translations/pt-BR/content/get-started/signing-up-for-github/setting-up-a-trial-of-github-enterprise-server.md @@ -19,7 +19,7 @@ shortTitle: Teste do servidor corporativo Você pode solicitar uma versão de avaliação por 45 dias do {% data variables.product.prodname_ghe_server %}. A versão de avaliação será instalada como um appliance virtual, com opções para implementação local ou na nuvem. Consulte a lista de plataformas de visualização compatíveis em "[Configurar uma instância do GitHub Enterprise Server](/enterprise-server@latest/admin/installation/setting-up-a-github-enterprise-server-instance)". -{% ifversion ghes %}{% data variables.product.prodname_dependabot %}{% else %}Alertas de Segurança{% endif %} e {% data variables.product.prodname_github_connect %} não estão disponíveis atualmente nos testes de {% data variables.product.prodname_ghe_server %}. Para uma demonstração desses recursos, entre em contato com {% data variables.contact.contact_enterprise_sales %}. Para mais informações sobre esses recursos, consulte "[Sobre alertas para dependências vulneráveis](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)" e "[Conectando a sua conta corporativa a {% data variables.product.prodname_ghe_cloud %}](/enterprise-server@latest/admin/configuration/managing-connections-between-your-enterprise-accounts/connecting-your-enterprise-account-to-github-enterprise-cloud)" +{% ifversion ghes %}{% data variables.product.prodname_dependabot %}{% else %}Alertas de Segurança{% endif %} e {% data variables.product.prodname_github_connect %} não estão disponíveis atualmente nos testes de {% data variables.product.prodname_ghe_server %}. Para uma demonstração desses recursos, entre em contato com {% data variables.contact.contact_enterprise_sales %}. For more information about these features, see "[About {% data variables.product.prodname_dependabot_alerts %}](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)" and "[Connecting your enterprise account to {% data variables.product.prodname_ghe_cloud %}](/enterprise-server@latest/admin/configuration/managing-connections-between-your-enterprise-accounts/connecting-your-enterprise-account-to-github-enterprise-cloud)." As versões de avaliação também estão disponíveis para {% data variables.product.prodname_ghe_cloud %}. Para obter mais informações, consulte "[Configurar uma versão de avaliação do {% data variables.product.prodname_ghe_cloud %}](/articles/setting-up-a-trial-of-github-enterprise-cloud)". diff --git a/translations/pt-BR/content/get-started/writing-on-github/working-with-advanced-formatting/creating-and-highlighting-code-blocks.md b/translations/pt-BR/content/get-started/writing-on-github/working-with-advanced-formatting/creating-and-highlighting-code-blocks.md index 21385c67f4..c8e6d27bac 100644 --- a/translations/pt-BR/content/get-started/writing-on-github/working-with-advanced-formatting/creating-and-highlighting-code-blocks.md +++ b/translations/pt-BR/content/get-started/writing-on-github/working-with-advanced-formatting/creating-and-highlighting-code-blocks.md @@ -70,10 +70,9 @@ Usamos [Linguist](https://github.com/github/linguist) para executar a detecção {% if mermaid %} ## Criando diagramas -Você pode usar a sintaxe do Mermaid para adicionar diagramas. Para obter mais informações, consulte "[Criando diagramas](/get-started/writing-on-github/working-with-advanced-formatting/creating-diagrams)". +You can also use code blocks to create diagrams in Markdown. GitHub supports Mermaid, geoJSON, topoJSON, and ASCII STL syntax. Para obter mais informações, consulte "[Criando diagramas](/get-started/writing-on-github/working-with-advanced-formatting/creating-diagrams)". {% endif %} - ## Leia mais - [Especificações de markdown em estilo {% data variables.product.prodname_dotcom %}](https://github.github.com/gfm/) diff --git a/translations/pt-BR/content/get-started/writing-on-github/working-with-advanced-formatting/creating-diagrams.md b/translations/pt-BR/content/get-started/writing-on-github/working-with-advanced-formatting/creating-diagrams.md index bedce5206d..f2007ab548 100644 --- a/translations/pt-BR/content/get-started/writing-on-github/working-with-advanced-formatting/creating-diagrams.md +++ b/translations/pt-BR/content/get-started/writing-on-github/working-with-advanced-formatting/creating-diagrams.md @@ -6,7 +6,13 @@ versions: shortTitle: Crie diagramas --- -Você pode usar a sintaxe do Mermaid para criar diagramas. O Mermeid é uma ferramenta inspirada em Markdown que transforma texto em diagramas. Por exemplo, o Mermeid pode interpretar gráficos de fluxo, diagramas de sequência, gráficos de pizza e muito mais. Para obter mais informações, consulte a documentação do [Mermaid](https://mermaid-js.github.io/mermaid/#/). +## About creating diagrams + +You can create diagrams in Markdown using three different syntaxes: mermaid, geoJSON and topoJSON, and ASCII STL. + +## Creating Mermaid diagrams + +O Mermeid é uma ferramenta inspirada em Markdown que transforma texto em diagramas. Por exemplo, o Mermeid pode interpretar gráficos de fluxo, diagramas de sequência, gráficos de pizza e muito mais. Para obter mais informações, consulte a documentação do [Mermaid](https://mermaid-js.github.io/mermaid/#/). Para criar um diagrama do Mermaid, adicione a sintaxe do Mermeid dentro de um bloco de código cercado com o identificador da linguagem do `mermaid`. Para obter mais informações sobre a criação de blocos de código, consulte "[Criando e destacando blocos de código](/get-started/writing-on-github/working-with-advanced-formatting/creating-and-highlighting-code-blocks)". @@ -31,3 +37,122 @@ graph TD; **Observação:** Você pode observar erros se você executar um plugin de terceiros do Mermaid ao usar sintaxe do Mermaid em {% data variables.product.company_short %}. {% endnote %} + +## Creating geoJSON and topoJSON maps + +You can use geo/topoJSON syntax to create interactive maps. To create a map, add geoJSON or topoJSON inside a fenced code block with the `geojson` or `topojson` syntax identifier. Para obter mais informações, consulte "[Criar e destacar blocos de código](/get-started/writing-on-github/working-with-advanced-formatting/creating-and-highlighting-code-blocks)". + +### Using geoJSON + +For example, you can create a simple map: + +
+```geojson
+{
+  "type": "Polygon",
+  "coordinates": [
+      [
+          [-90,30],
+          [-90,35],
+          [-90,35],
+          [-85,35],
+          [-85,30]
+      ]
+  ]
+}
+```
+
+ +![Rendered map](/assets/images/help/writing/fenced-geojson-rendered-map.png) + +### Using topoJSON + +For example, you can create a simple topoJSON map: + +
+```topojson
+{
+  "type": "Topology",
+  "transform": {
+    "scale": [0.0005000500050005, 0.00010001000100010001],
+    "translate": [100, 0]
+  },
+  "objects": {
+    "example": {
+      "type": "GeometryCollection",
+      "geometries": [
+        {
+          "type": "Point",
+          "properties": {"prop0": "value0"},
+          "coordinates": [4000, 5000]
+        },
+        {
+          "type": "LineString",
+          "properties": {"prop0": "value0", "prop1": 0},
+          "arcs": [0]
+        },
+        {
+          "type": "Polygon",
+          "properties": {"prop0": "value0",
+            "prop1": {"this": "that"}
+          },
+          "arcs": [[1]]
+        }
+      ]
+    }
+  },
+  "arcs": [[[4000, 0], [1999, 9999], [2000, -9999], [2000, 9999]],[[0, 0], [0, 9999], [2000, 0], [0, -9999], [-2000, 0]]]
+}
+```
+
+ +![Rendered topojson map](/assets/images/help/writing/fenced-topojson-rendered-map.png) + +For more information on working with `.geojson` and `.topojson` files, see "[Working with non-code files](/repositories/working-with-files/using-files/working-with-non-code-files#mapping-geojson-files-on-github)." + + +## Creating STL 3D models + +You can use ASCII STL syntax directly in markdown to create interactive 3D models. To display a model, add ASCII STL syntax inside a fenced code block with the `stl` syntax identifier. Para obter mais informações, consulte "[Criar e destacar blocos de código](/get-started/writing-on-github/working-with-advanced-formatting/creating-and-highlighting-code-blocks)". + +For example, you can create a simple 3D model: + +
+```stl
+solid cube_corner
+  facet normal 0.0 -1.0 0.0
+    outer loop
+      vertex 0.0 0.0 0.0
+      vertex 1.0 0.0 0.0
+      vertex 0.0 0.0 1.0
+    endloop
+  endfacet
+  facet normal 0.0 0.0 -1.0
+    outer loop
+      vertex 0.0 0.0 0.0
+      vertex 0.0 1.0 0.0
+      vertex 1.0 0.0 0.0
+    endloop
+  endfacet
+  facet normal -1.0 0.0 0.0
+    outer loop
+      vertex 0.0 0.0 0.0
+      vertex 0.0 0.0 1.0
+      vertex 0.0 1.0 0.0
+    endloop
+  endfacet
+  facet normal 0.577 0.577 0.577
+    outer loop
+      vertex 1.0 0.0 0.0
+      vertex 0.0 1.0 0.0
+      vertex 0.0 0.0 1.0
+    endloop
+  endfacet
+endsolid
+```
+
+ +![Rendered 3D model](/assets/images/help/writing/fenced-stl-rendered-object.png) + +For more information on working with `.stl` files, see "[Working with non-code files](/repositories/working-with-files/using-files/working-with-non-code-files#3d-file-viewer)." + diff --git a/translations/pt-BR/content/issues/trying-out-the-new-projects-experience/creating-a-project.md b/translations/pt-BR/content/issues/trying-out-the-new-projects-experience/creating-a-project.md index 20715f2074..69b961d37f 100644 --- a/translations/pt-BR/content/issues/trying-out-the-new-projects-experience/creating-a-project.md +++ b/translations/pt-BR/content/issues/trying-out-the-new-projects-experience/creating-a-project.md @@ -148,7 +148,7 @@ Posteriormente, você poderá editar as opções de seleção única e iteraçã 1. Para campos de seleção única, você pode adicionar, excluir ou reordenar as opções. 1. Para campos de iteração, você pode adicionar ou excluir as iterações, alterar nomes da iteração e alterar a data e a duração de início da iteração. - For more information on modifying iteration fields, see "[Managing iterations in projects](/issues/trying-out-the-new-projects-experience/managing-iterations)." + Para obter mais informações sobre como modificar campos de iteração, consulte "[Gerenciando iterações nos projetos](/issues/trying-out-the-new-projects-experience/managing-iterations). ## Personalizando as suas visualizações diff --git a/translations/pt-BR/content/issues/trying-out-the-new-projects-experience/customizing-your-project-views.md b/translations/pt-BR/content/issues/trying-out-the-new-projects-experience/customizing-your-project-views.md index 6b8e35d9ab..7ad0629f9a 100644 --- a/translations/pt-BR/content/issues/trying-out-the-new-projects-experience/customizing-your-project-views.md +++ b/translations/pt-BR/content/issues/trying-out-the-new-projects-experience/customizing-your-project-views.md @@ -136,7 +136,7 @@ Como alternativa, use a paleta de comando. No layout da tabela, você pode clicar nos dados de item para filtrar para itens com esse valor. Por exemplo, clique em um responsável para mostrar apenas itens para ele. Para remover o filtro, clique nos dados do item novamente. -For more information, see "[Filtering projects](/issues/trying-out-the-new-projects-experience/filtering-projects)." +Para obter mais informações, consulte "[Filtrando projetos](/issues/trying-out-the-new-projects-experience/filtering-projects)". ## Criando uma visualização do projeto diff --git a/translations/pt-BR/content/issues/trying-out-the-new-projects-experience/using-insights-with-projects.md b/translations/pt-BR/content/issues/trying-out-the-new-projects-experience/using-insights-with-projects.md index eed71dbd38..c84daa2b90 100644 --- a/translations/pt-BR/content/issues/trying-out-the-new-projects-experience/using-insights-with-projects.md +++ b/translations/pt-BR/content/issues/trying-out-the-new-projects-experience/using-insights-with-projects.md @@ -25,5 +25,5 @@ Você pode usar os insights para visualizar e personalizar gráficos que usam os 2. No canto superior direito, clique {% octicon "graph" aria-label="the graph icon" %} para acessar os insights. Este recurso está atualmente em uma visualização privada e ainda não está disponível para todas as organizações. Se os insights ainda não estiverem habilitados para a sua organização, o ícone {% octicon "graph" aria-label="the graph icon" %} não estará disponível. 3. No menu à esquerda, clique em **Novo gráfico**. 4. Opcionalmente, para alterar o nome do novo gráfico, clique em {% octicon "triangle-down" aria-label="The triangle icon" %}, digite um novo nome e pressione Retornar. -5. Acima do gráfico, digite os filtros para alterar os dados utilizados para a construção do gráfico. For more information, see "[Filtering projects](/issues/trying-out-the-new-projects-experience/filtering-projects)." +5. Acima do gráfico, digite os filtros para alterar os dados utilizados para a construção do gráfico. Para obter mais informações, consulte "[Filtrando projetos](/issues/trying-out-the-new-projects-experience/filtering-projects)". 6. À direita da caixa de texto do filtro, clique em **Salvar alterações**. diff --git a/translations/pt-BR/content/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization.md b/translations/pt-BR/content/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization.md index e3aa0724de..3059e94b4d 100644 --- a/translations/pt-BR/content/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization.md +++ b/translations/pt-BR/content/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization.md @@ -122,7 +122,7 @@ Você pode habilitar ou desabilitar funcionalidades para todos os repositórios. Por padrão, {% data variables.product.prodname_dependabot %} não pode atualizar as dependências que estão localizadas em repositórios privados ou registros de pacotes privados. Entretanto, se uma dependência estiver em um repositório privado de {% data variables.product.prodname_dotcom %} dentro da mesma organização que o projeto que usa essa dependência, você pode permitir que {% data variables.product.prodname_dependabot %} atualize a versão com sucesso, dando-lhe acesso à hospedagem do repositório. -Se seu código depende de pacotes em um registro privado, você pode permitir que {% data variables.product.prodname_dependabot %} atualize as versões dessas dependências configurando isso no nível do repositório. Você faz isso adicionando detalhes de autenticação ao arquivo _dependabot.yml_ do repositório. Para obter mais informações, consulte "[Opções de configuração para atualizações de dependências](/github/administering-a-repository/configuration-options-for-dependency-updates#configuration-options-for-private-registries)". +Se seu código depende de pacotes em um registro privado, você pode permitir que {% data variables.product.prodname_dependabot %} atualize as versões dessas dependências configurando isso no nível do repositório. Você faz isso adicionando detalhes de autenticação ao arquivo _dependabot.yml_ do repositório. For more information, see "[Configuration options for the dependabot.yml file](/github/administering-a-repository/configuration-options-for-dependency-updates#configuration-options-for-private-registries)." Para permitir que {% data variables.product.prodname_dependabot %} acesse um repositório privado de {% data variables.product.prodname_dotcom %}: @@ -157,6 +157,5 @@ Você pode gerenciar o acesso a funcionalidades de {% data variables.product.pro - "[Protegendo o seu repositório](/code-security/getting-started/securing-your-repository)"{% ifversion not fpt %} - "[Sobre a verificação de segredo](/github/administering-a-repository/about-secret-scanning)"{% endif %}{% ifversion not ghae %} -- "[Sobre o gráfico de dependências](/github/visualizing-repository-data-with-graphs/about-the-dependency-graph)" -- "[Gerenciar vulnerabilidades nas dependências do seu projeto](/github/managing-security-vulnerabilities/managing-vulnerabilities-in-your-projects-dependencies)"{% endif %}{% ifversion fpt or ghec or ghes > 3.2 %} -- "[Manter suas dependências atualizadas automaticamente](/github/administering-a-repository/keeping-your-dependencies-updated-automatically)"{% endif %} +- "[About the dependency graph](/github/visualizing-repository-data-with-graphs/about-the-dependency-graph)"{% endif %}{% ifversion fpt or ghec or ghes or ghae-issue-4864 %} +- "[About supply chain security](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-supply-chain-security)"{% endif %} diff --git a/translations/pt-BR/content/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization.md b/translations/pt-BR/content/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization.md index a79bd3321e..f6d67a50f8 100644 --- a/translations/pt-BR/content/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization.md +++ b/translations/pt-BR/content/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization.md @@ -42,7 +42,7 @@ To search for specific events, use the `action` qualifier in your query. Actions | [`billing`](#billing-category-actions) | Contains all activities related to your organization's billing. | [`business`](#business-category-actions) | Contains activities related to business settings for an enterprise. | | [`codespaces`](#codespaces-category-actions) | Contains all activities related to your organization's codespaces. |{% endif %}{% ifversion fpt or ghec or ghes > 3.2 %} -| [`dependabot_alerts`](#dependabot_alerts-category-actions) | Contains organization-level configuration activities for {% data variables.product.prodname_dependabot_alerts %} in existing repositories. For more information, see "[About alerts for vulnerable dependencies](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)." +| [`dependabot_alerts`](#dependabot_alerts-category-actions) | Contains organization-level configuration activities for {% data variables.product.prodname_dependabot_alerts %} in existing repositories. For more information, see "[About {% data variables.product.prodname_dependabot_alerts %}](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)." | [`dependabot_alerts_new_repos`](#dependabot_alerts_new_repos-category-actions) | Contains organization-level configuration activities for {% data variables.product.prodname_dependabot_alerts %} in new repositories created in the organization. | [`dependabot_security_updates`](#dependabot_security_updates-category-actions) | Contains organization-level configuration activities for {% data variables.product.prodname_dependabot_security_updates %} in existing repositories. For more information, see "[Configuring {% data variables.product.prodname_dependabot_security_updates %}](/github/managing-security-vulnerabilities/configuring-dependabot-security-updates)." | [`dependabot_security_updates_new_repos`](#dependabot_security_updates_new_repos-category-actions) | Contains organization-level configuration activities for {% data variables.product.prodname_dependabot_security_updates %} for new repositories created in the organization.{% endif %}{% ifversion fpt or ghec %} @@ -680,7 +680,7 @@ For more information, see "[Managing the publication of {% data variables.produc | Action | Description |------------------|------------------- -| `create` | Triggered when {% data variables.product.product_name %} creates a {% data variables.product.prodname_dependabot %} alert for a repository that uses a vulnerable dependency. For more information, see "[About alerts for vulnerable dependencies](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)." +| `create` | Triggered when {% data variables.product.product_name %} creates a {% data variables.product.prodname_dependabot %} alert for a repository that uses a vulnerable dependency. For more information, see "[About {% data variables.product.prodname_dependabot_alerts %}](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)." | `dismiss` | Triggered when an organization owner or person with admin access to the repository dismisses a {% data variables.product.prodname_dependabot %} alert about a vulnerable dependency. | `resolve` | Triggered when someone with write access to a repository pushes changes to update and resolve a vulnerability in a project dependency. diff --git a/translations/pt-BR/content/organizations/managing-peoples-access-to-your-organization-with-roles/managing-custom-repository-roles-for-an-organization.md b/translations/pt-BR/content/organizations/managing-peoples-access-to-your-organization-with-roles/managing-custom-repository-roles-for-an-organization.md index 81f1fd21a5..a1d8431e37 100644 --- a/translations/pt-BR/content/organizations/managing-peoples-access-to-your-organization-with-roles/managing-custom-repository-roles-for-an-organization.md +++ b/translations/pt-BR/content/organizations/managing-peoples-access-to-your-organization-with-roles/managing-custom-repository-roles-for-an-organization.md @@ -41,11 +41,11 @@ As suas opções para a função herdada são padronizadas para diferentes tipos Aqui estão alguns exemplos de funções de repositórios personalizados que você pode configurar. -| Função do repositório personalizado | Sumário | Função herdada | Permissões adicionais | -| ----------------------------------- | ------------------------------------------------------------------------------------------- | -------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Engenheiro de segurança | Capaz de contribuir com código e manter o pipeline de segurança | **Manutenção** | Excluir resultados da varredura de código | -| Contratado | Capaz de desenvolver integrações de webhooks | **Gravação** | Gerenciar webhooks | -| Gerente de comunidade | Capaz de lidar com todas as interações da comunidade sem ser capaz de contribuir com código | **Leitura** | - Mark an issue as duplicate
- Manage GitHub Page settings
- Manage wiki settings
- Set the social preview
- Edit repository metadata
- Triage discussions | +| Função do repositório personalizado | Sumário | Função herdada | Permissões adicionais | +| ----------------------------------- | ------------------------------------------------------------------------------------------- | -------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | +| Engenheiro de segurança | Capaz de contribuir com código e manter o pipeline de segurança | **Manutenção** | Excluir resultados da varredura de código | +| Contratado | Capaz de desenvolver integrações de webhooks | **Gravação** | Gerenciar webhooks | +| Gerente de comunidade | Capaz de lidar com todas as interações da comunidade sem ser capaz de contribuir com código | **Leitura** | - Marcar um problema como duplicado
- Gerenciar configurações da Página do GitHub
- Gerenciar configurações da wiki
- Definir a visualização social
- Editar metadados
- Triar discussões | ## Permissões adicionais para funções personalizadas @@ -81,32 +81,32 @@ Você só pode escolher uma permissão adicional se já não estiver incluída n - **Gerenciar webhooks**: Adicione webhooks ao repositório. - **Gerenciar chaves de implantação**: Adicione chaves de deploy ao repositório. - **Editar os metadados do repositório**: Atualize a descrição do repositório, bem como os tópicos do repositório. -- **Definir limites de interação**: Restrinja temporariamente certos usuários de comentários, problemas de abertura ou criação de pull requests no seu repositório público para aplicar um período de atividade limitada. For more information, see "[Limiting interactions in your repository](/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository)." -- **Set the social preview**: Add an identifying image to your repository that appears on social media platforms when your repository is linked. Para obter mais informações, consulte "[Personalizar a exibição das redes sociais do repositório](/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/customizing-your-repositorys-social-media-preview)". -- **Push commits to protected branches**: Push to a branch that is marked as a protected branch. -- **Create protected tags**: Create tags that match a tag protection rule. For more information, see "[Configuring tag protection rules](/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/configuring-tag-protection-rules)." -- **Delete protected tags**: Delete tags that match a tag protection rule. For more information, see "[Configuring tag protection rules](/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/configuring-tag-protection-rules)." +- **Definir limites de interação**: Restrinja temporariamente certos usuários de comentários, problemas de abertura ou criação de pull requests no seu repositório público para aplicar um período de atividade limitada. Para obter mais informações, consulte "[Restringir interações no seu repositório](/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository)". +- **Defina a visualização social**: Adicione uma imagem de identificação ao repositório que aparece nas plataformas de mídia social quando seu repositório é vinculado. Para obter mais informações, consulte "[Personalizar a exibição das redes sociais do repositório](/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/customizing-your-repositorys-social-media-preview)". +- **Faça push commits para branches protegidos**: Faça push para um branch que é marcado como um branch protegido. +- **Crie etiquetas protegidas**: Crie etiquetas que correspondam a uma regra de proteção de tags. Para obter mais informações, consulte "[Configurando regras de proteção de tagsde](/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/configuring-tag-protection-rules)". +- **Excluir tags protegidas**: Excluir tags que correspondam a uma regra de proteção de tags. Para obter mais informações, consulte "[Configurando regras de proteção de tagsde](/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/configuring-tag-protection-rules)". ### Segurança -- **View {% data variables.product.prodname_code_scanning %} results**: Ability to view {% data variables.product.prodname_code_scanning %} alerts. -- **Dismiss or reopen {% data variables.product.prodname_code_scanning %} results**: Ability to dismiss or reopen {% data variables.product.prodname_code_scanning %} alerts. -- **Delete {% data variables.product.prodname_code_scanning %} results**: Ability to delete {% data variables.product.prodname_code_scanning %} alerts. -- **View {% data variables.product.prodname_dependabot_alerts %}**: Ability to view {% data variables.product.prodname_dependabot_alerts %}. -- **Dismiss or reopen {% data variables.product.prodname_dependabot_alerts %}**: Ability to dismiss or reopen {% data variables.product.prodname_dependabot_alerts %}. -- **View {% data variables.product.prodname_secret_scanning %} results**: Ability to view {% data variables.product.prodname_secret_scanning %} alerts. -- **Dismiss or reopen {% data variables.product.prodname_secret_scanning %} results**: Ability to dismiss or reopen {% data variables.product.prodname_secret_scanning %} alerts. +- **Ver resultados de {% data variables.product.prodname_code_scanning %}**: Habilidade de ver alertas de {% data variables.product.prodname_code_scanning %}. +- **Ignorar ou reabrir {% data variables.product.prodname_code_scanning %} resultados**: Habilidade de ignorar ou reabrir alertas de {% data variables.product.prodname_code_scanning %}. +- **Excluir {% data variables.product.prodname_code_scanning %} resultados**: Habilidade de excluir alertas de {% data variables.product.prodname_code_scanning %}. +- **Visualizar {% data variables.product.prodname_dependabot_alerts %}**: Habilidade de visualizar {% data variables.product.prodname_dependabot_alerts %}. +- **Ignorarou reabrir {% data variables.product.prodname_dependabot_alerts %}**: Habilidade de ignorar ou reabrir {% data variables.product.prodname_dependabot_alerts %}. +- **Visualizar {% data variables.product.prodname_secret_scanning %} resultados**: Habilidade de visualizar alertas de {% data variables.product.prodname_secret_scanning %}. +- **Ignorar ou reabrir {% data variables.product.prodname_secret_scanning %} resultados**: Habilidade de ignorar ou reabrir alertas de {% data variables.product.prodname_secret_scanning %}. -## Precedence for different levels of access +## Precedência para diferentes níveis de acesso -If a person is given different levels of access through different avenues, such as team membership and the base permissions for an organization, the highest access overrides the others. For example, if an organization owner gives an organization member a custom role that uses the "Read" inherited role, and then an organization owner sets the organization's base permission to "Write", then this custom role will have write access, along with any additional permissions included in the custom role. +Se uma pessoa receber diferentes níveis de acesso por meio de caminhos diferentes como, por exemplo, a associação a uma equipe e as permissões básicas para uma organização, o maior acesso substitui os outros. Por exemplo, se um proprietário da organização dá a um integrante da organização uma função personalizada que use a função de "ler" herdada e, em seguida, o proprietário da organização definir a permissão de base da organização para "gravar", essa função personalizada terá acesso de gravação, junto com quaisquer permissões adicionais incluídas na função personalizada. {% data reusables.organizations.mixed-roles-warning %} -To resolve conflicting access, you can adjust your organization's base permissions or the team's access, or edit the custom role. Para obter mais informações, consulte: +Para resolver o acesso conflitante, você pode ajustar as permissões básicas da sua organização ou o acesso da equipe ou editar a função personalizada. Para obter mais informações, consulte: - "[Configurando permissões de base para uma organização](/github/setting-up-and-managing-organizations-and-teams/setting-base-permissions-for-an-organization)" - "[Gerenciar o acesso da equipe a um repositório da organização](/organizations/managing-access-to-your-organizations-repositories/managing-team-access-to-an-organization-repository)" - - "[Editing a repository role](#editing-a-repository-role)" + - "[Editando uma função do repositório](#editing-a-repository-role)" ## Creating a repository role diff --git a/translations/pt-BR/content/packages/working-with-a-github-packages-registry/working-with-the-rubygems-registry.md b/translations/pt-BR/content/packages/working-with-a-github-packages-registry/working-with-the-rubygems-registry.md index b3a5b600b9..01a56b4478 100644 --- a/translations/pt-BR/content/packages/working-with-a-github-packages-registry/working-with-the-rubygems-registry.md +++ b/translations/pt-BR/content/packages/working-with-a-github-packages-registry/working-with-the-rubygems-registry.md @@ -136,7 +136,7 @@ You can use gems from {% data variables.product.prodname_registry %} much like y end ``` -3. For Bundler versions earlier than 1.7.0, you need to add a new global `source`. For more information on using Bundler, see the [bundler.io documentation](http://bundler.io/v1.5/gemfile.html). +3. For Bundler versions earlier than 1.7.0, you need to add a new global `source`. For more information on using Bundler, see the [bundler.io documentation](https://bundler.io/gemfile.html). ```ruby source "https://{% ifversion fpt or ghec %}rubygems.pkg.github.com{% else %}REGISTRY-URL{% endif %}/OWNER" diff --git a/translations/pt-BR/content/pages/setting-up-a-github-pages-site-with-jekyll/testing-your-github-pages-site-locally-with-jekyll.md b/translations/pt-BR/content/pages/setting-up-a-github-pages-site-with-jekyll/testing-your-github-pages-site-locally-with-jekyll.md index f1928a2f18..e17c67b115 100644 --- a/translations/pt-BR/content/pages/setting-up-a-github-pages-site-with-jekyll/testing-your-github-pages-site-locally-with-jekyll.md +++ b/translations/pt-BR/content/pages/setting-up-a-github-pages-site-with-jekyll/testing-your-github-pages-site-locally-with-jekyll.md @@ -50,6 +50,12 @@ Antes de usar o Jekyll para testar um site, você deve: ``` 3. Para visualizar o site, navegue para `http://localhost:4000` no navegador da web. +{% note %} + +**Note:** If you are using Ruby 3.0 and Jekyll 4.2.x or older, you will need to add the `webrick` gem to your project's Gemfile prior to running `bundle install`. + +{% endnote %} + ## Atualizar o gem do {% data variables.product.prodname_pages %} O Jekyll é um projeto ativo de código aberto que é atualizado com frequência. Se o gem `github-pages` no seu computador estiver desatualizado em relação ao gem `github-pages` no servidor do {% data variables.product.prodname_pages %}, seu site poderá ter uma aparência diferente da criada localmente quando for publicado no {% data variables.product.product_name %}. Para evitar isso, atualize regularmente o gem `github-pages` no seu computador. diff --git a/translations/pt-BR/content/repositories/viewing-activity-and-data-for-your-repository/understanding-connections-between-repositories.md b/translations/pt-BR/content/repositories/viewing-activity-and-data-for-your-repository/understanding-connections-between-repositories.md index 00cfe5f70e..a1e310ab16 100644 --- a/translations/pt-BR/content/repositories/viewing-activity-and-data-for-your-repository/understanding-connections-between-repositories.md +++ b/translations/pt-BR/content/repositories/viewing-activity-and-data-for-your-repository/understanding-connections-between-repositories.md @@ -73,5 +73,5 @@ Quase todos os softwares dependem do código desenvolvido e mantido por outros d O gráfico de dependências fornece uma ótima maneira de visualizar e explorar as dependências de um repositório. Para obter mais informações, consulte "[Sobre o gráfico de dependências](/code-security/supply-chain-security/about-the-dependency-graph)" e "[Explorar as dependências de um repositório](/code-security/supply-chain-security/exploring-the-dependencies-of-a-repository)". -Você também pode configurar o seu repositório para que {% data variables.product.company_short %} alerte você automaticamente sempre que uma vulnerabilidade de segurança for encontrada em uma das suas dependências. Para obter mais informações, consulte "[Sobre alertas para dependências vulneráveis](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)" +Você também pode configurar o seu repositório para que {% data variables.product.company_short %} alerte você automaticamente sempre que uma vulnerabilidade de segurança for encontrada em uma das suas dependências. Para obter mais informações, consulte "[Sobre {% data variables.product.prodname_dependabot_alerts %}](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)". {% endif %} diff --git a/translations/pt-BR/content/repositories/working-with-files/using-files/working-with-non-code-files.md b/translations/pt-BR/content/repositories/working-with-files/using-files/working-with-non-code-files.md index f19da986f1..5d7b8505e4 100644 --- a/translations/pt-BR/content/repositories/working-with-files/using-files/working-with-non-code-files.md +++ b/translations/pt-BR/content/repositories/working-with-files/using-files/working-with-non-code-files.md @@ -130,6 +130,12 @@ Por padrão, o renderizador incorporado tem 420 pixels de largura por 620 pixels {% endtip %} +{% if mermaid %} +### Rendering in Markdown + +You can embed ASCII STL syntax directly in Markdown. Para obter mais informações, consulte "[Criando diagramas](/get-started/writing-on-github/working-with-advanced-formatting/creating-diagrams#creating-stl-3d-models)". +{% endif %} + ## Renderizar dados CSV e TSV O GitHub oferece suporte à renderização de dados tabulares na forma de arquivos *.csv* (separados por vírgula) e .*tsv* (separados por tubulação). @@ -233,7 +239,7 @@ Quando você clicar no ícone de folha de papel à direita, também verá as alt ![Captura de tela seletor Source Render (Renderizar fonte)](/assets/images/help/repository/source-render-toggle-geojson.png) -### Tipos geométricos +### Geometry types Os mapas no {% data variables.product.product_name %} usam [Leaflet.js](http://leafletjs.com) e são compatíveis com todos os tipos geométricos descritos nas [especificações geoJSON](http://www.geojson.org/geojson-spec.html) (Ponto, LineString, Polígono, Múltiplos Pontos, MultiLineString, MultiPolygon e GeometryCollection). Os arquivos TopoJSON devem ser do tipo "Topology" (Topologia) e estar de acordo com as [especificações topoJSON](https://github.com/mbostock/topojson/wiki/Specification). @@ -274,6 +280,12 @@ Por padrão, o mapa incorporado tem 420px x 620px, mas é possível personalizar {% endtip %} +{% if mermaid %} +### Mapping in Markdown + +You can embed geoJSON and topoJSON directly in Markdown. Para obter mais informações, consulte "[Criando diagramas](/get-started/writing-on-github/working-with-advanced-formatting/creating-diagrams#creating-geojson-and-topojson-maps)". +{% endif %} + ### Clustering Se o seu mapa contém um número grande de marcadores (aproximadamente mais de 750), em níveis de zoom maiores, o GitHub automaticamente fará cluster de marcadores próximos. Simplesmente clique em cluster ou aumentar o zoom para ver os marcadores individuais. @@ -292,7 +304,7 @@ Além disso, se o seu arquivo `.geojson` for particularmente grande (acima de 10 Ainda pode ser possível renderizar os dados convertendo o arquivo `.geojson` em [TopoJSON](https://github.com/mbostock/topojson), um formato compactado que pode reduzir o tamanho dos arquivos em até 80%, em alguns casos. Claro que você sempre pode quebrar os arquivos em pedaços menores (como por estado ou por ano) e armazenar os dados em vários arquivos no repositório. -### Recursos adicionais +### Leia mais * [Documentação geojson Leaflet.js](http://leafletjs.com/examples/geojson.html) * [Documentação MapBox marcadores de estilo](http://www.mapbox.com/developers/simplestyle/) @@ -320,3 +332,44 @@ $ jupyter nbconvert --to html NOTEBOOK-NAME.ipynb - [Repositório do GitHub do Jupyter Notebook](https://github.com/jupyter/jupyter_notebook) - [Galeria de Jupyter Notebooks](https://github.com/jupyter/jupyter/wiki/A-gallery-of-interesting-Jupyter-Notebooks) + +{% if mermaid %} +## Displaying Mermaid files on {% data variables.product.prodname_dotcom %} + +{% data variables.product.product_name %} supports rendering Mermaid files within repositories. Commit the file as you would normally using a `.mermaid` or `.mmd` extension. Then, navigate to the path of the Mermaid file on {% data variables.product.prodname_dotcom %}. + +For example, if you add a `.mmd` file with the following content to your repository: + +``` +graph TD + A[Friend's Birthday] -->|Get money| B(Go shopping) + B --> C{Let me think} + C -->|One| D["Cool
Laptop"] + C -->|Two| E[iPhone] + C -->|Three| F[fa:fa-car Car] +``` + +When you view the file in the repository, it is rendered as a flow chart. ![Rendered mermaid file diagram](/assets/images/help/repository/mermaid-file-diagram.png) + +### Solução de Problemas + +If your chart does not render at all, verify that it contains valid Mermaid Markdown syntax by checking your chart with the [Mermaid live editor](https://mermaid.live/edit). + +If the chart displays, but does not appear as you'd expect, you can create a new [feedback discussion](https://github.com/github/feedback/discussions/categories/general-feedback), and add the `mermaid` tag. + +#### Problemas conhecidos + +* Sequence diagram charts frequently render with additional padding below the chart, with more padding added as the chart size increases. This is a known issue with the Mermaid library. +* Actor nodes with popover menus do not work as expected within sequence diagram charts. This is due to a discrepancy in how JavaScript events are added to a chart when the Mermaid library's API is used to render a chart. +* Not all charts are a11y compliant. This may affect users who rely on a screen reader. + +### Mermaid in Markdown + +You can embed Mermaid syntax directly in Markdown. Para obter mais informações, consulte "[Criando diagramas](/get-started/writing-on-github/working-with-advanced-formatting/creating-diagrams#creating-mermaid-diagrams)". + +### Leia mais + +* [Mermaid.js documentation](https://mermaid-js.github.io/mermaid/#/) +* [Mermaid.js live editor](https://mermaid.live/edit) +{% endif %} + diff --git a/translations/pt-BR/content/rest/reference/deploy_keys.md b/translations/pt-BR/content/rest/reference/deploy_keys.md new file mode 100644 index 0000000000..2a49dbdf47 --- /dev/null +++ b/translations/pt-BR/content/rest/reference/deploy_keys.md @@ -0,0 +1,17 @@ +--- +title: Deploy Keys +intro: 'The Deploy Keys API allows to create an SSH key that is stored on your server and grants access to a GitHub repository.' +allowTitleToDifferFromFilename: true +versions: + fpt: '*' + ghes: '*' + ghae: '*' + ghec: '*' +topics: + - API +miniTocMaxHeadingLevel: 3 +--- + + \ No newline at end of file diff --git a/translations/pt-BR/content/rest/reference/deployments.md b/translations/pt-BR/content/rest/reference/deployments.md index e3455e2c40..02a45f7f5e 100644 --- a/translations/pt-BR/content/rest/reference/deployments.md +++ b/translations/pt-BR/content/rest/reference/deployments.md @@ -1,6 +1,6 @@ --- title: Implantações -intro: 'A API de implantação permite que você crie e exclua chaves de implantação, implantações e ambientes de implantação.' +intro: The deployments API allows you to create and delete deployments and deployment environments. allowTitleToDifferFromFilename: true versions: fpt: '*' diff --git a/translations/pt-BR/content/rest/reference/index.md b/translations/pt-BR/content/rest/reference/index.md index 8589197328..f1c1ae1e64 100644 --- a/translations/pt-BR/content/rest/reference/index.md +++ b/translations/pt-BR/content/rest/reference/index.md @@ -22,6 +22,7 @@ children: - /collaborators - /commits - /dependabot + - /deploy_keys - /deployments - /emojis - /enterprise-admin diff --git a/translations/pt-BR/content/site-policy/github-company-policies/github-statement-against-modern-slavery-and-child-labor.md b/translations/pt-BR/content/site-policy/github-company-policies/github-statement-against-modern-slavery-and-child-labor.md index 76293beb5d..cbb6bc5ba0 100644 --- a/translations/pt-BR/content/site-policy/github-company-policies/github-statement-against-modern-slavery-and-child-labor.md +++ b/translations/pt-BR/content/site-policy/github-company-policies/github-statement-against-modern-slavery-and-child-labor.md @@ -19,7 +19,7 @@ De acordo com a Organização Internacional do Trabalho (OIT), [40 milhões de p O GitHub lamenta a presença e persistência da escravatura moderna e do trabalho infantil, e leva a sério a sua responsabilidade de garantir que nem a escravatura moderna, nem o trabalho infantil se realizem na sua cadeia de fornecedores ou em qualquer parte do seu negócio. ("Escravidão moderna", nesta declaração, refere-se à escravatura, ao trabalho forçado ou obrigatório, ao tráfico, à servidão e aos trabalhadores que são presos, coagidos ou obrigados. "Trabalho infantil" refere-se ao trabalho realizado por alguém menor de 16 anos de idade, ou menor de 14 anos, para trabalho leve, desde que não se limite a períodos que interfiram na escolaridade da criança nem em condições que interfiram na saúde ou o bem-estar da criança.) -In accordance with the [UK Modern Slavery Act](https://www.legislation.gov.uk/ukpga/2015/30/section/54/enacted), and in alignment with the [ILO 2014 Protocol to its Forced Labour Convention](https://www.ilo.org/dyn/normlex/en/f?p=NORMLEXPUB:12100:0::NO::P12100_ILO_CODE:P029), [ILO Declaration on Fundamental Principles and Rights at Work](https://www.ilo.org/declaration/thedeclaration/textdeclaration/lang--en/index.htm), and [United Nations Sustainable Development Goals target 8.7](https://www.unodc.org/roseap/en/sustainable-development-goals.html#:~:text=Target%208.7%20%2D%20Take%20immediate%20and,labour%20in%20all%20its%20forms), this 2018 Statement Against Modern Slavery and Child Labor ("the Statement") describes the steps GitHub has taken to prevent modern slavery and child labor from occurring in its business or supply chain. +De acordo com a [Lei da Escravidão Moderna do Reino Unido](https://www.legislation.gov.uk/ukpga/2015/30/section/54/enacted) e em alinhamento com o Protocolo [ da OIT de 2014 referente à Convenção do Trabalho Forçado](https://www.ilo.org/dyn/normlex/en/f?p=NORMLEXPUB:12100:0::NO::P12100_ILO_CODE:P029), [Declaração da OIT sobre os princípios fundamentais e os direitos do trabalho](https://www.ilo.org/declaration/thedeclaration/textdeclaration/lang--en/index.htm)e [objetivos das Nações Unidas para o desenvolvimento sustentável 8.7](https://www.unodc.org/roseap/en/sustainable-development-goals.html#:~:text=Target%208.7%20%2D%20Take%20immediate%20and,labour%20in%20all%20its%20forms), esta declaração sobre 2018 contra a Escravidão Moderna e o Trabalho Infantil ("a Declaração") descreve as etapas tomadas pelo GitHub para evitar que a escravidão moderna e o trabalho infantil ocorram nos seus negócios ou na cadeia de suprimentos. ## Estrutura, negócios e cadeias de fornecedores do GitHub diff --git a/translations/pt-BR/content/site-policy/github-terms/github-community-guidelines.md b/translations/pt-BR/content/site-policy/github-terms/github-community-guidelines.md index feec1c14fc..ff0f9a249d 100644 --- a/translations/pt-BR/content/site-policy/github-terms/github-community-guidelines.md +++ b/translations/pt-BR/content/site-policy/github-terms/github-community-guidelines.md @@ -16,7 +16,7 @@ Milhões de desenvolvedores em todo o mundo hospedam milhões de projetos, tanto Nossa base de usuários diversificada traz perspectivas, ideias e experiências diferentes, e varia entre pessoas que criaram seu primeiro projeto "Hello World" na semana passada e os desenvolvedores de software mais conhecidos do mundo. Temos o compromisso de fazer do GitHub um ambiente que acolhe todas as diferentes vozes e perspectivas que a nossa comunidade tem a oferecer, mantendo um lugar seguro para os desenvolvedores fazerem o seu melhor trabalho. -By outlining what we think a [safe, welcoming, and productive community](https://opensource.guide/building-community/) looks like at GitHub, we hope to help you understand how best to interact and collaborate on our platform in line with our [Terms of Service](/github/site-policy/github-terms-of-service) and [Acceptable Use Policies](/github/site-policy/github-acceptable-use-policies). +Ao definiro conceito de uma comunidade [é segura, receptiva e produtiva](https://opensource.guide/building-community/) no GitHub, esperamos ajudar você a entender a melhor maneira de interagir e colaborar na nossa plataforma de acordo com os nossos [Termos de Serviço](/github/site-policy/github-terms-of-service) e [Políticas de Uso Aceitável](/github/site-policy/github-acceptable-use-policies). Nós incentivamos os integrantes da comunidade a comunicarem as expectativas claramente, [moderar](#what-if-something-or-someone-offends-you) seus projetos quando possível e [reporte](https://github.com/contact/report-abuse) qualquer conteúdo que possa violar as nossas [políticas](/github/site-policy/github-terms-of-service). A equipe do GitHub irá investigar quaisquer denúncias de abusos e poderá moderar o conteúdo público em nosso site que determinamos estar em violação dos nossos Termos de Serviço. @@ -34,53 +34,53 @@ A finalidade principal da comunidade do GitHub é colaborar em projetos de softw ## E se algo ou alguém ofender você? -Embora alguns desacordos possam ser resolvidos com comunicação direta e respeitosa entre os integrantes da comunidade, nós entendemos que nem sempre é esse o caso. Incentivamos a nossa comunidade a [nos informar](https://support.github.com/contact/report-abuse?category=report-abuse&report=other&report_type=unspecified) quando acreditarem que o conteúdo ou atividade que encontraram viola nossas políticas. However, if you run into something or someone on the site that you find objectionable, here are some ways GitHub enables you to take action: +Embora alguns desacordos possam ser resolvidos com comunicação direta e respeitosa entre os integrantes da comunidade, nós entendemos que nem sempre é esse o caso. Incentivamos a nossa comunidade a [nos informar](https://support.github.com/contact/report-abuse?category=report-abuse&report=other&report_type=unspecified) quando acreditarem que o conteúdo ou atividade que encontraram viola nossas políticas. No entanto, se você encontrar algo ou alguém no site que você considere censurável, aqui estão algumas maneiras que o GitHub lhe permite tomar medidas: -* **Communicate expectations** - Maintainers can set community-specific guidelines to help users understand how to interact with their projects, for example, in a repository’s README, [CONTRIBUTING file](/articles/setting-guidelines-for-repository-contributors/), or [dedicated code of conduct](/articles/adding-a-code-of-conduct-to-your-project/). You can find additional information on building communities [here](/communities). +* **Comunicar expectativas** - Os mantenedores podem definir diretrizes específicas da comunidade para ajudar os usuários a entender como interagir com seus projetos, por exemplo, no README de um repositório, em um [arquivo de CONTRIBUIÇÃO](/articles/setting-guidelines-for-repository-contributors/) ou [código de conduta dedicado](/articles/adding-a-code-of-conduct-to-your-project/). Você pode encontrar informações adicionais sobre a criação da comunidades [aqui](/communities). -* **Moderate Comments** - Users with [write-access privileges](/articles/repository-permission-levels-for-an-organization/) for a repository can [edit, delete, or hide anyone's comments](/communities/moderating-comments-and-conversations/managing-disruptive-comments) on commits, pull requests, and issues. Qualquer pessoa com acesso de leitura em um repositório pode visualizar o histórico de edição do comentário. Comment authors and people with write access to a repository can also delete sensitive information from a [comment's edit history](/communities/moderating-comments-and-conversations/tracking-changes-in-a-comment). Moderating your projects can feel like a big task if there is a lot of activity, but you can [add collaborators](/account-and-profile/setting-up-and-managing-your-github-user-account/managing-user-account-settings/permission-levels-for-a-user-account-repository#collaborator-access-for-a-repository-owned-by-a-user-account) to assist you in managing your community. +* **Comentários moderados** - Os usuários com privilégios de acesso de gravação [](/articles/repository-permission-levels-for-an-organization/) em um repositório [podem editar, excluir ou ocultar comentários de alguém](/communities/moderating-comments-and-conversations/managing-disruptive-comments) em commits, pull requests e problemas. Qualquer pessoa com acesso de leitura em um repositório pode visualizar o histórico de edição do comentário. Os autores de comentários e as pessoas com acesso de gravação a um repositório também podem excluir informações confidenciais do [histórico de edição dos comentários](/communities/moderating-comments-and-conversations/tracking-changes-in-a-comment). Moderar os seus projetos pode parecer uma grande tarefa se houver muita atividade, mas você pode [adicionar colaboradores](/account-and-profile/setting-up-and-managing-your-github-user-account/managing-user-account-settings/permission-levels-for-a-user-account-repository#collaborator-access-for-a-repository-owned-by-a-user-account) para ajudar você a gerenciar a sua comunidade. -* **Lock Conversations**  - If a discussion in an issue, pull request, or commit gets out of hand, off topic, or violates your project’s code of conduct or GitHub’s policies, owners, collaborators, and anyone else with write access can put a temporary or permanent [lock](/articles/locking-conversations/) on the conversation. +* **Bloquear conversas**- Se uma discussão em um problema, pull request, ou commit fugir do assunto ou do tema, ou violar o código de conduta do seu projeto ou as políticas do GitHub, os proprietários, colaboradores, e qualquer pessoa com acesso de gravação poderá [bloquear](/articles/locking-conversations/) permanentemente a conversa. -* **Block Users**  - If you encounter a specific user who you would rather not engage with, you can [block the user from your personal account](/articles/blocking-a-user-from-your-personal-account/) or [from your organization](/articles/blocking-a-user-from-your-organization/). +* **Bloquear Usuários** - Se você encontrar um usuário específico com quem você prefere não se relacionar, você pode [bloquear o usuário na sua conta pessoal](/articles/blocking-a-user-from-your-personal-account/) ou [na sua organização](/articles/blocking-a-user-from-your-organization/). -* **Limit Interactions** - If your public project is getting unwanted attention, being trolled, spammed, or otherwise, you have the option of setting [temporary interaction limits](/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository) to keep certain users from interacting with your repository. You can even set [code review limits](https://github.blog/2021-11-01-github-keeps-getting-better-for-open-source-maintainers/#preventing-drive-by-pull-request-approvals-and-requested-changes) to ensure quality contributions on your projects. +* **Limit Interactions** - If your public project is getting unwanted attention, being trolled, spammed, or otherwise, you have the option of setting [temporary interaction limits](/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository) to keep certain users from interacting with your repository. Você pode até mesmo definir [limites de revisão de código](https://github.blog/2021-11-01-github-keeps-getting-better-for-open-source-maintainers/#preventing-drive-by-pull-request-approvals-and-requested-changes) para garantir contribuições de qualidade nos seus projetos. -While we are passionate about empowering maintainers to moderate their own projects, please reach out to us to {% data variables.contact.report_abuse %} if you need additional support in dealing with a situation. +Embora sejamos apaixonados por capacitar os mantenedores a moderar os seus próprios projetos, entre em contato conosco por {% data variables.contact.report_abuse %} se precisar de apoio adicional para lidar com uma situação. -## What happens if someone violates GitHub's policies? +## O que acontece se alguém violar as políticas do GitHub? -We rely on reports from the community, as well as proactive detection, to help ensure that GitHub is a safe, welcoming, and productive platform for software developers. There are a variety of factors we consider when we’re made aware of behavior or content not in line with GitHub’s policies. However, our policy enforcement and content moderation approach prioritizes our vision to be the home for all developers. This means: +Nós contamos com relatórios da comunidade, bem como detecção proativa, para ajudar a garantir que o GitHub seja uma plataforma segura, receptiva e produtiva para desenvolvedores de software. Há uma série de fatores que consideramos quando estamos cientes de um comportamento ou conteúdo que não estão de acordo com as políticas do GitHub. No entanto, a nossa abordagem de aplicação de políticas e moderação de conteúdo prioriza a nossa visão para ser o abrigo para todos os desenvolvedores. Isso significa que: -- We optimize for code collaboration. We recognize that code can have multiple uses and we distinguish between how the code is being used on the platform and other possible uses. We also think about how our enforcement actions can affect a potentially complicated web of interdependencies across the platform and aim to restrict as little legitimate content as possible. +- Otimizamos a colaboração com código. Reconhecemos que o código pode ter várias utilizações e distinguimos entre como o código está sendo usado na plataforma e outros usos possíveis. Também pensamos em como nossas ações de execução podem afetar uma rede potencialmente complicada de interdependências em toda a plataforma e procurar restringir o mínimo de conteúdo legítimo possível. -- We take a human-centered approach to content moderation and we tailor our responses to meet the needs of a specific situation. Our global team investigates the reports we receive on a case-by-case basis—considering context and the surrounding facts—before taking action. This could include taking into account potentially offensive content being posted in a way that lacks context or makes it easy for other users to unwittingly view or interact with while using GitHub. In those instances, we may favor moderation in order to safeguard our community. +- Temos uma abordagem antropocêntrica para moderar o conteúdo e talhamos as nossas respostas para atender às necessidades de uma situação específica. Nossa equipe global investiga os relatórios que recebemos caso a caso - considerando o contexto e os fatos circundantes antes de agir. Isso pode incluir levar em conta conteúdo potencialmente ofensivo postado de maneira que não tenha contexto ou facilite a visualização ou interação indesejada enquanto usam o GitHub. Nesses casos, podemos favorecer a moderação a fim de proteger a nossa comunidade. -- Our decisions are rooted in our core belief that serving an interconnected community and empowering human progress through developer collaboration requires a commitment to diversity, inclusion, and belonging. +- As nossas decisões estão enraizadas na nossa convicção fundamental de que servir uma comunidade interligada e capacitar o progresso humano por meio da colaboração de desenvolvedores exige um compromisso com a diversidade. inclusão e pertencimento. -Where we have decided that moderation action is warranted, these are some of the ways we may respond: +Nos casos em que decidimos que se justifica uma ação de moderação, estas são algumas das formas de responder: -* Removing the offending content -* Blocking or disabling the offending content -* Downgrading the visibility of the offending content -* Hiding a user account or organization from public view -* Suspending a user account or organization +* Remover o conteúdo ofensivo +* Bloquear ou desabilitar o conteúdo ofensivo +* Desatualizando a visibilidade do conteúdo ofensivo +* Ocultar uma conta de usuário ou organização da visualização pública +* Suspender uma conta de usuário ou organização ## Apelação e reinstauração -In some cases there may be a basis to reverse a moderation action taken by GitHub Staff. +Em alguns casos, pode haver justificativa para reverter uma ação de moderação tomada pela equipe do GitHub. -* **Reinstatement**: Where a user wishes to address the violation and is willing to agree to abide by our Acceptable Use Policies moving forward, we may choose to reinstate their account or content depending on the severity of the initial violation. +* **Restabelecimento**: Quando um usuário deseja corrigir a violação e está disposto a aceitar o cumprimento de nossas Políticas de Uso Aceitáveis dali em diante, podemos optar por restabelecar a sua conta ou conteúdo dependendo da gravidade da violação inicial. -* **Appeal**: If a user wishes to dispute the basis of an enforcement action and can provide additional information regarding the alleged violation, we will review that information and may grant the appeal where we determined that a violation did not occur. +* **Recurso**: Se um usuário deseja contestar o fundamento de uma ação de execução e puder fornecer informações adicionais sobre a alegada violação, reanalisaremos essas informações e poderemos interpor recurso sempre que tivermos determinado que não ocorreu uma violação. -If you seek reinstatement or wish to appeal an enforcement action, please contact [support](https://support.github.com/contact?tags=docs-policy). +Se você procurar restabelecer ou recorrer de uma ação de execução, entre em contato com [suporte](https://support.github.com/contact?tags=docs-policy). ## Avisos Legais Colocamos essas Diretrizes da Comunidade em domínio público para que qualquer pessoa use, reutilize, adapte, ou seja o que for, nos termos de [CC0-1.0](https://creativecommons.org/publicdomain/zero/1.0/). -Estas são apenas diretrizes; elas não modificam nossos [Termos de Serviço](/articles/github-terms-of-service/) e não pretendem ser uma lista completa. Under those terms, GitHub retains full discretion to remove any content or terminate any accounts for activity that violates our [Acceptable Use Policies](/articles/github-acceptable-use-policies). Estas diretrizes descrevem quando iremos exercer esse critério. +Estas são apenas diretrizes; elas não modificam nossos [Termos de Serviço](/articles/github-terms-of-service/) e não pretendem ser uma lista completa. Nesses termos, o GitHub mantém o critério completo para remover qualquer conteúdo ou encerrar quaisquer contas de atividade que violem as nossas [Políticas de uso aceitável](/articles/github-acceptable-use-policies). Estas diretrizes descrevem quando iremos exercer esse critério. diff --git a/translations/pt-BR/content/site-policy/privacy-policies/github-data-protection-agreement.md b/translations/pt-BR/content/site-policy/privacy-policies/github-data-protection-agreement.md index 1afb2392b9..b3d0f3a842 100644 --- a/translations/pt-BR/content/site-policy/privacy-policies/github-data-protection-agreement.md +++ b/translations/pt-BR/content/site-policy/privacy-policies/github-data-protection-agreement.md @@ -493,8 +493,8 @@ O importador de dados só divulgará os dados pessoais a terceiros com base em i
  1. [Onde o exportador de dados é estabelecido em Estado-membro da UE:] A autoridade supervisora responsável pelo cumprimento da regulamentação (UE) 2016/679 relativa à transferência de dados, por parte do exportador de dados, conforme indicado no Anexo I.C, atuará como autoridade supervisora competente.

    - [Where the data exporter is not established in an EU Member State, but falls within the territorial scope of application of Regulation (EU) 2016/679 in accordance with its Article 3(2) and has appointed a representative pursuant to Article 27(1) of Regulation (EU) 2016/679:] The supervisory authority of the Member State in which the representative within the meaning of Article 27(1) of Regulation (EU) 2016/679 is established, as indicated in Annex I.C, shall act as competent supervisory authority.

    - [Where the data exporter is not established in an EU Member State, but falls within the territorial scope of application of Regulation (EU) 2016/679 in accordance with its Article 3(2) without however having to appoint a representative pursuant to Article 27(2) of Regulation (EU) 2016/679:] The supervisory authority of one of the Member States in which the data subjects whose personal data is transferred under these Clauses in relation to the offering of goods or services to them, or whose behaviour is monitored, are located, as indicated in Annex I.C, shall act as competent supervisory authority.

    2. + [Quando o exportador de dados não estiver estabelecido em Estado-membro da UE, mas estiver inserido no escopo da aplicação do Regulamento (EU) 2016/679 nos termos do seu artigo 3(2) e nomear um representante nos termos do artigo 27(1) do Regulamento (UE) 2016/679:] A autoridade reguladora do Estado-membro em que o representante no âmbito do artigo 27(1) do Regulamento 2016/679 foi estabelecida, conforme indicado no Anexo I.C, atuará como autoridade supervisora competente.

    + [Quando o exportador de dados não tiver sido estabelecido em Estado-membro da UE, mas inserir-se no escopo de aplicação do Regulamento (CE) 2016/679 nos termos do seu artigo 3(2), sem, no entanto, ter de nomear um representante nos termos do artigo 27(2) do artigo do Regulamento (UE) 2016/679:] A autoridade reguladora de um dos Estados-membros em que os titulares dos dados são transferidos ao abrigo destas cláusulas em relação à oferta de bens ou serviços, ou cujo comportamento é monitorizado encontram-se localizados, tal como indicado no Anexo I.C, atuará como autoridade supervisora competente.
  2. O importador de dados concorda em submeter-se à jurisdição e em cooperar com a autoridade supervisora competente em todos os procedimentos que visem a assegurar o cumprimento destas alegações. Em particular, o importador de dados concorda em responder a dúvidas, submeter-se a auditorias e cumprir as medidas adotadas pelas autoridades de supervisão, incluindo medidas corretivas e compensatórias. Ele dará à autoridade de supervisão uma confirmação escrita de que foram tomadas as medidas necessárias.
diff --git a/translations/pt-BR/data/features/mermaid.yml b/translations/pt-BR/data/features/mermaid.yml index 09870e35f9..db633f907d 100644 --- a/translations/pt-BR/data/features/mermaid.yml +++ b/translations/pt-BR/data/features/mermaid.yml @@ -1,8 +1,8 @@ --- -#Issue 5812 and 6172 -#Mermaid syntax support +#Issues 5812 and 6172, also 6411 +#Mermaid syntax support, also ASCII STL and geoJSON/topoJSON syntax support versions: fpt: '*' ghec: '*' - ghes: '>=3.5' + ghes: '>=3.6' ghae: 'issue-6172' diff --git a/translations/pt-BR/data/learning-tracks/code-security.yml b/translations/pt-BR/data/learning-tracks/code-security.yml index 1d8da44666..cec735f872 100644 --- a/translations/pt-BR/data/learning-tracks/code-security.yml +++ b/translations/pt-BR/data/learning-tracks/code-security.yml @@ -18,39 +18,39 @@ dependabot_alerts: title: 'Obter notificações para dependências vulneráveis' description: 'Configure o Dependabot para alertá-lo sobre novas vulnerabilidades nas suas dependências.' guides: - - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-alerts-for-vulnerable-dependencies + - /code-security/dependabot/dependabot-alerts/about-dependabot-alerts - '{% ifversion fpt or ghec or ghes > 3.2 %}/github/administering-a-repository/managing-repository-settings/managing-security-and-analysis-settings-for-your-repository{% endif %}' - - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/viewing-and-updating-vulnerable-dependencies-in-your-repository - - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/configuring-notifications-for-vulnerable-dependencies - - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/managing-pull-requests-for-dependency-updates - - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/troubleshooting-the-detection-of-vulnerable-dependencies - - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/troubleshooting-dependabot-errors + - /code-security/dependabot/dependabot-alerts/viewing-and-updating-dependabot-alerts + - /code-security/dependabot/dependabot-alerts/configuring-notifications-for-dependabot-alerts + - /code-security/dependabot/working-with-dependabot/managing-pull-requests-for-dependency-updates + - /code-security/dependabot/working-with-dependabot/troubleshooting-the-detection-of-vulnerable-dependencies + - /code-security/dependabot/working-with-dependabot/troubleshooting-dependabot-errors #Feature available on dotcom and GHES 3.3+, so articles available on GHAE and earlier GHES hidden to hide the learning track dependabot_security_updates: title: 'Obtenha pull requests para atualizar suas dependências vulneráveis' description: 'Configurar o Dependabot para criar pull requests quando novas vulnerabilidades forem relatadas.' guides: - - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-dependabot-security-updates - - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/configuring-dependabot-security-updates + - /code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates + - /code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates - '{% ifversion fpt or ghec or ghes > 3.2 %}/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/configuring-notifications-for-vulnerable-dependencies{% endif %}' - '{% ifversion fpt or ghec or ghes > 3.2 %}/github/administering-a-repository/managing-repository-settings/managing-security-and-analysis-settings-for-your-repository{% endif %}' - - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/managing-pull-requests-for-dependency-updates + - /code-security/dependabot/working-with-dependabot/managing-pull-requests-for-dependency-updates - '{% ifversion fpt or ghec or ghes > 3.2 %}/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/troubleshooting-the-detection-of-vulnerable-dependencies{% endif %}' #Feature available only on dotcom and GHES 3.3+ dependency_version_updates: title: 'Mantenha suas dependências atualizadas' description: 'Use o Dependabot para verificar novas versões e criar pull requests para atualizar suas dependências.' guides: - - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/about-dependabot-version-updates - - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-dependabot-version-updates - - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/customizing-dependency-updates - - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/configuration-options-for-dependency-updates - - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/keeping-your-actions-up-to-date-with-dependabot - - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/automating-dependabot-with-github-actions - - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/listing-dependencies-configured-for-version-updates - - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/managing-encrypted-secrets-for-dependabot - - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/managing-pull-requests-for-dependency-updates - - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/troubleshooting-dependabot-errors + - /code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates + - /code-security/dependabot/dependabot-version-updates/configuring-dependabot-version-updates + - /code-security/dependabot/dependabot-version-updates/customizing-dependency-updates + - /code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file + - /code-security/dependabot/working-with-dependabot/keeping-your-actions-up-to-date-with-dependabot + - /code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions + - /code-security/dependabot/dependabot-version-updates/listing-dependencies-configured-for-version-updates + - /code-security/dependabot/working-with-dependabot/managing-encrypted-secrets-for-dependabot + - /code-security/dependabot/working-with-dependabot/managing-pull-requests-for-dependency-updates + - /code-security/dependabot/working-with-dependabot/troubleshooting-dependabot-errors #Feature available in GHEC, GHES 3.0 up, and GHAE. Feature limited on FPT so hidden there. secret_scanning: title: 'Escanear em busca de segredos' diff --git a/translations/pt-BR/data/product-examples/code-security/code-examples.yml b/translations/pt-BR/data/product-examples/code-security/code-examples.yml index 2eda1625c6..d28572c171 100644 --- a/translations/pt-BR/data/product-examples/code-security/code-examples.yml +++ b/translations/pt-BR/data/product-examples/code-security/code-examples.yml @@ -24,7 +24,7 @@ #Security policies title: Modelo de política de segurança da Microsoft description: Exemplo de política de segurança - href: https://github.com/microsoft/repo-templates/blob/main/shared/SECURITY.md + href: /microsoft/repo-templates/blob/main/shared/SECURITY.md tags: - Política de segurança - diff --git a/translations/pt-BR/data/release-notes/enterprise-server/3-2/0-rc1.yml b/translations/pt-BR/data/release-notes/enterprise-server/3-2/0-rc1.yml index ccd6fe5c4e..5974ae027a 100644 --- a/translations/pt-BR/data/release-notes/enterprise-server/3-2/0-rc1.yml +++ b/translations/pt-BR/data/release-notes/enterprise-server/3-2/0-rc1.yml @@ -137,19 +137,19 @@ sections: - heading: 'Digitalização de código e alterações na digitalização de segredo' notes: - - '{% data variables.product.prodname_code_scanning_capc %} with {% data variables.product.prodname_codeql %} now generates diagnostic information for all supported languages. This helps check the state of the created database to understand the status and quality of performed analysis. The diagnostic information is available starting in [version 2.5.6](https://github.com/github/codeql-cli-binaries/releases) of the [{% data variables.product.prodname_codeql_cli %}](https://codeql.github.com/docs/codeql-cli/). You can see the detailed diagnostic information in the {% data variables.product.prodname_actions %} logs for {% data variables.product.prodname_codeql %}. For more information, see "[Viewing code scanning logs](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/viewing-code-scanning-logs)."' - - '{% data variables.product.prodname_code_scanning_capc %} with {% data variables.product.prodname_codeql_cli %} now supports analyzing several languages during a single build. This makes it easier to run code analysis to use CI/CD systems other than {% data variables.product.prodname_actions %}. The new mode of the `codeql database create` command is available starting [version 2.5.6](https://github.com/github/codeql-cli-binaries/releases) of the [{% data variables.product.prodname_codeql_cli %}](https://codeql.github.com/docs/codeql-cli/). For more information about setting this up, see "[Installing {% data variables.product.prodname_codeql_cli %} in your CI system](/code-security/secure-coding/using-codeql-code-scanning-with-your-existing-ci-system/running-codeql-cli-in-your-ci-system)."' - - '{% data variables.product.prodname_code_scanning_capc %} alerts from all enabled tools are now shown in one consolidated list, so that you can easily prioritize across all alerts. You can view alerts from a specific tool by using the "Tool" filter, and the "Rule" and "Tag" filters will dynamically update based on your "Tool" selection.' - - '{% data variables.product.prodname_code_scanning_capc %} with {% data variables.product.prodname_codeql %} now includes beta support for analyzing C++20 code. This is only available when building codebases with GCC on Linux. C++20 modules are not supported yet.' + - '{% data variables.product.prodname_code_scanning_capc %} com {% data variables.product.prodname_codeql %} agora gera informações de diagnóstico para todos os idiomas compatíveis. Isso ajuda a verificar o estado da base de dados criada para entender o status e a qualidade da análise realizada. As informações de diagnóstico estão disponíveis a partir da [versão 2.5.6](https://github.com/github/codeql-cli-binaries/releases) do [{% data variables.product.prodname_codeql_cli %}](https://codeql. ithub.com/docs/codeql-cli/). Você pode ver as informações detalhadas de diagnóstico nos registros de {% data variables.product.prodname_actions %} para {% data variables.product.prodname_codeql %}. Para obter mais informações, consulte "[Exibindo registros de digitalização de código](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/viewing-code-scanning-logs)."' + - '{% data variables.product.prodname_code_scanning_capc %} com {% data variables.product.prodname_codeql_cli %} agora é compatível com a análise de várias linguagens durante uma única compilação. Isso torna mais fácil executar a análise de código para usar sistemas CI/CD diferentes de {% data variables.product.prodname_actions %}. O novo modo do `codeql database create` está disponível a partir da [versão 2.5.6](https://github. om/github/codeql-cli-binaries/releases) de [{% data variables.product.prodname_codeql_cli %}](https://codeql.github.com/docs/codeql-cli/). Para obter mais informações sobre a configuração desse item, consulte "[Instalando {% data variables.product.prodname_codeql_cli %} no seu sistema de CI](/code-security/secure-coding/using-codeql-code-scanning-with-your-existing-ci-system/running-codeql-cli-in-your-ci-system)."' + - 'Os alertas de {% data variables.product.prodname_code_scanning_capc %} de todas as ferramentas habilitadas agora são exibidos em uma lista consolidada para que você possa facilmente priorizar em todos os alertas. Você pode ver os alertas a partir de uma ferramenta específica, usando o filtro "Ferramenta", e os filtros de "Regra" e "Tag" serão atualizados dinamicamente com base na sua seleção de "ferramenta".' + - '{% data variables.product.prodname_code_scanning_capc %} com {% data variables.product.prodname_codeql %} agora inclui suporte de beta para a análise de código C+20. Isto só está disponível quando a criação de bases de códigos com GCC no Linux. Os módulos C++20 ainda não são compatíveis.' - The depth of {% data variables.product.prodname_codeql %}'s analysis has been improved by adding support for more [libraries and frameworks](https://codeql.github.com/docs/codeql-overview/supported-languages-and-frameworks/) and increasing the coverage of our existing library and framework models for several languages ([C++](https://github.com/github/codeql/tree/main/cpp), [JavaScript](https://github.com/github/codeql/tree/main/javascript), [Python](https://github.com/github/codeql/tree/main/python), and [Java](https://github.com/github/codeql/tree/main/java)). As a result, {% data variables.product.prodname_codeql %} can now detect even more potential sources of untrusted user data, review the steps through which that data flows, and identify potentially dangerous sinks in which this data could end up. This results in an overall improvement of the quality of the {% data variables.product.prodname_code_scanning %} alerts. For more information, see the [{% data variables.product.prodname_dotcom %} changelog](https://github.blog/changelog/2021-07-01-codeql-code-scanning-now-recognizes-more-sources-and-uses-of-untrusted-user-data/). - | - {% data variables.product.prodname_code_scanning_capc %} now shows `security-severity` levels for CodeQL security alerts. You can configure which `security-severity` levels will cause a check failure for a pull request. The severity level of security alerts can be `critical`, `high`, `medium`, or `low`. By default, any {% data variables.product.prodname_code_scanning %} alerts with a `security-severity` of `critical` or `high` will cause a pull request check failure. + {% data variables.product.prodname_code_scanning_capc %} agora mostra níveis de "gravidade" para alertas de segurança do CodeQL. Você pode configurar quais níveis de 'security-severity´ causarão uma falha de verificação para um pull request. O nível de gravidade dos alertas de segurança pode ser `crítico`, `alto`, `médio` ou `baixo`. Por padrão, todos os alertas de {% data variables.product.prodname_code_scanning %} com `security-severity` `crítico` ou `alto` causarão falha de verificação de pull request. - Additionally, you can now also configure which severity levels will cause a pull request check to fail for non-security alerts. You can configure this behavior at the repository level, and define whether alerts with the severity `error`, `warning`, or `note` will cause a pull request check to fail. By default, non-security {% data variables.product.prodname_code_scanning %} alerts with a severity of `error` will cause a pull request check failure. + Além disso, agora você também pode configurar quais níveis de gravidade causarão uma falha na verificação de pull request para alertas que não são de segurança. Você pode configurar este comportamento no nível do repositório e definir se os alertas com a gravidade`erro`, `aviso`, ou `nota` farão com que uma verificação de pull request falhe. Por padrão, os alertas que não são de segurança de {% data variables.product.prodname_code_scanning %} com uma gravidade de 'erro' causarão uma falha de verificação de pull request. - For more information see "[Defining which alert severity levels cause pull request check failure](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#defining-the-severities-causing-pull-request-check-failure)." + Para obter mais informações, consulte "[Definir quais níveis de gravidade de alerta causam falha de verificação de pull request](/code-security/code-scanning/automaticamente-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#defining-the-severities-causing-request-check-failure). - ![List of code scanning alerts with security levels](/assets/images/enterprise/3.2/release-notes/code-scanning-alerts.png) + ![Lista de alertas de digitalização de código com níveis de segurança](/assets/images/enterprise/3.2/release-notes/code-scanning-alerts.png) - | As melhorias no filtro de branch para alertas de {% data variables.product.prodname_code_scanning %} tornam mais claro quais alertas de {% data variables.product.prodname_code_scanning %} estão sendo exibidos na página de alertas. Por padrão, os alertas de {% data variables.product.prodname_code_scanning %} são filtrados para mostrar alertas somente para o branch padrão do repositório. Você pode usar o filtro de branch para exibir os alertas em qualquer um dos branches não padrão. Qualquer filtro de branch que foi aplicado é mostrado na barra de pesquisa. @@ -191,33 +191,33 @@ sections: notes: - '**{% data variables.product.prodname_ghe_server %} 2.21 tornou-se obsoleto em 6 de junho de 2021**. Isso significa que não serão feitas versões de patch, mesmo para questões essenciais de segurança, após esta data. Para obter melhor desempenho, melhorar a segurança e novas funcionalidades, [faça a atualização para a versão mais recente de {% data variables.product.prodname_ghe_server %}](/enterprise-server@3.2/admin/enterprise-management/upgrading-github-enterprise-server) assim que possível.' - - heading: Deprecation of GitHub Enterprise Server 2.22 + heading: Obsoletização do GitHub Enterprise Server 2.22 notes: - - '**{% data variables.product.prodname_ghe_server %} 2.22 will be discontinued on September 23, 2021**. That means that no patch releases will be made, even for critical security issues, after this date. For better performance, improved security, and new features, [upgrade to the newest version of {% data variables.product.prodname_ghe_server %}](/enterprise-server@3.2/admin/enterprise-management/upgrading-github-enterprise-server) as soon as possible.' + - '**{% data variables.product.prodname_ghe_server %} 2.22 irá tornar-se obsoleto em 23 de setembro de 2021**. Isso significa que não serão feitas versões de patch, mesmo para questões essenciais de segurança, após esta data. Para obter melhor desempenho, melhorar a segurança e novas funcionalidades, [faça a atualização para a versão mais recente de {% data variables.product.prodname_ghe_server %}](/enterprise-server@3.2/admin/enterprise-management/upgrading-github-enterprise-server) assim que possível.' - heading: Obsolescência do suporte para Hypervisor XenServer notes: - - Beginning in {% data variables.product.prodname_ghe_server %} 3.1, we will begin discontinuing support for Xen Hypervisor. The complete deprecation is scheduled for {% data variables.product.prodname_ghe_server %} 3.3, following the standard one year deprecation window. Please contact [GitHub Support](https://support.github.com/contact) with questions or concerns. + - A partir de {% data variables.product.prodname_ghe_server %} 3.1, começaremos a cancelar o suporte para o Hypervisor Xen. A obsolescência completa está agendada para {% data variables.product.prodname_ghe_server %} 3.3, seguindo o padrão de janela de obsolescência de um ano. Em caso de dúvidas, entre em contato com o [suporte do GitHub](https://support.github.com/contact). - - heading: Removal of Legacy GitHub Services + heading: Remoção dos Serviços de legado do GitHub notes: - - '{% data variables.product.prodname_ghe_server %} 3.2 removes unused GitHub Service database records. More information is available in the [deprecation announcement post](https://developer.github.com/changes/2018-04-25-github-services-deprecation/).' + - '{% data variables.product.prodname_ghe_server %} 3.2 remove registros de banco de dados do GitHub Service não utilizados. Mais informações estão disponíveis no [post de anúncio da obsolescência](https://developer.github.com/changes/2018-04-25-github-services-deprecation/).' - - heading: Deprecation of OAuth Application API endpoints and API authentication via query parameters + heading: A obsolescência dos pontos de extremidade da API do aplicativo OAuth e autenticação da API por meio parâmetros de consulta notes: - | - To prevent accidental logging or exposure of `access_tokens`, we discourage the use of OAuth Application API endpoints and the use of API auth via query params. Visit the following posts to see the proposed replacements: + Para evitar o registro acidental ou a exposição de `access_tokens`, não incentivamos o uso de pontos de extremidade da API do aplicativo OAuth e o uso da autenticação da API usando parâmetros de consulta. Veja os seguintes posts para ver as substituições propostas: - * [Replacement OAuth Application API endpoints](https://developer.github.com/changes/2020-02-14-deprecating-oauth-app-endpoint/#changes-to-make) - * [Replacement auth via headers instead of query param](https://developer.github.com/changes/2020-02-10-deprecating-auth-through-query-param/#changes-to-make) + * [Substituição da API do aplicativo OAuth](https://developer.github. om/changes/2020-02-14-deprecating-oauth-app-endpoint/#changes-to-make) + * [Substituição da autenticação usando cabeçalhos em vez de parâmetros de consulta](https://developer.github. om/changes/2020-02-10-deprecating-auth-through-query-param/#changes-to-make) - These endpoints and auth route are planned to be removed from {% data variables.product.prodname_ghe_server %} in {% data variables.product.prodname_ghe_server %} 3.4. + Estes pontos de extremidade e rota de autenticação estão planejados para serem removidos de {% data variables.product.prodname_ghe_server %} em {% data variables.product.prodname_ghe_server %} 3.4. - - heading: Removal of legacy GitHub App webhook events and endpoints + heading: Remoção dos eventos de webhook do legado do aplicativo GitHub e pontos de extremidade notes: - | - Two legacy GitHub Apps-related webhook events have been removed: `integration_installation` and `integration_installation_repositories`. You should instead be listening to the `installation` and `installation_repositories` events. + Dois eventos de webhook relacionados a aplicativos legados foram removidos: `integration_installation` e `integration_installation_repositories`. Em vez disso, você deveria estar ouvindo os eventos `installation` e `installation_repositories`. - | - The following REST API endpoint has been removed: `POST /installations/{installation_id}/access_tokens`. You should instead be using the namespaced equivalent `POST /app/installations/{installation_id}/access_tokens`. + O ponto de extremidade a seguir da API REST foi removido: `POST /installations/{installation_id}/access_tokens`. Você deverá usar o namespaced equivalente `POST /app/installations/{installation_id}/access_tokens`. backups: - - '{% data variables.product.prodname_ghe_server %} 3.2 requires at least [GitHub Enterprise Backup Utilities 3.2.0](https://github.com/github/backup-utils) for [Backups and Disaster Recovery](/enterprise-server@3.2/admin/configuration/configuring-backups-on-your-appliance).' + - '{% data variables.product.prodname_ghe_server %} 3.2 exige pelo menos uma versão dos [Utilitários de Backup 3.2.0 do GitHub Enterprise](https://github.com/github/backup-utils) para [Backups Recuperação de Desastre](/enterprise-server@3.2/admin/configuration/configuring-backups-on-your-appliance).' diff --git a/translations/pt-BR/data/release-notes/enterprise-server/3-2/0.yml b/translations/pt-BR/data/release-notes/enterprise-server/3-2/0.yml index 5d80d8630c..adabd988a2 100644 --- a/translations/pt-BR/data/release-notes/enterprise-server/3-2/0.yml +++ b/translations/pt-BR/data/release-notes/enterprise-server/3-2/0.yml @@ -138,19 +138,19 @@ sections: - heading: 'Digitalização de código e alterações na digitalização de segredo' notes: - - '{% data variables.product.prodname_code_scanning_capc %} with {% data variables.product.prodname_codeql %} now generates diagnostic information for all supported languages. This helps check the state of the created database to understand the status and quality of performed analysis. The diagnostic information is available starting in [version 2.5.6](https://github.com/github/codeql-cli-binaries/releases) of the [{% data variables.product.prodname_codeql_cli %}](https://codeql.github.com/docs/codeql-cli/). You can see the detailed diagnostic information in the {% data variables.product.prodname_actions %} logs for {% data variables.product.prodname_codeql %}. For more information, see "[Viewing code scanning logs](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/viewing-code-scanning-logs)."' - - '{% data variables.product.prodname_code_scanning_capc %} with {% data variables.product.prodname_codeql_cli %} now supports analyzing several languages during a single build. This makes it easier to run code analysis to use CI/CD systems other than {% data variables.product.prodname_actions %}. The new mode of the `codeql database create` command is available starting [version 2.5.6](https://github.com/github/codeql-cli-binaries/releases) of the [{% data variables.product.prodname_codeql_cli %}](https://codeql.github.com/docs/codeql-cli/). For more information about setting this up, see "[Installing {% data variables.product.prodname_codeql_cli %} in your CI system](/code-security/secure-coding/using-codeql-code-scanning-with-your-existing-ci-system/running-codeql-cli-in-your-ci-system)."' - - '{% data variables.product.prodname_code_scanning_capc %} alerts from all enabled tools are now shown in one consolidated list, so that you can easily prioritize across all alerts. You can view alerts from a specific tool by using the "Tool" filter, and the "Rule" and "Tag" filters will dynamically update based on your "Tool" selection.' - - '{% data variables.product.prodname_code_scanning_capc %} with {% data variables.product.prodname_codeql %} now includes beta support for analyzing C++20 code. This is only available when building codebases with GCC on Linux. C++20 modules are not supported yet.' + - '{% data variables.product.prodname_code_scanning_capc %} com {% data variables.product.prodname_codeql %} agora gera informações de diagnóstico para todos os idiomas compatíveis. Isso ajuda a verificar o estado da base de dados criada para entender o status e a qualidade da análise realizada. As informações de diagnóstico estão disponíveis a partir da [versão 2.5.6](https://github.com/github/codeql-cli-binaries/releases) do [{% data variables.product.prodname_codeql_cli %}](https://codeql. ithub.com/docs/codeql-cli/). Você pode ver as informações detalhadas de diagnóstico nos registros de {% data variables.product.prodname_actions %} para {% data variables.product.prodname_codeql %}. Para obter mais informações, consulte "[Exibindo registros de digitalização de código](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/viewing-code-scanning-logs)."' + - '{% data variables.product.prodname_code_scanning_capc %} com {% data variables.product.prodname_codeql_cli %} agora é compatível com a análise de várias linguagens durante uma única compilação. Isso torna mais fácil executar a análise de código para usar sistemas CI/CD diferentes de {% data variables.product.prodname_actions %}. O novo modo do `codeql database create` está disponível a partir da [versão 2.5.6](https://github. om/github/codeql-cli-binaries/releases) de [{% data variables.product.prodname_codeql_cli %}](https://codeql.github.com/docs/codeql-cli/). Para obter mais informações sobre a configuração desse item, consulte "[Instalando {% data variables.product.prodname_codeql_cli %} no seu sistema de CI](/code-security/secure-coding/using-codeql-code-scanning-with-your-existing-ci-system/running-codeql-cli-in-your-ci-system)."' + - 'Os alertas de {% data variables.product.prodname_code_scanning_capc %} de todas as ferramentas habilitadas agora são exibidos em uma lista consolidada para que você possa facilmente priorizar em todos os alertas. Você pode ver os alertas a partir de uma ferramenta específica, usando o filtro "Ferramenta", e os filtros de "Regra" e "Tag" serão atualizados dinamicamente com base na sua seleção de "ferramenta".' + - '{% data variables.product.prodname_code_scanning_capc %} com {% data variables.product.prodname_codeql %} agora inclui suporte de beta para a análise de código C+20. Isto só está disponível quando a criação de bases de códigos com GCC no Linux. Os módulos C++20 ainda não são compatíveis.' - The depth of {% data variables.product.prodname_codeql %}'s analysis has been improved by adding support for more [libraries and frameworks](https://codeql.github.com/docs/codeql-overview/supported-languages-and-frameworks/) and increasing the coverage of our existing library and framework models for several languages ([C++](https://github.com/github/codeql/tree/main/cpp), [JavaScript](https://github.com/github/codeql/tree/main/javascript), [Python](https://github.com/github/codeql/tree/main/python), and [Java](https://github.com/github/codeql/tree/main/java)). As a result, {% data variables.product.prodname_codeql %} can now detect even more potential sources of untrusted user data, review the steps through which that data flows, and identify potentially dangerous sinks in which this data could end up. This results in an overall improvement of the quality of the {% data variables.product.prodname_code_scanning %} alerts. For more information, see the [{% data variables.product.prodname_dotcom %} changelog](https://github.blog/changelog/2021-07-01-codeql-code-scanning-now-recognizes-more-sources-and-uses-of-untrusted-user-data/). - | - {% data variables.product.prodname_code_scanning_capc %} now shows `security-severity` levels for CodeQL security alerts. You can configure which `security-severity` levels will cause a check failure for a pull request. The severity level of security alerts can be `critical`, `high`, `medium`, or `low`. By default, any {% data variables.product.prodname_code_scanning %} alerts with a `security-severity` of `critical` or `high` will cause a pull request check failure. + {% data variables.product.prodname_code_scanning_capc %} agora mostra níveis de "gravidade" para alertas de segurança do CodeQL. Você pode configurar quais níveis de 'security-severity´ causarão uma falha de verificação para um pull request. O nível de gravidade dos alertas de segurança pode ser `crítico`, `alto`, `médio` ou `baixo`. Por padrão, todos os alertas de {% data variables.product.prodname_code_scanning %} com `security-severity` `crítico` ou `alto` causarão falha de verificação de pull request. - Additionally, you can now also configure which severity levels will cause a pull request check to fail for non-security alerts. You can configure this behavior at the repository level, and define whether alerts with the severity `error`, `warning`, or `note` will cause a pull request check to fail. By default, non-security {% data variables.product.prodname_code_scanning %} alerts with a severity of `error` will cause a pull request check failure. + Além disso, agora você também pode configurar quais níveis de gravidade causarão uma falha na verificação de pull request para alertas que não são de segurança. Você pode configurar este comportamento no nível do repositório e definir se os alertas com a gravidade`erro`, `aviso`, ou `nota` farão com que uma verificação de pull request falhe. Por padrão, os alertas que não são de segurança de {% data variables.product.prodname_code_scanning %} com uma gravidade de 'erro' causarão uma falha de verificação de pull request. - For more information see "[Defining which alert severity levels cause pull request check failure](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#defining-the-severities-causing-pull-request-check-failure)." + Para obter mais informações, consulte "[Definir quais níveis de gravidade de alerta causam falha de verificação de pull request](/code-security/code-scanning/automaticamente-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#defining-the-severities-causing-request-check-failure). - ![List of code scanning alerts with security levels](/assets/images/enterprise/3.2/release-notes/code-scanning-alerts.png) + ![Lista de alertas de digitalização de código com níveis de segurança](/assets/images/enterprise/3.2/release-notes/code-scanning-alerts.png) - | As melhorias no filtro de branch para alertas de {% data variables.product.prodname_code_scanning %} tornam mais claro quais alertas de {% data variables.product.prodname_code_scanning %} estão sendo exibidos na página de alertas. Por padrão, os alertas de {% data variables.product.prodname_code_scanning %} são filtrados para mostrar alertas somente para o branch padrão do repositório. Você pode usar o filtro de branch para exibir os alertas em qualquer um dos branches não padrão. Qualquer filtro de branch que foi aplicado é mostrado na barra de pesquisa. @@ -192,33 +192,33 @@ sections: notes: - '**{% data variables.product.prodname_ghe_server %} 2.21 tornou-se obsoleto em 6 de junho de 2021**. Isso significa que não serão feitas versões de patch, mesmo para questões essenciais de segurança, após esta data. Para obter melhor desempenho, melhorar a segurança e novas funcionalidades, [faça a atualização para a versão mais recente de {% data variables.product.prodname_ghe_server %}](/enterprise-server@3.2/admin/enterprise-management/upgrading-github-enterprise-server) assim que possível.' - - heading: Deprecation of GitHub Enterprise Server 2.22 + heading: Obsoletização do GitHub Enterprise Server 2.22 notes: - - '**{% data variables.product.prodname_ghe_server %} 2.22 will be discontinued on September 23, 2021**. That means that no patch releases will be made, even for critical security issues, after this date. For better performance, improved security, and new features, [upgrade to the newest version of {% data variables.product.prodname_ghe_server %}](/enterprise-server@3.2/admin/enterprise-management/upgrading-github-enterprise-server) as soon as possible.' + - '**{% data variables.product.prodname_ghe_server %} 2.22 irá tornar-se obsoleto em 23 de setembro de 2021**. Isso significa que não serão feitas versões de patch, mesmo para questões essenciais de segurança, após esta data. Para obter melhor desempenho, melhorar a segurança e novas funcionalidades, [faça a atualização para a versão mais recente de {% data variables.product.prodname_ghe_server %}](/enterprise-server@3.2/admin/enterprise-management/upgrading-github-enterprise-server) assim que possível.' - heading: Obsolescência do suporte para Hypervisor XenServer notes: - - Beginning in {% data variables.product.prodname_ghe_server %} 3.1, we will begin discontinuing support for Xen Hypervisor. The complete deprecation is scheduled for {% data variables.product.prodname_ghe_server %} 3.3, following the standard one year deprecation window. Please contact [GitHub Support](https://support.github.com/contact) with questions or concerns. + - A partir de {% data variables.product.prodname_ghe_server %} 3.1, começaremos a cancelar o suporte para o Hypervisor Xen. A obsolescência completa está agendada para {% data variables.product.prodname_ghe_server %} 3.3, seguindo o padrão de janela de obsolescência de um ano. Em caso de dúvidas, entre em contato com o [suporte do GitHub](https://support.github.com/contact). - - heading: Removal of Legacy GitHub Services + heading: Remoção dos Serviços de legado do GitHub notes: - - '{% data variables.product.prodname_ghe_server %} 3.2 removes unused GitHub Service database records. More information is available in the [deprecation announcement post](https://developer.github.com/changes/2018-04-25-github-services-deprecation/).' + - '{% data variables.product.prodname_ghe_server %} 3.2 remove registros de banco de dados do GitHub Service não utilizados. Mais informações estão disponíveis no [post de anúncio da obsolescência](https://developer.github.com/changes/2018-04-25-github-services-deprecation/).' - - heading: Deprecation of OAuth Application API endpoints and API authentication via query parameters + heading: A obsolescência dos pontos de extremidade da API do aplicativo OAuth e autenticação da API por meio parâmetros de consulta notes: - | - To prevent accidental logging or exposure of `access_tokens`, we discourage the use of OAuth Application API endpoints and the use of API auth via query params. Visit the following posts to see the proposed replacements: + Para evitar o registro acidental ou a exposição de `access_tokens`, não incentivamos o uso de pontos de extremidade da API do aplicativo OAuth e o uso da autenticação da API usando parâmetros de consulta. Veja os seguintes posts para ver as substituições propostas: - * [Replacement OAuth Application API endpoints](https://developer.github.com/changes/2020-02-14-deprecating-oauth-app-endpoint/#changes-to-make) - * [Replacement auth via headers instead of query param](https://developer.github.com/changes/2020-02-10-deprecating-auth-through-query-param/#changes-to-make) + * [Substituição da API do aplicativo OAuth](https://developer.github. om/changes/2020-02-14-deprecating-oauth-app-endpoint/#changes-to-make) + * [Substituição da autenticação usando cabeçalhos em vez de parâmetros de consulta](https://developer.github. om/changes/2020-02-10-deprecating-auth-through-query-param/#changes-to-make) - These endpoints and auth route are planned to be removed from {% data variables.product.prodname_ghe_server %} in {% data variables.product.prodname_ghe_server %} 3.4. + Estes pontos de extremidade e rota de autenticação estão planejados para serem removidos de {% data variables.product.prodname_ghe_server %} em {% data variables.product.prodname_ghe_server %} 3.4. - - heading: Removal of legacy GitHub App webhook events and endpoints + heading: Remoção dos eventos de webhook do legado do aplicativo GitHub e pontos de extremidade notes: - | - Two legacy GitHub Apps-related webhook events have been removed: `integration_installation` and `integration_installation_repositories`. You should instead be listening to the `installation` and `installation_repositories` events. + Dois eventos de webhook relacionados a aplicativos legados foram removidos: `integration_installation` e `integration_installation_repositories`. Em vez disso, você deveria estar ouvindo os eventos `installation` e `installation_repositories`. - | - The following REST API endpoint has been removed: `POST /installations/{installation_id}/access_tokens`. You should instead be using the namespaced equivalent `POST /app/installations/{installation_id}/access_tokens`. + O ponto de extremidade a seguir da API REST foi removido: `POST /installations/{installation_id}/access_tokens`. Você deverá usar o namespaced equivalente `POST /app/installations/{installation_id}/access_tokens`. backups: - - '{% data variables.product.prodname_ghe_server %} 3.2 requires at least [GitHub Enterprise Backup Utilities 3.2.0](https://github.com/github/backup-utils) for [Backups and Disaster Recovery](/enterprise-server@3.2/admin/configuration/configuring-backups-on-your-appliance).' + - '{% data variables.product.prodname_ghe_server %} 3.2 exige pelo menos uma versão dos [Utilitários de Backup 3.2.0 do GitHub Enterprise](https://github.com/github/backup-utils) para [Backups Recuperação de Desastre](/enterprise-server@3.2/admin/configuration/configuring-backups-on-your-appliance).' diff --git a/translations/pt-BR/data/release-notes/enterprise-server/3-3/0-rc1.yml b/translations/pt-BR/data/release-notes/enterprise-server/3-3/0-rc1.yml index 28d3886883..5cc865e2a6 100644 --- a/translations/pt-BR/data/release-notes/enterprise-server/3-3/0-rc1.yml +++ b/translations/pt-BR/data/release-notes/enterprise-server/3-3/0-rc1.yml @@ -176,7 +176,7 @@ sections: - Os limites de recursos que são específicos para processamento de hooks pre-receive podem causar falha em alguns hooks pre-receive. deprecations: - - heading: Deprecation of GitHub Enterprise Server 2.22 + heading: Obsoletização do GitHub Enterprise Server 2.22 notes: - '**{% data variables.product.prodname_ghe_server %} 2.22 tornou-se obsoleto em 23 de setembro de 2021**. Isso significa que não serão feitas versões de patch, mesmo para questões essenciais de segurança, após esta data. Para obter melhor desempenho, melhorar a segurança e novas funcionalidades, [faça a atualização para a versão mais recente de {% data variables.product.prodname_ghe_server %}](/enterprise-server@3.3/admin/enterprise-management/upgrading-github-enterprise-server) assim que possível.' - diff --git a/translations/pt-BR/data/release-notes/enterprise-server/3-3/0.yml b/translations/pt-BR/data/release-notes/enterprise-server/3-3/0.yml index 6988bdc82b..c912835c21 100644 --- a/translations/pt-BR/data/release-notes/enterprise-server/3-3/0.yml +++ b/translations/pt-BR/data/release-notes/enterprise-server/3-3/0.yml @@ -171,7 +171,7 @@ sections: - 'As configurações de armazenamento de {% data variables.product.prodname_actions %} não podem ser validadas e salvas no {% data variables.enterprise.management_console %} quando "Forçar estilo de caminho" for selecionado e deverão ser definidas com a ferramenta de linha de comando `ghe-actions-precheck`.' deprecations: - - heading: Deprecation of GitHub Enterprise Server 2.22 + heading: Obsoletização do GitHub Enterprise Server 2.22 notes: - '**{% data variables.product.prodname_ghe_server %} 2.22 tornou-se obsoleto em 23 de setembro de 2021**. Isso significa que não serão feitas versões de patch, mesmo para questões essenciais de segurança, após esta data. Para obter melhor desempenho, melhorar a segurança e novas funcionalidades, [faça a atualização para a versão mais recente de {% data variables.product.prodname_ghe_server %}](/enterprise-server@3.3/admin/enterprise-management/upgrading-github-enterprise-server) assim que possível.' - diff --git a/translations/pt-BR/data/release-notes/enterprise-server/3-4/0-rc1.yml b/translations/pt-BR/data/release-notes/enterprise-server/3-4/0-rc1.yml index d81b22ce39..8ad0476919 100644 --- a/translations/pt-BR/data/release-notes/enterprise-server/3-4/0-rc1.yml +++ b/translations/pt-BR/data/release-notes/enterprise-server/3-4/0-rc1.yml @@ -35,7 +35,7 @@ sections: heading: Segurança do Dependabot e atualizações da versão em beta pública notes: - | - {% data variables.product.prodname_dependabot %} is now available in {% data variables.product.prodname_ghe_server %} 3.4 as a public beta, offering both version updates and security updates for several popular ecosystems. {% data variables.product.prodname_dependabot %} on {% data variables.product.prodname_ghe_server %} requires {% data variables.product.prodname_actions %} and a pool of self-hosted runners configured for {% data variables.product.prodname_dependabot %} use. {% data variables.product.prodname_dependabot %} on {% data variables.product.prodname_ghe_server %} also requires {% data variables.product.prodname_github_connect %} and {% data variables.product.prodname_dependabot %} to be enabled by an administrator. Beta feedback and suggestions can be shared in the [{% data variables.product.prodname_dependabot %} Feedback GitHub discussion](https://github.com/github/feedback/discussions/categories/dependabot-feedback). For more information and to try the beta, see "[Setting up {% data variables.product.prodname_dependabot %} security and version updates on your enterprise](/admin/github-actions/enabling-github-actions-for-github-enterprise-server/setting-up-dependabot-updates)." + {% data variables.product.prodname_dependabot %} agora está disponível em {% data variables.product.prodname_ghe_server %} 3.4 como beta público, oferecendo atualizações de versão e segurança para vários ecossistemas populares. {% data variables.product.prodname_dependabot %} em {% data variables.product.prodname_ghe_server %} exige {% data variables.product.prodname_actions %} e um grupo de executores auto-hospedados configurado para uso de {% data variables.product.prodname_dependabot %}. {% data variables.product.prodname_dependabot %} em {% data variables.product.prodname_ghe_server %} também exige {% data variables.product.prodname_github_connect %} e {% data variables.product.prodname_dependabot %} para ser habilitado por um administrador. Feedback de beta e sugestões podem ser compartilhados na [discussão de feedback do GitHub{% data variables.product.prodname_dependabot %}](https://github.com/github/feedback/discussions/categories/dependabot-feedback). Para obter mais informações e testar a versão beta, consulte "[Configurar {% data variables.product.prodname_dependabot %} de segurança e versão de atualizações](/admin/github-actions/enabling-github-actions-for-github-enterprise-server/setting-up-dependabot-updates)." changes: - heading: Alterações na administração @@ -100,41 +100,41 @@ sections: - heading: 'Alterações do GitHub Actions' notes: - - '{% data variables.product.prodname_actions %} workflows triggered by {% data variables.product.prodname_dependabot %} for the `create`, `deployment`, and `deployment_status` events now always receive a read-only token and no secrets. Similarly, workflows triggered by {% data variables.product.prodname_dependabot %} for the `pull_request_target` event on pull requests where the base ref was created by {% data variables.product.prodname_dependabot %}, now always receive a read-only token and no secrets. These changes are designed to prevent potentially malicious code from executing in a privileged workflow. For more information, see "[Automating {% data variables.product.prodname_dependabot %} with {% data variables.product.prodname_actions %}](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/automating-dependabot-with-github-actions)."' - - Workflow runs on `push` and `pull_request` events triggered by {% data variables.product.prodname_dependabot %} will now respect the permissions specified in your workflows, allowing you to control how you manage automatic dependency updates. The default token permissions will remain read-only. For more information, see the "[{% data variables.product.prodname_dotcom %} changelog](https://github.blog/changelog/2021-10-06-github-actions-workflows-triggered-by-dependabot-prs-will-respect-permissions-key-in-workflows/)." - - '{% data variables.product.prodname_actions %} workflows triggered by {% data variables.product.prodname_dependabot %} will now be sent the {% data variables.product.prodname_dependabot %} secrets. You can now pull from private package registries in your CI using the same secrets you have configured for {% data variables.product.prodname_dependabot %} to use, improving how {% data variables.product.prodname_actions %} and {% data variables.product.prodname_dependabot %} work together. For more information, see "[Automating {% data variables.product.prodname_dependabot %} with {% data variables.product.prodname_actions %}](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/automating-dependabot-with-github-actions)."' + - 'Os fluxos de trabalho de {% data variables.product.prodname_actions %} acionados por {% data variables.product.prodname_dependabot %} para os eventos `create`, `deployment` e `deployment_status` agora sempre recebem um token somente leitura e sem segredos. Da mesma forma, os fluxos de trabalho acionados por {% data variables.product.prodname_dependabot %} para o evento `pull_request_target` em pull requests onde o ref base foi criado por {% data variables.product.prodname_dependabot %}, agora sempre recebe um token somente leitura e sem segredos. Essas alterações foram projetadas para impedir que códigos potencialmente maliciosos sejam executados em um fluxo de trabalho privilegiado. Para obter mais informações, consulte "[Automatizar {% data variables.product.prodname_dependabot %} com {% data variables.product.prodname_actions %}](/code-security/supply chain-security/keeping-your-dependencies-updated-automaticamente/automating-dependabot-with-github-actions)."' + - As execuções do fluxo de trabalho em eventos `push` e `pull_request` acionados por {% data variables.product.prodname_dependabot %} agora respeitarão as permissões especificadas nos seus fluxos de trabalho, permitindo que você controle como gerencia atualizações automáticas de dependências. As permissões do token padrão permanecerão somente leitura. Para obter mais informações, consulte, consulte "[o registro de alterações de {% data variables.product.prodname_dotcom %}](https://github.blog/changelog/2021-10-06-github-actions-workflows-triggered-by-dependabot-prs-will-respect-permissions-key-in-workflows/)." + - 'Os fluxos de trabalho de {% data variables.product.prodname_actions %} acionados por {% data variables.product.prodname_dependabot %} serão agora enviados para os segredos de {% data variables.product.prodname_dependabot %}. Agora você pode retirá-los de registros de pacotes privados no seu CI usando os mesmos segredos que você configurou para {% data variables.product.prodname_dependabot %} usar, melhorando como {% data variables.product.prodname_actions %} e {% data variables.product.prodname_dependabot %} trabalham juntos. Para obter mais informações, consulte "[Automatizar {% data variables.product.prodname_dependabot %} com {% data variables.product.prodname_actions %}](/code-security/supply chain-security/keeping-your-dependencies-updated-automatically/automating-dependabot-with-github-actions)."' - Agora você pode gerenciar os grupos de executores e ver o status dos seus executores auto-hospedados usando as novas páginas de executores e grupos de executores na interface do usuário. A página de configurações de ações do seu repositório ou organização agora mostra uma visualização resumo dos seus executores e permite que você se aprofunde em um executor específico para editá-lo ou ver qual trabalho ele pode estar executando atualmente. Para obter mais informações, consulte "[Registro de alterações de {% data variables.product.prodname_dotcom %}](https://github.blog/changelog/2021-09-20-github-actions-experience-refresh-for-the-management-of-self-hosted-runners/)." - 'Autores das ações agora podem ter sua ação executada no Node.js 16 especificando [`runs.using` como `node16` no `action.yml`](/actions/creating-actions/metadata-syntax-for-github-actions#runs-for-javascript-actions). Além do suporte existente ao Node.js 12; as ações podem continuar a especificar `runs.using: node12` para usar o tempo de execução do Node.js 12.' - 'Para fluxos de trabalho acionados manualmente, {% data variables.product.prodname_actions %} agora é compatível com os tipos de entrada `choice`, `boolean` e `environment` além do tipo `string` padrão. Para obter mais informações, consulte "[`on.workflow_dispatch.inputs`](/actions/using-workflows/workflow-syntax-for-github-actions#onworkflow_dispatchinputs)."' - - Actions written in YAML, also known as composite actions, now support `if` conditionals. This lets you prevent specific steps from executing unless a condition has been met. Like steps defined in workflows, you can use any supported context and expression to create a conditional. - - The search order behavior for self-hosted runners has now changed, so that the first available matching runner at any level will run the job in all cases. This allows jobs to be sent to self-hosted runners much faster, especially for organizations and enterprises with lots of self-hosted runners. Previously, when running a job that required a self-hosted runner, {% data variables.product.prodname_actions %} would look for self-hosted runners in the repository, organization, and enterprise, in that order. - - 'Runner labels for {% data variables.product.prodname_actions %} self-hosted runners can now be listed, added and removed using the REST API. For more information about using the new APIs at a repository, organization, or enterprise level, see "[Repositories](/rest/reference/actions#list-labels-for-a-self-hosted-runner-for-a-repository)", "[Organizations](/rest/reference/actions#add-custom-labels-to-a-self-hosted-runner-for-an-organization)", and "[Enterprises](/rest/reference/enterprise-admin#list-labels-for-a-self-hosted-runner-for-an-enterprise)" in the REST API documentation.' + - As ações escritas no YAML, também conhecidas como ações compostas, agora são compatíveis com as condicionais `if`. Isso permite que você impeça a execução de etapas específicas, a menos que uma condição tenha sido atendida. Como as etapas definidas nos fluxos de trabalho, você pode usar qualquer contexto e expressão compatível para criar uma condicional. + - O comportamento da ordem de busca para executores auto-hospedados foi alterado, para que o primeiro executor de correspondência disponível em qualquer nível execute o trabalho em todos os casos. Isso permite que os trabalhos sejam enviados para executores auto-hospedados muito mais rápido, especialmente para organizações e empresas com muitos executores hospedados. Anteriormente, ao executar um trabalho que exigia um executor auto-hospedado, {% data variables.product.prodname_actions %} procuraria por executores auto-hospedados no repositório, organização e empresa, nessa ordem. + - 'As etiquetas do executor para {% data variables.product.prodname_actions %} auto-hospedado agora podem ser listadas, adicionadas e removidas usando a API REST. Para obter mais informações sobre como usar as novas APIs em um repositório, organização ou empresa, consulte "[Repositories](/rest/reference/actions#list-labels-for-a-autohosted-runner-for-a-repository)", "[Organizations](/rest/reference/actions#add-custom-labels-to-autohosted-runner-for-an-organization)", e "[Enterprises](/rest/reference/enterprise-admin#list-labels-for-a-autohosted-runner-for-an-enterprise)" na documentação da API REST.' - heading: 'Alterações no dependabot e no gráfico de Dependência' notes: - O gráfico de dependência agora é compatível com a detecção de dependências do Python em repositórios que usam o gerenciador de pacotes do Poetry. As dependências serão detectadas a partir de arquivos manifestos 'pyproject.toml' e 'poetry.lock'. - - When configuring {% data variables.product.prodname_dependabot %} security and version updates on GitHub Enterprise Server, we recommend you also enable {% data variables.product.prodname_dependabot %} in {% data variables.product.prodname_github_connect %}. This will allow {% data variables.product.prodname_dependabot %} to retrieve an updated list of dependencies and vulnerabilities from {% data variables.product.prodname_dotcom_the_website %}, by querying for information such as the changelogs of the public releases of open source code that you depend upon. For more information, see "[Enabling the dependency graph and Dependabot alerts for your enterprise](/admin/configuration/configuring-github-connect/enabling-the-dependency-graph-and-dependabot-alerts-for-your-enterprise)." + - Ao configurar as atualizações de segurança e versão de {% data variables.product.prodname_dependabot %} no GitHub Enterprise Server, recomendamos que você também habilite {% data variables.product.prodname_dependabot %} em {% data variables.product.prodname_github_connect %}. Isso permitirá que {% data variables.product.prodname_dependabot %} recupere uma lista atualizada de dependências e vulnerabilidades de {% data variables.product.prodname_dotcom_the_website %}, consultando informações, como os registros de alterações das versões públicas do código aberto do qual você depende. Para obter mais informações, consulte "[Habilitando o gráfico de dependências e alertas de Dependabot para a sua empresa](/admin/configuration/configuring-github-connect/enabling-the-dependency-graph-and-dependabot-alerts-for-your-enterprise)." - 'Os alertas de {% data variables.product.prodname_dependabot_alerts %} agora podem ser ignorados usando a API do GraphQL. Para obter mais informações, consulte a "[dismissRepositoryVulnerabilityAlert](/graphql/reference/mutations#dismissyvulnerabilityalert)" mutação na documentação da API do GraphQL.' - heading: 'Digitalização de código e alterações na digitalização de segredo' notes: - - The {% data variables.product.prodname_codeql %} CLI now supports including markdown-rendered query help in SARIF files, so that the help text can be viewed in the {% data variables.product.prodname_code_scanning %} UI when the query generates an alert. For more information, see the "[{% data variables.product.prodname_dotcom %} changelog](https://github.blog/changelog/2021-11-23-display-help-text-for-your-custom-codeql-queries-in-code-scanning/)." - - The {% data variables.product.prodname_codeql %} CLI and {% data variables.product.prodname_vscode %} extension now support building databases and analyzing code on machines powered by Apple Silicon, such as Apple M1. For more information, see the "[{% data variables.product.prodname_dotcom %} changelog](https://github.blog/changelog/2021-11-10-codeql-now-supports-apple-silicon-m1/)." + - A CLI de {% data variables.product.prodname_codeql %} agora é compatível com a ajuda de consulta interpretada por markdown em arquivos SARIF, para que o texto de ajuda possa ser visto na interface do usuário de {% data variables.product.prodname_code_scanning %} quando a consulta gerar um alerta. Para obter mais informações, consulte o "[registro de alterações de {% data variables.product.prodname_dotcom %}](https://github.blog/changelog/2021-11-display-help-text-for-your-codeql-queries-in-code-scanning/)." + - A extensão da CLI de {% data variables.product.prodname_codeql %} e {% data variables.product.prodname_vscode %} agora é compatível com a criação de bancos de dados e a análise de código em máquinas alimentadas por Apple Silicon, como a Apple M1. Para obter mais informações, consulte o "[registro de alterações de {% data variables.product.prodname_dotcom %}](https://github.blog/changelog/2021-11-10-codeql-now-supports-apple-silicon-m1/)." - | - The depth of {% data variables.product.prodname_codeql %}'s analysis has been improved by adding support for more [libraries and frameworks](https://codeql.github.com/docs/codeql-overview/supported-languages-and-frameworks/) from the Python ecosystem. As a result, {% data variables.product.prodname_codeql %} can now detect even more potential sources of untrusted user data, steps through which that data flows, and potentially dangerous sinks where the data could end up. This results in an overall improvement of the quality of {% data variables.product.prodname_code_scanning %} alerts. For more information, see the "[{% data variables.product.prodname_dotcom %} changelog](https://github.blog/changelog/2021-11-24-codeql-code-scanning-now-recognizes-more-python-libraries-and-frameworks/)." - - Code scanning with {% data variables.product.prodname_codeql %} now includes beta support for analyzing code in all common Ruby versions, up to and including 3.02. For more information, see the "[{% data variables.product.prodname_dotcom %} changelog](https://github.blog/changelog/2021-10-27-codeql-code-scanning-adds-beta-support-for-ruby/)." + A profundidade da análise de {% data variables.product.prodname_codeql %} foi aprimorada adicionando suporte para mais [bibliotecas e estruturas](https://codeql.github.com/docs/codeql-overview/supported-languages-and-frameworks/) do ecossistema do Python. Como resultado, {% data variables.product.prodname_codeql %} agora pode detectar ainda mais possíveis fontes de dados de usuário não confiáveis, passos por meio dos quais esses dados fluem, e coletores possivelmente perigosos onde os dados podem acabar. Isso resulta em uma melhoria geral da qualidade dos alertas de {% data variables.product.prodname_code_scanning %}. Para obter mais informações, consulte, consulte o "[registro de {% data variables.product.prodname_dotcom %}](https://github.blog/changelog/2021-11-24-codeql-code-scanning-now-recognizes-more-python-libraries-and-frameworks/)". + - A digitalização de código com {% data variables.product.prodname_codeql %} agora inclui suporte beta para a análise de código em todas as versões comuns do ruby, incluindo 3.02. Para obter mais informações, consulte o "[registro de alterações de {% data variables.product.prodname_dotcom %}](https://github.blog/changelog/2021-10-27-codeql-code-scanning-adds-beta-support-for-ruby/)." - | - Several improvements have been made to the {% data variables.product.prodname_code_scanning %} API: + Várias melhorias foram feitas na API de {% data variables.product.prodname_code_scanning %} : - * The `fixed_at` timestamp has been added to alerts. This timestamp is the first time that the alert was not detected in an analysis. - * Alert results can now be sorted using `sort` and `direction` on either `created`, `updated` or `number`. For more information, see "[List code scanning alerts for a repository](/rest/reference/code-scanning#list-code-scanning-alerts-for-a-repository)." - * A `Last-Modified` header has been added to the alerts and alert endpoint response. For more information, see [`Last-Modified`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Last-Modified) in the Mozilla documentation. - * The `relatedLocations` field has been added to the SARIF response when you request a code scanning analysis. The field may contain locations which are not the primary location of the alert. See an example in the [SARIF spec](https://docs.oasis-open.org/sarif/sarif/v2.1.0/cs01/sarif-v2.1.0-cs01.html#_Toc16012616) and for more information see "[Get a code scanning analysis for a repository](/rest/reference/code-scanning#get-a-code-scanning-analysis-for-a-repository)." - * Both `help` and `tags` data have been added to the webhook response alert rule object. For more information, see "[Code scanning alert webhooks events and payloads](/developers/webhooks-and-events/webhooks/webhook-events-and-payloads#code_scanning_alert)." - * Personal access tokens with the `public_repo` scope now have write access for code scanning endpoints on public repos, if the user has permission. + * O registro de hora `fixed_at` foi adicionado aos alertas. Este registro de hora representa a primeira vez que o alerta não foi detectado em uma análise. + * Os resultados de alerta agora podem ser classificados usando `sort` e `direction` em `created`, `updated` ou `number`. Para obter mais informações, consulte "[Lista de alertas de digitalização de código para um repositório ](/rest/reference/code-scanning#list-code-scanning-alerts-for-a-repository). + * Um cabeçalho `Last-Modified` foi adicionado aos alertas e alerta de resposta de pontos de extremidade. Para obter mais informações, consulte [`Last-Modified`](https://developer.mozilla. rg/en-US/docs/Web/HTTP/Headers/Last-Modified) na documentação Mozilla. + * O campo `relatedLocations` foi adicionado à resposta do SARIF ao solicitar uma análise de digitalização de código. O campo pode conter locais que não são a localização principal do alerta. Veja um exemplo na [especificação do SARIF](https://docs.oasis-open.org/sarif/sarif/v2.1.0/cs01/sarif-v2.1.0-cs01. tml#_Toc16012616) e para obter mais informações, consulte "[Obtenha uma análise de verificação de código para um repositório](/rest/reference/code-scanning#get-a-code-scanning-analyis-for-a-repository). + * Os dados `help` e `tags` foram adicionados ao objeto de regra de alerta de resposta de webhook. Para obter mais informações, consulte "[Eventos de digitalização de alerta de códigos e cargas](/developers/webhooks-and-events/webhooks/webhook-events-and-payloads#code_scanning_alert). + * Os tokens de acesso pessoal com o escopo `public_repo` agora têm acesso de gravação para digitalização de pontos de extremidade de código em repositórios públicos, se o usuário tiver permissão. - For more information, see "[Code scanning](/rest/reference/code-scanning)" in the REST API documentation. - - '{% data variables.product.prodname_GH_advanced_security %} customers can now use the REST API to retrieve private repository secret scanning results at the enterprise level. The new endpoint supplements the existing repository-level and organization-level endpoints. For more information, see "[Secret scanning](/rest/reference/secret-scanning)" in the REST API documentation.' + Para obter mais informações, consulte "[Digitalização de código](/rest/reference/scanning)" na documentação da API REST. + - 'Os clientes de {% data variables.product.prodname_GH_advanced_security %} agora podem usar a API REST para recuperar resultados privados da digitalização de código do repositório no nível corporativo. O novo ponto de extremidade complementa o nível de repositório existente e os pontos de extremidade no nível de organização. Para obter mais informações, consulte "[Digitalização de segredo](/rest/reference/secret-scanning)" na documentação da API REST.' #No security/bug fixes for the RC release #security_fixes: #- PLACEHOLDER @@ -148,7 +148,7 @@ sections: - Quando "Usuários podem pesquisar pelo GitHub.com" está habilitado com o GitHub Connect, os problemas em repositórios privados e internos não estão incluídos nos resultados de pesquisa do GitHub.com. - O registro npm de {% data variables.product.prodname_registry %} não retorna mais o valor de tempo em respostas de metadados. Isso foi feito para permitir melhorias substanciais de desempenho. Continuamos a ter todos os dados necessários para devolver um valor de tempo como parte da resposta aos metadados e retomaremos o retorno desse valor no futuro, assim que tivermos resolvido os problemas de desempenho existentes. - Os limites de recursos que são específicos para processamento de hooks pre-receive podem causar falha em alguns hooks pre-receive. - - Actions services needs to be restarted after restoring appliance from backup taken on a different host. + - Os serviços de ação devem ser reiniciados após a restauração do dispositivo a partir do backup tomado em um host diferente. deprecations: - heading: Obsoletização do GitHub Enterprise Server 3.0 @@ -165,30 +165,30 @@ sections: - heading: Obsolescência da visualização dos anexos do conteúdo da API notes: - - Due to low usage, we have deprecated the Content References API preview in {% data variables.product.prodname_ghe_server %} 3.4. The API was previously accessible with the `corsair-preview` header. Users can continue to navigate to external URLs without this API. Any registered usages of the Content References API will no longer receive a webhook notification for URLs from your registered domain(s) and we no longer return valid response codes for attempted updates to existing content attachments. + - Devido a baixo uso, nós descontinuamos a visualização da API de Referências de Conteúdo em {% data variables.product.prodname_ghe_server %} 3.4. Anteriormente, a API podia ser acessada com o cabeçalho `corsair-preview`. Os usuários podem continuar acessando os URLs externos sem esta API. Qualquer uso registrado da API de Referências de Conteúdo não receberá mais uma notificação de webhook para os URLs do(s) seu(s) domínio(s) registrado(s) e não retornaremos mais códigos de resposta válidos para tentativas de atualizar anexos de conteúdo existentes. - - heading: Deprecation of the Codes of Conduct API preview + heading: Obsolescência da visualização da API dos códigos de conduta notes: - - 'The Codes of Conduct API preview, which was accessible with the `scarlet-witch-preview` header, is deprecated and no longer accessible in {% data variables.product.prodname_ghe_server %} 3.4. We instead recommend using the "[Get community profile metrics](/rest/reference/repos#get-community-profile-metrics)" endpoint to retrieve information about a repository''s code of conduct. For more information, see the "[Deprecation Notice: Codes of Conduct API preview](https://github.blog/changelog/2021-10-06-deprecation-notice-codes-of-conduct-api-preview/)" in the {% data variables.product.prodname_dotcom %} changelog.' + - 'A visualização da API dos códigos de conduta, que podia ser acessada com o cabeçalho `scarlet-witch-preview`, foi descontinuada e não pode ser mais acessada em {% data variables.product.prodname_ghe_server %} 3.4. Em vez disso, recomendamos usar o ponto de extremidade "[Obter métricas do perfil da comunidade](/rest/reference/repos#get-community-profile-metrics)" para obter informações sobre o código de conduta de um repositório. Para obter mais informações, consulte "[Aviso de obsolescência: Visualização da API dos códigos de conduta](https://github.blog/changelog/2021-10-06-deprecation-notice-codes-of-conduct-api-preview/)" no registro de alterações de {% data variables.product.prodname_dotcom %}.' - heading: A obsolescência dos pontos de extremidade da API do aplicativo OAuth e autenticação da API usando parâmetros de consulta notes: - | - Starting with {% data variables.product.prodname_ghe_server %} 3.4, the [deprecated version of the OAuth Application API endpoints](https://developer.github.com/changes/2020-02-14-deprecating-oauth-app-endpoint/#endpoints-affected) have been removed. If you encounter 404 error messages on these endpoints, convert your code to the versions of the OAuth Application API that do not have `access_tokens` in the URL. We've also disabled the use of API authentication using query parameters. We instead recommend using [API authentication in the request header](https://developer.github.com/changes/2020-02-10-deprecating-auth-through-query-param/#changes-to-make). + A partir de {% data variables.product.prodname_ghe_server %} 3.4, a [versão obsoleta dos pontos da API dos aplicativos OAuth](https://developer.github.com/changes/2020-02-14-deprecating-oauth-app-endpoint/#endpoints-affected) foi removida. Se você encontrar mensagens de erro 404 nesses pontos de extremidade, converta o seu código para as versões da API do aplicativo OAuth que não tem `access_tokens` no URL. Nós também desabilitamos o uso da autenticação API usando parâmetros de consulta. Em vez disso, recomendamos usar [autenticação de API no cabeçalho de solicitação](https://developer.github.com/changes/2020-02-10-deprecating-auth-through-query-param/#changes-to-make). - heading: Obosolescência do executor do CodeQL notes: - - The {% data variables.product.prodname_codeql %} runner is deprecated in {% data variables.product.prodname_ghe_server %} 3.4 and is no longer supported. The deprecation only affects users who use {% data variables.product.prodname_codeql %} code scanning in third party CI/CD systems; {% data variables.product.prodname_actions %} users are not affected. We strongly recommend that customers migrate to the {% data variables.product.prodname_codeql %} CLI, which is a feature-complete replacement for the {% data variables.product.prodname_codeql %} runner. For more information, see the [{% data variables.product.prodname_dotcom %} changelog](https://github.blog/changelog/2021-09-21-codeql-runner-deprecation/). + - O executor de {% data variables.product.prodname_codeql %} foi descontinuado em {% data variables.product.prodname_ghe_server %} 3.4 e não é mais compatível. A obsolescência afeta apenas usuários que usam a digitalização de código de {% data variables.product.prodname_codeql %} em sistemas de terceiros CI/CD; os usuários de {% data variables.product.prodname_actions %} não são afetados. É altamente recomendável que os clientes migrem para a CLI de {% data variables.product.prodname_codeql %}, que é um substituto com recursos completos para o executor de {% data variables.product.prodname_codeql %}. Para obter mais informações, consulte o [registro de alterações de {% data variables.product.prodname_dotcom %}](https://github.blog/changelog/2021-09-21-codeql-runner-deprecation/). - heading: Obsolescência das extensões personalizadas do bit-cache notes: - | - Starting in {% data variables.product.prodname_ghe_server %} 3.1, support for {% data variables.product.company_short %}'s proprietary bit-cache extensions began to be phased out. These extensions are deprecated in {% data variables.product.prodname_ghe_server %} 3.3 onwards. + Começando em {% data variables.product.prodname_ghe_server %} 3.1, o suporte para extensões de bit-cache de {% data variables.product.company_short %} começou a ser eliminado gradualmente. Essas extensões estão obsoletas a partir de {% data variables.product.prodname_ghe_server %} 3.3. - Any repositories that were already present and active on {% data variables.product.product_location %} running version 3.1 or 3.2 will have been automatically updated. + Todos os repositórios que já estavam presentes e ativos na {% data variables.product.product_location %} versão 3.1 ou 3.2 serão atualizados automaticamente. - Repositories which were not present and active before upgrading to {% data variables.product.prodname_ghe_server %} 3.3 may not perform optimally until a repository maintenance task is run and has successfully completed. + Os repositórios que não estavam presentes e ativos antes de atualizar para {% data variables.product.prodname_ghe_server %} 3.3 podem não ser executados da forma ideal até que uma tarefa de manutenção de repositório seja executada e concluída com sucesso. - To start a repository maintenance task manually, browse to `https:///stafftools/repositories///network` for each affected repository and click the Schedule button. + Para iniciar uma tarefa de manutenção do repositório manualmente, acesse https:///stafftools/repositórios///network` para cada repositório afetado e clique no botão Cronograma. backups: - - '{% data variables.product.prodname_ghe_server %} 3.4 requires at least [GitHub Enterprise Backup Utilities 3.4.0](https://github.com/github/backup-utils) for [Backups and Disaster Recovery](/admin/configuration/configuring-your-enterprise/configuring-backups-on-your-appliance).' + - '{% data variables.product.prodname_ghe_server %} 3.4 exige pelo menos [GitHub Enterprise Backup Utilities 3.4.0](https://github.com/github/backup-utils) para [Backups e recuperação de desastre](/admin/configuration/configuring-your-enterprise/configuring-backups-on-your-appliance).' diff --git a/translations/pt-BR/data/release-notes/enterprise-server/3-4/0.yml b/translations/pt-BR/data/release-notes/enterprise-server/3-4/0.yml index 0bdaf5c73f..3c5ccb44e3 100644 --- a/translations/pt-BR/data/release-notes/enterprise-server/3-4/0.yml +++ b/translations/pt-BR/data/release-notes/enterprise-server/3-4/0.yml @@ -28,7 +28,7 @@ sections: heading: Segurança do Dependabot e atualizações da versão em beta pública notes: - | - {% data variables.product.prodname_dependabot %} is now available in {% data variables.product.prodname_ghe_server %} 3.4 as a public beta, offering both version updates and security updates for several popular ecosystems. {% data variables.product.prodname_dependabot %} on {% data variables.product.prodname_ghe_server %} requires {% data variables.product.prodname_actions %} and a pool of self-hosted runners configured for {% data variables.product.prodname_dependabot %} use. {% data variables.product.prodname_dependabot %} on {% data variables.product.prodname_ghe_server %} also requires {% data variables.product.prodname_github_connect %} and {% data variables.product.prodname_dependabot %} to be enabled by an administrator. Beta feedback and suggestions can be shared in the [{% data variables.product.prodname_dependabot %} Feedback GitHub discussion](https://github.com/github/feedback/discussions/categories/dependabot-feedback). For more information and to try the beta, see "[Setting up {% data variables.product.prodname_dependabot %} security and version updates on your enterprise](/admin/github-actions/enabling-github-actions-for-github-enterprise-server/setting-up-dependabot-updates)." + {% data variables.product.prodname_dependabot %} agora está disponível em {% data variables.product.prodname_ghe_server %} 3.4 como beta público, oferecendo atualizações de versão e segurança para vários ecossistemas populares. {% data variables.product.prodname_dependabot %} em {% data variables.product.prodname_ghe_server %} exige {% data variables.product.prodname_actions %} e um grupo de executores auto-hospedados configurado para uso de {% data variables.product.prodname_dependabot %}. {% data variables.product.prodname_dependabot %} em {% data variables.product.prodname_ghe_server %} também exige {% data variables.product.prodname_github_connect %} e {% data variables.product.prodname_dependabot %} para ser habilitado por um administrador. Feedback de beta e sugestões podem ser compartilhados na [discussão de feedback do GitHub{% data variables.product.prodname_dependabot %}](https://github.com/github/feedback/discussions/categories/dependabot-feedback). Para obter mais informações e testar a versão beta, consulte "[Configurar {% data variables.product.prodname_dependabot %} de segurança e versão de atualizações](/admin/github-actions/enabling-github-actions-for-github-enterprise-server/setting-up-dependabot-updates)." changes: - heading: Alterações na administração @@ -94,41 +94,41 @@ sections: - heading: 'Alterações do GitHub Actions' notes: - - '{% data variables.product.prodname_actions %} workflows triggered by {% data variables.product.prodname_dependabot %} for the `create`, `deployment`, and `deployment_status` events now always receive a read-only token and no secrets. Similarly, workflows triggered by {% data variables.product.prodname_dependabot %} for the `pull_request_target` event on pull requests where the base ref was created by {% data variables.product.prodname_dependabot %}, now always receive a read-only token and no secrets. These changes are designed to prevent potentially malicious code from executing in a privileged workflow. For more information, see "[Automating {% data variables.product.prodname_dependabot %} with {% data variables.product.prodname_actions %}](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/automating-dependabot-with-github-actions)."' - - Workflow runs on `push` and `pull_request` events triggered by {% data variables.product.prodname_dependabot %} will now respect the permissions specified in your workflows, allowing you to control how you manage automatic dependency updates. The default token permissions will remain read-only. For more information, see the "[{% data variables.product.prodname_dotcom %} changelog](https://github.blog/changelog/2021-10-06-github-actions-workflows-triggered-by-dependabot-prs-will-respect-permissions-key-in-workflows/)." - - '{% data variables.product.prodname_actions %} workflows triggered by {% data variables.product.prodname_dependabot %} will now be sent the {% data variables.product.prodname_dependabot %} secrets. You can now pull from private package registries in your CI using the same secrets you have configured for {% data variables.product.prodname_dependabot %} to use, improving how {% data variables.product.prodname_actions %} and {% data variables.product.prodname_dependabot %} work together. For more information, see "[Automating {% data variables.product.prodname_dependabot %} with {% data variables.product.prodname_actions %}](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/automating-dependabot-with-github-actions)."' + - 'Os fluxos de trabalho de {% data variables.product.prodname_actions %} acionados por {% data variables.product.prodname_dependabot %} para os eventos `create`, `deployment` e `deployment_status` agora sempre recebem um token somente leitura e sem segredos. Da mesma forma, os fluxos de trabalho acionados por {% data variables.product.prodname_dependabot %} para o evento `pull_request_target` em pull requests onde o ref base foi criado por {% data variables.product.prodname_dependabot %}, agora sempre recebe um token somente leitura e sem segredos. Essas alterações foram projetadas para impedir que códigos potencialmente maliciosos sejam executados em um fluxo de trabalho privilegiado. Para obter mais informações, consulte "[Automatizar {% data variables.product.prodname_dependabot %} com {% data variables.product.prodname_actions %}](/code-security/supply chain-security/keeping-your-dependencies-updated-automaticamente/automating-dependabot-with-github-actions)."' + - As execuções do fluxo de trabalho em eventos `push` e `pull_request` acionados por {% data variables.product.prodname_dependabot %} agora respeitarão as permissões especificadas nos seus fluxos de trabalho, permitindo que você controle como gerencia atualizações automáticas de dependências. As permissões do token padrão permanecerão somente leitura. Para obter mais informações, consulte, consulte "[o registro de alterações de {% data variables.product.prodname_dotcom %}](https://github.blog/changelog/2021-10-06-github-actions-workflows-triggered-by-dependabot-prs-will-respect-permissions-key-in-workflows/)." + - 'Os fluxos de trabalho de {% data variables.product.prodname_actions %} acionados por {% data variables.product.prodname_dependabot %} serão agora enviados para os segredos de {% data variables.product.prodname_dependabot %}. Agora você pode retirá-los de registros de pacotes privados no seu CI usando os mesmos segredos que você configurou para {% data variables.product.prodname_dependabot %} usar, melhorando como {% data variables.product.prodname_actions %} e {% data variables.product.prodname_dependabot %} trabalham juntos. Para obter mais informações, consulte "[Automatizar {% data variables.product.prodname_dependabot %} com {% data variables.product.prodname_actions %}](/code-security/supply chain-security/keeping-your-dependencies-updated-automatically/automating-dependabot-with-github-actions)."' - Agora você pode gerenciar os grupos de executores e ver o status dos seus executores auto-hospedados usando as novas páginas de executores e grupos de executores na interface do usuário. A página de configurações de ações do seu repositório ou organização agora mostra uma visualização resumo dos seus executores e permite que você se aprofunde em um executor específico para editá-lo ou ver qual trabalho ele pode estar executando atualmente. Para obter mais informações, consulte "[Registro de alterações de {% data variables.product.prodname_dotcom %}](https://github.blog/changelog/2021-09-20-github-actions-experience-refresh-for-the-management-of-self-hosted-runners/)." - 'Autores das ações agora podem ter sua ação executada no Node.js 16 especificando [`runs.using` como `node16` no `action.yml`](/actions/creating-actions/metadata-syntax-for-github-actions#runs-for-javascript-actions). Além do suporte existente ao Node.js 12; as ações podem continuar a especificar `runs.using: node12` para usar o tempo de execução do Node.js 12.' - 'Para fluxos de trabalho acionados manualmente, {% data variables.product.prodname_actions %} agora é compatível com os tipos de entrada `choice`, `boolean` e `environment` além do tipo `string` padrão. Para obter mais informações, consulte "[`on.workflow_dispatch.inputs`](/actions/using-workflows/workflow-syntax-for-github-actions#onworkflow_dispatchinputs)."' - - Actions written in YAML, also known as composite actions, now support `if` conditionals. This lets you prevent specific steps from executing unless a condition has been met. Like steps defined in workflows, you can use any supported context and expression to create a conditional. - - The search order behavior for self-hosted runners has now changed, so that the first available matching runner at any level will run the job in all cases. This allows jobs to be sent to self-hosted runners much faster, especially for organizations and enterprises with lots of self-hosted runners. Previously, when running a job that required a self-hosted runner, {% data variables.product.prodname_actions %} would look for self-hosted runners in the repository, organization, and enterprise, in that order. - - 'Runner labels for {% data variables.product.prodname_actions %} self-hosted runners can now be listed, added and removed using the REST API. For more information about using the new APIs at a repository, organization, or enterprise level, see "[Repositories](/rest/reference/actions#list-labels-for-a-self-hosted-runner-for-a-repository)", "[Organizations](/rest/reference/actions#add-custom-labels-to-a-self-hosted-runner-for-an-organization)", and "[Enterprises](/rest/reference/enterprise-admin#list-labels-for-a-self-hosted-runner-for-an-enterprise)" in the REST API documentation.' + - As ações escritas no YAML, também conhecidas como ações compostas, agora são compatíveis com as condicionais `if`. Isso permite que você impeça a execução de etapas específicas, a menos que uma condição tenha sido atendida. Como as etapas definidas nos fluxos de trabalho, você pode usar qualquer contexto e expressão compatível para criar uma condicional. + - O comportamento da ordem de busca para executores auto-hospedados foi alterado, para que o primeiro executor de correspondência disponível em qualquer nível execute o trabalho em todos os casos. Isso permite que os trabalhos sejam enviados para executores auto-hospedados muito mais rápido, especialmente para organizações e empresas com muitos executores hospedados. Anteriormente, ao executar um trabalho que exigia um executor auto-hospedado, {% data variables.product.prodname_actions %} procuraria por executores auto-hospedados no repositório, organização e empresa, nessa ordem. + - 'As etiquetas do executor para {% data variables.product.prodname_actions %} auto-hospedado agora podem ser listadas, adicionadas e removidas usando a API REST. Para obter mais informações sobre como usar as novas APIs em um repositório, organização ou empresa, consulte "[Repositories](/rest/reference/actions#list-labels-for-a-autohosted-runner-for-a-repository)", "[Organizations](/rest/reference/actions#add-custom-labels-to-autohosted-runner-for-an-organization)", e "[Enterprises](/rest/reference/enterprise-admin#list-labels-for-a-autohosted-runner-for-an-enterprise)" na documentação da API REST.' - heading: 'Alterações no dependabot e no gráfico de Dependência' notes: - O gráfico de dependência agora é compatível com a detecção de dependências do Python em repositórios que usam o gerenciador de pacotes do Poetry. As dependências serão detectadas a partir de arquivos manifestos 'pyproject.toml' e 'poetry.lock'. - - When configuring {% data variables.product.prodname_dependabot %} security and version updates on GitHub Enterprise Server, we recommend you also enable {% data variables.product.prodname_dependabot %} in {% data variables.product.prodname_github_connect %}. This will allow {% data variables.product.prodname_dependabot %} to retrieve an updated list of dependencies and vulnerabilities from {% data variables.product.prodname_dotcom_the_website %}, by querying for information such as the changelogs of the public releases of open source code that you depend upon. For more information, see "[Enabling the dependency graph and Dependabot alerts for your enterprise](/admin/configuration/configuring-github-connect/enabling-the-dependency-graph-and-dependabot-alerts-for-your-enterprise)." + - Ao configurar as atualizações de segurança e versão de {% data variables.product.prodname_dependabot %} no GitHub Enterprise Server, recomendamos que você também habilite {% data variables.product.prodname_dependabot %} em {% data variables.product.prodname_github_connect %}. Isso permitirá que {% data variables.product.prodname_dependabot %} recupere uma lista atualizada de dependências e vulnerabilidades de {% data variables.product.prodname_dotcom_the_website %}, consultando informações, como os registros de alterações das versões públicas do código aberto do qual você depende. Para obter mais informações, consulte "[Habilitando o gráfico de dependências e alertas de Dependabot para a sua empresa](/admin/configuration/configuring-github-connect/enabling-the-dependency-graph-and-dependabot-alerts-for-your-enterprise)." - 'Os alertas de {% data variables.product.prodname_dependabot_alerts %} agora podem ser ignorados usando a API do GraphQL. Para obter mais informações, consulte a "[dismissRepositoryVulnerabilityAlert](/graphql/reference/mutations#dismissyvulnerabilityalert)" mutação na documentação da API do GraphQL.' - heading: 'Digitalização de código e alterações na digitalização de segredo' notes: - - The {% data variables.product.prodname_codeql %} CLI now supports including markdown-rendered query help in SARIF files, so that the help text can be viewed in the {% data variables.product.prodname_code_scanning %} UI when the query generates an alert. For more information, see the "[{% data variables.product.prodname_dotcom %} changelog](https://github.blog/changelog/2021-11-23-display-help-text-for-your-custom-codeql-queries-in-code-scanning/)." - - The {% data variables.product.prodname_codeql %} CLI and {% data variables.product.prodname_vscode %} extension now support building databases and analyzing code on machines powered by Apple Silicon, such as Apple M1. For more information, see the "[{% data variables.product.prodname_dotcom %} changelog](https://github.blog/changelog/2021-11-10-codeql-now-supports-apple-silicon-m1/)." + - A CLI de {% data variables.product.prodname_codeql %} agora é compatível com a ajuda de consulta interpretada por markdown em arquivos SARIF, para que o texto de ajuda possa ser visto na interface do usuário de {% data variables.product.prodname_code_scanning %} quando a consulta gerar um alerta. Para obter mais informações, consulte o "[registro de alterações de {% data variables.product.prodname_dotcom %}](https://github.blog/changelog/2021-11-display-help-text-for-your-codeql-queries-in-code-scanning/)." + - A extensão da CLI de {% data variables.product.prodname_codeql %} e {% data variables.product.prodname_vscode %} agora é compatível com a criação de bancos de dados e a análise de código em máquinas alimentadas por Apple Silicon, como a Apple M1. Para obter mais informações, consulte o "[registro de alterações de {% data variables.product.prodname_dotcom %}](https://github.blog/changelog/2021-11-10-codeql-now-supports-apple-silicon-m1/)." - | - The depth of {% data variables.product.prodname_codeql %}'s analysis has been improved by adding support for more [libraries and frameworks](https://codeql.github.com/docs/codeql-overview/supported-languages-and-frameworks/) from the Python ecosystem. As a result, {% data variables.product.prodname_codeql %} can now detect even more potential sources of untrusted user data, steps through which that data flows, and potentially dangerous sinks where the data could end up. This results in an overall improvement of the quality of {% data variables.product.prodname_code_scanning %} alerts. For more information, see the "[{% data variables.product.prodname_dotcom %} changelog](https://github.blog/changelog/2021-11-24-codeql-code-scanning-now-recognizes-more-python-libraries-and-frameworks/)." - - Code scanning with {% data variables.product.prodname_codeql %} now includes beta support for analyzing code in all common Ruby versions, up to and including 3.02. For more information, see the "[{% data variables.product.prodname_dotcom %} changelog](https://github.blog/changelog/2021-10-27-codeql-code-scanning-adds-beta-support-for-ruby/)." + A profundidade da análise de {% data variables.product.prodname_codeql %} foi aprimorada adicionando suporte para mais [bibliotecas e estruturas](https://codeql.github.com/docs/codeql-overview/supported-languages-and-frameworks/) do ecossistema do Python. Como resultado, {% data variables.product.prodname_codeql %} agora pode detectar ainda mais possíveis fontes de dados de usuário não confiáveis, passos por meio dos quais esses dados fluem, e coletores possivelmente perigosos onde os dados podem acabar. Isso resulta em uma melhoria geral da qualidade dos alertas de {% data variables.product.prodname_code_scanning %}. Para obter mais informações, consulte, consulte o "[registro de {% data variables.product.prodname_dotcom %}](https://github.blog/changelog/2021-11-24-codeql-code-scanning-now-recognizes-more-python-libraries-and-frameworks/)". + - A digitalização de código com {% data variables.product.prodname_codeql %} agora inclui suporte beta para a análise de código em todas as versões comuns do ruby, incluindo 3.02. Para obter mais informações, consulte o "[registro de alterações de {% data variables.product.prodname_dotcom %}](https://github.blog/changelog/2021-10-27-codeql-code-scanning-adds-beta-support-for-ruby/)." - | - Several improvements have been made to the {% data variables.product.prodname_code_scanning %} API: + Várias melhorias foram feitas na API de {% data variables.product.prodname_code_scanning %} : - * The `fixed_at` timestamp has been added to alerts. This timestamp is the first time that the alert was not detected in an analysis. - * Alert results can now be sorted using `sort` and `direction` on either `created`, `updated` or `number`. For more information, see "[List code scanning alerts for a repository](/rest/reference/code-scanning#list-code-scanning-alerts-for-a-repository)." - * A `Last-Modified` header has been added to the alerts and alert endpoint response. For more information, see [`Last-Modified`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Last-Modified) in the Mozilla documentation. - * The `relatedLocations` field has been added to the SARIF response when you request a code scanning analysis. The field may contain locations which are not the primary location of the alert. See an example in the [SARIF spec](https://docs.oasis-open.org/sarif/sarif/v2.1.0/cs01/sarif-v2.1.0-cs01.html#_Toc16012616) and for more information see "[Get a code scanning analysis for a repository](/rest/reference/code-scanning#get-a-code-scanning-analysis-for-a-repository)." - * Both `help` and `tags` data have been added to the webhook response alert rule object. For more information, see "[Code scanning alert webhooks events and payloads](/developers/webhooks-and-events/webhooks/webhook-events-and-payloads#code_scanning_alert)." - * Personal access tokens with the `public_repo` scope now have write access for code scanning endpoints on public repos, if the user has permission. + * O registro de hora `fixed_at` foi adicionado aos alertas. Este registro de hora representa a primeira vez que o alerta não foi detectado em uma análise. + * Os resultados de alerta agora podem ser classificados usando `sort` e `direction` em `created`, `updated` ou `number`. Para obter mais informações, consulte "[Lista de alertas de digitalização de código para um repositório ](/rest/reference/code-scanning#list-code-scanning-alerts-for-a-repository). + * Um cabeçalho `Last-Modified` foi adicionado aos alertas e alerta de resposta de pontos de extremidade. Para obter mais informações, consulte [`Last-Modified`](https://developer.mozilla. rg/en-US/docs/Web/HTTP/Headers/Last-Modified) na documentação Mozilla. + * O campo `relatedLocations` foi adicionado à resposta do SARIF ao solicitar uma análise de digitalização de código. O campo pode conter locais que não são a localização principal do alerta. Veja um exemplo na [especificação do SARIF](https://docs.oasis-open.org/sarif/sarif/v2.1.0/cs01/sarif-v2.1.0-cs01. tml#_Toc16012616) e para obter mais informações, consulte "[Obtenha uma análise de verificação de código para um repositório](/rest/reference/code-scanning#get-a-code-scanning-analyis-for-a-repository). + * Os dados `help` e `tags` foram adicionados ao objeto de regra de alerta de resposta de webhook. Para obter mais informações, consulte "[Eventos de digitalização de alerta de códigos e cargas](/developers/webhooks-and-events/webhooks/webhook-events-and-payloads#code_scanning_alert). + * Os tokens de acesso pessoal com o escopo `public_repo` agora têm acesso de gravação para digitalização de pontos de extremidade de código em repositórios públicos, se o usuário tiver permissão. - For more information, see "[Code scanning](/rest/reference/code-scanning)" in the REST API documentation. - - '{% data variables.product.prodname_GH_advanced_security %} customers can now use the REST API to retrieve private repository secret scanning results at the enterprise level. The new endpoint supplements the existing repository-level and organization-level endpoints. For more information, see "[Secret scanning](/rest/reference/secret-scanning)" in the REST API documentation.' + Para obter mais informações, consulte "[Digitalização de código](/rest/reference/scanning)" na documentação da API REST. + - 'Os clientes de {% data variables.product.prodname_GH_advanced_security %} agora podem usar a API REST para recuperar resultados privados da digitalização de código do repositório no nível corporativo. O novo ponto de extremidade complementa o nível de repositório existente e os pontos de extremidade no nível de organização. Para obter mais informações, consulte "[Digitalização de segredo](/rest/reference/secret-scanning)" na documentação da API REST.' #No security/bug fixes for the GA release #security_fixes: #- PLACEHOLDER @@ -142,7 +142,7 @@ sections: - Quando "Usuários podem pesquisar pelo GitHub.com" está habilitado com o GitHub Connect, os problemas em repositórios privados e internos não estão incluídos nos resultados de pesquisa do GitHub.com. - O registro npm de {% data variables.product.prodname_registry %} não retorna mais o valor de tempo em respostas de metadados. Isso foi feito para permitir melhorias substanciais de desempenho. Continuamos a ter todos os dados necessários para devolver um valor de tempo como parte da resposta aos metadados e retomaremos o retorno desse valor no futuro, assim que tivermos resolvido os problemas de desempenho existentes. - Os limites de recursos que são específicos para processamento de hooks pre-receive podem causar falha em alguns hooks pre-receive. - - Actions services needs to be restarted after restoring appliance from backup taken on a different host. + - Os serviços de ação devem ser reiniciados após a restauração do dispositivo a partir do backup tomado em um host diferente. deprecations: - heading: Obsoletização do GitHub Enterprise Server 3.0 @@ -159,30 +159,30 @@ sections: - heading: Obsolescência da visualização dos anexos do conteúdo da API notes: - - Due to low usage, we have deprecated the Content References API preview in {% data variables.product.prodname_ghe_server %} 3.4. The API was previously accessible with the `corsair-preview` header. Users can continue to navigate to external URLs without this API. Any registered usages of the Content References API will no longer receive a webhook notification for URLs from your registered domain(s) and we no longer return valid response codes for attempted updates to existing content attachments. + - Devido a baixo uso, nós descontinuamos a visualização da API de Referências de Conteúdo em {% data variables.product.prodname_ghe_server %} 3.4. Anteriormente, a API podia ser acessada com o cabeçalho `corsair-preview`. Os usuários podem continuar acessando os URLs externos sem esta API. Qualquer uso registrado da API de Referências de Conteúdo não receberá mais uma notificação de webhook para os URLs do(s) seu(s) domínio(s) registrado(s) e não retornaremos mais códigos de resposta válidos para tentativas de atualizar anexos de conteúdo existentes. - - heading: Deprecation of the Codes of Conduct API preview + heading: Obsolescência da visualização da API dos códigos de conduta notes: - - 'The Codes of Conduct API preview, which was accessible with the `scarlet-witch-preview` header, is deprecated and no longer accessible in {% data variables.product.prodname_ghe_server %} 3.4. We instead recommend using the "[Get community profile metrics](/rest/reference/repos#get-community-profile-metrics)" endpoint to retrieve information about a repository''s code of conduct. For more information, see the "[Deprecation Notice: Codes of Conduct API preview](https://github.blog/changelog/2021-10-06-deprecation-notice-codes-of-conduct-api-preview/)" in the {% data variables.product.prodname_dotcom %} changelog.' + - 'A visualização da API dos códigos de conduta, que podia ser acessada com o cabeçalho `scarlet-witch-preview`, foi descontinuada e não pode ser mais acessada em {% data variables.product.prodname_ghe_server %} 3.4. Em vez disso, recomendamos usar o ponto de extremidade "[Obter métricas do perfil da comunidade](/rest/reference/repos#get-community-profile-metrics)" para obter informações sobre o código de conduta de um repositório. Para obter mais informações, consulte "[Aviso de obsolescência: Visualização da API dos códigos de conduta](https://github.blog/changelog/2021-10-06-deprecation-notice-codes-of-conduct-api-preview/)" no registro de alterações de {% data variables.product.prodname_dotcom %}.' - heading: A obsolescência dos pontos de extremidade da API do aplicativo OAuth e autenticação da API usando parâmetros de consulta notes: - | - Starting with {% data variables.product.prodname_ghe_server %} 3.4, the [deprecated version of the OAuth Application API endpoints](https://developer.github.com/changes/2020-02-14-deprecating-oauth-app-endpoint/#endpoints-affected) have been removed. If you encounter 404 error messages on these endpoints, convert your code to the versions of the OAuth Application API that do not have `access_tokens` in the URL. We've also disabled the use of API authentication using query parameters. We instead recommend using [API authentication in the request header](https://developer.github.com/changes/2020-02-10-deprecating-auth-through-query-param/#changes-to-make). + A partir de {% data variables.product.prodname_ghe_server %} 3.4, a [versão obsoleta dos pontos da API dos aplicativos OAuth](https://developer.github.com/changes/2020-02-14-deprecating-oauth-app-endpoint/#endpoints-affected) foi removida. Se você encontrar mensagens de erro 404 nesses pontos de extremidade, converta o seu código para as versões da API do aplicativo OAuth que não tem `access_tokens` no URL. Nós também desabilitamos o uso da autenticação API usando parâmetros de consulta. Em vez disso, recomendamos usar [autenticação de API no cabeçalho de solicitação](https://developer.github.com/changes/2020-02-10-deprecating-auth-through-query-param/#changes-to-make). - heading: Obosolescência do executor do CodeQL notes: - - The {% data variables.product.prodname_codeql %} runner is deprecated in {% data variables.product.prodname_ghe_server %} 3.4 and is no longer supported. The deprecation only affects users who use {% data variables.product.prodname_codeql %} code scanning in third party CI/CD systems; {% data variables.product.prodname_actions %} users are not affected. We strongly recommend that customers migrate to the {% data variables.product.prodname_codeql %} CLI, which is a feature-complete replacement for the {% data variables.product.prodname_codeql %} runner. For more information, see the [{% data variables.product.prodname_dotcom %} changelog](https://github.blog/changelog/2021-09-21-codeql-runner-deprecation/). + - O executor de {% data variables.product.prodname_codeql %} foi descontinuado em {% data variables.product.prodname_ghe_server %} 3.4 e não é mais compatível. A obsolescência afeta apenas usuários que usam a digitalização de código de {% data variables.product.prodname_codeql %} em sistemas de terceiros CI/CD; os usuários de {% data variables.product.prodname_actions %} não são afetados. É altamente recomendável que os clientes migrem para a CLI de {% data variables.product.prodname_codeql %}, que é um substituto com recursos completos para o executor de {% data variables.product.prodname_codeql %}. Para obter mais informações, consulte o [registro de alterações de {% data variables.product.prodname_dotcom %}](https://github.blog/changelog/2021-09-21-codeql-runner-deprecation/). - heading: Obsolescência das extensões personalizadas do bit-cache notes: - | - Starting in {% data variables.product.prodname_ghe_server %} 3.1, support for {% data variables.product.company_short %}'s proprietary bit-cache extensions began to be phased out. These extensions are deprecated in {% data variables.product.prodname_ghe_server %} 3.3 onwards. + Começando em {% data variables.product.prodname_ghe_server %} 3.1, o suporte para extensões de bit-cache de {% data variables.product.company_short %} começou a ser eliminado gradualmente. Essas extensões estão obsoletas a partir de {% data variables.product.prodname_ghe_server %} 3.3. - Any repositories that were already present and active on {% data variables.product.product_location %} running version 3.1 or 3.2 will have been automatically updated. + Todos os repositórios que já estavam presentes e ativos na {% data variables.product.product_location %} versão 3.1 ou 3.2 serão atualizados automaticamente. - Repositories which were not present and active before upgrading to {% data variables.product.prodname_ghe_server %} 3.3 may not perform optimally until a repository maintenance task is run and has successfully completed. + Os repositórios que não estavam presentes e ativos antes de atualizar para {% data variables.product.prodname_ghe_server %} 3.3 podem não ser executados da forma ideal até que uma tarefa de manutenção de repositório seja executada e concluída com sucesso. - To start a repository maintenance task manually, browse to `https:///stafftools/repositories///network` for each affected repository and click the Schedule button. + Para iniciar uma tarefa de manutenção do repositório manualmente, acesse https:///stafftools/repositórios///network` para cada repositório afetado e clique no botão Cronograma. backups: - - '{% data variables.product.prodname_ghe_server %} 3.4 requires at least [GitHub Enterprise Backup Utilities 3.4.0](https://github.com/github/backup-utils) for [Backups and Disaster Recovery](/admin/configuration/configuring-your-enterprise/configuring-backups-on-your-appliance).' + - '{% data variables.product.prodname_ghe_server %} 3.4 exige pelo menos [GitHub Enterprise Backup Utilities 3.4.0](https://github.com/github/backup-utils) para [Backups e recuperação de desastre](/admin/configuration/configuring-your-enterprise/configuring-backups-on-your-appliance).' diff --git a/translations/pt-BR/data/release-notes/github-ae/2021-06/2021-12-06.yml b/translations/pt-BR/data/release-notes/github-ae/2021-06/2021-12-06.yml index cf83f34b12..9c485d1c2d 100644 --- a/translations/pt-BR/data/release-notes/github-ae/2021-06/2021-12-06.yml +++ b/translations/pt-BR/data/release-notes/github-ae/2021-06/2021-12-06.yml @@ -76,7 +76,7 @@ sections: - | Agora você pode autenticar as conexões do SSH em {% data variables.product.product_name %} usando uma chave de segurança FIDO2 adicionando uma chave SSH `sk-ecdsa-sha2-nistp256@openssh.com` para a sua conta. As chaves de segurança SSH armazenam material da chave de secredo em um dispositivo de hardware separado que exige verificação, como, por exemplo, um toque, para operar. Armazenar a chave em hardware separado e exigir a interação física para a sua chave SSH oferece segurança adicional. Como a chave é armazenada em hardware e não pode ser retirada, a chave não pode ser lida ou roubada pelo software em execução no computador. A interação física impede o uso não autorizado da chave, uma vez que a chave de segurança não funcionará até que você interaja fisicamente com ela. Para obter mais informações, consulte "[Gerando uma nova chave SSH e adicionando-a ao ssh-agent](/github/authenticating-to-github/connecting-to-github-with-ssh/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent#generating-a-new-ssh-key-for-a-hardware-security-key)." - | - Git Credential Manager (GCM) Core versions 2.0.452 and later now provide secure credential storage and multi-factor authentication support for {% data variables.product.product_name %}. GCM Core with support for {% data variables.product.product_name %} is included with [Git for Windows](https://gitforwindows.org) versions 2.32 and later. GCM Core is not included with Git for macOS or Linux, but can be installed separately. For more information, see the [latest release](https://github.com/microsoft/Git-Credential-Manager-Core/releases/) and [installation instructions](https://github.com/microsoft/Git-Credential-Manager-Core/releases/) in the `microsoft/Git-Credential-Manager-Core` repository. + O Gerenciador de Credenciais do Git (GCM) Core versões 2.0.452 e posteriores agora fornecem armazenamento de credenciais seguro e suporte para a autenticação de vários fatores para {% data variables.product.product_name %}. O GCM Core com suporte para {% data variables.product.product_name %} está incluído em [Git para Windows](https://gitforwindows.org) versões 2.32 ou posteriores. O GCM Core não está incluído no Git para macOS ou Linux, mas pode ser instalado separadamente. Para obter mais informações, consulte a [versão mais recente](https://github. om/microsoft/Git-Credential-Manager-Core/releases/) e as [instruções de instalação](https://github.com/microsoft/Git-Credential-Manager-Core/releases/) no repositório `microsoft/Git-Credential-Manager-Core`. - heading: 'Notificações' notes: @@ -100,52 +100,52 @@ sections: - | Para evitar o merge de alterações inesperadas depois de habilitar o merge automático para um pull request, o merge automático agora será desabilitado automaticamente quando novas alterações forem enviadas por push por um usuário sem acesso de gravação ao repositório. Os usuários sem acesso de gravação ainda podem atualizar o pull request com alterações do branch base quando o merge automático estiver habilitado. Para evitar que um usuário malicioso use um conflito de merge para introduzir alterações inesperadas no pull request, {% data variables.product.product_name %} desabilitará o merge automático do pull request se a atualização causar um conflito de merge. Para obter mais informações sobre merge automático, consulte "[Fazer merge automaticamente de um pull request](/github/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/automaticamente, merging-a-pull-request)." - | - People with maintain access can now manage the repository-level "Allow auto-merge" setting. This setting, which is off by default, controls whether auto-merge is available on pull requests in the repository. Previously, only people with admin access could manage this setting. Additionally, this setting can now by controlled using the "[Create a repository](/rest/reference/repos#create-an-organization-repository)" and "[Update a repository](/rest/reference/repos#update-a-repository)" REST APIs. For more information, see "[Managing auto-merge for pull requests in your repository](/github/administering-a-repository/configuring-pull-request-merges/managing-auto-merge-for-pull-requests-in-your-repository)." + As pessoas com acesso de manutenção agora podem gerenciar a configuração para "Permitir merge automático". Esta configuração, que está desabilitada por padrão, controla se o merge automático está disponível em pull requests no repositório. Anteriormente, apenas pessoas com acesso de administrador poderiam gerenciar essa configuração. Além disso, essa configuração agora pode usar as API REST "[Criar um repositório](/rest/reference/repos#create-an-organization-repository)" e "[Atualizar um repositório](/rest/reference/repos#update-a-repository)". Para obter mais informações, consulte "[Gerenciar merge automático para pull requests no seu repositório](/github/administering-a-repository/configuring-pull-request-merges/managing-auto-merge-for-pull-requests-in-your-repository)." - | A seleção de responsáveis para problemas e pull requests agora é compatível com a digitação antecipada para que você possa encontrar usuários na sua organização mais rapidamente. Além disso, as classificações do resultado da pesquisa foram atualizadas para preferir as partidas no início do nome de usuário de uma pessoa ou nome do perfil. - heading: 'Repositórios' notes: - | - When viewing the commit history for a file, you can now click {% octicon "file-code" aria-label="The code icon" %} to view the file at the specified time in the repository's history. + Ao visualizar o histórico de commit de um arquivo, agora você pode clicar em {% octicon "file-code" aria-label="The code icon" %} para ver o arquivo no momento especificado no histórico do repositório. - | Agora você pode usar a interface do usuário web para sincronizar um branch desatualizado para uma bifurcação com a bifurcação upstream. Se não houver conflitos de merge entre os branches, {% data variables.product.product_name %} irá atualizar seu branch seja por adiantamento ou por merge do upstream. Se houver conflitos, o {% data variables.product.product_name %} solicitará a abertura do pull request para resolver os conflitos. Para obter mais informações, consulte "[Sincronizando um fork](/github/collaborating-with-pull-requests/working-with-forks/syncing-a-fork#syncing-a-fork-from-the-web-ui)". - | Agora você pode classificar os repositórios no perfil de um usuário ou organização por contagem de estrelas. - | - The Repositories REST API's "compare two commits" endpoint, which returns a list of commits reachable from one commit or branch, but unreachable from another, now supports pagination. The API can also now return the results for comparisons over 250 commits. For more information, see the "[Commits](/rest/reference/commits#compare-two-commits)" REST API documentation and "[Traversing with pagination](/rest/guides/traversing-with-pagination)." + O ponto de extrenudade "comparar dois commits" dos repositórios da REST API, que retorna uma lista de commits acessíveis a partir de um commit ou branch, mas que não pode ser acessado a partir de outro, agora é compatível com paginação. A API agora também pode devolver os resultados para comparações com mais de 250 commits. Para obter mais informações, consulte "[Commits](/rest/reference/commits#compare-two-commits)" a documentação da API REST e "[Traversing with pagination](/rest/guides/traversing-with-pagination)." - | - When you define a submodule in {% data variables.product.product_location %} with a relative path, the submodule is now clickable in the web UI. Clicking the submodule in the web UI will take you to the linked repository. Previously, only submodules with absolute URLs were clickable. Relative paths for repositories with the same owner that follow the pattern ../REPOSITORY or relative paths for repositories with a different owner that follow the pattern ../OWNER/REPOSITORY are supported. For more information about working with submodules, see [Working with submodules](https://github.blog/2016-02-01-working-with-submodules/) on {% data variables.product.prodname_blog %}. + Ao definir um submódulo em {% data variables.product.product_location %} com um caminho relativo, é possível clicar no submódulo na interface do usuário web. Clicar no submódulo na interface do usuário web irá levá-lo para o repositório vinculado. Anteriormente, era possível clicar apenas em submódulos com URLs absolutas. Caminhos relativos para repositórios com o mesmo proprietário que seguem o padrão .REPOSITORY ou caminhos relativos para repositórios com um proprietário diferente que segue o padrão . /OWNER/REPOSITÓRIO são compatíveis. Para obter mais informações sobre como trabalhar com submódulos, consulte [Trabalhar com submódulos](https://github.blog/2016-02-01-working-with-submodules/) em {% data variables.product.prodname_blog %}. - | - By precomputing checksums, the amount of time a repository is under lock has reduced dramatically, allowing more write operations to succeed immediately and improving monorepo performance. + Ao pré-calcular as comprovações, a quantidade de tempo que um repositório está sob o bloqueio foi reduzida drasticamente, o que permitiu mais operações de escrita com sucesso e melhorando o desempenho do monorrepositório. - heading: 'Versões' notes: - | - You can now react with emoji to all releases on {% data variables.product.product_name %}. For more information, see "[About releases](/github/administering-a-repository/releasing-projects-on-github/about-releases)." + Agora você pode reagir com emojis a todas as versões do {% data variables.product.product_name %}. Para obter mais informações, consulte "[Sobre versões](/github/administering-a-repository/releasing-projects-on-github/about-releases)". - heading: 'Temas' notes: - | - Dark and dark dimmed themes are now available for the web UI. {% data variables.product.product_name %} will match your system preferences when you haven't set theme preferences in {% data variables.product.product_name %}. You can also customize the themes that are active during day and night. For more information, see "[Managing your theme settings](/github/setting-up-and-managing-your-github-user-account/managing-user-account-settings/managing-your-theme-settings)." + Temas escuros e com níveis de opacidade agora estão disponíveis para a interface do usuário da web. {% data variables.product.product_name %} irá coincidir com suas preferências de sistema quando você não definiu preferências de tema em {% data variables.product.product_name %}. Você também pode personalizar os temas ativos durante o dia e a noite. Para obter mais informações, consulte "[Gerenciando as suas configurações de tema](/github/setting-up-and-managing-your-github-user-account/managing-user-account-settings/managing-your-theme-settings)." - heading: 'markdown' notes: - | - Markdown files in your repositories now automatically generate a table of contents in the header the file has two or more headings. The table of contents is interactive and links to the corresponding section. All six Markdown heading levels are supported. For more information, see "[About READMEs](/github/creating-cloning-and-archiving-repositories/creating-a-repository-on-github/about-readmes#auto-generated-table-of-contents-for-readme-files)." + Os arquivos de Markdown nos seus repositórios agora geram automaticamente um índice no cabeçalho do arquivo que tem dois ou mais cabeçalhos. O índice é interativo e contém links para a seção correspondente. Todos os seis níveis de cabeçalho do Markdown são compatíveis. Para obter mais informações, consulte "[Sobre READMEs](/github/creating-cloning-and-archiving-repositories/creating-a-repository-on-github/about-readmes#auto-generated-table-of-contents-for-readme-files)." - | - `code` markup is now supported in titles for issues and pull requests. Text within backticks (`` ` ``) will appear rendered in a fixed-width font anywhere the issue or pull request title appears in the web UI for {% data variables.product.product_name %}. + O markup `code` agora écompatível com títulos para problemas e pull requests. O texto dentro das aspas inversas (`` ` ``) aparecerá interpretado em uma fonte de largura fixa em qualquer lugar que o problema ou o título do pull request apareça na interface web de {% data variables.product.product_name %}. - | - While editing Markdown in files, issues, pull requests, or comments, you can now use a keyboard shortcut to insert a code block. The keyboard shortcut is command + E on a Mac or Ctrl + E on other devices. For more information, see "[Basic writing and formatting syntax](/github/writing-on-github/getting-started-with-writing-and-formatting-on-github/basic-writing-and-formatting-syntax#quoting-code)." + Ao editar o Markdown em arquivos, problemas, pull requests ou comentários, agora você pode usar um atalho de teclado para inserir um bloco de código. O atalho do teclado é command + E no Mac ou Ctrl + E em outros dispositivos. Para obter mais informações, consulte "[Sintaxe de escrita e formatação básica](/github/writing-on-github/getting-started-with-writing-and-formatting-on-github/basic-writing-and-formatting-syntax#quoting-code)." - | - You can append `?plain=1` to the URL for any Markdown file to display the file without rendering and with line numbers. You can use the plain view to link other users to specific lines. For example, appending `?plain=1#L52` will highlight line 52 of a plain text Markdown file. For more information, "[Creating a permanent link to a code snippet](/github/writing-on-github/working-with-advanced-formatting/creating-a-permanent-link-to-a-code-snippet#linking-to-markdown)." + Você pode adicionar `?plain=1` ao URL para qualquer arquivo de Markdown para exibir o arquivo sem interpretação e com números de linha. Você pode usar a visão plano para vincular outros usuários a linhas específicas. Por exemplo, ao adicionar `?plain=1#L52`, você destacará a linha 52 de um arquivo de Markdown em texto simples. Para mais informações, "[Criar um link permanente para um trecho de código](/github/writing-on-github/working-with-advanced-formatting/creating-a-permanent-link-to-a-code-snippet#linking-to-markdown)". - heading: 'Aplicativos do GitHub' notes: - | - API requests to create an installation access token now respect IP allow lists for an enterprise or organization. Any API requests made with an installation access token for a GitHub App installed on your organization already respect IP allow lists. This feature does not currently consider any Azure network security group (NSG) rules that {% data variables.product.company_short %} Support has configured for {% data variables.product.product_location %}. For more information, see "[Restricting network traffic to your enterprise](/admin/configuration/configuring-your-enterprise/restricting-network-traffic-to-your-enterprise#about-ip-allow-lists)," "[Managing allowed IP addresses for your organization](/organizations/keeping-your-organization-secure/managing-allowed-ip-addresses-for-your-organization)," and "[Apps](https://docs.github.com/en/rest/reference/apps#create-an-installation-access-token-for-an-app)" in the REST API documentation. + As solicitações da API para a criação de um token de acesso de instalação agora respeita as listas de permissão de IP para empresas ou organização. Qualquer solicitação da API feita com um token de acesso de instalação para um aplicativo GitHub instalado na sua organização respeitas as listas de permissão de IP. Esse recurso não considera atualmente nenhuma regra do grupo de segurança de rede do Azure (NSG) com suporte de {% data variables.product.company_short %} configurado para {% data variables.product.product_location %}. Para obter mais informações, consulte "[Restringir tráfego de rede para a sua empresa](/admin/configuration/configuring-your-enterprise/restricting-network-traffic-to-your-enterprise#about-ip-allow-lists)," "[Gerenciar endereços IP permitidos para sua organização](/organizations/keeping-your-organization-secure/managing-allowed-ip-addresses-for-your-organization)," e "[Apps](https://docs. ithub.com/pt/rest/reference/apps#create-an-installation-token-for-an-app)" na documentação da API REST. - heading: 'Webhooks' notes: - | - You can now programmatically resend or check the status of webhooks through the REST API. For more information, see "[Repositories](https://docs.github.com/en/rest/reference/repos#webhooks)," "[Organizations](https://docs.github.com/en/rest/reference/orgs#webhooks)," and "[Apps](https://docs.github.com/en/rest/reference/apps#webhooks)" in the REST API documentation. + Agora você pode reenviar programaticamente ou verificar o status dos webhooks por meio da API REST. Para obter mais informações, consulte "[Repositories](https://docs.github.com/en/rest/reference/repos#webhooks),"[Organizations](https://docs. ithub.com/en/rest/reference/orgs#webhooks)," e "[Apps](https://docs.github.com/en/rest/reference/apps#webhooks)" na documentação da API REST. diff --git a/translations/pt-BR/data/reusables/actions/github-token-expiration.md b/translations/pt-BR/data/reusables/actions/github-token-expiration.md index 3391ce321f..6c4c246ab4 100644 --- a/translations/pt-BR/data/reusables/actions/github-token-expiration.md +++ b/translations/pt-BR/data/reusables/actions/github-token-expiration.md @@ -1 +1 @@ -The `GITHUB_TOKEN` expires when a job finishes or after a maximum of 24 hours. \ No newline at end of file +O `GITHUB_TOKEN` vence quando um trabalho for concluído ou após um máximo de 24 horas. \ No newline at end of file diff --git a/translations/pt-BR/data/reusables/actions/message-parameters.md b/translations/pt-BR/data/reusables/actions/message-parameters.md index fd9358b1a0..662e5cf41f 100644 --- a/translations/pt-BR/data/reusables/actions/message-parameters.md +++ b/translations/pt-BR/data/reusables/actions/message-parameters.md @@ -1 +1 @@ -| Parameter | Value | | :- | :- |{% ifversion fpt or ghes > 3.2 or ghae-issue-4929 or ghec %} | `title` | Custom title |{% endif %} | `file` | Filename | | `col` | Column number, starting at 1 |{% ifversion fpt or ghes > 3.2 or ghae-issue-4929 or ghec %} | `endColumn` | End column number |{% endif %} | `line` | Line number, starting at 1 |{% ifversion fpt or ghes > 3.2 or ghae-issue-4929 or ghec %} | `endLine` | End line number |{% endif %} +| Parâmetro | Valor | | :- | :- |{% ifversion fpt or ghes > 3.2 or ghae-issue-4929 or ghec %} | `title` | Custom title |{% endif %} | `file` | Título personalizado| | `col` | Número da colina, começando com 1 |{% ifversion fpt or ghes > 3.2 or ghae-issue-4929 or ghec %} | `endColumn` | Número final da coluna |{% endif %} | `line` | Número final da linha, começando com 1 |{% ifversion fpt or ghes > 3.2 or ghae-issue-4929 or ghec %} | `endLine` | Número final da linha |{% endif %} diff --git a/translations/pt-BR/data/reusables/actions/oidc-permissions-token.md b/translations/pt-BR/data/reusables/actions/oidc-permissions-token.md index e9ebdbe242..888ec3bc9c 100644 --- a/translations/pt-BR/data/reusables/actions/oidc-permissions-token.md +++ b/translations/pt-BR/data/reusables/actions/oidc-permissions-token.md @@ -5,7 +5,7 @@ A configuração `id-token: write` permite que o JWT seja solicitado do provedor - Usando variáveis de ambiente no executor (`ACTIONS_ID_TOKEN_REQUEST_URL` e `ACTIONS_ID_TOKEN_REQUEST_TOKEN`). - Usando `getIDToken()` do conjunto de ferramentas de ações. -If you only need to fetch an OIDC token for a single job, then this permission can be set within that job. Por exemplo: +Se você só precisa obter um token OIDC para um único trabalho, essa permissão poderá ser definida dentro desse trabalho. Por exemplo: ```yaml{:copy} permissions: diff --git a/translations/pt-BR/data/reusables/actions/oidc-updating-workflow-overview.md b/translations/pt-BR/data/reusables/actions/oidc-updating-workflow-overview.md index fbbabdca65..09cf5dbefb 100644 --- a/translations/pt-BR/data/reusables/actions/oidc-updating-workflow-overview.md +++ b/translations/pt-BR/data/reusables/actions/oidc-updating-workflow-overview.md @@ -1,6 +1,6 @@ -To add OIDC integration to your cloud deployment workflows, you will need to add the following code changes: +Para adicionar integração OIDC aos seus fluxos de trabalho para implantação na nuvem, você deverá adicionar as seguintes alterações de código: -- Grant permission to fetch the token from the {% data variables.product.prodname_dotcom %} OIDC provider: - - The workflow needs a `permissions` setting with a defined `id-token` value. This lets you fetch the OIDC token from every job in the workflow. If you only need to fetch an OIDC token for a single job, then this permission can be set within that job. -- Request the JSON Web Token (JWT) from the {% data variables.product.prodname_dotcom %} OIDC provider, and present it to your cloud provider to receive an access token: - - You could use the Actions toolkit to fetch the tokens in your job, or you can use the official action created by your cloud provider to fetch the JWT and receive the access token from the cloud. +- Conceder permissão para obter o token do provedor do OIDC de {% data variables.product.prodname_dotcom %}: + - O fluxo de trabalho precisa de uma configuração de `permissões` com um valor de `id-token` definido. Isso permite obter o token do OIDC de cada trabalho do fluxo de trabalho. Se você só precisa obter um token OIDC para um único trabalho, essa permissão poderá ser definida dentro desse trabalho. +- Solicite o Token do JSON Web (JWT) do provedor OIDC de {% data variables.product.prodname_dotcom %} e apresente-o ao seu provedor de nuvem para receber um token de acesso: + - Você pode usar o kit de ferramentas de ações para obter os tokens no seu trabalho ou você pode usar a ação oficial criada pelo seu provedor de nuvem para obter o JWT e receber o token de acesso da nuvem. diff --git a/translations/pt-BR/data/reusables/actions/perform-blob-storage-precheck.md b/translations/pt-BR/data/reusables/actions/perform-blob-storage-precheck.md index b369adb066..e6105e24bf 100644 --- a/translations/pt-BR/data/reusables/actions/perform-blob-storage-precheck.md +++ b/translations/pt-BR/data/reusables/actions/perform-blob-storage-precheck.md @@ -1 +1 @@ -1. Run the `ghe-actions-precheck` command to test your blob storage configuration. Para obter mais informações, consulte "[Utilitários de linha de comando](/admin/configuration/configuring-your-enterprise/command-line-utilities#ghe-actions-precheck)". +1. Execute o comando `ghe-actions-precheck` para testar a sua configuração de armazenamento do blob. Para obter mais informações, consulte "[Utilitários de linha de comando](/admin/configuration/configuring-your-enterprise/command-line-utilities#ghe-actions-precheck)". diff --git a/translations/pt-BR/data/reusables/code-scanning/alert-default-branch.md b/translations/pt-BR/data/reusables/code-scanning/alert-default-branch.md new file mode 100644 index 0000000000..c6a6029e70 --- /dev/null +++ b/translations/pt-BR/data/reusables/code-scanning/alert-default-branch.md @@ -0,0 +1 @@ +The status and details on the alert page only reflect the state of the alert on the default branch of the repository, even if the alert exists in other branches. You can see the status of the alert on non-default branches in the **Affected branches** section on the right-hand side of the alert page. If an alert doesn't exist in the default branch, the status of the alert will display as "in pull request" or "in branch" and will be colored grey. \ No newline at end of file diff --git a/translations/pt-BR/data/reusables/code-scanning/filter-non-default-branches.md b/translations/pt-BR/data/reusables/code-scanning/filter-non-default-branches.md new file mode 100644 index 0000000000..4df28a76d5 --- /dev/null +++ b/translations/pt-BR/data/reusables/code-scanning/filter-non-default-branches.md @@ -0,0 +1 @@ +Please note that if you have filtered for alerts on a non-default branch, but the same alerts exist on the default branch, the alert page for any given alert will still only reflect the alert's status on the default branch, even if that status conflicts with the status on a non-default branch. For example, an alert that appears in the "Open" list in the summary of alerts for `branch-x` could show a status of "Fixed" on the alert page, if the alert is already fixed on the default branch. You can view the status of the alert for the branch you filtered on in the **Affected branches** section on the right side of the alert page. \ No newline at end of file diff --git a/translations/pt-BR/data/reusables/dependabot/private-dependencies-note.md b/translations/pt-BR/data/reusables/dependabot/private-dependencies-note.md index 6ab9fa7a4a..45eaef2384 100644 --- a/translations/pt-BR/data/reusables/dependabot/private-dependencies-note.md +++ b/translations/pt-BR/data/reusables/dependabot/private-dependencies-note.md @@ -1 +1 @@ -Ao executar atualizações de segurança ou versão, alguns ecossistemas devem ser capazes de resolver todas as dependências de sua fonte para verificar se as atualizações foram bem-sucedidas. Se o seu manifesto ou arquivos de bloqueio contiverem dependências privadas, {% data variables.product.prodname_dependabot %} deverá ser capaz de acessar o local em que essas dependências estão hospedadas. Os proprietários da organização podem conceder a {% data variables.product.prodname_dependabot %} acesso a repositórios privados que contêm dependências para um projeto dentro da mesma organização. Para obter mais informações, consulte "[Gerenciar configurações de segurança e análise para sua organização](/organizations/keeping-your-organization-secure/managing-security-and-analysis-settings-for-your-organization#allowing-dependabot-to-access-private-dependencies)". É possível configurar o acesso a registros privados no arquivo de configuração de _dependabot.yml_ de um repositório. Para obter mais informações, consulte "[Opções de configuração para atualizações de dependências](/github/administering-a-repository/configuration-options-for-dependency-updates#configuration-options-for-private-registries)". +Ao executar atualizações de segurança ou versão, alguns ecossistemas devem ser capazes de resolver todas as dependências de sua fonte para verificar se as atualizações foram bem-sucedidas. Se o seu manifesto ou arquivos de bloqueio contiverem dependências privadas, {% data variables.product.prodname_dependabot %} deverá ser capaz de acessar o local em que essas dependências estão hospedadas. Os proprietários da organização podem conceder a {% data variables.product.prodname_dependabot %} acesso a repositórios privados que contêm dependências para um projeto dentro da mesma organização. Para obter mais informações, consulte "[Gerenciar configurações de segurança e análise para sua organização](/organizations/keeping-your-organization-secure/managing-security-and-analysis-settings-for-your-organization#allowing-dependabot-to-access-private-dependencies)". É possível configurar o acesso a registros privados no arquivo de configuração de _dependabot.yml_ de um repositório. For more information, see "[Configuration options for the dependabot.yml file](/github/administering-a-repository/configuration-options-for-dependency-updates#configuration-options-for-private-registries)." diff --git a/translations/pt-BR/data/reusables/dependabot/result-discrepancy.md b/translations/pt-BR/data/reusables/dependabot/result-discrepancy.md new file mode 100644 index 0000000000..241548122b --- /dev/null +++ b/translations/pt-BR/data/reusables/dependabot/result-discrepancy.md @@ -0,0 +1 @@ +The results of dependency detection reported by {% data variables.product.product_name %} may be different from the results returned by other tools. There are good reasons for this and it's helpful to understand how {% data variables.product.prodname_dotcom %} determines dependencies for your project. diff --git a/translations/pt-BR/data/reusables/repositories/github-reviews-security-advisories.md b/translations/pt-BR/data/reusables/repositories/github-reviews-security-advisories.md index 7f16a7761f..2d00ded619 100644 --- a/translations/pt-BR/data/reusables/repositories/github-reviews-security-advisories.md +++ b/translations/pt-BR/data/reusables/repositories/github-reviews-security-advisories.md @@ -1,3 +1,3 @@ {% data variables.product.prodname_dotcom %} irá revisar cada consultoria de segurança publicada, adicioná-la ao {% data variables.product.prodname_advisory_database %}, e poderá utilizar a consultoria de segurança para enviar {% data variables.product.prodname_dependabot_alerts %} aos repositórios afetados. Se a consultoria de segurança vier de uma bifurcação, só enviaremos um alerta se a bifurcação possuir um pacote, publicado com um nome único, em um registro de pacote público. Este processo pode levar até 72 horas e {% data variables.product.prodname_dotcom %} pode entrar em contato com você para obter mais informações. -Para obter mais informações sobre {% data variables.product.prodname_dependabot_alerts %}, consulte "[Sobre alertas para dependências vulneráveis](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies#dependabot-alerts-for-vulnerable-dependencies)" e "[Sobre {% data variables.product.prodname_dependabot_security_updates %}](/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-dependabot-security-updates)". Para obter mais informações sobre {% data variables.product.prodname_advisory_database %}, consulte "[Procurar vulnerabilidades de segurança no {% data variables.product.prodname_advisory_database %}](/github/managing-security-vulnerabilities/browsing-security-vulnerabilities-in-the-github-advisory-database). +For more information about {% data variables.product.prodname_dependabot_alerts %}, see "[About {% data variables.product.prodname_dependabot_alerts %}](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies#dependabot-alerts-for-vulnerable-dependencies)" and "[About {% data variables.product.prodname_dependabot_security_updates %}](/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-dependabot-security-updates)." Para obter mais informações sobre {% data variables.product.prodname_advisory_database %}, consulte "[Procurar vulnerabilidades de segurança no {% data variables.product.prodname_advisory_database %}](/github/managing-security-vulnerabilities/browsing-security-vulnerabilities-in-the-github-advisory-database). diff --git a/translations/pt-BR/data/reusables/repositories/security-alert-delivery-options.md b/translations/pt-BR/data/reusables/repositories/security-alert-delivery-options.md index 47cb923aa0..10cf02b7b8 100644 --- a/translations/pt-BR/data/reusables/repositories/security-alert-delivery-options.md +++ b/translations/pt-BR/data/reusables/repositories/security-alert-delivery-options.md @@ -1,4 +1,4 @@ {% ifversion not ghae %} Se o seu repositório tem um manifesto de dependência compatível -{% ifversion fpt or ghec %} (e se você configurou o gráfico de dependências se for um repositório privado){% endif %}, sempre que {% data variables.product.product_name %} detectar uma dependência vulnerável no repositório, você receberá um e-mail com o resumo semanal. Você também pode configurar os seus alertas de segurança como notificações web, notificações individuais de e-mail, resumo de e-mail diários ou alertas na interface de {% data variables.product.product_name %}. Para obter mais informações, consulte "[Sobre alertas para dependências vulneráveis](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)" +{% ifversion fpt or ghec %} (e se você configurou o gráfico de dependências se for um repositório privado){% endif %}, sempre que {% data variables.product.product_name %} detectar uma dependência vulnerável no repositório, você receberá um e-mail com o resumo semanal. Você também pode configurar os seus alertas de segurança como notificações web, notificações individuais de e-mail, resumo de e-mail diários ou alertas na interface de {% data variables.product.product_name %}. Para obter mais informações, consulte "[Sobre {% data variables.product.prodname_dependabot_alerts %}](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)". {% endif %} diff --git a/translations/pt-BR/data/reusables/rest-reference/deployments/keys.md b/translations/pt-BR/data/reusables/rest-reference/deploy_keys/deploy_keys.md similarity index 91% rename from translations/pt-BR/data/reusables/rest-reference/deployments/keys.md rename to translations/pt-BR/data/reusables/rest-reference/deploy_keys/deploy_keys.md index 0fdc320773..c2ae00dc51 100644 --- a/translations/pt-BR/data/reusables/rest-reference/deployments/keys.md +++ b/translations/pt-BR/data/reusables/rest-reference/deploy_keys/deploy_keys.md @@ -1,5 +1,3 @@ -## Chaves de implantação - {% data reusables.repositories.deploy-keys %} Chaves de implantação podem ser configuradas usando os seguintes pontos de extremidades da API ou usando o GitHub. Para saber como configurar as chaves de implantação no GitHub, consulte "[Gerenciar chaves de implantação](/developers/overview/managing-deploy-keys)". \ No newline at end of file diff --git a/translations/pt-BR/data/reusables/webhooks/repository_vulnerability_alert_short_desc.md b/translations/pt-BR/data/reusables/webhooks/repository_vulnerability_alert_short_desc.md index ed778669b8..f125d87259 100644 --- a/translations/pt-BR/data/reusables/webhooks/repository_vulnerability_alert_short_desc.md +++ b/translations/pt-BR/data/reusables/webhooks/repository_vulnerability_alert_short_desc.md @@ -1 +1 @@ -Atividade relacionada a alertas de vulnerabilidade de segurança em um repositório. {% data reusables.webhooks.action_type_desc %} For more information, see the "[About alerts for vulnerable dependencies](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies/)". +Atividade relacionada a alertas de vulnerabilidade de segurança em um repositório. {% data reusables.webhooks.action_type_desc %} For more information, see the "[About {% data variables.product.prodname_dependabot_alerts %}](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies/)". From c29106bf83d2c0652f74714eea0eda884c27fdaa Mon Sep 17 00:00:00 2001 From: Peter Bengtsson Date: Fri, 18 Mar 2022 15:19:36 -0400 Subject: [PATCH 26/52] remove 'de' as a possible NextJS redirect language (#26315) --- next.config.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/next.config.js b/next.config.js index 2753771591..c2a44f89d8 100644 --- a/next.config.js +++ b/next.config.js @@ -19,7 +19,7 @@ module.exports = { }, i18n: { // locales: Object.values(languages).map(({ code }) => code), - locales: ['en', 'cn', 'ja', 'es', 'pt', 'de'], + locales: ['en', 'cn', 'ja', 'es', 'pt'], defaultLocale: 'en', }, sassOptions: { From 15437712327356803c6ff472f1c6c77b7f1c0dff Mon Sep 17 00:00:00 2001 From: docubot <67483024+docubot@users.noreply.github.com> Date: Fri, 18 Mar 2022 12:34:45 -0700 Subject: [PATCH 27/52] New translation batch for es (#26325) * Add crowdin translations * Run script/i18n/homogenize-frontmatter.js * Run script/i18n/fix-translation-errors.js * Run script/i18n/lint-translation-files.js --check parsing * run script/i18n/reset-files-with-broken-liquid-tags.js --language=es * run script/i18n/reset-known-broken-translation-files.js * Check in es CSV report Co-authored-by: Robert Sese --- .../configuring-notifications.md | 2 +- .../managing-notifications-from-your-inbox.md | 4 +- ...analysis-settings-for-your-user-account.md | 2 +- ...on-levels-for-a-user-account-repository.md | 2 +- .../security-guides/encrypted-secrets.md | 4 + .../workflow-syntax-for-github-actions.md | 25 + ...ub-advanced-security-in-your-enterprise.md | 2 +- ...enabling-dependabot-for-your-enterprise.md | 4 +- .../about-code-scanning-alerts.md | 8 + ...ode-scanning-alerts-for-your-repository.md | 26 +- ...nning-alerts-in-issues-using-task-lists.md | 8 + ...g-code-scanning-alerts-in-pull-requests.md | 9 +- .../about-dependabot-alerts.md | 101 ++ ...ilities-in-the-github-advisory-database.md | 7 +- ...ng-notifications-for-dependabot-alerts.md} | 9 +- ...isories-in-the-github-advisory-database.md | 1 + .../dependabot/dependabot-alerts/index.md | 24 + .../viewing-and-updating-dependabot-alerts.md | 106 ++ .../about-dependabot-security-updates.md | 67 ++ ...configuring-dependabot-security-updates.md | 82 ++ .../dependabot-security-updates/index.md | 20 + .../about-dependabot-version-updates.md | 69 ++ ...ion-options-for-the-dependabot.yml-file.md | 968 ++++++++++++++++++ .../configuring-dependabot-version-updates.md | 142 +++ .../customizing-dependency-updates.md | 144 +++ .../dependabot-version-updates/index.md | 26 + ...ndencies-configured-for-version-updates.md | 39 + .../content/code-security/dependabot/index.md | 23 + ...tomating-dependabot-with-github-actions.md | 557 ++++++++++ .../working-with-dependabot/index.md | 24 + ...your-actions-up-to-date-with-dependabot.md | 65 ++ ...naging-encrypted-secrets-for-dependabot.md | 91 ++ ...ng-pull-requests-for-dependency-updates.md | 66 ++ .../troubleshooting-dependabot-errors.md | 129 +++ ...he-detection-of-vulnerable-dependencies.md | 93 ++ .../github-security-features.md | 4 +- .../securing-your-organization.md | 6 +- .../securing-your-repository.md | 6 +- .../es-ES/content/code-security/guides.md | 1 - .../es-ES/content/code-security/index.md | 1 + .../about-the-security-overview.md | 4 +- .../supply-chain-security/index.md | 2 - .../about-dependabot-version-updates.md | 68 -- ...tomating-dependabot-with-github-actions.md | 555 ---------- ...guration-options-for-dependency-updates.md | 967 ----------------- .../customizing-dependency-updates.md | 143 --- ...nd-disabling-dependabot-version-updates.md | 140 --- .../index.md | 29 - ...your-actions-up-to-date-with-dependabot.md | 64 -- ...ndencies-configured-for-version-updates.md | 41 - ...naging-encrypted-secrets-for-dependabot.md | 91 -- ...ng-pull-requests-for-dependency-updates.md | 65 -- ...bout-alerts-for-vulnerable-dependencies.md | 99 -- .../about-dependabot-security-updates.md | 66 -- .../about-managing-vulnerable-dependencies.md | 46 - ...configuring-dependabot-security-updates.md | 79 -- .../index.md | 36 - .../troubleshooting-dependabot-errors.md | 127 --- ...he-detection-of-vulnerable-dependencies.md | 124 --- ...nerable-dependencies-in-your-repository.md | 119 --- .../about-dependency-review.md | 4 +- .../about-supply-chain-security.md | 154 +++ .../about-the-dependency-graph.md | 4 +- ...loring-the-dependencies-of-a-repository.md | 9 +- .../index.md | 10 +- .../troubleshooting-the-dependency-graph.md | 62 ++ ...ating-a-github-app-using-url-parameters.md | 38 +- .../webhooks/webhook-events-and-payloads.md | 2 +- .../about-githubs-use-of-your-data.md | 4 +- ...se-settings-for-your-private-repository.md | 4 +- ...-up-a-trial-of-github-enterprise-server.md | 2 +- .../creating-and-highlighting-code-blocks.md | 3 +- .../creating-diagrams.md | 129 ++- ...analysis-settings-for-your-organization.md | 7 +- ...ing-the-audit-log-for-your-organization.md | 12 +- .../working-with-the-rubygems-registry.md | 2 +- ...r-github-pages-site-locally-with-jekyll.md | 6 + ...anding-connections-between-repositories.md | 2 +- .../working-with-non-code-files.md | 57 +- .../content/rest/reference/deploy_keys.md | 17 + .../content/rest/reference/deployments.md | 2 +- .../es-ES/content/rest/reference/index.md | 1 + translations/es-ES/data/features/mermaid.yml | 6 +- .../data/learning-tracks/code-security.yml | 38 +- .../code-security/code-examples.yml | 2 +- .../code-scanning/alert-default-branch.md | 1 + .../filter-non-default-branches.md | 1 + .../dependabot/private-dependencies-note.md | 2 +- .../dependabot/result-discrepancy.md | 1 + .../github-reviews-security-advisories.md | 2 +- .../security-alert-delivery-options.md | 2 +- .../keys.md => deploy_keys/deploy_keys.md} | 2 - ...pository_vulnerability_alert_short_desc.md | 2 +- translations/log/es-resets.csv | 18 - 94 files changed, 3445 insertions(+), 2995 deletions(-) create mode 100644 translations/es-ES/content/code-security/dependabot/dependabot-alerts/about-dependabot-alerts.md rename translations/es-ES/content/code-security/{supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies => dependabot/dependabot-alerts}/browsing-security-vulnerabilities-in-the-github-advisory-database.md (92%) rename translations/es-ES/content/code-security/{supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/configuring-notifications-for-vulnerable-dependencies.md => dependabot/dependabot-alerts/configuring-notifications-for-dependabot-alerts.md} (87%) rename translations/es-ES/content/code-security/{supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies => dependabot/dependabot-alerts}/editing-security-advisories-in-the-github-advisory-database.md (94%) create mode 100644 translations/es-ES/content/code-security/dependabot/dependabot-alerts/index.md create mode 100644 translations/es-ES/content/code-security/dependabot/dependabot-alerts/viewing-and-updating-dependabot-alerts.md create mode 100644 translations/es-ES/content/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates.md create mode 100644 translations/es-ES/content/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates.md create mode 100644 translations/es-ES/content/code-security/dependabot/dependabot-security-updates/index.md create mode 100644 translations/es-ES/content/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates.md create mode 100644 translations/es-ES/content/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file.md create mode 100644 translations/es-ES/content/code-security/dependabot/dependabot-version-updates/configuring-dependabot-version-updates.md create mode 100644 translations/es-ES/content/code-security/dependabot/dependabot-version-updates/customizing-dependency-updates.md create mode 100644 translations/es-ES/content/code-security/dependabot/dependabot-version-updates/index.md create mode 100644 translations/es-ES/content/code-security/dependabot/dependabot-version-updates/listing-dependencies-configured-for-version-updates.md create mode 100644 translations/es-ES/content/code-security/dependabot/index.md create mode 100644 translations/es-ES/content/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions.md create mode 100644 translations/es-ES/content/code-security/dependabot/working-with-dependabot/index.md create mode 100644 translations/es-ES/content/code-security/dependabot/working-with-dependabot/keeping-your-actions-up-to-date-with-dependabot.md create mode 100644 translations/es-ES/content/code-security/dependabot/working-with-dependabot/managing-encrypted-secrets-for-dependabot.md create mode 100644 translations/es-ES/content/code-security/dependabot/working-with-dependabot/managing-pull-requests-for-dependency-updates.md create mode 100644 translations/es-ES/content/code-security/dependabot/working-with-dependabot/troubleshooting-dependabot-errors.md create mode 100644 translations/es-ES/content/code-security/dependabot/working-with-dependabot/troubleshooting-the-detection-of-vulnerable-dependencies.md delete mode 100644 translations/es-ES/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/about-dependabot-version-updates.md delete mode 100644 translations/es-ES/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/automating-dependabot-with-github-actions.md delete mode 100644 translations/es-ES/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/configuration-options-for-dependency-updates.md delete mode 100644 translations/es-ES/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/customizing-dependency-updates.md delete mode 100644 translations/es-ES/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-dependabot-version-updates.md delete mode 100644 translations/es-ES/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/index.md delete mode 100644 translations/es-ES/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/keeping-your-actions-up-to-date-with-dependabot.md delete mode 100644 translations/es-ES/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/listing-dependencies-configured-for-version-updates.md delete mode 100644 translations/es-ES/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/managing-encrypted-secrets-for-dependabot.md delete mode 100644 translations/es-ES/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/managing-pull-requests-for-dependency-updates.md delete mode 100644 translations/es-ES/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-alerts-for-vulnerable-dependencies.md delete mode 100644 translations/es-ES/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-dependabot-security-updates.md delete mode 100644 translations/es-ES/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-managing-vulnerable-dependencies.md delete mode 100644 translations/es-ES/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/configuring-dependabot-security-updates.md delete mode 100644 translations/es-ES/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/index.md delete mode 100644 translations/es-ES/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/troubleshooting-dependabot-errors.md delete mode 100644 translations/es-ES/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/troubleshooting-the-detection-of-vulnerable-dependencies.md delete mode 100644 translations/es-ES/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/viewing-and-updating-vulnerable-dependencies-in-your-repository.md create mode 100644 translations/es-ES/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-supply-chain-security.md create mode 100644 translations/es-ES/content/code-security/supply-chain-security/understanding-your-software-supply-chain/troubleshooting-the-dependency-graph.md create mode 100644 translations/es-ES/content/rest/reference/deploy_keys.md create mode 100644 translations/es-ES/data/reusables/code-scanning/alert-default-branch.md create mode 100644 translations/es-ES/data/reusables/code-scanning/filter-non-default-branches.md create mode 100644 translations/es-ES/data/reusables/dependabot/result-discrepancy.md rename translations/es-ES/data/reusables/rest-reference/{deployments/keys.md => deploy_keys/deploy_keys.md} (91%) diff --git a/translations/es-ES/content/account-and-profile/managing-subscriptions-and-notifications-on-github/setting-up-notifications/configuring-notifications.md b/translations/es-ES/content/account-and-profile/managing-subscriptions-and-notifications-on-github/setting-up-notifications/configuring-notifications.md index 286b7b089f..066ef4eb97 100644 --- a/translations/es-ES/content/account-and-profile/managing-subscriptions-and-notifications-on-github/setting-up-notifications/configuring-notifications.md +++ b/translations/es-ES/content/account-and-profile/managing-subscriptions-and-notifications-on-github/setting-up-notifications/configuring-notifications.md @@ -134,7 +134,7 @@ Email notifications from {% data variables.product.product_location %} contain t | `To` field | This field connects directly to the thread.{% ifversion not ghae %} If you reply to the email, you'll add a new comment to the conversation.{% endif %} | | `Cc` address | {% data variables.product.product_name %} will `Cc` you if you're subscribed to a conversation. The second `Cc` email address matches the notification reason. The suffix for these notification reasons is {% data variables.notifications.cc_address %}. The possible notification reasons are:
  • `assign`: You were assigned to an issue or pull request.
  • `author`: You created an issue or pull request.
  • `ci_activity`: A {% data variables.product.prodname_actions %} workflow run that you triggered was completed.
  • `comment`: You commented on an issue or pull request.
  • `manual`: There was an update to an issue or pull request you manually subscribed to.
  • `mention`: You were mentioned on an issue or pull request.
  • `push`: Someone committed to a pull request you're subscribed to.
  • `review_requested`: You or a team you're a member of was requested to review a pull request.
    • {% ifversion fpt or ghes or ghae-issue-4864 or ghec %}
  • `security_alert`: {% data variables.product.prodname_dotcom %} detected a vulnerability in a repository you receive alerts for.
    • {% endif %}
  • `state_change`: An issue or pull request you're subscribed to was either closed or opened.
  • `subscribed`: There was an update in a repository you're watching.
  • `team_mention`: A team you belong to was mentioned on an issue or pull request.
  • `your_activity`: You opened, commented on, or closed an issue or pull request.
| | `mailing list` field | This field identifies the name of the repository and its owner. The format of this address is always `..{% data variables.command_line.backticks %}`. |{% ifversion fpt or ghes or ghae-issue-4864 or ghec %} -| `X-GitHub-Severity` field | {% data reusables.repositories.security-alerts-x-github-severity %} The possible severity levels are:
  • `low`
  • `moderate`
  • `high`
  • `critical`
For more information, see "[About alerts for vulnerable dependencies](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)." |{% endif %} +| `X-GitHub-Severity` field | {% data reusables.repositories.security-alerts-x-github-severity %} The possible severity levels are:
  • `low`
  • `moderate`
  • `high`
  • `critical`
For more information, see "[About {% data variables.product.prodname_dependabot_alerts %}](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)." |{% endif %} ## Choosing your notification settings diff --git a/translations/es-ES/content/account-and-profile/managing-subscriptions-and-notifications-on-github/viewing-and-triaging-notifications/managing-notifications-from-your-inbox.md b/translations/es-ES/content/account-and-profile/managing-subscriptions-and-notifications-on-github/viewing-and-triaging-notifications/managing-notifications-from-your-inbox.md index 0b8710d460..321b39c1ca 100644 --- a/translations/es-ES/content/account-and-profile/managing-subscriptions-and-notifications-on-github/viewing-and-triaging-notifications/managing-notifications-from-your-inbox.md +++ b/translations/es-ES/content/account-and-profile/managing-subscriptions-and-notifications-on-github/viewing-and-triaging-notifications/managing-notifications-from-your-inbox.md @@ -173,7 +173,7 @@ If you use {% data variables.product.prodname_dependabot %} to keep your depende - `reason:security_alert` to show notifications for {% data variables.product.prodname_dependabot_alerts %} and security update pull requests. - `author:app/dependabot` to show notifications generated by {% data variables.product.prodname_dependabot %}. This includes {% data variables.product.prodname_dependabot_alerts %}, security update pull requests, and version update pull requests. -For more information about {% data variables.product.prodname_dependabot %}, see "[About managing vulnerable dependencies](/github/managing-security-vulnerabilities/about-managing-vulnerable-dependencies)." +For more information about {% data variables.product.prodname_dependabot %}, see "[About {% data variables.product.prodname_dependabot_alerts %}](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)." {% endif %} {% ifversion ghes < 3.3 or ghae-issue-4864 %} @@ -182,7 +182,7 @@ If you use {% data variables.product.prodname_dependabot %} to tell you about vu - `is:repository_vulnerability_alert` - `reason:security_alert` -For more information about {% data variables.product.prodname_dependabot %}, see "[About alerts for vulnerable dependencies](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)." +For more information about {% data variables.product.prodname_dependabot %}, see "[About {% data variables.product.prodname_dependabot_alerts %}](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)." {% endif %} {% endif %} diff --git a/translations/es-ES/content/account-and-profile/setting-up-and-managing-your-github-user-account/managing-user-account-settings/managing-security-and-analysis-settings-for-your-user-account.md b/translations/es-ES/content/account-and-profile/setting-up-and-managing-your-github-user-account/managing-user-account-settings/managing-security-and-analysis-settings-for-your-user-account.md index ec1dab67f4..eda7a7fcba 100644 --- a/translations/es-ES/content/account-and-profile/setting-up-and-managing-your-github-user-account/managing-user-account-settings/managing-security-and-analysis-settings-for-your-user-account.md +++ b/translations/es-ES/content/account-and-profile/setting-up-and-managing-your-github-user-account/managing-user-account-settings/managing-security-and-analysis-settings-for-your-user-account.md @@ -49,5 +49,5 @@ For an overview of repository-level security, see "[Securing your repository](/c ## Further reading - "[About the dependency graph](/github/visualizing-repository-data-with-graphs/about-the-dependency-graph)" -- "[Managing vulnerabilities in your project's dependencies](/github/managing-security-vulnerabilities/managing-vulnerabilities-in-your-projects-dependencies)" +- "[About {% data variables.product.prodname_dependabot_alerts %}](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)" - "[Keeping your dependencies updated automatically](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically)" diff --git a/translations/es-ES/content/account-and-profile/setting-up-and-managing-your-github-user-account/managing-user-account-settings/permission-levels-for-a-user-account-repository.md b/translations/es-ES/content/account-and-profile/setting-up-and-managing-your-github-user-account/managing-user-account-settings/permission-levels-for-a-user-account-repository.md index fadc98773a..e9b90a2b10 100644 --- a/translations/es-ES/content/account-and-profile/setting-up-and-managing-your-github-user-account/managing-user-account-settings/permission-levels-for-a-user-account-repository.md +++ b/translations/es-ES/content/account-and-profile/setting-up-and-managing-your-github-user-account/managing-user-account-settings/permission-levels-for-a-user-account-repository.md @@ -45,7 +45,7 @@ The repository owner has full control of the repository. In addition to the acti | Customize the repository's social media preview | "[Customizing your repository's social media preview](/github/administering-a-repository/customizing-your-repositorys-social-media-preview)" | | Create a template from the repository | "[Creating a template repository](/github/creating-cloning-and-archiving-repositories/creating-a-template-repository)" |{% ifversion fpt or ghes or ghae-issue-4864 or ghec %} | Control access to {% data variables.product.prodname_dependabot_alerts %} for vulnerable dependencies | "[Managing security and analysis settings for your repository](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#granting-access-to-security-alerts)" |{% endif %}{% ifversion fpt or ghec %} -| Dismiss {% data variables.product.prodname_dependabot_alerts %} in the repository | "[Viewing and updating vulnerable dependencies in your repository](/github/managing-security-vulnerabilities/viewing-and-updating-vulnerable-dependencies-in-your-repository)" | +| Dismiss {% data variables.product.prodname_dependabot_alerts %} in the repository | "[Viewing {% data variables.product.prodname_dependabot_alerts %} for vulnerable dependencies](/github/managing-security-vulnerabilities/viewing-and-updating-vulnerable-dependencies-in-your-repository)" | | Manage data use for a private repository | "[Managing data use settings for your private repository](/get-started/privacy-on-github/managing-data-use-settings-for-your-private-repository)"|{% endif %} | Define code owners for the repository | "[About code owners](/github/creating-cloning-and-archiving-repositories/about-code-owners)" | | Archive the repository | "[Archiving repositories](/repositories/archiving-a-github-repository/archiving-repositories)" |{% ifversion fpt or ghec %} diff --git a/translations/es-ES/content/actions/security-guides/encrypted-secrets.md b/translations/es-ES/content/actions/security-guides/encrypted-secrets.md index 8edb2efe7d..745131560f 100644 --- a/translations/es-ES/content/actions/security-guides/encrypted-secrets.md +++ b/translations/es-ES/content/actions/security-guides/encrypted-secrets.md @@ -226,6 +226,10 @@ steps: ``` {% endraw %} +Secrets cannot be directly referenced in `if:` conditionals. Instead, consider setting secrets as job-level environment variables, then referencing the environment variables to conditionally run steps in the job. For more information, see "[Context availability](/actions/learn-github-actions/contexts#context-availability)" and [`jobs..steps[*].if`](/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsif). + +If a secret has not been set, the return value of an expression referencing the secret (such as {% raw %}`${{ secrets.SuperSecret }}`{% endraw %} in the example) will be an empty string. + Evita pasar secretos entre procesos desde la línea de comando, siempre que sea posible. Command-line processes may be visible to other users (using the `ps` command) or captured by [security audit events](https://docs.microsoft.com/windows-server/identity/ad-ds/manage/component-updates/command-line-process-auditing). Para ayudar a proteger los secretos, considera usar variables de entorno, `STDIN` u otros mecanismos admitidos por el proceso de destino. Si debes pasar secretos dentro de una línea de comando, enciérralos usando las normas de uso de comillas adecuadas. Los secretos suelen contener caracteres especiales que pueden afectar involuntariamente a tu shell. Para evitar estos caracteres especiales, usa comillas en tus variables de entorno. Por ejemplo: diff --git a/translations/es-ES/content/actions/using-workflows/workflow-syntax-for-github-actions.md b/translations/es-ES/content/actions/using-workflows/workflow-syntax-for-github-actions.md index 9f67d03ed7..40e81f395f 100644 --- a/translations/es-ES/content/actions/using-workflows/workflow-syntax-for-github-actions.md +++ b/translations/es-ES/content/actions/using-workflows/workflow-syntax-for-github-actions.md @@ -342,6 +342,31 @@ steps: uses: actions/heroku@1.0.0 ``` +#### Example: Using secrets + +Secrets cannot be directly referenced in `if:` conditionals. Instead, consider setting secrets as job-level environment variables, then referencing the environment variables to conditionally run steps in the job. + +If a secret has not been set, the return value of an expression referencing the secret (such as {% raw %}`${{ secrets.SuperSecret }}`{% endraw %} in the example) will be an empty string. + +{% raw %} +```yaml +name: Run a step if a secret has been set +on: push +jobs: + my-jobname: + runs-on: ubuntu-latest + env: + super_secret: ${{ secrets.SuperSecret }} + steps: + - if: ${{ env.super_secret != '' }} + run: echo 'This step will only run if the secret has a value set.' + - if: ${{ env.super_secret == '' }} + run: echo 'This step will only run if the secret does not have a value set.' +``` +{% endraw %} + +For more information, see "[Context availability](/actions/learn-github-actions/contexts#context-availability)" and "[Encrypted secrets](/actions/security-guides/encrypted-secrets)." + ### `jobs..steps[*].name` A name for your step to display on {% data variables.product.prodname_dotcom %}. diff --git a/translations/es-ES/content/admin/code-security/managing-github-advanced-security-for-your-enterprise/deploying-github-advanced-security-in-your-enterprise.md b/translations/es-ES/content/admin/code-security/managing-github-advanced-security-for-your-enterprise/deploying-github-advanced-security-in-your-enterprise.md index b6cc0de3c5..2e1783d276 100644 --- a/translations/es-ES/content/admin/code-security/managing-github-advanced-security-for-your-enterprise/deploying-github-advanced-security-in-your-enterprise.md +++ b/translations/es-ES/content/admin/code-security/managing-github-advanced-security-for-your-enterprise/deploying-github-advanced-security-in-your-enterprise.md @@ -271,7 +271,7 @@ GitHub te permite evitar utilizar software de terceros que contenga vulnerabilid | Herramienta de administración de dependencias | Descripción | | ---------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -| Alertas del dependabot | Puedes rastrear las dependencias de tu repositorio y recibir las alertas del dependabot cuando tu empresa detecte dependencias vulnerables. Para obtener más información, consulta la sección "[Acerca de las alertas para las dependencias vulnerables](/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-alerts-for-vulnerable-dependencies)". | +| Alertas del dependabot | Puedes rastrear las dependencias de tu repositorio y recibir las alertas del dependabot cuando tu empresa detecte dependencias vulnerables. Para obtener más información, consulta la sección "[Acerca de{% data variables.product.prodname_dependabot_alerts %}](/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-alerts-for-vulnerable-dependencies)". | | Gráfica de dependencias | La gráfica de dependencias es un resumen de los archivos de bloqueo y de manifiesto que se almacenan en un repositorio. Te muestra los ecosistemas y paquetes de los cuales depende tu base de código (sus dependencias) y los repositorios y paquetes que dependen de tu proyecto (sus dependencias). Para obtener más información, consulta la sección "[Acerca de la gráfica de dependencias](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph)". |{% ifversion ghes > 3.1 or ghec %} | Revisión de dependencias | Si una solicitud de cambios contiene cambios a las dependencias, puedes ver un resumen de lo que ha cambiado y si es que existen vulnerabilidades conocidas en cualquiera de estas dependencias. Para obtener más información, consulta la sección "[Acerca de la revisión de dependencias](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review)" o "[Revisar los cambios de dependencias en una solicitud de cambios](/github/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/reviewing-dependency-changes-in-a-pull-request)". |{% endif %} {% ifversion ghec or ghes > 3.2 %} | Actualziaciones de seguridad del dependabot | El dependabot puede corregir las dependencias vulnerables levantando solicitudes de cambios con actualizaciones de seguridad. Para obtener más información, consulta la sección "[Acerca de las actualizaciones de seguridad del dependabot](/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-dependabot-security-updates)". | diff --git a/translations/es-ES/content/admin/configuration/configuring-github-connect/enabling-dependabot-for-your-enterprise.md b/translations/es-ES/content/admin/configuration/configuring-github-connect/enabling-dependabot-for-your-enterprise.md index 61f7c695f9..cb46734bfe 100644 --- a/translations/es-ES/content/admin/configuration/configuring-github-connect/enabling-dependabot-for-your-enterprise.md +++ b/translations/es-ES/content/admin/configuration/configuring-github-connect/enabling-dependabot-for-your-enterprise.md @@ -49,7 +49,7 @@ También puedes elegir sincronizar manualmente los datos de vulnerabilidad en cu When {% data variables.product.product_location %} receives information about a vulnerability, it identifies repositories in {% data variables.product.product_location %} that use the affected version of the dependency and generates {% data variables.product.prodname_dependabot_alerts %}. Puedes elegir si quieres notificar a los usuarios automáticamente acerca de las {% data variables.product.prodname_dependabot_alerts %} nuevas o no. -Para los repositorios que cuenten con las {% data variables.product.prodname_dependabot_alerts %} habilitadas, el escaneo se activa en cualquier subida a la rama predeterminada. Additionally, when a new vulnerability record is added to {% data variables.product.product_location %}, {% data variables.product.product_name %} scans all existing repositories on {% data variables.product.product_location %} and generates alerts for any repository that is vulnerable. Para obtener más información, consulta la sección "[Acerca de las alertas para las dependencias vulnerables](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)". +Para los repositorios que cuenten con las {% data variables.product.prodname_dependabot_alerts %} habilitadas, el escaneo se activa en cualquier subida a la rama predeterminada. Additionally, when a new vulnerability record is added to {% data variables.product.product_location %}, {% data variables.product.product_name %} scans all existing repositories on {% data variables.product.product_location %} and generates alerts for any repository that is vulnerable. Para obtener más información, consulta la sección "[Acerca de{% data variables.product.prodname_dependabot_alerts %}](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)". {% ifversion ghes > 3.2 %} ### Acerca de {% data variables.product.prodname_dependabot_updates %} @@ -67,7 +67,7 @@ After you enable {% data variables.product.prodname_dependabot_alerts %}, you ca With {% data variables.product.prodname_dependabot_updates %}, {% data variables.product.company_short %} automatically creates pull requests to update dependencies in two ways. - **{% data variables.product.prodname_dependabot_version_updates %}**: Los usuarios agregan un archivo de configuración del {% data variables.product.prodname_dependabot %} al repositorio para habilitar el {% data variables.product.prodname_dependabot %} para que cree solicitudes de cambios cuando se lance una versión nueva de una dependencia rastreada. Para obtener más información, consulta la sección "[Acerca de las {% data variables.product.prodname_dependabot_version_updates %}](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/about-dependabot-version-updates)". -- **{% data variables.product.prodname_dependabot_security_updates %}**: Los usuarios pueden alternar un ajuste de repositorio para habilitar que el {% data variables.product.prodname_dependabot %} cree solicitudes de cambios cuando {% data variables.product.prodname_dotcom %} detecta una vulnerabilidad en una de las dependencias de la gráfica de dependencias del repositorio. Para obtener más información, consulta las secciones "[Acerca de las alertas para las dependencias vulnerables](/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-alerts-for-vulnerable-dependencies)" y "[Acerca de las {% data variables.product.prodname_dependabot_security_updates %}](/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-dependabot-security-updates)". +- **{% data variables.product.prodname_dependabot_security_updates %}**: Los usuarios pueden alternar un ajuste de repositorio para habilitar que el {% data variables.product.prodname_dependabot %} cree solicitudes de cambios cuando {% data variables.product.prodname_dotcom %} detecta una vulnerabilidad en una de las dependencias de la gráfica de dependencias del repositorio. For more information, see "[About {% data variables.product.prodname_dependabot_alerts %}](/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-alerts-for-vulnerable-dependencies)" and "[About {% data variables.product.prodname_dependabot_security_updates %}](/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-dependabot-security-updates)." {% endif %} ## Habilitar {% data variables.product.prodname_dependabot_alerts %} diff --git a/translations/es-ES/content/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning-alerts.md b/translations/es-ES/content/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning-alerts.md index 3d628cfa43..60fc384867 100644 --- a/translations/es-ES/content/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning-alerts.md +++ b/translations/es-ES/content/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning-alerts.md @@ -27,7 +27,15 @@ By default, {% data variables.product.prodname_code_scanning %} analyzes your co Each alert highlights a problem with the code and the name of the tool that identified it. You can see the line of code that triggered the alert, as well as properties of the alert, such as the alert severity{% ifversion fpt or ghes > 3.1 or ghae or ghec %}, security severity,{% endif %} and the nature of the problem. Alerts also tell you when the issue was first introduced. For alerts identified by {% data variables.product.prodname_codeql %} analysis, you will also see information on how to fix the problem. +{% ifversion fpt or ghec or ghes > 3.4 or ghae-issue-6249 %} +{% data reusables.code-scanning.alert-default-branch %} +{% endif %} + +{% ifversion fpt or ghec or ghes > 3.4 or ghae-issue-6249 %} ![Example alert from {% data variables.product.prodname_code_scanning %}](/assets/images/help/repository/code-scanning-alert.png) +{% else %} +![Example alert from {% data variables.product.prodname_code_scanning %}](/assets/images/enterprise/3.4/repository/code-scanning-alert.png) +{% endif %} If you set up {% data variables.product.prodname_code_scanning %} using {% data variables.product.prodname_codeql %}, you can also find data-flow problems in your code. Data-flow analysis finds potential security issues in code, such as: using data insecurely, passing dangerous arguments to functions, and leaking sensitive information. diff --git a/translations/es-ES/content/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/managing-code-scanning-alerts-for-your-repository.md b/translations/es-ES/content/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/managing-code-scanning-alerts-for-your-repository.md index d6ae1c8097..c8f214deae 100644 --- a/translations/es-ES/content/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/managing-code-scanning-alerts-for-your-repository.md +++ b/translations/es-ES/content/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/managing-code-scanning-alerts-for-your-repository.md @@ -46,9 +46,16 @@ By default, the code scanning alerts page is filtered to show alerts for the def {% else %} ![List of alerts from {% data variables.product.prodname_code_scanning %}](/assets/images/enterprise/3.1/help/repository/code-scanning-click-alert.png) {% endif %} +{% ifversion fpt or ghec or ghes > 3.4 or ghae-issue-6249 %} + {% data reusables.code-scanning.alert-default-branch %} + ![The "Affected branches" section in an alert](/assets/images/help/repository/code-scanning-affected-branches.png){% endif %} 1. Optionally, if the alert highlights a problem with data flow, click **Show paths** to display the path from the data source to the sink where it's used. + {% ifversion fpt or ghec or ghes > 3.4 or ghae-issue-6249 %} ![The "Show paths" link on an alert](/assets/images/help/repository/code-scanning-show-paths.png) -1. Alerts from {% data variables.product.prodname_codeql %} analysis include a description of the problem. Click **Show more** for guidance on how to fix your code. + {% else %} + ![The "Show paths" link on an alert](/assets/images/enterprise/3.4/repository/code-scanning-show-paths.png) + {% endif %} +2. Alerts from {% data variables.product.prodname_codeql %} analysis include a description of the problem. Click **Show more** for guidance on how to fix your code. ![Details for an alert](/assets/images/help/repository/code-scanning-alert-details.png) For more information, see "[About {% data variables.product.prodname_code_scanning %} alerts](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning-alerts)." @@ -80,6 +87,10 @@ The benefit of using keyword filters is that only values with results are shown If you enter multiple filters, the view will show alerts matching _all_ these filters. For example, `is:closed severity:high branch:main` will only display closed high-severity alerts that are present on the `main` branch. The exception is filters relating to refs (`ref`, `branch` and `pr`): `is:open branch:main branch:next` will show you open alerts from both the `main` branch and the `next` branch. +{% ifversion fpt or ghec or ghes > 3.4 or ghae-issue-6249 %} +{% data reusables.code-scanning.filter-non-default-branches %} +{% endif %} + {% ifversion fpt or ghes > 3.3 or ghec %} You can prefix the `tag` filter with `-` to exclude results with that tag. For example, `-tag:style` only shows alerts that do not have the `style` tag{% if codeql-ml-queries %} and `-tag:experimental` will omit all experimental alerts. For more information, see "[About {% data variables.product.prodname_code_scanning %} alerts](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning-alerts#about-experimental-alerts)."{% else %}.{% endif %} @@ -96,10 +107,12 @@ You can use the "Only alerts in application code" filter or `autofilter:true` ke You can search the list of alerts. This is useful if there is a large number of alerts in your repository, or if you don't know the exact name for an alert for example. {% data variables.product.product_name %} performs the free text search across: - The name of the alert -- The alert description - The alert details (this also includes the information hidden from view by default in the **Show more** collapsible section) - + {% ifversion fpt or ghec or ghes > 3.4 or ghae-issue-6249 %} ![The alert information used in searches](/assets/images/help/repository/code-scanning-free-text-search-areas.png) + {% else %} + ![The alert information used in searches](/assets/images/enterprise/3.4/repository/code-scanning-free-text-search-areas.png) + {% endif %} | Supported search | Syntax example | Results | | ---- | ---- | ---- | @@ -113,7 +126,7 @@ You can search the list of alerts. This is useful if there is a large number of **Tips:** - The multiple word search is equivalent to an OR search. -- The AND search will return results where the search terms are found _anywhere_, in any order in the alert name, description, or details. +- The AND search will return results where the search terms are found _anywhere_, in any order in the alert name or details. {% endtip %} @@ -143,7 +156,7 @@ If you have write permission for a repository, you can view fixed alerts by view You can use{% ifversion fpt or ghes > 3.1 or ghae or ghec %} the free text search or{% endif %} the filters to display a subset of alerts and then in turn mark all matching alerts as closed. -Alerts may be fixed in one branch but not in another. You can use the "Branch" drop-down menu, on the summary of alerts, to check whether an alert is fixed in a particular branch. +Alerts may be fixed in one branch but not in another. You can use the "Branch" filter, on the summary of alerts, to check whether an alert is fixed in a particular branch. {% ifversion fpt or ghes > 3.1 or ghae or ghec %} ![Filtering alerts by branch](/assets/images/help/repository/code-scanning-branch-filter.png) @@ -151,6 +164,9 @@ Alerts may be fixed in one branch but not in another. You can use the "Branch" d ![Filtering alerts by branch](/assets/images/enterprise/3.1/help/repository/code-scanning-branch-filter.png) {% endif %} +{% ifversion fpt or ghec or ghes > 3.4 or ghae-issue-6249 %} +{% data reusables.code-scanning.filter-non-default-branches %} +{% endif %} ## Dismissing or deleting alerts There are two ways of closing an alert. You can fix the problem in the code, or you can dismiss the alert. Alternatively, if you have admin permissions for the repository, you can delete alerts. Deleting alerts is useful in situations where you have set up a {% data variables.product.prodname_code_scanning %} tool and then decided to remove it, or where you have configured {% data variables.product.prodname_codeql %} analysis with a larger set of queries than you want to continue using, and you've then removed some queries from the tool. In both cases, deleting alerts allows you to clean up your {% data variables.product.prodname_code_scanning %} results. You can delete alerts from the summary list within the **Security** tab. diff --git a/translations/es-ES/content/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/tracking-code-scanning-alerts-in-issues-using-task-lists.md b/translations/es-ES/content/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/tracking-code-scanning-alerts-in-issues-using-task-lists.md index 66e2303aa0..8b32764582 100644 --- a/translations/es-ES/content/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/tracking-code-scanning-alerts-in-issues-using-task-lists.md +++ b/translations/es-ES/content/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/tracking-code-scanning-alerts-in-issues-using-task-lists.md @@ -39,7 +39,11 @@ You can use more than one issue to track the same {% data variables.product.prod - A "tracked in" section will also show in the corresponding alert page. + {% ifversion fpt or ghec or ghes > 3.4 or ghae-issue-6249 %} ![Tracked in section on code scanning alert page](/assets/images/help/repository/code-scanning-alert-tracked-in-pill.png) + {% else %} + ![Tracked in section on code scanning alert page](/assets/images/enterprise/3.4/repository/code-scanning-alert-tracked-in-pill.png) + {% endif %} - On the tracking issue, {% data variables.product.prodname_dotcom %} displays a security badge icon in the task list and on the hovercard. @@ -65,7 +69,11 @@ The status of the tracked alert won't change if you change the checkbox state of 1. Optionally, to find the alert to track, you can use the free-text search or the drop-down menus to filter and locate the alert. For more information, see "[Managing code scanning alerts for your repository](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/managing-code-scanning-alerts-for-your-repository#filtering-code-scanning-alerts)." {% endif %} 1. Towards the top of the page, on the right side, click **Create issue**. + {% ifversion fpt or ghec or ghes > 3.4 or ghae-issue-6249 %} ![Create a tracking issue for the code scanning alert](/assets/images/help/repository/code-scanning-create-issue-for-alert.png) + {% else %} + ![Create a tracking issue for the code scanning alert](/assets/images/enterprise/3.4/repository/code-scanning-create-issue-for-alert.png) + {% endif %} {% data variables.product.prodname_dotcom %} automatically creates an issue to track the alert and adds the alert as a task list item. {% data variables.product.prodname_dotcom %} prepopulates the issue: - The title contains the name of the {% data variables.product.prodname_code_scanning %} alert. diff --git a/translations/es-ES/content/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/triaging-code-scanning-alerts-in-pull-requests.md b/translations/es-ES/content/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/triaging-code-scanning-alerts-in-pull-requests.md index 66ae7d484f..29eaaa3ea7 100644 --- a/translations/es-ES/content/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/triaging-code-scanning-alerts-in-pull-requests.md +++ b/translations/es-ES/content/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/triaging-code-scanning-alerts-in-pull-requests.md @@ -74,10 +74,17 @@ If you have write permission for the repository, some annotations contain links To see more information about an alert, users with write permission can click the **Show more details** link shown in the annotation. This allows you to see all of the context and metadata provided by the tool in an alert view. In the example below, you can see tags showing the severity, type, and relevant common weakness enumerations (CWEs) for the problem. The view also shows which commit introduced the problem. +{% ifversion fpt or ghec or ghes > 3.4 or ghae-issue-6249 %} +{% data reusables.code-scanning.alert-default-branch %} +{% endif %} + In the detailed view for an alert, some {% data variables.product.prodname_code_scanning %} tools, like {% data variables.product.prodname_codeql %} analysis, also include a description of the problem and a **Show more** link for guidance on how to fix your code. +{% ifversion fpt or ghec or ghes > 3.4 or ghae-issue-6249 %} ![Alert description and link to show more information](/assets/images/help/repository/code-scanning-pr-alert.png) - +{% else %} +![Alert description and link to show more information](/assets/images/enterprise/3.4/repository/code-scanning-pr-alert.png) +{% endif %} ## Fixing an alert on your pull request Anyone with push access to a pull request can fix a {% data variables.product.prodname_code_scanning %} alert that's identified on that pull request. If you commit changes to the pull request this triggers a new run of the pull request checks. If your changes fix the problem, the alert is closed and the annotation removed. diff --git a/translations/es-ES/content/code-security/dependabot/dependabot-alerts/about-dependabot-alerts.md b/translations/es-ES/content/code-security/dependabot/dependabot-alerts/about-dependabot-alerts.md new file mode 100644 index 0000000000..5d5a3dd9d7 --- /dev/null +++ b/translations/es-ES/content/code-security/dependabot/dependabot-alerts/about-dependabot-alerts.md @@ -0,0 +1,101 @@ +--- +title: About Dependabot alerts +intro: '{% data variables.product.product_name %} envía {% data variables.product.prodname_dependabot_alerts %} cuando detectamos vulnerabilidades que afectan tu repositorio.' +redirect_from: + - /articles/about-security-alerts-for-vulnerable-dependencies + - /github/managing-security-vulnerabilities/about-security-alerts-for-vulnerable-dependencies + - /github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies + - /code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies + - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-alerts-for-vulnerable-dependencies +versions: + fpt: '*' + ghes: '*' + ghae: issue-4864 + ghec: '*' +type: overview +topics: + - Dependabot + - Alerts + - Vulnerabilities + - Repositories + - Dependencies +shortTitle: Las alertas del dependabot +--- + + + +## Acerca de las dependencias vulnerables + +{% data reusables.repositories.a-vulnerability-is %} + +Cuando tu código depende de un paquete que tiene una vulnerabilidad de seguridad, esta dependencia puede causar una serie de problemas para tu proyecto o para las personas que lo utilizan. + +## Detección de dependencias vulnerables + +{% data reusables.dependabot.dependabot-alerts-beta %} + +El {% data variables.product.prodname_dependabot %} lleva a cabo un escaneo para detectar las dependencias vulnerables y envía {% data variables.product.prodname_dependabot_alerts %} cuando: + +{% ifversion fpt or ghec %} +- Se agrega una vulnerabilidad nueva a la {% data variables.product.prodname_advisory_database %}. Para obtener más información, consulta las secciones "[Buscar vulnerabilidades de seguridad en la {% data variables.product.prodname_advisory_database %}](/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/browsing-security-vulnerabilities-in-the-github-advisory-database)" y [Acerca de las {% data variables.product.prodname_security_advisories %}](/code-security/security-advisories/about-github-security-advisories)".{% else %} +- Se sincronizan los datos de las asesorías nuevas en {% data variables.product.product_location %} cada hora desde {% data variables.product.prodname_dotcom_the_website %}. {% data reusables.security-advisory.link-browsing-advisory-db %}{% endif %} + {% note %} + + **Nota:** Solo las asesorías que ha revisado {% data variables.product.company_short %} activarán las {% data variables.product.prodname_dependabot_alerts %}. + + {% endnote %} +- La gráfica de dependencias para los cambios a un repositorio. Por ejemplo, cuando un colaborador sube una confirmación para cambiar los paquetes o versiones de los cuales depende{% ifversion fpt or ghec %}, o cuando cambia el código de alguna de las dependencias{% endif %}. Para obtener más información, consulta la sección "[Acerca de la gráfica de dependencias](/code-security/supply-chain-security/about-the-dependency-graph)". + +{% data reusables.repositories.dependency-review %} + +Para encontrar una lista de ecosistemas para las cuales {% data variables.product.product_name %} puede detectar vulnerabilidades y dependencias, consulta la sección [ecosistemas de paquete compatibles](/github/visualizing-repository-data-with-graphs/about-the-dependency-graph#supported-package-ecosystems)". + +{% note %} + +**Nota:** Es importante mantener actualizados tu manifiesto y tus archivos bloqueados. Si la gráfica de dependencias no refleja con exactitud tus versiones y dependencias actuales, entonces podrías dejar pasar las alertas de las dependencias vulnerables que utilizas. También podrías obtener alertas de las dependencias que ya no utilizas. + +{% endnote %} + +## {% data variables.product.prodname_dependabot_alerts %} para dependencias vulnerables + +{% data reusables.repositories.enable-security-alerts %} + +{% ifversion fpt or ghec %}{% data variables.product.prodname_dotcom %} detecta las dependencias vulnerables en los repositorios _públicos_ y muestra la gráfica de dependencias, pero no genera {% data variables.product.prodname_dependabot_alerts %} predeterminadamente. Los propietarios de repositorios o las personas con acceso administrativo pueden habilitar las {% data variables.product.prodname_dependabot_alerts %} para los repositorios públicos. Los propietarios de los repositorios privados o las personas con acceso administrativo puede habilitar las {% data variables.product.prodname_dependabot_alerts %} si habilitan la gráfica de dependencias y las {% data variables.product.prodname_dependabot_alerts %} para sus repositorios. + +También puedes habilitar o inhabilitar las {% data variables.product.prodname_dependabot_alerts %} para todos los repositorios que pertenezcan atu cuenta de usuario u organización. Para obtener más información, consulta la sección "[Administrar la seguridad y la configuración de análisis para tu cuenta de usuario](/github/setting-up-and-managing-your-github-user-account/managing-security-and-analysis-settings-for-your-user-account)" o la sección "[Administrar la configuración de seguridad y análisis para tu organización](/organizations/keeping-your-organization-secure/managing-security-and-analysis-settings-for-your-organization)". + +Para obtener más información sobre los requisitos de acceso para las acciones que se relacionan con las {% data variables.product.prodname_dependabot_alerts %}, consulta la sección "[Roles de repositorio para una organización](/organizations/managing-access-to-your-organizations-repositories/repository-roles-for-an-organization#access-requirements-for-security-features)". + +{% data variables.product.product_name %} comienza a generar la gráfica de dependencias inmediatamente y genera alertas de cualquier dependencia vulnerable tan pronto como las identifique. La gráfica se llena en cuestión de minutos habitualmente, pero esto puede tardar más para los repositorios que tengan muchas dependencias. Para obtener más información, consulta la sección "[Administrar la configuración de uso de datos para tu repositorio privado](/get-started/privacy-on-github/managing-data-use-settings-for-your-private-repository)". +{% endif %} + +Cuando {% data variables.product.product_name %} identifica una dependencia vulnerable, generamos una alerta del {% data variables.product.prodname_dependabot %} y la mostramos {% ifversion fpt or ghec or ghes %}en la pestaña de Seguridad del repositorio y{% endif %} en la gráfica de dependencias del mismo. La alerta incluye {% ifversion fpt or ghec or ghes %}un enlace al archivo afectado en el proyecto e{% endif %}información sobre una versión corregida. {% data variables.product.product_name %} también podría notificar a los mantenedores de los repositorios afectados sobre la nueva alerta de acuerdo con sus preferencias de notificaciones. Para obtener más información, consulta la sección "[Configurar las notificaciones para las dependencias vulnerables](/code-security/supply-chain-security/configuring-notifications-for-vulnerable-dependencies)". + +{% ifversion fpt or ghec or ghes > 3.2 %} +Para los repositorios en donde están habilitadas las {% data variables.product.prodname_dependabot_security_updates %}, la alerta también podría contener un enlace a una solicitud de cambios o a una actualización en el archivo de bloqueo o de manifiesto para la versión mínima que resuelva la vulnerabilidad. Para obtener más información, consulta la sección "[Acerca de las {% data variables.product.prodname_dependabot_security_updates %}](/github/managing-security-vulnerabilities/about-dependabot-security-updates)". +{% endif %} + +{% warning %} + +**Nota**: Las características de seguridad de {% data variables.product.product_name %} no aseguran que se detectarán todas las vulnerabilidades. Aunque siempre estamos tratando de actualizar nuestra base de datos de vulnerabilidades y de generar alertas con nuestra información más actualizada, no podremos atrapar todo o garantizar decirte acerca de las vulnerabilidades conocidas dentro de un periodo de tiempo determinado. Estas características no son sustitutos de la revisión humana de cada dependencia por posibles vulnerabilidades o cualquier otra cuestión. Te recomendamos consultar con un servicio de seguridad o realizar una revisión de vulnerabilidad exhaustiva cuando sea necesario. + +{% endwarning %} + +## Acceder a las {% data variables.product.prodname_dependabot_alerts %} + +Puedes ver todas las alertas que afectan un proyecto en particular{% ifversion fpt or ghec %} en la pestaña de Seguridad del repositorio o{% endif %} en la gráfica de dependencias del repositorio. For more information, see "[Viewing {% data variables.product.prodname_dependabot_alerts %} for vulnerable dependencies](/github/managing-security-vulnerabilities/viewing-and-updating-vulnerable-dependencies-in-your-repository)." + +Predeterminadamente, notificamos a las personas con permisos administrativos en los repositorios afectados sobre las {% data variables.product.prodname_dependabot_alerts %} nuevas. {% ifversion fpt or ghec %}{% data variables.product.product_name %} nunca divulga públicamente las vulnerabilidades identificadas de ningún repositorio. También puedes hacer que las {% data variables.product.prodname_dependabot_alerts %} sean visibles para más personas o equipos que trabajen en los repositorios que te pertenecen o para los cuales tienes permisos administrativos. Para obtener más información, consulta la sección "[Administrar la configuración de seguridad y análisis para tu repositorio](/github/administering-a-repository/managing-security-and-analysis-settings-for-your-repository#granting-access-to-security-alerts)". +{% endif %} + +{% data reusables.notifications.vulnerable-dependency-notification-enable %} +{% data reusables.notifications.vulnerable-dependency-notification-delivery-method-customization2 %} Para obtener más información, consulta la sección "[Configurar las notificaciones para las dependencias vulnerables](/code-security/supply-chain-security/configuring-notifications-for-vulnerable-dependencies)". + +También puedes ver todas las {% data variables.product.prodname_dependabot_alerts %} que corresponden a una vulnerabilidad en particular en la {% data variables.product.prodname_advisory_database %}. {% data reusables.security-advisory.link-browsing-advisory-db %} + +{% ifversion fpt or ghec or ghes > 3.2 %} +## Leer más + +- "[Acerca de las {% data variables.product.prodname_dependabot_security_updates %}](/github/managing-security-vulnerabilities/about-dependabot-security-updates)" +- "[Viewing {% data variables.product.prodname_dependabot_alerts %} for vulnerable dependencies](/articles/viewing-and-updating-vulnerable-dependencies-in-your-repository)"{% endif %} +{% ifversion fpt or ghec %}- "[Privacidad en {% data variables.product.prodname_dotcom %}](/get-started/privacy-on-github)"{% endif %} diff --git a/translations/es-ES/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/browsing-security-vulnerabilities-in-the-github-advisory-database.md b/translations/es-ES/content/code-security/dependabot/dependabot-alerts/browsing-security-vulnerabilities-in-the-github-advisory-database.md similarity index 92% rename from translations/es-ES/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/browsing-security-vulnerabilities-in-the-github-advisory-database.md rename to translations/es-ES/content/code-security/dependabot/dependabot-alerts/browsing-security-vulnerabilities-in-the-github-advisory-database.md index 429a422217..b9fa1675b0 100644 --- a/translations/es-ES/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/browsing-security-vulnerabilities-in-the-github-advisory-database.md +++ b/translations/es-ES/content/code-security/dependabot/dependabot-alerts/browsing-security-vulnerabilities-in-the-github-advisory-database.md @@ -6,6 +6,7 @@ miniTocMaxHeadingLevel: 3 redirect_from: - /github/managing-security-vulnerabilities/browsing-security-vulnerabilities-in-the-github-advisory-database - /code-security/supply-chain-security/browsing-security-vulnerabilities-in-the-github-advisory-database + - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/browsing-security-vulnerabilities-in-the-github-advisory-database versions: fpt: '*' ghec: '*' @@ -36,7 +37,7 @@ Las asesorías que revisa {% data variables.product.company_short %} son vulnera Revisamos la validez de cada asesoría cuidadosamente. Cada asesoría que revisa {% data variables.product.company_short %} tiene una descripción completa y contiene información tanto del ecosistema como del paquete. -Si habilitas las {% data variables.product.prodname_dependabot_alerts %} para tus repositorios, se te notifica automáticamente cuando una asesoría que revisa {% data variables.product.company_short %} afecta a los paquetes de los que dependes. Para obtener más información, consulta la sección "[Acerca de las alertas para las dependencias vulnerables](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)". +Si habilitas las {% data variables.product.prodname_dependabot_alerts %} para tus repositorios, se te notifica automáticamente cuando una asesoría que revisa {% data variables.product.company_short %} afecta a los paquetes de los que dependes. For more information, see "[About {% data variables.product.prodname_dependabot_alerts %}](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)." ### Acerca de las asesorías sin revisar @@ -76,7 +77,7 @@ También se puede acceder a la base de datos utilizando la API de GraphQL. Para {% endnote %} ## Editar una asesoría en la {% data variables.product.prodname_advisory_database %} -Puedes sugerir mejoras a cualquier asesoría en la {% data variables.product.prodname_advisory_database %}. Para obtener más información, consulta la sección "[Editar las asesorías de seguridad en la {% data variables.product.prodname_advisory_database %}](/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/editing-security-advisories-in-the-github-advisory-database)". +Puedes sugerir mejoras a cualquier asesoría en la {% data variables.product.prodname_advisory_database %}. For more information, see "[Editing security advisories in the {% data variables.product.prodname_advisory_database %}](/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/editing-security-advisories-in-the-github-advisory-database)." ## Buscar en la {% data variables.product.prodname_advisory_database %} por coincidencia exacta @@ -107,7 +108,7 @@ Puedes buscar la base de datos y utilizar los calificadores para definir más tu ## Visualizar tus repositorios vulnerables -Para cualquier asesoría que revise {% data variables.product.company_short %} en la {% data variables.product.prodname_advisory_database %}, puedes ver cuáles de tus repositorios se ven afectados por esa vulnerabilidad de seguridad. Para ver un repositorio vulnerable, debes tener acceso a las {% data variables.product.prodname_dependabot_alerts %} de este. Para obtener más información, consulta la sección "[Acerca de las alertas para las dependencias vulnerables](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies#access-to-dependabot-alerts)". +Para cualquier asesoría que revise {% data variables.product.company_short %} en la {% data variables.product.prodname_advisory_database %}, puedes ver cuáles de tus repositorios se ven afectados por esa vulnerabilidad de seguridad. Para ver un repositorio vulnerable, debes tener acceso a las {% data variables.product.prodname_dependabot_alerts %} de este. Para obtener más información, consulta la sección "[Acerca de las {% data variables.product.prodname_dependabot_alerts %}](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies#access-to-dependabot-alerts)". 1. Navega hasta https://github.com/advisories. 2. Haz clic en una asesoría. diff --git a/translations/es-ES/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/configuring-notifications-for-vulnerable-dependencies.md b/translations/es-ES/content/code-security/dependabot/dependabot-alerts/configuring-notifications-for-dependabot-alerts.md similarity index 87% rename from translations/es-ES/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/configuring-notifications-for-vulnerable-dependencies.md rename to translations/es-ES/content/code-security/dependabot/dependabot-alerts/configuring-notifications-for-dependabot-alerts.md index 79451b4dcf..0387ee0927 100644 --- a/translations/es-ES/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/configuring-notifications-for-vulnerable-dependencies.md +++ b/translations/es-ES/content/code-security/dependabot/dependabot-alerts/configuring-notifications-for-dependabot-alerts.md @@ -1,10 +1,11 @@ --- -title: Configurar las notificaciones para las dependencias vulnerables -shortTitle: Configurar notificaciones +title: Configuring notifications for Dependabot alerts +shortTitle: Configure notifications intro: 'Optimiza la forma en la que recibes notificaciones de {% data variables.product.prodname_dependabot_alerts %}.' redirect_from: - /github/managing-security-vulnerabilities/configuring-notifications-for-vulnerable-dependencies - /code-security/supply-chain-security/configuring-notifications-for-vulnerable-dependencies + - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/configuring-notifications-for-vulnerable-dependencies versions: fpt: '*' ghes: '*' @@ -51,7 +52,7 @@ Puedes configurar los ajustes de notificaciones para ti mismo o para tu organiza {% note %} -**Nota:** Puedes filtrar tus notificaciones en {% data variables.product.company_short %} para mostrar las {% data variables.product.prodname_dependabot_alerts %}. Para recibir más información, consulta la sección "[Administrar las notificaciones desde tu bandeja de entrada](/github/managing-subscriptions-and-notifications-on-github/managing-notifications-from-your-inbox#dependabot-custom-filters)". +**Nota:** Puedes filtrar tus notificaciones en {% data variables.product.company_short %} para mostrar las {% data variables.product.prodname_dependabot_alerts %}. Para obtener más información, consulta la sección "[Administrar notificación desde tu bandeja de entrada](/github/managing-subscriptions-and-notifications-on-github/managing-notifications-from-your-inbox#dependabot-custom-filters)". {% endnote %} @@ -59,7 +60,7 @@ Puedes configurar los ajustes de notificaciones para ti mismo o para tu organiza ## Cómo reducir el ruido de las notificaciones para las dependencias vulnerables -Si te preocupa recibir demasiadas notificaciones para las {% data variables.product.prodname_dependabot_alerts %}, te recomendamos que te unas al resumen semanal por correo electrónico o que apagues las notificaciones mientras mantienes habilitadas las {% data variables.product.prodname_dependabot_alerts %}. Aún puedes navegar para ver tus {% data variables.product.prodname_dependabot_alerts %} en la pestaña de seguridad de tu repositorio. Para obtener más información, consulta la sección "[Visualizar y actualizar las dependencias vulnerables en tu repositiorio](/github/managing-security-vulnerabilities/viewing-and-updating-vulnerable-dependencies-in-your-repository)". +Si te preocupa recibir demasiadas notificaciones para las {% data variables.product.prodname_dependabot_alerts %}, te recomendamos que te unas al resumen semanal por correo electrónico o que apagues las notificaciones mientras mantienes habilitadas las {% data variables.product.prodname_dependabot_alerts %}. Aún puedes navegar para ver tus {% data variables.product.prodname_dependabot_alerts %} en la pestaña de seguridad de tu repositorio. For more information, see "[Viewing {% data variables.product.prodname_dependabot_alerts %} for vulnerable dependencies](/github/managing-security-vulnerabilities/viewing-and-updating-vulnerable-dependencies-in-your-repository)." ## Leer más diff --git a/translations/es-ES/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/editing-security-advisories-in-the-github-advisory-database.md b/translations/es-ES/content/code-security/dependabot/dependabot-alerts/editing-security-advisories-in-the-github-advisory-database.md similarity index 94% rename from translations/es-ES/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/editing-security-advisories-in-the-github-advisory-database.md rename to translations/es-ES/content/code-security/dependabot/dependabot-alerts/editing-security-advisories-in-the-github-advisory-database.md index 2521a88f09..506b79db19 100644 --- a/translations/es-ES/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/editing-security-advisories-in-the-github-advisory-database.md +++ b/translations/es-ES/content/code-security/dependabot/dependabot-alerts/editing-security-advisories-in-the-github-advisory-database.md @@ -3,6 +3,7 @@ title: Editing security advisories in the GitHub Advisory Database intro: 'You can submit improvements to any advisory published in the {% data variables.product.prodname_advisory_database %}.' redirect_from: - /code-security/security-advisories/editing-security-advisories-in-the-github-advisory-database + - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/editing-security-advisories-in-the-github-advisory-database versions: fpt: '*' ghec: '*' diff --git a/translations/es-ES/content/code-security/dependabot/dependabot-alerts/index.md b/translations/es-ES/content/code-security/dependabot/dependabot-alerts/index.md new file mode 100644 index 0000000000..b6b5ef6627 --- /dev/null +++ b/translations/es-ES/content/code-security/dependabot/dependabot-alerts/index.md @@ -0,0 +1,24 @@ +--- +title: Identifying vulnerabilities in your project's dependencies with Dependabot alerts +shortTitle: Las alertas del dependabot +intro: '{% data variables.product.prodname_dependabot %} generates {% data variables.product.prodname_dependabot_alerts %} when known vulnerabilites are detected in dependencies that your project uses.' +allowTitleToDifferFromFilename: true +versions: + fpt: '*' + ghes: '*' + ghae: issue-4864 + ghec: '*' +topics: + - Dependabot + - Alerts + - Vulnerabilities + - Repositories + - Dependencies +children: + - /browsing-security-vulnerabilities-in-the-github-advisory-database + - /editing-security-advisories-in-the-github-advisory-database + - /about-dependabot-alerts + - /viewing-and-updating-dependabot-alerts + - /configuring-notifications-for-dependabot-alerts +--- + diff --git a/translations/es-ES/content/code-security/dependabot/dependabot-alerts/viewing-and-updating-dependabot-alerts.md b/translations/es-ES/content/code-security/dependabot/dependabot-alerts/viewing-and-updating-dependabot-alerts.md new file mode 100644 index 0000000000..ec69f49a52 --- /dev/null +++ b/translations/es-ES/content/code-security/dependabot/dependabot-alerts/viewing-and-updating-dependabot-alerts.md @@ -0,0 +1,106 @@ +--- +title: Viewing and updating Dependabot alerts +intro: 'Si {% data variables.product.product_name %} descubre una dependencia vulnerable en tu proyecto, podrás verla en la pestaña de alertas del Dependabot de tu repositorio. Posteriormente, podrás actualizar tu proyecto para resolver o descartar la vulnerabilidad.' +redirect_from: + - /articles/viewing-and-updating-vulnerable-dependencies-in-your-repository + - /github/managing-security-vulnerabilities/viewing-and-updating-vulnerable-dependencies-in-your-repository + - /code-security/supply-chain-security/viewing-and-updating-vulnerable-dependencies-in-your-repository + - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/viewing-and-updating-vulnerable-dependencies-in-your-repository +permissions: Repository administrators and organization owners can view and update dependencies. +shortTitle: View Dependabot alerts +versions: + fpt: '*' + ghes: '*' + ghae: issue-4864 + ghec: '*' +type: how_to +topics: + - Dependabot + - Security updates + - Alerts + - Dependencies + - Pull requests + - Repositories +--- + +{% data reusables.dependabot.beta-security-and-version-updates %} +{% data reusables.dependabot.enterprise-enable-dependabot %} + +La pestaña de {% data variables.product.prodname_dependabot_alerts %} de tu repositorio lista todas las{% data variables.product.prodname_dependabot_alerts %} abiertas y cerradas{% ifversion fpt or ghec or ghes > 3.2 %}, así como las {% data variables.product.prodname_dependabot_security_updates %} correspondientes{% endif %}. Puedes{% ifversion fpt or ghec or ghes > 3.4 or ghae-issue-5638 %} filtrar las alertas por paquete, ecosistema o manifiesto. Tambén puedes{% endif %} clasificar la lista de alertas y hacer clic en ellas para obtener más detalles. For more information, see "[About {% data variables.product.prodname_dependabot_alerts %}](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)." + +{% ifversion fpt or ghec or ghes > 3.2 %} +Puedes habilitar las alertas de seguridad automáticas para cualquier repositorio que utilice {% data variables.product.prodname_dependabot_alerts %} y la gráfica de dependencias. Para obtener más información, consulta la sección "[Acerca de las {% data variables.product.prodname_dependabot_security_updates %}](/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-dependabot-security-updates)". +{% endif %} + +{% data reusables.repositories.dependency-review %} + +{% ifversion fpt or ghec or ghes > 3.2 %} +## Acerca de las actualizaciones para las dependencias vulnerables en tu repositorio + +{% data variables.product.product_name %} genera {% data variables.product.prodname_dependabot_alerts %} cuando detectamos que tu base de código está utilizando dependencias con vulnerabilidades conocidas. Para los repositorios en donde se habilitan las {% data variables.product.prodname_dependabot_security_updates %} cuando {% data variables.product.product_name %} detecta una dependencia vulnerable en la rama predeterminada, {% data variables.product.prodname_dependabot %} crea una solicitud de cambios para arreglarla. La solicitud de extracción mejorará la dependencia a la versión segura mínima que sea posible y necesaria para evitar la vulnerabilidad. + +{% ifversion fpt or ghec or ghes > 3.4 or ghae-issue-5638 %}Puedes clasificar y filtrar las {% data variables.product.prodname_dependabot_alerts %} con los menús desplegables en la pestaña de {% data variables.product.prodname_dependabot_alerts %} o tecleando filtros tales como pares de `key:value` en la barra de búsqueda. Los filtros disponibles son los de repositorio (pro ejemplo, `repo:my-repository`), paquete (por ejemplo, `package:django`), ecosistema (por ejemplo, `ecosystem:npm`), manifiesto (por ejemplo, `manifest:webwolf/pom.xml`), estado (por ejemplo, `is:open`) y si la asesoría tiene un parche (por ejemplo, `has: patch`). + +Cada alerta del {% data variables.product.prodname_dependabot %} tiene un identificador numérico único y la pestaña de {% data variables.product.prodname_dependabot_alerts %} lista una alerta por cada vulnerabilidad detectada. Las {% data variables.product.prodname_dependabot_alerts %} tradicionales agrupan vulnerabilidades por dependencia y generan una sola alerta por dependencia. Si navegas a una alerta tradicional del {% data variables.product.prodname_dependabot %}, se te redirigirá a una pestaña de {% data variables.product.prodname_dependabot_alerts %} filtradas para este paquete. {% endif %} +{% endif %} + +## Ver y actualizar las dependencias vulnerables + +{% ifversion fpt or ghec or ghes > 3.4 or ghae-issue-5638 %} +{% data reusables.repositories.navigate-to-repo %} +{% data reusables.repositories.sidebar-security %} +{% data reusables.repositories.sidebar-dependabot-alerts %} +1. Opcionalmente, para filtrar alertas, selecciona el menú desplegable de **Repositorio**, l **Paquete**, **Ecosistema** o **Manifiesto** y luego haz clic en el filtro que te gustaría aplicar. También puedes teclear filtros en la barra de búsqueda. Por ejemplo, `ecosystem:npm` o `has:patch`. Para ordenar las alertas, selecciona el menú desplegable **Ordenar** y luego haz clic en la opción por la cual te gustaría ordenarlas. ![Captura de pantalla del filtro y menús de clasificación en la pestaña de las {% data variables.product.prodname_dependabot_alerts %}](/assets/images/help/graphs/dependabot-alerts-filters.png) +1. Haz clic en la alerta que te gustaría ver. ![Alerta seleccionada en la lista de alertas](/assets/images/help/graphs/click-alert-in-alerts-list-ungrouped.png) +1. Revisa los detalles de la vulnerabilidad y, en caso de que esté disponible, la solicitud de extracción que contienen la actualización de seguridad automatizada. +1. Opcionalmente, si no existe ya una actualización de {% data variables.product.prodname_dependabot_security_updates %} para la alerta, para crear una solicitud de extracción o para resolver la vulnerabilidad, da clic en **Crear una actualización de eguridad del {% data variables.product.prodname_dependabot %}**. ![Crea un botón de actualización de seguridad del {% data variables.product.prodname_dependabot %}](/assets/images/help/repository/create-dependabot-security-update-button-ungrouped.png) +1. Cuando estés listo para actualizar tu dependencia y resolver la vulnerabilidad, fusiona la solicitud de extracción. Cada solicitud de extracción que levante el {% data variables.product.prodname_dependabot %} incluye información sobre los comandos que puedes utilizar para controlar el {% data variables.product.prodname_dependabot %}. Para obtener más información, consulta la sección "[Adminsitrar las solicitudes de extracción para las actualizaciones de las dependencias](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/managing-pull-requests-for-dependency-updates#managing-dependabot-pull-requests-with-comment-commands)". +1. Optionally, if the alert is being fixed, if it's incorrect, or located in unused code, select the "Dismiss" dropdown, and click a reason for dismissing the alert.{% if reopen-dependabot-alerts %} Unfixed dismissed alerts can be reopened later.{% endif %} ![Elegir una razón para descartar la alerta a través del menú desplegable de "Descartar"](/assets/images/help/repository/dependabot-alert-dismiss-drop-down-ungrouped.png) + +{% elsif ghes = 3.3 %} +{% data reusables.repositories.navigate-to-repo %} +{% data reusables.repositories.sidebar-security %} +{% data reusables.repositories.sidebar-dependabot-alerts %} +1. Haz clic en la alerta que quieres ver. ![Alerta seleccionada en la lista de alertas](/assets/images/help/graphs/click-alert-in-alerts-list.png) +1. Revisa los detalles de la vulnerabilidad y, en caso de que esté disponible, la solicitud de extracción que contienen la actualización de seguridad automatizada. +1. Opcionalmente, si no existe ya una actualización de {% data variables.product.prodname_dependabot_security_updates %} para la alerta, para crear una solicitud de extracción o para resolver la vulnerabilidad, da clic en **Crear una actualización de eguridad del {% data variables.product.prodname_dependabot %}**. ![Crea un botón de actualización de seguridad del {% data variables.product.prodname_dependabot %}](/assets/images/help/repository/create-dependabot-security-update-button.png) +1. Cuando estés listo para actualizar tu dependencia y resolver la vulnerabilidad, fusiona la solicitud de extracción. Cada solicitud de extracción que levante el {% data variables.product.prodname_dependabot %} incluye información sobre los comandos que puedes utilizar para controlar el {% data variables.product.prodname_dependabot %}. Para obtener más información, consulta la sección "[Adminsitrar las solicitudes de extracción para las actualizaciones de las dependencias](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/managing-pull-requests-for-dependency-updates#managing-dependabot-pull-requests-with-comment-commands)". +1. Opcionalmente, si se está arreglando la alerta, si es incorrecta o si se ubica en una sección de código sin utilizar, selecciona el menú desplegable de "Descartar" y haz clic en una razón para descartar la alerta. ![Elegir una razón para descartar la alerta a través del menú desplegable de "Descartar"](/assets/images/help/repository/dependabot-alert-dismiss-drop-down.png) + +{% elsif ghes = 3.1 or ghes = 3.2 or ghae-issue-4864 %} +{% data reusables.repositories.navigate-to-repo %} +{% data reusables.repositories.sidebar-security %} +{% data reusables.repositories.sidebar-dependabot-alerts %} +1. Haz clic en la alerta que quieres ver. ![Alerta seleccionada en la lista de alertas](/assets/images/enterprise/graphs/click-alert-in-alerts-list.png) +1. Revisa los detalles de la vulnerabilidad y determina si necesitas actualizar la dependencia o no. +1. Cuando fusionas una solicitud de cambios que actualice el archivo de manifiesto o de bloqueo a una versión segura de la dependencia, esto resolverá la alerta. Como alternativa, si decides no actualizar la dependencia, selecciona el menú desplegable **Descartar** y haz clic en una razón para descartar la alerta. ![Elegir una razón para descartar la alerta a través del menú desplegable de "Descartar"](/assets/images/enterprise/repository/dependabot-alert-dismiss-drop-down.png) + +{% else %} +{% data reusables.repositories.navigate-to-repo %} +{% data reusables.repositories.accessing-repository-graphs %} +{% data reusables.repositories.click-dependency-graph %} +1. Haz clic en el número de versión de la dependencia vulnerable para mostrar la información detallada. ![Información detallada de la dependencia vulnerable](/assets/images/enterprise/3.0/dependabot-alert-info.png) +1. Revisa los detalles de la vulnerabilidad y determina si necesitas actualizar la dependencia o no. Cuando fusionas una solicitud de cambios que actualice el archivo de manifiesto o de bloqueo a una versión segura de la dependencia, esto resolverá la alerta. +1. El letrero en la parte superior de la pestaña de **Dependencias** se muestra hasta que todas las dependencias vulnerables se resuelven o hasta que lo descartes. Haz clic en **Descartar** en la esquina superior derecha del letrero y selecciona una razón para descartar la alerta. ![Descartar el letrero de seguridad](/assets/images/enterprise/3.0/dependabot-alert-dismiss.png) +{% endif %} + +{% if reopen-dependabot-alerts %} + +## Viewing and updating closed alerts + +{% data reusables.repositories.navigate-to-repo %} +{% data reusables.repositories.sidebar-security %} +{% data reusables.repositories.sidebar-dependabot-alerts %} +1. To just view closed alerts, click **Closed**. ![Screenshot showing the "Closed" option](/assets/images/help/repository/dependabot-alerts-closed.png) +1. Click the alert that you would like to view or update. ![Screenshot showing a highlighted dependabot alert](/assets/images/help/repository/dependabot-alerts-select-closed-alert.png) +2. Optionally, if the alert was dismissed and you wish to reopen it, click **Reopen**. ![Screenshot showing the "Reopen" button](/assets/images/help/repository/reopen-dismissed-alert.png) + +{% endif %} + +## Leer más + +- "[About {% data variables.product.prodname_dependabot_alerts %}](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)"{% ifversion fpt or ghec or ghes > 3.2 %} +- "[Configurar las {% data variables.product.prodname_dependabot_security_updates %}](/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/configuring-dependabot-security-updates)"{% endif %} +- "[Administrar la configuración de seguridad y de análisis para tu organización](/github/administering-a-repository/managing-security-and-analysis-settings-for-your-repository)" +- "[Solucionar problemas en la detección de dependencias vulnerables](/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/troubleshooting-the-detection-of-vulnerable-dependencies)"{% ifversion fpt or ghec or ghes > 3.2 %} +- "[Solucionar problemas de los errores del {% data variables.product.prodname_dependabot %}](/github/managing-security-vulnerabilities/troubleshooting-dependabot-errors)"{% endif %} diff --git a/translations/es-ES/content/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates.md b/translations/es-ES/content/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates.md new file mode 100644 index 0000000000..b71d247470 --- /dev/null +++ b/translations/es-ES/content/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates.md @@ -0,0 +1,67 @@ +--- +title: Acerca de las actualizaciones de seguridad del Dependabot +intro: '{% data variables.product.prodname_dependabot %} puede arreglar tus dependencias vulnerables levantando solicitudes de extracción con actualizaciones de seguridad.' +shortTitle: Actualizaciones de seguridad del dependabot +redirect_from: + - /github/managing-security-vulnerabilities/about-github-dependabot-security-updates + - /github/managing-security-vulnerabilities/about-dependabot-security-updates + - /code-security/supply-chain-security/about-dependabot-security-updates + - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-dependabot-security-updates +versions: + fpt: '*' + ghec: '*' + ghes: '> 3.2' +type: overview +topics: + - Dependabot + - Security updates + - Vulnerabilities + - Repositories + - Dependencies + - Pull requests +--- + + + +{% data reusables.dependabot.beta-security-and-version-updates %} +{% data reusables.dependabot.enterprise-enable-dependabot %} + +## Acerca de {% data variables.product.prodname_dependabot_security_updates %} + +Las {% data variables.product.prodname_dependabot_security_updates %} te facilitan el arreglar las dependencias vulnerables en tu repositorio. Si habilitas esta característica, cuando se levante una alerta del {% data variables.product.prodname_dependabot %} para una dependencia vulnerable en la gráfica de dependencias de tu repositorio, {% data variables.product.prodname_dependabot %} intentará arreglarla automáticamente. Para obtener más información, consulta las secciones "[Acerca de las {% data variables.product.prodname_dependabot_alerts %}](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)" y "[Configurar las {% data variables.product.prodname_dependabot_security_updates %}](/github/managing-security-vulnerabilities/configuring-dependabot-security-updates)". + +{% data variables.product.prodname_dotcom %} podría enviar {% data variables.product.prodname_dependabot_alerts %} a los repositorios que se vieron afectados por la vulnerabilidad que se divulgó en una asesoría de seguridad de {% data variables.product.prodname_dotcom %} publicada recientemente. {% data reusables.security-advisory.link-browsing-advisory-db %} + +{% data variables.product.prodname_dependabot %} verifica si es posible actualizar la dependencia vulnerable a una versión arreglada sin irrumpir en la gráfica de dependencias para el repositorio. Posteriormente, el {% data variables.product.prodname_dependabot %} levanta una solicitud de cambios para actualizar la dependencia a la versión mínima que incluye el parche y los enlaces a la solicitud de cambios para la alerta del {% data variables.product.prodname_dependabot %}, o reporta un error en la alerta. Para obtener más información, consulta la sección "[Solucionar problemas para los errores del {% data variables.product.prodname_dependabot %}](/github/managing-security-vulnerabilities/troubleshooting-dependabot-errors)". + +{% note %} + +**Nota** + +La característica de {% data variables.product.prodname_dependabot_security_updates %} se encuentra disponible para los repositorios en donde hayas habilitado la gráfica de dependencias y las {% data variables.product.prodname_dependabot_alerts %}. Verás una alerta del {% data variables.product.prodname_dependabot %} por cada dependencia vulnerable que se haya identificado en toda tu gráfica de dependencias. Sin embargo, las actualizaciones de seguridad se activan únicamente para las dependencias que se especifican en un archivo de manifiesto o de bloqueo. El {% data variables.product.prodname_dependabot %} no puede actualizar una dependencia indirecta o transitoria si no se define explícitamente. Para obtener más información, consulta la sección "[Acerca de la gráfica de dependencias](/github/visualizing-repository-data-with-graphs/about-the-dependency-graph#dependencies-included)". + +{% endnote %} + +Puedes habilitar una característica relacionada, {% data variables.product.prodname_dependabot_version_updates %}, para que el {% data variables.product.prodname_dependabot %} levante solicitudes de cambio para actualizar el manifiesto a la última versión de la dependencia cuando detecte una que esté desactualizada. Para obtener más información, consulta la sección "[Acerca de las actualizaciones de versión del {% data variables.product.prodname_dependabot %}](/github/administering-a-repository/about-dependabot-version-updates)". + +{% data reusables.dependabot.pull-request-security-vs-version-updates %} + +## Acerca de las solicitudes de cambios para las actualizaciones de seguridad + +Cada solicitud de cambios contiene todo lo que necesitas para revisar y fusionar de forma rápida y segura un arreglo propuesto en tu proyecto. Esto incluye la información acerca de la vulnerabilidad, como las notas de lanzamiento, las entradas de bitácora de cambios, y los detalles de confirmación. Los detalles de qué vulnerabilidad resuelve una solicitud de cambios se encuentran ocultos para cualquiera que no tenga acceso a las {% data variables.product.prodname_dependabot_alerts %} del repositorio en cuestión. + +Cuando fusionas una solicitud de cambios que contiene una actualización de seguridad, la alerta correspondiente del {% data variables.product.prodname_dependabot %} se marca como resuelta en el repositorio. Para obtener más información acerca de las solicitudes de cambios del {% data variables.product.prodname_dependabot %}, consulta la sección "[Administrar las solicitudes de cambios para las actualizaciones de las dependencias](/github/administering-a-repository/managing-pull-requests-for-dependency-updates)". + +{% data reusables.dependabot.automated-tests-note %} + +{% ifversion fpt or ghec %} + +## Acerca de las puntuaciones de compatibilidad + +Las {% data variables.product.prodname_dependabot_security_updates %} podrían incluir puntuaciones de compatibilidad para hacerte saber si el actualizar una dependencia podría causar cambios sustanciales en tu proyecto. Estos se calculan de las pruebas de IC en otros repositorios públicos en donde se ha generado la misma actualización de seguridad. La puntuación de compatibilidad de una actualización es el porcentaje de ejecuciones de IC que pasaron cuando se hicieron actualizaciones en versiones específicas de la dependencia. + +{% endif %} + +## Acerca de las notificaciones para las actualizaciones de seguridad del {% data variables.product.prodname_dependabot %} + +Puedes filtrar tus notificaciones en {% data variables.product.company_short %} para mostrar las actualizaciones de seguridad del {% data variables.product.prodname_dependabot %}. Para obtener más información, consulta la sección "[Administrar notificación desde tu bandeja de entrada](/github/managing-subscriptions-and-notifications-on-github/managing-notifications-from-your-inbox#dependabot-custom-filters)". diff --git a/translations/es-ES/content/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates.md b/translations/es-ES/content/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates.md new file mode 100644 index 0000000000..1295897dfa --- /dev/null +++ b/translations/es-ES/content/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates.md @@ -0,0 +1,82 @@ +--- +title: Configurar las actualizaciones de seguridad del Dependabot +intro: 'Puedes utilizar las {% data variables.product.prodname_dependabot_security_updates %} o las solicitudes de extracción manuales para actualizar fácilmente las dependencias vulnerables.' +shortTitle: Configurar las actualizaciones de seguridad +redirect_from: + - /articles/configuring-automated-security-fixes + - /github/managing-security-vulnerabilities/configuring-automated-security-fixes + - /github/managing-security-vulnerabilities/configuring-automated-security-updates + - /github/managing-security-vulnerabilities/configuring-github-dependabot-security-updates + - /github/managing-security-vulnerabilities/configuring-dependabot-security-updates + - /code-security/supply-chain-security/configuring-dependabot-security-updates + - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/configuring-dependabot-security-updates +versions: + fpt: '*' + ghec: '*' + ghes: '>3.2' +type: how_to +topics: + - Dependabot + - Security updates + - Alerts + - Dependencies + - Pull requests + - Repositories +--- + + + +{% data reusables.dependabot.beta-security-and-version-updates %} +{% data reusables.dependabot.enterprise-enable-dependabot %} + +## Acerca de la configuración de las {% data variables.product.prodname_dependabot_security_updates %} + +Puedes habilitar las {% data variables.product.prodname_dependabot_security_updates %} para cualquier repositorio que utilice {% data variables.product.prodname_dependabot_alerts %} y la gráfica de dependencias. Para obtener más información, consulta la sección "[Acerca de las {% data variables.product.prodname_dependabot_security_updates %}](/github/managing-security-vulnerabilities/about-dependabot-security-updates)". + +Puedes inhabilitar las {% data variables.product.prodname_dependabot_security_updates %} para un repositorio individual o para todos los repositorios que pertenezcan a tu organización o cuenta de usuario. Para obtener más información, consulta la sección "[Administrar las {% data variables.product.prodname_dependabot_security_updates %} para tus repositorios](#managing-dependabot-security-updates-for-your-repositories)" acontinuación. + +{% ifversion fpt or ghec %}{% data reusables.dependabot.dependabot-tos %}{% endif %} + +## Repositorios soportados + +{% data variables.product.prodname_dotcom %} habilita las {% data variables.product.prodname_dependabot_security_updates %} automáticamente para cada repositorio que cumpla con estos pre-requisitos. + +{% note %} + +**Nota**: Puedes habilitar manualmente las {% data variables.product.prodname_dependabot_security_updates %}, aún si el repositorio no cumple con alguno de los siguientes prerrequisitos. Por ejemplo, puedes habilitar las {% data variables.product.prodname_dependabot_security_updates %} en una bifurcación, o para un administrador de paquetes que no sea directamente compatible si sigues las instrucciones en la sección "[Administrar las {% data variables.product.prodname_dependabot_security_updates %} para tus repositorios](#managing-dependabot-security-updates-for-your-repositories)". + +{% endnote %} + +| Pre-requisito de habilitación automática | Más información | +| -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Que el repositorio no sea una bifrucación | "[Acerca de las bifurcaciones](/github/collaborating-with-issues-and-pull-requests/about-forks)" | +| Que el repositorio no esté archivado | "[Archivar repositorios](/github/creating-cloning-and-archiving-repositories/archiving-repositories)" |{% ifversion fpt or ghec %} +| Que el repositorio sea público, o que sea privado y hayas habilitado un análisis de solo lectura por {% data variables.product.prodname_dotcom %}, gráfica de dependencias y alertas de vulnerabilidades en la configuración del mismo | "[Administrar los ajustes de uso de datos para tu repositorio privado](/get-started/privacy-on-github/managing-data-use-settings-for-your-private-repository)". +{% endif %} +| Que el repositorio contenga un archivo de manifiesto de dependencias de un ecosistema de paquete que sea compatible con {% data variables.product.prodname_dotcom %} | "[Ecosistemas de paquete compatibles](/github/visualizing-repository-data-with-graphs/about-the-dependency-graph#supported-package-ecosystems)" | +| Las {% data variables.product.prodname_dependabot_security_updates %} no se han inhabilitado para el repositorio | "[Administrar las {% data variables.product.prodname_dependabot_security_updates %} para tu repositorio](#managing-dependabot-security-updates-for-your-repositories)" | + +Si no se habilitan las actualizaciones de seguridad para tu repositorio y no sabes por qué, intenta primero habilitarles de acuerdo con las instrucciones que se encuentran en los procedimientos siguientes. Si las actualizaciones de seguridad aún no funcionan, puedes contactar al {% data variables.contact.contact_support %}. + +## Administrar las {% data variables.product.prodname_dependabot_security_updates %} para tus repositorios + +Puedes habilitar o inhabilitar las {% data variables.product.prodname_dependabot_security_updates %} para un repositorio individual (ver a continuación). + +También puedes habilitar o inhabilitar las {% data variables.product.prodname_dependabot_security_updates %} para todos los repositorios que pertenezcan atu cuenta de usuario u organización. Para obtener más información, consulta la sección "[Administrar la seguridad y la configuración de análisis para tu cuenta de usuario](/github/setting-up-and-managing-your-github-user-account/managing-security-and-analysis-settings-for-your-user-account)" o la sección "[Administrar la configuración de seguridad y análisis para tu organización](/organizations/keeping-your-organization-secure/managing-security-and-analysis-settings-for-your-organization)". + +Las {% data variables.product.prodname_dependabot_security_updates %} requieren de configuraciones de repositorio específicas. Para obtener más información, consulta "[Repositorios soportados](#supported-repositories)". + +### Habilitar o inhabilitar las {% data variables.product.prodname_dependabot_security_updates %} para un repositorio individual. + +{% data reusables.repositories.navigate-to-repo %} +{% data reusables.repositories.sidebar-settings %} +{% data reusables.repositories.navigate-to-security-and-analysis %} +1. Under "Code security and analysis", to the right of "{% data variables.product.prodname_dependabot %} security updates", click **Enable** to enable the feature or **Disable** to disable it. {% ifversion fpt or ghec %}For public repositories, the button is disabled if the feature is always enabled.{% endif %} + {% ifversion fpt or ghec %}!["Code security and analysis" section with button to enable {% data variables.product.prodname_dependabot_security_updates %}](/assets/images/help/repository/enable-dependabot-security-updates-button.png){% else %}!["Code security and analysis" section with button to enable {% data variables.product.prodname_dependabot_security_updates %}](/assets/images/enterprise/3.3/repository/security-and-analysis-disable-or-enable-ghes.png){% endif %} + + +## Leer más + +- "[About {% data variables.product.prodname_dependabot_alerts %}](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)"{% ifversion fpt or ghec %} +- "[Administrar los ajustes de uso de datos para tu repositorio privado](/get-started/privacy-on-github/managing-data-use-settings-for-your-private-repository)"{% endif %} +- "[Ecosistemas de paquete compatibles](/github/visualizing-repository-data-with-graphs/about-the-dependency-graph#supported-package-ecosystems)" diff --git a/translations/es-ES/content/code-security/dependabot/dependabot-security-updates/index.md b/translations/es-ES/content/code-security/dependabot/dependabot-security-updates/index.md new file mode 100644 index 0000000000..b60ab227be --- /dev/null +++ b/translations/es-ES/content/code-security/dependabot/dependabot-security-updates/index.md @@ -0,0 +1,20 @@ +--- +title: Automatically updating dependencies with known vulnerabilities with Dependabot security updates +intro: '{% data variables.product.prodname_dependabot %} can help you fix vulnerable dependencies by automatically raising pull requests to update dependencies to secure versions.' +allowTitleToDifferFromFilename: true +versions: + fpt: '*' + ghec: '*' + ghes: '>3.2' +topics: + - Repositories + - Dependabot + - Security updates + - Dependencies + - Pull requests +shortTitle: Actualizaciones de seguridad del dependabot +children: + - /about-dependabot-security-updates + - /configuring-dependabot-security-updates +--- + diff --git a/translations/es-ES/content/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates.md b/translations/es-ES/content/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates.md new file mode 100644 index 0000000000..1343d6db2a --- /dev/null +++ b/translations/es-ES/content/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates.md @@ -0,0 +1,69 @@ +--- +title: Acerca de las actualizaciones a la versión del Dependabot +intro: 'Puede utilizar el {% data variables.product.prodname_dependabot %} para mantener los paquetes que utilizas actualizados a su versión más reciente.' +redirect_from: + - /github/administering-a-repository/about-dependabot + - /github/administering-a-repository/about-github-dependabot + - /github/administering-a-repository/about-github-dependabot-version-updates + - /github/administering-a-repository/about-dependabot-version-updates + - /code-security/supply-chain-security/about-dependabot-version-updates + - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/upgrading-from-dependabotcom-to-github-native-dependabot + - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/about-dependabot-version-updates +versions: + fpt: '*' + ghec: '*' + ghes: '> 3.2' +type: overview +topics: + - Dependabot + - Version updates + - Repositories + - Dependencies + - Pull requests +shortTitle: Actualizaciones de versión del dependabot +--- + +{% data reusables.dependabot.beta-security-and-version-updates %} +{% data reusables.dependabot.enterprise-enable-dependabot %} + +## Acerca de {% data variables.product.prodname_dependabot_version_updates %} + +El {% data variables.product.prodname_dependabot %} hace el esfuerzo de mantener tus dependencias. Puedes utilizarlo para garantizar que tu repositorio se mantenga automáticamente con los últimos lanzamientos de los paquetes y aplicaciones de los que depende. + +Se habilitan las {% data variables.product.prodname_dependabot_version_updates %} al registrar un archivo de configuración en tu repositorio. Este archivo de configuración especifica la ubicación del manifiesto o de otros archivos de definición de paquetes almacenados en tu repositorio. El {% data variables.product.prodname_dependabot %} utiliza esta información para revisar los paquetes y las aplicaciones desactualizadas. El {% data variables.product.prodname_dependabot %} determina si hay una versión nueva de una dependencia al buscar el versionamiento semántico ([semver](https://semver.org/)) de la dependencia para decidir si debería actualizarla a esa versión. Para ciertos administradores de paquetes, {% data variables.product.prodname_dependabot_version_updates %} también es compatible con su delegación a proveedores. Las dependencias delegadas (o almacenadas en caché) son aquellas que se registran en un directorio específico en un repositorio en vez de que se referencien en un manifiesto. Las dependencias delegadas a proveedores están disponibles desde el momento de su creación, incluso si los servidores de paquetes no se encuentran disponibles. Las {% data variables.product.prodname_dependabot_version_updates %} pueden configurarse para verificar las dependencias delegadas a proveedores para las nuevas versiones y también pueden actualizarse de ser necesario. + +Cuando el {% data variables.product.prodname_dependabot %} identifica una dependencia desactualizada, levanta una solicitud de extracción para actualizar el manifiesto a su última versión de la dependencia. Lara las dependencias delegadas a proveedores, el {% data variables.product.prodname_dependabot %} levanta una solicitud de cambios para reemplazar la dependencia desactualizada directamente con la versión nueva. Verificas que tu prueba pase, revisas el registro de cambios y notas de lanzamiento que se incluyan en el resumen de la solicitud de extracción y, posteriormente, lo fusionas. For more information, see "[Configuring {% data variables.product.prodname_dependabot %} version updates](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-dependabot-version-updates)." + +Si habilitas las _actualizaciones de seguridad_, el {% data variables.product.prodname_dependabot %} también levantará solicitudes de cambios para actualizar las dependencias vulnerables. Para obtener más información, consulta la sección "[Acerca de las {% data variables.product.prodname_dependabot_security_updates %}](/github/managing-security-vulnerabilities/about-dependabot-security-updates)". + +{% data reusables.dependabot.pull-request-security-vs-version-updates %} + +{% data reusables.dependabot.dependabot-tos %} + +## Frecuencia de las solicitudes de extracción del {% data variables.product.prodname_dependabot %} + +Tú eres quien especifica qué tan a menudo se revisa cada ecosistema para encontrar nuevas versiones en el archivo de configuración: diario, semanalmente, o mensualmente. + +{% data reusables.dependabot.initial-updates %} + +Si habilitaste las actualizaciones de seguridad, algunas veces verás solicitudes de extracción adicionales para actualizaciones de seguridad. Esto se activa con una alerta del {% data variables.product.prodname_dependabot %} para una dependencia en tu rama predeterminada. El {% data variables.product.prodname_dependabot %} levanta automáticamente una solicitud de extracción para actualizar la dependencia vulnerable. + +## Repositorios y ecosistemas compatibles + + +Puedes configurar las actualizaciones de versión para los repositorios que contengan un manifiesto de dependencias o un archivo fijado para alguno de los administradores de paquetes compatibles. Para algunos administradores de paquetes, también puedes configurar la delegación a proveedores para las dependencias. For more information, see "[Configuration options for the dependabot.yml file](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/configuration-options-for-dependency-updates#vendor)." +{% note %} + +{% data reusables.dependabot.private-dependencies-note %} + +El {% data variables.product.prodname_dependabot %} no es compatible con dependencias privadas de {% data variables.product.prodname_dotcom %} para todos los administradores de paquetes. Consulta los detalles en la tabla a continuación. + +{% endnote %} + +{% data reusables.dependabot.supported-package-managers %} + +Si tu repositorio ya utiliza una integración para la administración de dependencias, necesitarás inhabilitarlo antes de habilitar el {% data variables.product.prodname_dependabot %}. {% ifversion fpt or ghec %}Para obtener más información, consulta la sección "[Acerca de las integraciones](/github/customizing-your-github-workflow/about-integrations)".{% endif %} + +## Acerca de las notificaciones para las actualizaciones de versión del {% data variables.product.prodname_dependabot %} + +Puedes filtrar tus notificaciones en {% data variables.product.company_short %} para mostrar notificaciones para las solicitudes de cambios que creó el {% data variables.product.prodname_dependabot %}. Para obtener más información, consulta la sección "[Administrar notificaciones desde tu bandeja de entrada](/github/managing-subscriptions-and-notifications-on-github/managing-notifications-from-your-inbox)". diff --git a/translations/es-ES/content/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file.md b/translations/es-ES/content/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file.md new file mode 100644 index 0000000000..28c43850c4 --- /dev/null +++ b/translations/es-ES/content/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file.md @@ -0,0 +1,968 @@ +--- +title: Configuration options for the dependabot.yml file +intro: 'La información detallada para todas las opciones que puedes utilizar para personalizar como el {% data variables.product.prodname_dependabot %} mantiene tus repositorios.' +permissions: 'People with write permissions to a repository can configure {% data variables.product.prodname_dependabot %} for the repository.' +allowTitleToDifferFromFilename: true +redirect_from: + - /github/administering-a-repository/configuration-options-for-dependency-updates + - /code-security/supply-chain-security/configuration-options-for-dependency-updates + - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/configuration-options-for-dependency-updates +miniTocMaxHeadingLevel: 3 +versions: + fpt: '*' + ghec: '*' + ghes: '>3.2' +type: reference +topics: + - Dependabot + - Version updates + - Repositories + - Dependencies + - Pull requests +shortTitle: Configure dependabot.yml +--- + +{% data reusables.dependabot.beta-security-and-version-updates %} +{% data reusables.dependabot.enterprise-enable-dependabot %} + +## Acerca del archivo *dependabot.yml* + +El archivo de configuración del {% data variables.product.prodname_dependabot %}, *dependabot.yml*, utiliza la sintaxis YAML. Si eres nuevo en YAML y deseas conocer más, consulta "[Aprender YAML en cinco minutos](https://www.codeproject.com/Articles/1214409/Learn-YAML-in-five-minutes)". + +Debes almacenar este archivo en el directorio `.github` de tu repositorio. Cuando agregas o actualizas el archivo *dependabot.yml*, esto activa una revisión inmediata de las actualizaciones de la versión. For more information and an example, see "[Configuring {% data variables.product.prodname_dependabot %} version updates](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-dependabot-version-updates#enabling-dependabot-version-updates)." + +Cualquier opción que también afecte las actualizaciones de seguridad se utiliza en la siguiente ocasión en que una alerta de seguridad active una solicitud de cambios para una actualización de seguridad. Para obtener más información, consulta la sección "[Configurar las {% data variables.product.prodname_dependabot_security_updates %}](/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/configuring-dependabot-security-updates)". + +El archivo *dependabot.yml* tiene dos claves mandatorias de nivel superior: `version`, y `updates`. Opcionalmente, puedes incluir una clave de `registries` de nivel superior. El archivo debe comenzar con `version: 2`. + +## Opciones de configuración para las actualizaciones + +La clave `updates` de nivel superior es obligatoria. La utilizas para configurar la forma en que el {% data variables.product.prodname_dependabot %} actualiza las versiones o las dependencias de tu proyecto. Cada entrada configura los ajustes de actualización para un administrador de paquetes en particular. Puedes utilizar las siguientes opciones. + +| Opción | Requerido | Descripción | +|:-------------------------------------------------------------------------- |:---------:|:-------------------------------------------------------------------------------------------------- | +| [`package-ecosystem`](#package-ecosystem) | **X** | Administrador de paquetes a utilizar | +| [`directorio`](#directory) | **X** | Ubicación de los manifiestos del paquete | +| [`schedule.interval`](#scheduleinterval) | **X** | Qué tan a menudo se revisará si hay actualizaciones | +| [`allow`](#allow) | | Personalizar qué actualizaciones se permitirán | +| [`asignatarios`](#assignees) | | Los asignados a configurar en las solicitudes de extracción | +| [`commit-message`](#commit-message) | | Preferencias de mensaje de confirmación | +| [`ignore`](#ignore) | | Ignorar ciertas dependencias o versiones | +| [`insecure-external-code-execution`](#insecure-external-code-execution) | | Permite o rechaza la ejecución de código en los archivos de manifiesto | +| [`etiquetas`](#labels) | | Las etiquetas a configurar en las solicitudes de extracción | +| [`hito`](#milestone) | | Hito a configurar en las solicitudes de extracción | +| [`open-pull-requests-limit`](#open-pull-requests-limit) | | Limitar la cantidad de solicitudes de extracción abiertas para las actualizaciones de versión | +| [`pull-request-branch-name.separator`](#pull-request-branch-nameseparator) | | Cambiar el separador para los nombres de rama de la solicitud de extracción | +| [`rebase-strategy`](#rebase-strategy) | | Inhabilitar el rebase automático | +| [`registries`](#registries) | | Los registros privados a los que puede acceder el {% data variables.product.prodname_dependabot %} +| [`revisores`](#reviewers) | | Los revisores a configurar en las solicitudes de extracción | +| [`schedule.day`](#scheduleday) | | Día de la semana para revisar si hay actualizaciones | +| [`schedule.time`](#scheduletime) | | Hora del día para revisar si hay actualizaciones (hh:mm) | +| [`schedule.timezone`](#scheduletimezone) | | Huso horario para la hora del día (identificador de zona) | +| [`target-branch`](#target-branch) | | Rama contra la cual se creará la solicitud de extracción | +| [`vendor`](#vendor) | | Actualiza las dependencias delegadas a proveedores o almacenadas en caché | +| [`versioning-strategy`](#versioning-strategy) | | Cómo actualizar los requisitos de la versión del manifiesto | + +Estas opciones caen a groso modo en las siguientes categorías. + +- Opciones de configuración esenciales que debes incluir en todas las configuraciones: [`package-ecosystem`](#package-ecosystem), [`directory`](#directory),[`schedule.interval`](#scheduleinterval). +- Opciones para personalizar el calendario de actualización: [`schedule.time`](#scheduletime), [`schedule.timezone`](#scheduletimezone), [`schedule.day`](#scheduleday). +- Las opciones para controlar qué dependencias se actualizarán: [`allow`](#allow), [`ignore`](#ignore), [`vendor`](#vendor). +- Opciones para agregar metadatos a las solicitudes de extracción: [`reviewers`](#reviewers), [`assignees`](#assignees), [`labels`](#labels), [`milestone`](#milestone). +- Opciones para cambiar el comportamiento de las solicitudes de extracción: [`target-branch`](#target-branch), [`versioning-strategy`](#versioning-strategy), [`commit-message`](#commit-message), [`rebase-strategy`](#rebase-strategy), [`pull-request-branch-name.separator`](#pull-request-branch-nameseparator). + +Adicionalmente, la opción [`open-pull-requests-limit`](#open-pull-requests-limit) cambia la cantidad máxima de solicitudes de extracción para las actualizaciones de versión que puede abrir el {% data variables.product.prodname_dependabot %}. + +{% note %} + +**Nota:** Algunas de estas opciones de configuración también pueden afectar a las solicitudes de extracción que se levantan para las actualizaciones de seguridad de los manifiestos delos paquetes vulnerables. + +Las actualizaciones de seguridad se levantan para los manifiestos de paquetes vulnerables únicamente en la rama predeterminada. Cuando se establecen las opciones de configuración para la misma rama (como "true" a menos de que utilices `target-branch`), y se especifica un `package-ecosystem` y `directory` para el manifiesto vulnerable, entonces las solicitudes de extracción para las actualizaciones de seguridad utilizan las opciones relevantes. + +En general, las actualizaciones de seguridad utilizan cualquier opción de configuración que afecte las solicitudes de extracción, por ejemplo, agregar metadatos o cambiar su comportamiento. Para obtener más información acerca de las actualizaciones de seguridad, consulta la sección "[Configurar {% data variables.product.prodname_dependabot_security_updates %}](/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/configuring-dependabot-security-updates)". + +{% endnote %} + +### `package-ecosystem` + +**Requerido**. Agregarás un elemento de `package-ecosystem` para cada administrador de paquetes que quieras que monitoree el {% data variables.product.prodname_dependabot %} para encontrar versiones nuevas. El repositorio también debe contener un archivo bloqueado o de manifiesto de dependencias para cada uno de estos administradores de paquetes. Si quieres habilitar la delegación a proveedores para un administrador de paquetes que sea compatible con ella, las dependencias delegadas a proveedores deben ubicarse en el directorio requerido. Para obtener más información, consulta la sección [`vendor`](#vendor) a continuación. + +{% data reusables.dependabot.supported-package-managers %} + +```yaml +# Basic set up for three package managers + +version: 2 +updates: + + # Maintain dependencies for GitHub Actions + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "daily" + + # Maintain dependencies for npm + - package-ecosystem: "npm" + directory: "/" + schedule: + interval: "daily" + + # Maintain dependencies for Composer + - package-ecosystem: "composer" + directory: "/" + schedule: + interval: "daily" +``` + +### `directorio` + +**Requerido**. Debes definir la ubicación de los manifiestos de los paquetes para cada administrador de paquetes (por ejemplo, el *package.json* o *Gemfile*). Tú definierás el directorio relativo a la raíz del repositorio para todos los ecosistemas, menos para GitHub Actions. Para GitHub Actions, configura el directorio para que sea `/` y así revisar los archivos de flujo de trabajo en `.github/workflows`. + +```yaml +# Specify location of manifest files for each package manager + +version: 2 +updates: + - package-ecosystem: "composer" + # Files stored in repository root + directory: "/" + schedule: + interval: "daily" + + - package-ecosystem: "npm" + # Files stored in `app` directory + directory: "/app" + schedule: + interval: "daily" + + - package-ecosystem: "github-actions" + # Workflow files stored in the + # default location of `.github/workflows` + directory: "/" + schedule: + interval: "daily" +``` + +### `schedule.interval` + +**Requerido**. Debes definir la frecuencia en la que se verificará si hay versiones nuevas para cada administrador de paquetes. Predeterminadamente, el {% data variables.product.prodname_dependabot %} asigna una hora aleatoria para aplicar todas las actualizaciones en el archivo de configuración. Para configurar una hora específica, puedes utilizar [`schedule.time`](#scheduletime) y [`schedule.timezone`](#scheduletimezone). + +- `daily`—se ejecuta en cada día de la semana, de Lunes a Viernes. +- `weekly`—se ejecuta una vez cada semana. Predeterminadamente, esto ocurre los lunes. Para modificar esto, utiliza [`schedule.day`](#scheduleday). +- `monthly`—se ejecuta una vez al mes. Esto ocurre en el primer día de cada mes. + +```yaml +# Set update schedule for each package manager + +version: 2 +updates: + + - package-ecosystem: "github-actions" + directory: "/" + schedule: + # Check for updates to GitHub Actions every weekday + interval: "daily" + + - package-ecosystem: "composer" + directory: "/" + schedule: + # Check for updates managed by Composer once a week + interval: "weekly" +``` + +{% note %} + +**Note**: `schedule` define cuando el {% data variables.product.prodname_dependabot %} intenta hacer una actualización nueva. Sin embargo, no es la única ocasión en la que podrías recibir solilcitudes de cambio. Las actualizaciones pueden activarse con base en los cambios a tu archivo de `dependabot.yml`, los cambios a tus archivo(s) de manifiesto después de una actualización fallida, o las {% data variables.product.prodname_dependabot_security_updates %}. Para obtener más información, consulta las secciones "[Frecuencia de las solicitudes de cambio del {% data variables.product.prodname_dependabot %}](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/about-dependabot-version-updates#frequency-of-dependabot-pull-requests)" y "[Acerca de las {% data variables.product.prodname_dependabot_security_updates %}](/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-dependabot-security-updates)". + +{% endnote %} + +### `allow` + +{% data reusables.dependabot.default-dependencies-allow-ignore %} + +Utiliza la opción `allow` para personalizar qué dependencias se actualizan. Esto aplica tanto a la versión como a las actualizaciones de seguridad. Puedes utilizar las siguientes opciones: + +- `dependency-name`—se utiliza para permitir actualizaciones para las dependencias con nombres coincidentes, opcionalmente, utiliza `*` para empatar cero o más caracteres. Para las dependencias de Java, el formato del atributo `dependency-name` es: `groupId:artifactId`, por ejemplo: `org.kohsuke:github-api`. +- `dependency-type`—utilízalo para permitir actualizaciones para dependencias de tipos específicos. + + | Tipos de dependencia | Administradores de paquete compatibles | Permitir actualizaciones | + | -------------------- | --------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------- | + | `direct` | Todas | Todas las dependencias definidas explícitamente. | + | `indirect` | `bundler`, `pip`, `composer`, `cargo` | Las dependencias de las dependencias directas (también conocidas como sub-dependencias, o dependencias transitorias). | + | `all` | Todas | Todas las dependencias definidas explícitamente. Para `bundler`, `pip`, `composer`, `cargo`, también las dependencias de las dependencias directas. | + | `production` | `bundler`, `composer`, `mix`, `maven`, `npm`, `pip` | Solo las dependencias en el "Grupo de dependencias de producción". | + | `development` | `bundler`, `composer`, `mix`, `maven`, `npm`, `pip` | Únicamente las dependencias en el "Grupo de dependencias de desarrollo". | + +```yaml +# Use `allow` to specify which dependencies to maintain + +version: 2 +updates: + - package-ecosystem: "npm" + directory: "/" + schedule: + interval: "daily" + allow: + # Allow updates for Lodash + - dependency-name: "lodash" + # Allow updates for React and any packages starting "react" + - dependency-name: "react*" + + - package-ecosystem: "composer" + directory: "/" + schedule: + interval: "daily" + allow: + # Allow both direct and indirect updates for all packages + - dependency-type: "all" + + - package-ecosystem: "pip" + directory: "/" + schedule: + interval: "daily" + allow: + # Allow only direct updates for + # Django and any packages starting "django" + - dependency-name: "django*" + dependency-type: "direct" + # Allow only production updates for Sphinx + - dependency-name: "sphinx" + dependency-type: "production" +``` + +### `asignatarios` + +Utiliza `assignees` para especificar a los asignados individuales para todas las solicitudes de extracción levantadas para un administrador de paquete. + +{% data reusables.dependabot.option-affects-security-updates %} + +```yaml +# Specify assignees for pull requests + +version: 2 +updates: + - package-ecosystem: "npm" + directory: "/" + schedule: + interval: "daily" + # Add assignees + assignees: + - "octocat" +``` + +### `commit-message` + +Predeterminadamente, el {% data variables.product.prodname_dependabot %} intenta detectar tus preferencias de mensajes de confirmación y utiliza patrones similares. Utiliza la opción`commit-message` para especificar tus preferencias explícitamente. + +Opciones compatibles + +- `prefix` especifica un prefijo para todos los mensajes de confirmación. +- `prefix-development` especifica un prefijo separado para todos los mensajes de confirmación que actualizan dependencias en el grupo de dependencias de desarrollo. Cuando especificas un valor para esta opción, `prefix` se utiliza únicamente para las actualizaciones a las dependencias en el grupo de dependencias de producción. Esto es compatible con: `bundler`, `composer`, `mix`, `maven`, `npm`, y `pip`. +- `include: "scope"` especifica que cualquier prefijo es sucedido por una lista de dependencias actualizadas en la confirmación. + +{% data reusables.dependabot.option-affects-security-updates %} + +```yaml +# Customize commit messages + +version: 2 +updates: + - package-ecosystem: "npm" + directory: "/" + schedule: + interval: "daily" + commit-message: + # Prefix all commit messages with "npm" + prefix: "npm" + + - package-ecosystem: "composer" + directory: "/" + schedule: + interval: "daily" + # Prefix all commit messages with "Composer" + # include a list of updated dependencies + commit-message: + prefix: "Composer" + include: "scope" + + - package-ecosystem: "pip" + directory: "/" + schedule: + interval: "daily" + # Include a list of updated dependencies + # with a prefix determined by the dependency group + commit-message: + prefix: "pip prod" + prefix-development: "pip dev" + include: "scope" +``` + +### `ignore` + +{% data reusables.dependabot.default-dependencies-allow-ignore %} + +Las dependencias pueden ignorarse ya sea agregándolas a `ignore` o utilizando el comando `@dependabot ignore` en una solicitud de cambios que haya abierto el {% data variables.product.prodname_dependabot %}. + +#### Crear condiciones de `ignore` desde `@dependabot ignore` + +Las dependencias que se ignoran utilizando el comando `@dependabot ignore` se almacenan centralmente para cada administrador de paquete. Si comienzas a ignorar las dependencias en el archivo `dependabot.yml`, estas preferencias existentes se consideran junto con las dependencias de `ignore` en la configuración. + +Puedes verificar si un repositorio tiene preferencias de `ignore` almacenadas si buscas `"@dependabot ignore" in:comments` en este. Si quieres dejar de ignorar una dependencia que se haya ignorado de esta forma, vuelve a abrir la solicitud de cambios. + +Para obtener más información acerca de los comandos de `@dependabot ignore`, consulta la sección "[Administrar las solicitudes de extracción para las actualizaciones de dependencias](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/managing-pull-requests-for-dependency-updates#managing-dependabot-pull-requests-with-comment-commands)". + +#### Especificar dependencias y versiones para ignorar + +Puedes utilizar la opción `ignore` para personalizar qué dependencias se actualizarán. La opción `ignore` es compatible con las siguientes opciones. + +- `dependency-name`—se utiliza para ignorar actualizaciones para las dependencias con nombres coincidentes, opcionalmente, utiliza `*` para empatar cero o más caracteres. Para las dependencias de Java, el formato del atributo `dependency-name` es: `groupId:artifactId` (por ejemplo: `org.kohsuke:github-api`). +- `versions`—se utiliza para ignorar versiones o rangos específicos de las versiones. Si quieres definir un rango, utiliza el patrón estándar del administrador de paquetes (por ejemplo: `^1.0.0` para npm, o `~> 2.0` para Bundler). +- `update-types`—Se utiliza para ignorar tipos de actualizaciones tales como las de tipo `major`, `minor`, o `patch` en actualizaciones de versión (por ejemplo: `version-update:semver-patch` ignorará las actualizaciones de parche). Puedes combinar esto con `dependency-name: "*"` para ignorar algún `update-types` en particular en todas las dependencias. Actualmente, `version-update:semver-major`, `version-update:semver-minor`, y `version-update:semver-patch` son las únicas opciones compatibles. Este ajuste no afectará a las actualizaciones de seguridad. + +Si las `versions` y los `update-types` se utilizan juntos, el {% data variables.product.prodname_dependabot %} ignorará todas las actualizaciones en cualquiera que se configure. + +{% data reusables.dependabot.option-affects-security-updates %} + +```yaml +# Use `ignore` to specify dependencies that should not be updated + +version: 2 +updates: + - package-ecosystem: "npm" + directory: "/" + schedule: + interval: "daily" + ignore: + - dependency-name: "express" + # For Express, ignore all updates for version 4 and 5 + versions: ["4.x", "5.x"] + # For Lodash, ignore all updates + - dependency-name: "lodash" + # For AWS SDK, ignore all patch updates + - dependency-name: "aws-sdk" + update-types: ["version-update:semver-patch"] +``` + +{% note %} + +**Nota**: El {% data variables.product.prodname_dependabot %} solo puede ejecutar actualizaciones de versión en los archivos de bloqueo o de manifiesto si puede acceder a todas las dependencias en estos archivos, aún si agregas dependencias inaccesibles a la opción `ignore` de tu archivo de configuración. Para obtener más información, consulta las secciones "[Administrar los ajustes de seguridad y análisis de tu organización](/organizations/keeping-your-organization-secure/managing-security-and-analysis-settings-for-your-organization#allowing-dependabot-to-access-private-dependencies)" y "[Solución de errores del {% data variables.product.prodname_dependabot %}](/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/troubleshooting-dependabot-errors#dependabot-cant-resolve-your-dependency-files)". + + +{% endnote %} + +### `insecure-external-code-execution` + +Los administradores de paquetes con los valores `bundler`, `mix`, y `pip` de `package-ecosystem` pueden ejecutar el código externo en el manifiesto como parte del proceso de actualización de la versión. Esto podría permitir que un paquete que se haya puesto en riesgo borre las credenciales u obtenga acceso a los registros configurados. Cuando agregas un ajuste de [`registries`](#registries) dentro de una configuración de `updates`, el {% data variables.product.prodname_dependabot %} prevendrá automáticamente la ejecución de código externo, en cuyo caso, la actualización de versión podría fallar. Puedes elegir ignorar este comportamiento y permitir la ejecución de código externo para los administradores de paquetes `bundler`, `mix`, y `pip` si configuras a `insecure-external-code-execution` en `allow`. + +Puedes negar explícitamente la ejecución de código externo, sin importar si es que hay un ajuste de `registries` para esta configuración de actualización, configurando a `insecure-external-code-execution` en `deny`. + +{% raw %} +```yaml +# Allow external code execution when updating dependencies from private registries + +version: 2 +registries: + ruby-github: + type: rubygems-server + url: https://rubygems.pkg.github.com/octocat/github_api + token: ${{secrets.MY_GITHUB_PERSONAL_TOKEN}} +updates: + - package-ecosystem: "bundler" + directory: "/rubygems-server" + insecure-external-code-execution: allow + registries: "*" + schedule: + interval: "monthly" +``` +{% endraw %} + +### `etiquetas` + +{% data reusables.dependabot.default-labels %} + +Utiliza `labels` para anular las etiquetas predeterminadas y especificar las etiquetas alternas para todas las solicitudes de extracción que se levante para un administrador de paquete. Si ninguna de estas etiquetas se define en el repositorio, entonces se ha ignorado. Para inhabilitar todas las etiquetas, incluyendo aquellas predeterminadas, utiliza `labels: [ ]`. + +{% data reusables.dependabot.option-affects-security-updates %} + +```yaml +# Specify labels for pull requests + +version: 2 +updates: + - package-ecosystem: "npm" + directory: "/" + schedule: + interval: "daily" + # Specify labels for npm pull requests + labels: + - "npm" + - "dependencies" +``` + +### `hito` + +Utiliza `milestone` para asociar todas las solicitudes de extracción que se han levantado para un administrador de paquete con un hito. Necesitas especificar el identificador numérico del hito y, no así, su etiqueta. Si ves un hito, la parte final de la URL de la página, después de `milestone`, es el identificador. Por ejemplo: `https://github.com///milestone/3`. + +{% data reusables.dependabot.option-affects-security-updates %} + +```yaml +# Specify a milestone for pull requests + +version: 2 +updates: + - package-ecosystem: "npm" + directory: "/" + schedule: + interval: "daily" + # Associate pull requests with milestone "4" + milestone: 4 +``` + +### `open-pull-requests-limit` + +Predeterminadamente, {% data variables.product.prodname_dependabot %} abre un máximo de cinco solicitudes de extracción para las actualizaciones de versión. Una vez que hayan cinco solicitudes de cambio abiertas, las solicitudes nuevas se bloquearán hasta que fusiones o cierres algunas de las sollicitudes abiertas, después de lo cual, las solicitudes de cambiso nuevas pueden abrirse en actualizaciones subsecuentes. Utiliza `open-pull-requests-limit` para cambiar este límite. Esto también proporciona una forma simple de inhabilitar temporalmente las actualizaciones de versión para un administrador de paquete. + +Esta opción no tiene impacto en las actualizaciones de seguridad que tienen un límite separado e interno de diez solicitudes de extracción abiertas. + +```yaml +# Specify the number of open pull requests allowed + +version: 2 +updates: + - package-ecosystem: "npm" + directory: "/" + schedule: + interval: "daily" + # Disable version updates for npm dependencies + open-pull-requests-limit: 0 + + - package-ecosystem: "pip" + directory: "/" + schedule: + interval: "daily" + # Allow up to 10 open pull requests for pip dependencies + open-pull-requests-limit: 10 +``` + +### `pull-request-branch-name.separator` + +El {% data variables.product.prodname_dependabot %} genera una rama para cada solicitud de extracción. Cada nombre de rama incluye `dependabot`, y el administrador de paquete y la dependencia que se actualizaron. Predeterminadamente, estas partes están separadas por un símbolo de `/`, por ejemplo: `dependabot/npm_and_yarn/next_js/acorn-6.4.1`. + +Utiliza `pull-request-branch-name.separator` para especificar un separador diferente. Este puede ser alguno de entre: `"-"`, `_` o `/`. El símbolo de guión debe estar entre comillas porque, de lo contrario, se interpretará como que está declarando una lista YAML vacía. + +{% data reusables.dependabot.option-affects-security-updates %} + +```yaml +# Specify a different separator for branch names + +version: 2 +updates: + - package-ecosystem: "npm" + directory: "/" + schedule: + interval: "daily" + pull-request-branch-name: + # Separate sections of the branch name with a hyphen + # for example, `dependabot-npm_and_yarn-next_js-acorn-6.4.1` + separator: "-" +``` + +### `rebase-strategy` + +Predeterminadamente, el{% data variables.product.prodname_dependabot %} rebasa automáticamente las solicitudes de cambios abiertas y detecta cualquier cambio en ellas. Utiliza `rebase-strategy` para inhabilitar este comportamiento. + +Estrategias de rebase disponibles + +- `disabled` para inhabilitar el rebase automático. +- `auto` para utilizar el comportamiento predeterminado y rebasar las solicitudes de cambios abiertas cuando se detecten cambios. + +{% data reusables.dependabot.option-affects-security-updates %} + +```yaml +# Disable automatic rebasing + +version: 2 +updates: + - package-ecosystem: "npm" + directory: "/" + schedule: + interval: "daily" + # Disable rebasing for npm pull requests + rebase-strategy: "disabled" +``` + +### `registries` + +Para permitir que el {% data variables.product.prodname_dependabot %} acceda a un registro de paquete privado cuando esté realizando una actualización de versión, debes incluir un ajuste de `registries` dentro de la configuración relevante de `updates`. Puedes permitir que se utilicen todos los registros definidos si configuras a `registries` en `"*"`. Como alternativa, puedes listar los registros que puede utilizar la actualización. Para hacerlo, utiliza el nombre del registro como se define en la sección `registries` de nivel superior en el archivo _dependabot.yml_. Para obtener más información, consulta la sección "[Opciones de configuración para los registros privados](#configuration-options-for-private-registries)" a continuación. + +Para permitir que el {% data variables.product.prodname_dependabot %} utilice los administradores de paquetes `bundler`, `mix`, y `pip` para actualizar dependencias en los registros privados, puedes elegir el permitir la ejecución de código externo. Para obtener más información, consulta [`insecure-external-code-execution`](#insecure-external-code-execution) anteriormente. + +```yaml +# Allow {% data variables.product.prodname_dependabot %} to use one of the two defined private registries +# when updating dependency versions for this ecosystem + +{% raw %} +version: 2 +registries: + maven-github: + type: maven-repository + url: https://maven.pkg.github.com/octocat + username: octocat + password: ${{secrets.MY_ARTIFACTORY_PASSWORD}} + npm-npmjs: + type: npm-registry + url: https://registry.npmjs.org + username: octocat + password: ${{secrets.MY_NPM_PASSWORD}} +updates: + - package-ecosystem: "gitsubmodule" + directory: "/" + registries: + - maven-github + schedule: + interval: "monthly" +{% endraw %} +``` + +### `revisores` + +Utiliza `reviewers` para especificar los revisores o equipos individuales de revisores para las solicitudes de extracción que se levantaron para un administrador de paquete. Debes utilizar el nombre completo del equipo, incluyendo la organización, como si lo estuvieras @mencionando. + +{% data reusables.dependabot.option-affects-security-updates %} + +```yaml +# Specify reviewers for pull requests + +version: 2 +updates: + - package-ecosystem: "pip" + directory: "/" + schedule: + interval: "daily" + # Add reviewers + reviewers: + - "octocat" + - "my-username" + - "my-org/python-team" +``` + +### `schedule.day` + +Cuando configuras una programación de actualizaciones en `weekly`, predeterminadamente, {% data variables.product.prodname_dependabot %} revisa si hay versiones nuevas los lunes en alguna hora aleatoria para el repositorio. Utiliza `schedule.day` para especificar un día alterno para revisar si hay actualizaciones. + +Valores compatibles + +- `monday` +- `tuesday` +- `wednesday` +- `thursday` +- `friday` +- `saturday` +- `sunday` + +```yaml +# Specify the day for weekly checks + +version: 2 +updates: + - package-ecosystem: "npm" + directory: "/" + schedule: + interval: "weekly" + # Check for npm updates on Sundays + day: "sunday" +``` + +### `schedule.time` + +Predeterminadamente, el {% data variables.product.prodname_dependabot %} revisa si hay nuevas versiones en una hora aleatoria para el repositorio. Utiliza `schedule.time` para especificar una hora alterna para revisar si hay actualizaciones (formato: `hh:mm`). + +```yaml +# Set a time for checks +version: 2 +updates: + - package-ecosystem: "npm" + directory: "/" + schedule: + interval: "daily" + # Check for npm updates at 9am UTC + time: "09:00" +``` + +### `schedule.timezone` + +Predeterminadamente, el {% data variables.product.prodname_dependabot %} revisa si hay nuevas versiones en una hora aleatoria para el repositorio. Utiliza `schedule.timezone` para especificar un huso horario alternativo. El identificador de zona debe ser tomado de la base de datos de Husos Horarios que mantiene [iana](https://www.iana.org/time-zones). Para obtener más información, consulta la [Lista de bases de datos tz para husos horarios](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones). + +```yaml +# Specify the timezone for checks + +version: 2 +updates: + - package-ecosystem: "npm" + directory: "/" + schedule: + interval: "daily" + time: "09:00" + # Use Japan Standard Time (UTC +09:00) + timezone: "Asia/Tokyo" +``` + +### `target-branch` + +Predeterminadamente, el {% data variables.product.prodname_dependabot %} revisa si hay archivos de manifiesto en las ramas predeterminadas y levanta solicitudes de extracción para las actualizaciones de versión contra dicha rama. Utiliza `target-branch` para especificar una rama diferente para los archivos de manifiesto y para las solicitudes de extracción. Cuando utilizas esta opción, la configuración para este administrador de paquete ya no afectará ninguna solicitud de extracción que se haya levantado para las actualizaciones de seguridad. + +```yaml +# Specify a non-default branch for pull requests for pip + +version: 2 +updates: + - package-ecosystem: "pip" + directory: "/" + schedule: + interval: "daily" + # Raise pull requests for version updates + # to pip against the `develop` branch + target-branch: "develop" + # Labels on pull requests for version updates only + labels: + - "pip dependencies" + + - package-ecosystem: "npm" + directory: "/" + schedule: + interval: "weekly" + # Check for npm updates on Sundays + day: "sunday" + # Labels on pull requests for security and version updates + labels: + - "npm dependencies" +``` + +### `vendor` + +Utiliza la opción `vendor` para indicar al {% data variables.product.prodname_dependabot %} delegar las dependencias a los proveedores cuando se actualicen. No utilices esta opción si estás usando `gomod`, ya que el {% data variables.product.prodname_dependabot %} detecta la delegación a vendedores automáticamente para esta herramienta. + +```yaml +# Configure version updates for both dependencies defined in manifests and vendored dependencies + +version: 2 +updates: + - package-ecosystem: "bundler" + # Raise pull requests to update vendored dependencies that are checked in to the repository + vendor: true + directory: "/" + schedule: + interval: "weekly" +``` + +El {% data variables.product.prodname_dependabot %} solo actualiza las dependencias delegadas a proveedores que se ubiquen en directorios específicos en un repositorio. + +| Administración de paquetes | Ruta de archivo requerida para las dependencias delegadas | Más información | +| -------------------------- | ------------------------------------------------------------------------------------------------------------ | ----------------------------------------------------------------------------- | +| `bundler` | Las dependencias deben estar en el directorio _vendor/cache_.
Otras rutas de archivo no son compatibles. | [documentación de `bundle cache`](https://bundler.io/man/bundle-cache.1.html) | +| `gomod` | No hay requisitos de ruta (las dependencias se ubican habitualmente en el directorio _vendor_) | [documentación de `go mod vendor`](https://golang.org/ref/mod#go-mod-vendor) | + + +### `versioning-strategy` + +Cuando el {% data variables.product.prodname_dependabot %} edita un archivo de manifiesto para actualizar una versión, utiliza las siguientes estrategias generales: + +- Para las apps, los requisitos de versión se incrementan, por ejemplo: npm, pip y Composer. +- Para las bibliotecas, el rango de versiones se amplía, por ejemplo: Bundler y Cargo. + +Utiliza la opción `versioning-strategy` para cambiar este comportamiento para los administradores de paquete compatibles. + +{% data reusables.dependabot.option-affects-security-updates %} + +Estrategias de actualización disponibles + +| Opción | Compatible con | Acción | +| ----------------------- | --------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| `lockfile-only` | `bundler`, `cargo`, `composer`, `mix`, `npm`, `pip` | Crear únicamente solicitudes de cambios para actualizar archivos de bloqueo. Ignorar cualquier versión nueva que pudiera requerir cambios en el paquete del manifiesto. | +| `auto` | `bundler`, `cargo`, `composer`, `mix`, `npm`, `pip` | Seguir la estrategia predeterminada descrita anteriormente. | +| `widen` | `composer`, `npm` | Relajar el requisito de versión para que incluya tanto la versión nueva como la anterior, cuando sea posible. | +| `increase` | `bundler`, `composer`, `npm` | Siempre incrementar el requisito de versión para que empate con la versión nueva. | +| `increase-if-necessary` | `bundler`, `composer`, `npm` | Incrementar el requisito de versión únicamente cuando lo requiera la versión nueva. | + +```yaml +# Customize the manifest version strategy + +version: 2 +updates: + - package-ecosystem: "npm" + directory: "/" + schedule: + interval: "daily" + # Update the npm manifest file to relax + # the version requirements + versioning-strategy: widen + + - package-ecosystem: "composer" + directory: "/" + schedule: + interval: "daily" + # Increase the version requirements for Composer + # only when required + versioning-strategy: increase-if-necessary + + - package-ecosystem: "pip" + directory: "/" + schedule: + interval: "daily" + # Only allow updates to the lockfile for pip and + # ignore any version updates that affect the manifest + versioning-strategy: lockfile-only +``` + +## Opciones de configuración para los registros privados + +La clave de nivel superior `registries` es opcional. Esta te permite especificar los detalles de autenticación que el {% data variables.product.prodname_dependabot %} puede utilizar para acceder a los registros de paquetes privados. + +{% note %} + +**Nota:** Los registros privados detras de los cortafuegos en las redes privadas no son compatibles. + +{% endnote %} + +El valor de la clave `registries` es un arreglo asociativo, del cual cada elemento consiste de una clave que identifica un registro en particular y un valor que es un arreglo asociativo que especifica la configuración que se requiere para acceder a dicho registro. El siguiente archivo de *dependabot.yml* configura un registro que se identifica como `dockerhub` en la sección de `registries` del archivo y luego lo referencia en la sección de `updates` del mismo. + +{% raw %} +```yaml +# Minimal settings to update dependencies in one private registry + +version: 2 +registries: + dockerhub: # Define access for a private registry + type: docker-registry + url: registry.hub.docker.com + username: octocat + password: ${{secrets.DOCKERHUB_PASSWORD}} +updates: + - package-ecosystem: "docker" + directory: "/docker-registry/dockerhub" + registries: + - dockerhub # Allow version updates for dependencies in this registry + schedule: + interval: "monthly" +``` +{% endraw %} + +Utilizarás las siguientes opciones para especificar la configuración de acceso. La configuración del registro debe contener un `type` y una `url` y, habitualmente, ya sea una combinación de `username` y `password` o un `token`. + +| Opción                 | Descripción | +|:------------------------------------------------------------------------------------------------------ |:----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| `type` | Identifica el tipo de registro. Consulta la lista completa de tipos más adelante. | +| `url` | La URL a utilizar para acceder a las dependencias en el registro. El protocolo es opcional. Si no se especifica, se asumirá que es `https://`. El {% data variables.product.prodname_dependabot %} agrega o ignora las diagonales iniciales conforme sea necesario. | +| `nombre de usuario` | El nombre de usuario que utilizará el {% data variables.product.prodname_dependabot %} para acceder al registro. | +| `contraseña` | Una referencia a un secreto del {% data variables.product.prodname_dependabot %} que contenga la contraseña del usuario específico. Para obtener más información, consulta la sección "[Administrar los secretos cifrados del Dependabot](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/managing-encrypted-secrets-for-dependabot)". | +| `clave` | Una referencia a un secreto del {% data variables.product.prodname_dependabot %} que contenga una clave de acceso para este registro. Para obtener más información, consulta la sección "[Administrar los secretos cifrados del Dependabot](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/managing-encrypted-secrets-for-dependabot)". | +| `token` | Una referencia a un secreto del {% data variables.product.prodname_dependabot %} que contenga un token de acceso para este registro. Para obtener más información, consulta la sección "[Administrar los secretos cifrados del Dependabot](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/managing-encrypted-secrets-for-dependabot)". | +| `replaces-base` | Para los registros con `type: python-index`, si el valor booleano es `true`, pip resuleve las dependencias utilizando la URL especificada en vez de la URL base del Índice de Paquetes de Python (que predeterminadamente es `https://pypi.org/simple`). | + + +Cada `type` de configuración requiere que proporciones ajustes en particular. Algunos tipos permiten más de una forma de conectarse. Las siguientes secciones proporcionan detalles de las configuraciones que deberías utilizar para cada `type`. + +### `composer-repository` + +El tipo `composer-repository` es compatible con nombre de usuario y contraseña. + +{% raw %} +```yaml +registries: + composer: + type: composer-repository + url: https://repo.packagist.com/example-company/ + username: octocat + password: ${{secrets.MY_PACKAGIST_PASSWORD}} +``` +{% endraw %} + +### `docker-registry` + +El tipo `docker-registry` es compatible con nombre de usuario y contraseña. + +{% raw %} +```yaml +registries: + dockerhub: + type: docker-registry + url: https://registry.hub.docker.com + username: octocat + password: ${{secrets.MY_DOCKERHUB_PASSWORD}} +``` +{% endraw %} + +El tipo `docker-registry` también se puede utilizar para extraer información de Amazon ECR utilizando las credenciales estáticas de AWS. + +{% raw %} +```yaml +registries: + ecr-docker: + type: docker-registry + url: https://1234567890.dkr.ecr.us-east-1.amazonaws.com + username: ${{secrets.ECR_AWS_ACCESS_KEY_ID}} + password: ${{secrets.ECR_AWS_SECRET_ACCESS_KEY}} +``` +{% endraw %} + +### `git` + +El tipo `git` es compatible con nombre de usuario y contraseña. + +{% raw %} +```yaml +registries: + github-octocat: + type: git + url: https://github.com + username: x-access-token + password: ${{secrets.MY_GITHUB_PERSONAL_TOKEN}} +``` +{% endraw %} + +### `hex-organization` + +El tipo `hex-organization` es compatible con organizaciones y claves. + +{% raw %} +```yaml +registries: + github-hex-org: + type: hex-organization + organization: github + key: ${{secrets.MY_HEX_ORGANIZATION_KEY}} +``` +{% endraw %} + +### `maven-repository` + +El tipo `maven-repository` es compatible con usuario y contraseña. + +{% raw %} +```yaml +registries: + maven-artifactory: + type: maven-repository + url: https://artifactory.example.com + username: octocat + password: ${{secrets.MY_ARTIFACTORY_PASSWORD}} +``` +{% endraw %} + +### `npm-registry` + +El tipo `npm-registry` es compatible con nombre de usuario y contraseña, o token. + +Cuando utilizas un nombre de usuario y contraseña, tu token de autorización de `.npmrc` podría contener un `_password` cifrado en `base64`; sin embargo, la contraseña referenciada en tu archivo de configuración del {% data variables.product.prodname_dependabot %} podría ser la contraseña original (descifrada). + +{% raw %} +```yaml +registries: + npm-npmjs: + type: npm-registry + url: https://registry.npmjs.org + username: octocat + password: ${{secrets.MY_NPM_PASSWORD}} # Must be an unencoded password +``` +{% endraw %} + +{% raw %} +```yaml +registries: + npm-github: + type: npm-registry + url: https://npm.pkg.github.com + token: ${{secrets.MY_GITHUB_PERSONAL_TOKEN}} +``` +{% endraw %} + +### `nuget-feed` + +El tipo `nuget-feed` es compatible con nombre de usuario y contraseña, o token. + +{% raw %} +```yaml +registries: + nuget-example: + type: nuget-feed + url: https://nuget.example.com/v3/index.json + username: octocat@example.com + password: ${{secrets.MY_NUGET_PASSWORD}} +``` +{% endraw %} + +{% raw %} +```yaml +registries: + nuget-azure-devops: + type: nuget-feed + url: https://pkgs.dev.azure.com/.../_packaging/My_Feed/nuget/v3/index.json + token: ${{secrets.MY_AZURE_DEVOPS_TOKEN}} +``` +{% endraw %} + +### `python-index` + +El tipo `python-index` es compatible con nombre de usuario y contraseña, o token. + +{% raw %} +```yaml +registries: + python-example: + type: python-index + url: https://example.com/_packaging/my-feed/pypi/example + username: octocat + password: ${{secrets.MY_BASIC_AUTH_PASSWORD}} + replaces-base: true +``` +{% endraw %} + +{% raw %} +```yaml +registries: + python-azure: + type: python-index + url: https://pkgs.dev.azure.com/octocat/_packaging/my-feed/pypi/example + token: ${{secrets.MY_AZURE_DEVOPS_TOKEN}} + replaces-base: true +``` +{% endraw %} + +### `rubygems-server` + +El tipo `rubygems-server` es compatible con nombre de usuario y contraseña, o token. + +{% raw %} +```yaml +registries: + ruby-example: + type: rubygems-server + url: https://rubygems.example.com + username: octocat@example.com + password: ${{secrets.MY_RUBYGEMS_PASSWORD}} +``` +{% endraw %} + +{% raw %} +```yaml +registries: + ruby-github: + type: rubygems-server + url: https://rubygems.pkg.github.com/octocat/github_api + token: ${{secrets.MY_GITHUB_PERSONAL_TOKEN}} +``` +{% endraw %} + +### `terraform-registry` + +El tipo `terraform-registry` es comatible con un token. + +{% raw %} +```yaml +registries: + terraform-example: + type: terraform-registry + url: https://terraform.example.com + token: ${{secrets.MY_TERRAFORM_API_TOKEN}} +``` +{% endraw %} diff --git a/translations/es-ES/content/code-security/dependabot/dependabot-version-updates/configuring-dependabot-version-updates.md b/translations/es-ES/content/code-security/dependabot/dependabot-version-updates/configuring-dependabot-version-updates.md new file mode 100644 index 0000000000..cddf88ee09 --- /dev/null +++ b/translations/es-ES/content/code-security/dependabot/dependabot-version-updates/configuring-dependabot-version-updates.md @@ -0,0 +1,142 @@ +--- +title: Configuring Dependabot version updates +intro: 'Puedes configurar tu repositorio para que el {% data variables.product.prodname_dependabot %} actualice automáticamente los paquetes que utilizas.' +permissions: 'People with write permissions to a repository can enable or disable {% data variables.product.prodname_dependabot_version_updates %} for the repository.' +redirect_from: + - /github/administering-a-repository/enabling-and-disabling-version-updates + - /code-security/supply-chain-security/enabling-and-disabling-version-updates + - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-version-updates + - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-dependabot-version-updates +versions: + fpt: '*' + ghec: '*' + ghes: '> 3.2' +type: how_to +topics: + - Dependabot + - Version updates + - Repositories + - Dependencies + - Pull requests +shortTitle: Configure version updates +--- + + +{% data reusables.dependabot.beta-security-and-version-updates %} +{% data reusables.dependabot.enterprise-enable-dependabot %} + +## Acerca de las actualizaciones de versión para las dependencias + +Habilitarás {% data variables.product.prodname_dependabot_version_updates %} mediante la selección de un archivo de configuración de *dependabot.yml* en el directorio `.github` dentro de tu repositorio. El {% data variables.product.prodname_dependabot %} levanta entonces las solicitudes de extracción para mantener actualizadas las dependencias que configures. Para cada dependencia del administrador de paquete que quieras actualizar, debes especificar la ubicación de los archivos de manifiesto de dicho paquete, así como la periodicidad en la que quieres buscar actualizaciones para las dependencias listadas en esos archivos. Para obtener más información sobre habilitar las actualizaciones de seguridad, consulta la sección "[Configurar las {% data variables.product.prodname_dependabot_security_updates %}](/github/managing-security-vulnerabilities/configuring-dependabot-security-updates)". + +{% data reusables.dependabot.initial-updates %} Para obtener más información, consulta la sección "[Personalizar las actualizaciones de las dependencias](/github/administering-a-repository/customizing-dependency-updates)". + +{% data reusables.dependabot.private-dependencies-note %} Adicionalmente, el {% data variables.product.prodname_dependabot %} no es compatible con dependencias privadas de {% data variables.product.prodname_dotcom %} para todos los administradores de paquetes. Para obtener más información, consulta las secciones "[Acerca de las actualizaciones de versión del Dependabot](/github/administering-a-repository/about-dependabot-version-updates#supported-repositories-and-ecosystems)" y "[Soporte para idiomas de {% data variables.product.prodname_dotcom %}](/github/getting-started-with-github/github-language-support)". + +## Habilitar las {% data variables.product.prodname_dependabot_version_updates %} + +{% data reusables.dependabot.create-dependabot-yml %} For information, see "[Configuration options for the dependabot.yml file](/github/administering-a-repository/configuration-options-for-dependency-updates)." +1. Agrega una `version`. +1. Opcionalmente, si tienes dependencias en un registro privado, agrega una sección de `registries` que contenga los detalles de autenticación. +1. Agrega una sección de `updates` con una entrada para cada administrador de paquetes que quieras que monitoree el {% data variables.product.prodname_dependabot %}. +1. Para cada administrador de paquete, utiliza: + - `package-ecosystem` para especificar el administrador de paquetes. + - `directory` para especificar la ubicación del manifiesto u otros archivos de definición. + - `schedule.interval` para especificar qué tan a menudo se debe revisar si hay nuevas versiones. +{% data reusables.dependabot.check-in-dependabot-yml %} + +### Archivo *dependabot.yml* de ejemplo + +El archivo de ejemplo *dependabot.yml* que se muestra a continuación actualiza dos administradores de paquetes: npm y Docker. Cuando se registra este archivo, el {% data variables.product.prodname_dependabot %} revisa los archivos de manifiesto en la rama predeterminada par ver si hay dependencias desactualizadas. Si encuentra dependencias desactualizadas, levantará solicitudes de extracción contra la rama predeterminada para actualizar estas dependencias. + +```yaml +# Basic dependabot.yml file with +# minimum configuration for two package managers + +version: 2 +updates: + # Enable version updates for npm + - package-ecosystem: "npm" + # Look for `package.json` and `lock` files in the `root` directory + directory: "/" + # Check the npm registry for updates every day (weekdays) + schedule: + interval: "daily" + + # Enable version updates for Docker + - package-ecosystem: "docker" + # Look for a `Dockerfile` in the `root` directory + directory: "/" + # Check for updates once a week + schedule: + interval: "weekly" +``` + +En el ejemplo anterior, si las dependencias de Docker estuvieran muy desactualizadas, tal vez quisieras comenzar con una programación de tipo `daily` hasta que las dependencias estén bien actualizadas y, posteriormente, tomar una programación semanal. + +### Habilitar las actualizaciones de versión en las bifurcaciones + +Si quieres habilitar las actualizaciones de versión en las bifurcaciones, hay un paso extra que debes tomar. Las actualizaciones de versión no se habilitan automáticamente en las bifurcaciones cuando existe un archivo de configuración *dependabot.yml*. Esto garantiza que los dueños de la bifurcación no habiliten las actualizaciones de versión accidentalmente cuando suben cambios, incluyendo el archivo de configuración *dependabot.yml* del repositorio original. + +En una bifurcación, también necesitas habilitar explícitamente el {% data variables.product.prodname_dependabot %}. + +{% data reusables.repositories.navigate-to-repo %} +{% data reusables.repositories.accessing-repository-graphs %} +{% data reusables.repositories.click-dependency-graph %} +{% data reusables.dependabot.click-dependabot-tab %} +5. Debajo de "Habilitar el Dependabot", da clic en **Enable Dependabot**. + +## Revisar el estado de las actualizaciones de versión + +Después de que habilitas las actualizaciones de versión, se llena la pestaña del **Dependabot** en la gráfica de dependencias del repositorio. This tab shows which package managers {% data variables.product.prodname_dependabot %} is configured to monitor and when {% data variables.product.prodname_dependabot %} last checked for new versions. + +![Pestaña de perspectivas de repositorio, gráfica de dependencias, pestaña de dependabot](/assets/images/help/dependabot/dependabot-tab-view.png) + +Para obtener más información, consulta la sección "[Listar las dependencias configuradas para las actualizaciones de versión](/github/administering-a-repository/listing-dependencies-configured-for-version-updates)". + +## Inhabilitar las {% data variables.product.prodname_dependabot_version_updates %} + +Puedes inhabilitar las actualizaciones de versión completamente si eliminas el archivo *dependabot.yml* de tu repositorio. Normalmente, tal vez quieras inhabilitar las actualizaciones temporalmente para una o más dependencias o administradores de paquete. + +- Administradores de paquete: inhabilítalas configurando `open-pull-requests-limit: 0` o dejando de comentar el `package-ecosystem` relevante en el archivo de configuración. +- Dependencias específicas: inhabilítalas agregando los atributos de `ignore` para los paquetes o aplicaciones que quieras excluir de las actualizaciones. + +Cuando inhabilitas las dependencias, puedes utilizar comodines para empatar con un conjunto de bibliotecas relacionadas. También puedes especificar qué versiones excluir. Esto es particularmente útil si necesitas bloquear actualizaciones en una biblioteca, el trabajo pendiente para apoyar un cambio sustancial en su API, pero quieres quieres obtener cualquier arreglo de seguridad para la versión que utilices. + +### Ejemplo de inhabilitar las actualizaciones de versión para algunas dependencias + +En este archivo de *dependabot.yml* de ejemplo se incluyen ejemplos de las formas diferentes para inhabilitar las actualizaciones en algunas dependencias, mientras que se permite que otras actualizaciones continuen. + +```yaml +# dependabot.yml file with updates +# disabled for Docker and limited for npm + +version: 2 +updates: + # Configuration for Dockerfile + - package-ecosystem: "docker" + directory: "/" + schedule: + interval: "weekly" + # Disable all pull requests for Docker dependencies + open-pull-requests-limit: 0 + + # Configuration for npm + - package-ecosystem: "npm" + directory: "/" + schedule: + interval: "daily" + ignore: + # Ignore updates to packages that start with 'aws' + # Wildcards match zero or more arbitrary characters + - dependency-name: "aws*" + # Ignore some updates to the 'express' package + - dependency-name: "express" + # Ignore only new versions for 4.x and 5.x + versions: ["4.x", "5.x"] + # For all packages, ignore all patch updates + - dependency-name: "*" + update-types: ["version-update:semver-patch"] +``` + +For more information about checking for existing ignore preferences, see "[Configuration options for the dependabot.yml file](/github/administering-a-repository/configuration-options-for-dependency-updates#ignore)." diff --git a/translations/es-ES/content/code-security/dependabot/dependabot-version-updates/customizing-dependency-updates.md b/translations/es-ES/content/code-security/dependabot/dependabot-version-updates/customizing-dependency-updates.md new file mode 100644 index 0000000000..5e17ccc409 --- /dev/null +++ b/translations/es-ES/content/code-security/dependabot/dependabot-version-updates/customizing-dependency-updates.md @@ -0,0 +1,144 @@ +--- +title: Personalizar las actualizaciones de las dependencias +intro: 'Puedes personalizar cómo el {% data variables.product.prodname_dependabot %} mantiene tus dependencias.' +permissions: 'People with write permissions to a repository can configure {% data variables.product.prodname_dependabot %} for the repository.' +redirect_from: + - /github/administering-a-repository/customizing-dependency-updates + - /code-security/supply-chain-security/customizing-dependency-updates + - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/customizing-dependency-updates +versions: + fpt: '*' + ghec: '*' + ghes: '>3.2' +type: how_to +topics: + - Dependabot + - Version updates + - Security updates + - Repositories + - Dependencies + - Pull requests + - Vulnerabilities +shortTitle: Pesonalizar las actualizaciones +--- + +{% data reusables.dependabot.beta-security-and-version-updates %} +{% data reusables.dependabot.enterprise-enable-dependabot %} + +## Acerca de personalizar las actualizaciones de las dependencias + +Después de que hayas habilitado la actualización de versiones, puedes personalizar como el {% data variables.product.prodname_dependabot %} mantiene tus dependencias si agregas más opciones al archivo *dependabot.yml*. Por ejemplo, podrías: + +- Especifica en qué día de la semana se abrirán las solicitudes de extracción para la actualización de versiones: `schedule.day` +- Establece revisores, asignados y etiquetas para cada administrador de paquete: `reviewers`, `assignees`, y `labels` +- Define una estrategia de versionamiento para los cambios que se realicen en cada archivo de manifiesto: `versioning-strategy` +- Cambia la cantidad máxima de solicitudes de extracción abiertas para actualizaciones de versión del valor predeterminado que es 5: `open-pull-requests-limit` +- Abre solicitudes de extracción para actualizaciones de versión para seleccionar una rama específica en vez de la rama predeterminada: `target-branch` + +For more information about the configuration options, see "[Configuration options for the dependabot.yml file](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/configuration-options-for-dependency-updates)." + +Cuando actualizas el archivo *dependabot.yml* en tu repositorio, el {% data variables.product.prodname_dependabot %} ejecuta una revisión inmediata con la nueva configuración. Verás una lista de dependencias actualizada en cuestión de minutos en la pestaña de **{% data variables.product.prodname_dependabot %}**, esto podría tomar más tiempo si el reposiorio tiene muchas dependencias. También puedes ver las solicitudes de extracción nuevas para las actualizaciones de versión. Para obtener más información, consulta la sección "[Listar dependencias configuradas para actualizaciones de versión](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/listing-dependencies-configured-for-version-updates)". + +## Impacto de los cambios de configuración en las actualizaciones de seguridad + +Si personalizas el archivo *dependabot.yml*, podrías notar algunos cambios en las solicitudes de extracción que se levantan para las actualizaciones de seguridad. Estas solicitudes de extracción siempre se activan mediante una asesoría de seguridad para una dependencia en vez de mediante un calendario de programación del {% data variables.product.prodname_dependabot %}. Sin embargo, estas heredan la configuración de ajustes relevante del archivo *dependabot.yml* a menos de que especifiques una rama destino diferente para las actualizaciones de versión. + +Por ejemplo, consulta la sección "[Configurar etiquetas personalizadas](#setting-custom-labels)" a más adelante. + +## Modificar la programación + +Cuando configuras una actualización de tipo `daily`, predeterminadamente, el {% data variables.product.prodname_dependabot %} revisa si hay nuevas versiones a las 05:00 UTC. Puedes utilizar `schedule.time` para especificar una hora alterna para que revise actualizaciones (en formato: `hh:mm`). + +El archivo *dependabot.yml* de ejemplo a continuación expande la configuración de npm para especificar cuándo el {% data variables.product.prodname_dependabot %} debería revisar si hay actualizaciones de versión para las dependencias. + +```yaml +# dependabot.yml file with +# customized schedule for version updates + +version: 2 +updates: + # Keep npm dependencies up to date + - package-ecosystem: "npm" + directory: "/" + # Check the npm registry for updates at 2am UTC + schedule: + interval: "daily" + time: "02:00" +``` + +## Configurar los revisores y asignados + +Predeterminadamente, el {% data variables.product.prodname_dependabot %} levanta solicitudes de extracción sin ningún revisor o asignado. + +Puedes utilizar `reviewers` y `assignees` para especificar los revisores y asignados para todas las solicitudes de extracción que se levanten para un administrador de paquete. Cuando especificas un equipo, debes utilizar el nombre completo de éste, como si estuvieras @mencionándolo (incluyendo la organización). + +El ejemplo de archivo *dependabot.yml* mostrado a continuación cambia las configuraciones npm para que todas las solicitudes de extracción que se hayan abierto con actualizaciones de versión y de seguridad para npm tengan dos revisores y un asignado. + +```yaml +# dependabot.yml file with +# reviews and an assignee for all npm pull requests + +version: 2 +updates: + # Keep npm dependencies up to date + - package-ecosystem: "npm" + directory: "/" + schedule: + interval: "daily" + # Raise all npm pull requests with reviewers + reviewers: + - "my-org/team-name" + - "octocat" + # Raise all npm pull requests with an assignee + assignees: + - "user-name" +``` + +## Configurar las etiquetas personalizadas + +{% data reusables.dependabot.default-labels %} + +Puedes utilizar `labels` para anular las etiquetas predeterminadas y especificar etiquetas alternas para todas las solicitudes de extracción que se han levantado para un administrador de paquete. No puedes crear etiquetas nuevas en el archivo *dependabot.yml*, así que las etiquetas alternas ya deben existir en el repositorio. + +El siguiente ejemplo de archivo *dependabot.yml* cambia la configuración de npm para que las solicitudes de extracción abiertas con actualizaciones de versión y de seguridad para npm tengan etiquetas personalizadas. También cambia la configuración de Docker para revisar las actualizaciones de versión contra una rama personalizada y para levantar solicitudes de extracción con etiquetas personalizadas contra dicha rama personalizada. Los cambios en Docker no afectarán las solicitudes de extracción para actualizaciones de seguridad, ya que dichas actualizaciones de seguridad siempre se hacen contra la rama predeterminada. + +{% note %} + +**Nota:** La nueva `target-branch` deberá contener un Dockerfile para actualizar, de lo contrario, este cambio tendrá el efecto de inhabilitar las actualizaciones de versión para Docker. + +{% endnote %} + +```yaml +# dependabot.yml file with +# customized npm configuration + +version: 2 +updates: + # Keep npm dependencies up to date + - package-ecosystem: "npm" + directory: "/" + schedule: + interval: "daily" + # Raise all npm pull requests with custom labels + labels: + - "npm dependencies" + - "triage-board" + + # Keep Docker dependencies up to date + - package-ecosystem: "docker" + directory: "/" + schedule: + interval: "daily" + # Raise pull requests for Docker version updates + # against the "develop" branch. The Docker configuration + # no longer affects security update pull requests. + target-branch: "develop" + # Use custom labels on pull requests for Docker version updates + labels: + - "Docker dependencies" + - "triage-board" +``` + +## Más ejemplos + +For more examples, see "[Configuration options for the dependabot.yml file](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/configuration-options-for-dependency-updates)." diff --git a/translations/es-ES/content/code-security/dependabot/dependabot-version-updates/index.md b/translations/es-ES/content/code-security/dependabot/dependabot-version-updates/index.md new file mode 100644 index 0000000000..a15c2fb8c9 --- /dev/null +++ b/translations/es-ES/content/code-security/dependabot/dependabot-version-updates/index.md @@ -0,0 +1,26 @@ +--- +title: Keeping your dependencies updated automatically with Dependabot version updates +intro: 'You can use {% data variables.product.prodname_dependabot %} to automatically keep the dependencies and packages used in your repository updated to the latest version, even when they don’t have any known vulnerabilities.' +allowTitleToDifferFromFilename: true +redirect_from: + - /github/administering-a-repository/keeping-your-dependencies-updated-automatically + - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically +versions: + fpt: '*' + ghec: '*' + ghes: '>3.2' +topics: + - Repositories + - Dependabot + - Version updates + - Dependencies + - Pull requests +children: + - /about-dependabot-version-updates + - /configuring-dependabot-version-updates + - /listing-dependencies-configured-for-version-updates + - /customizing-dependency-updates + - /configuration-options-for-the-dependabot.yml-file +shortTitle: Actualizaciones de versión del dependabot +--- + diff --git a/translations/es-ES/content/code-security/dependabot/dependabot-version-updates/listing-dependencies-configured-for-version-updates.md b/translations/es-ES/content/code-security/dependabot/dependabot-version-updates/listing-dependencies-configured-for-version-updates.md new file mode 100644 index 0000000000..b3f534f6c6 --- /dev/null +++ b/translations/es-ES/content/code-security/dependabot/dependabot-version-updates/listing-dependencies-configured-for-version-updates.md @@ -0,0 +1,39 @@ +--- +title: Listar dependencias configuradas para las actualizaciones de versión +intro: 'Puedes ver las dependencias que monitorea el {% data variables.product.prodname_dependabot %} pára encontrar actualizaciones.' +redirect_from: + - /github/administering-a-repository/listing-dependencies-configured-for-version-updates + - /code-security/supply-chain-security/listing-dependencies-configured-for-version-updates + - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/listing-dependencies-configured-for-version-updates +versions: + fpt: '*' + ghec: '*' + ghes: '>3.2' +type: how_to +topics: + - Repositories + - Dependabot + - Version updates + - Dependencies +shortTitle: Dependencias configuradas en la lista +--- + +{% data reusables.dependabot.beta-security-and-version-updates %} +{% data reusables.dependabot.enterprise-enable-dependabot %} + +## Visualizar dependencias que monitorea el {% data variables.product.prodname_dependabot %} + +Después de que habilites las actualizaciones de versión, puedes confirmar que tu configuración es la correcta si utilizas la pestaña de **{% data variables.product.prodname_dependabot %}** en la gráfica de dependencias para el repositorio. For more information, see "[Configuring {% data variables.product.prodname_dependabot %} version updates](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-dependabot-version-updates)." + +{% data reusables.repositories.navigate-to-repo %} +{% data reusables.repositories.accessing-repository-graphs %} +{% data reusables.repositories.click-dependency-graph %} +{% data reusables.dependabot.click-dependabot-tab %} +1. Opcionalmente, para ver los archivos que se monitorean para un administrador de paquete, da clic en el {% octicon "kebab-horizontal" aria-label="The horizontal kebab icon" %} asociado. ![Archivos de dependencia monitoreados](/assets/images/help/dependabot/monitored-dependency-files.png) + +Si no encuentras alguna dependencia, revisa los archivos de bitácora para ver los errores. En caso de que no encuentres algún administrador de paquete, revisa el archivo de configuración. + +## Visualizar los archivos de bitácora del {% data variables.product.prodname_dependabot %} + +1. En la **pestaña de {% data variables.product.prodname_dependabot %}**, da clic en **Revisado por última vez hace *TIME*** para ver el archivo de bitácora que generó el {% data variables.product.prodname_dependabot %} durante su última verificación de actualizaciones de versión. ![Ver el archivo de bitácora](/assets/images/help/dependabot/last-checked-link.png) +2. Opcionalmente, para volver a ejecutar la revisión de versión, da clic en **Revisar si hay actualizaciones**. ![Revisar si hay actualizaciones](/assets/images/help/dependabot/check-for-updates.png) diff --git a/translations/es-ES/content/code-security/dependabot/index.md b/translations/es-ES/content/code-security/dependabot/index.md new file mode 100644 index 0000000000..cb1f4984f9 --- /dev/null +++ b/translations/es-ES/content/code-security/dependabot/index.md @@ -0,0 +1,23 @@ +--- +title: Keeping your supply chain secure with Dependabot +shortTitle: Dependabot +intro: 'Monitor vulnerabilities in dependencies used in your project{% ifversion fpt or ghec or ghes > 3.2 %} and keep your dependencies up-to-date{% endif %} with {% data variables.product.prodname_dependabot %}.' +allowTitleToDifferFromFilename: true +versions: + fpt: '*' + ghes: '*' + ghae: issue-4864 + ghec: '*' +topics: + - Dependabot + - Alerts + - Vulnerabilities + - Repositories + - Dependencies +children: + - /dependabot-alerts + - /dependabot-security-updates + - /dependabot-version-updates + - /working-with-dependabot +--- + diff --git a/translations/es-ES/content/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions.md b/translations/es-ES/content/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions.md new file mode 100644 index 0000000000..3fa452941f --- /dev/null +++ b/translations/es-ES/content/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions.md @@ -0,0 +1,557 @@ +--- +title: Automatizar al Dependabot con las GitHub Actions +intro: 'Ejemplos de cómo puedes utilizar las {% data variables.product.prodname_actions %} para automatizar las tareas comunes relacionadas con el {% data variables.product.prodname_dependabot %}.' +permissions: 'People with write permissions to a repository can configure {% data variables.product.prodname_actions %} to respond to {% data variables.product.prodname_dependabot %}-created pull requests.' +miniTocMaxHeadingLevel: 3 +versions: + fpt: '*' + ghec: '*' + ghes: '>3.2' +type: how_to +topics: + - Actions + - Dependabot + - Version updates + - Security updates + - Repositories + - Dependencies + - Pull requests +shortTitle: Utiliza el Dependabot con las acciones +redirect_from: + - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/automating-dependabot-with-github-actions +--- + +{% data reusables.dependabot.beta-security-and-version-updates %} +{% data reusables.dependabot.enterprise-enable-dependabot %} + +## Acerca del {% data variables.product.prodname_dependabot %} y de las {% data variables.product.prodname_actions %} + +El {% data variables.product.prodname_dependabot %} crea las solicitudes de cambios para mantener actualizadas tus dependencias y puedes utilizar las {% data variables.product.prodname_actions %} para llevar a cabo tareas automatizadas cuando se creen estas solicitudes de cambios. Por ejemplo, recupera artefactos adicionales, agrega etiquetas, ejecuta pruebas o modifica la solicitud de cambios de cualquier otra forma. + +## Responder a los eventos + +El {% data variables.product.prodname_dependabot %} puede activar flujos de trabajo de las {% data variables.product.prodname_actions %} en sus solicitudes de cambios y comentarios; sin embargo, algunos eventos se tratan de forma distinta. + +{% ifversion fpt or ghec or ghes > 3.3 or ghae-issue-5792 %} +Para el caso de los flujos de trabajo que inicia el {% data variables.product.prodname_dependabot %} (`github.actor == "dependabot[bot]"`) y que utilizan los eventos `pull_request`, `pull_request_review`, `pull_request_review_comment`, `push`, `create`, `deployment` y `deployment_status`, aplican las siguientes restricciones: +{% endif %} + +- {% ifversion ghes = 3.3 %} El `GITHUB_TOKEN` tiene permisos de solo lectura, a menos de que tu adminsitrador haya eliminado las restricciones.{% else %} El `GITHUB_TOKEN` tiene permisos de solo lectura predeterminadamente.{% endif %} +- {% ifversion ghes = 3.3 %}No se puede acceder a los secretos a menos de que tu administrador haya eliminado las restricciones.{% else %}Los secretos se llenan desde los secretos del {% data variables.product.prodname_dependabot %}. Los secretos de las {% data variables.product.prodname_actions %} no están disponibles.{% endif %} + +{% ifversion fpt or ghec or ghes > 3.3 or ghae-issue-5792 %} +Para el caso de los flujos de trabajo que inicia el {% data variables.product.prodname_dependabot %}(`github.actor == "dependabot[bot]"`) y utilizan el evento `pull_request_target`, si {% data variables.product.prodname_dependabot %} (`github.actor == "dependabot[bot]"`) creó la ref base de la solicitud de cambios, entonces el `GITHUB_TOKEN` será de solo lectura y los secretos no estarán disponibles. +{% endif %} + +Para obtener màs informaciòn, consulta la secciòn "[Mantener seguras tus GitHub Actions y flujos de trabajo: Prevenir solicitudes de tipo pwn](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/)". + +{% ifversion fpt or ghec or ghes > 3.3 %} + +### Cambiar los permisos de `GITHUB_TOKEN` + +Predeterminadamente, los flujos de trabajo de las {% data variables.product.prodname_actions %} que activa el {% data variables.product.prodname_dependabot %} obtendrán un `GITHUB_TOKEN` con permisos de solo lectura. Puedes utilizar la llave de `permissions` en tu flujo de trabajo para incrementar el acceso del token: + +{% raw %} + +```yaml +name: CI +on: pull_request + +# Set the access for individual scopes, or use permissions: write-all +permissions: + pull-requests: write + issues: write + repository-projects: write + ... + +jobs: + ... +``` + +{% endraw %} + +Para obtener màs informaciòn, consulta la secciòn "[Modificar los permisos para el GITHUB_TOKEN](/actions/security-guides/automatic-token-authentication#modifying-the-permissions-for-the-github_token)". + +### Acceder a los secretos + +Cuando un evento del {% data variables.product.prodname_dependabot %} activa un flujo de trabajo, los únicos secretos disponibles para dicho flujo de trabajo son los del {% data variables.product.prodname_dependabot %}. Los secretos de las {% data variables.product.prodname_actions %} no están disponibles. Por lo tanto, debes almacenar cualquier secreto que utilice un flujo de trabajo activado mediante los eventos del {% data variables.product.prodname_dependabot %} como secretos del {% data variables.product.prodname_dependabot %}. Para obtener más información, consulta la sección "[Administrar los secretos cifrados del Dependabot](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/managing-encrypted-secrets-for-dependabot)". + +Los secretos del {% data variables.product.prodname_dependabot %} se agregan al contexto de `secrets` y se referencian utilizando exactamente la misma sintaxis que la de los secretos para las {% data variables.product.prodname_actions %}. Para obtener más información, consulta la sección "[Secretos cifrados](/actions/security-guides/encrypted-secrets#using-encrypted-secrets-in-a-workflow)". + +Si tienes un flujo de trabajo que se activará mediante el {% data variables.product.prodname_dependabot %} y también mediante otros actores, la solución más simple es almacenar el token con los permisos requeridos en una acción y en un secreto del {% data variables.product.prodname_dependabot %} con nombres idénticos. Entonces, el flujo de trabajo puede incluir una llamada simple a estos secretos. Si el secreto del {% data variables.product.prodname_dependabot %} tiene un nombre diferente, utiliza condiciones para especificar los secretos correctos para que los utilicen los diferentes actores. Para ver ejemplos que utilizan condiciones, consulta la sección de "[Automatizaciones comunes](#common-dependabot-automations)" a continuación. + +Para acceder a un registro de contenedor privado en AWS con un nombre de usuario y contraseña, un flujo de trabajo deberá incluir un secreto para el `username` y la `password`. En el siguiente ejemplo, cuando el {% data variables.product.prodname_dependabot %} activa el flujo de trabajo, se utilizan los secretos del {% data variables.product.prodname_dependabot %} con los nombres `READONLY_AWS_ACCESS_KEY_ID` y `READONLY_AWS_ACCESS_KEY`. Si otro actor activa el flujo de trabajo, se utilizarán los secretos de las acciones con estos nombres. + +{% raw %} + +```yaml +name: CI +on: + pull_request: + branches: [ main ] + +jobs: + build: + runs-on: ubuntu-latest + steps: + - name: Checkout repository + uses: actions/checkout@v2 + + - name: Login to private container registry for dependencies + uses: docker/login-action@v1 + with: + registry: https://1234567890.dkr.ecr.us-east-1.amazonaws.com + username: ${{ secrets.READONLY_AWS_ACCESS_KEY_ID }} + password: ${{ secrets.READONLY_AWS_ACCESS_KEY }} + + - name: Build the Docker image + run: docker build . --file Dockerfile --tag my-image-name:$(date +%s) +``` + +{% endraw %} + +{% endif %} + +{% ifversion ghes = 3.3 %} + +{% note %} + +**Nota:** Tu administrador de sitio puede anular estas restricciones para {% data variables.product.product_location %}. Para obtener más información, consulta la sección "[Solucionar los problemas de las {% data variables.product.prodname_actions %} en tu empresa](/admin/github-actions/advanced-configuration-and-troubleshooting/troubleshooting-github-actions-for-your-enterprise#troubleshooting-failures-when-dependabot-triggers-existing-workflows)". + +Si se eliminan las restricciones, cuando el {% data variables.product.prodname_dependabot %} active un flujo de trabajo, este tendrá acceso a los secretos de las {% data variables.product.prodname_actions %} y podrá utilizar el término `permissions` para incrementar el alcance predeterminado del `GITHUB_TOKEN` desde el acceso de solo lectura. Puedes ignorar los pasos específicos en las secciones de "Eventos de manejo de `pull_request`" y de "Eventos de manejo de `push`", ya que esto ya no aplica. + +{% endnote %} + +### Manejar los eventos de `pull_request` + +Si tu flujo de trabajo necesita acceso a los secretos o a un `GITHUB_TOKEN` con permisos de escritura, tienes dos opciones: utilizar `pull_request_target`, o utilizar dos flujos de trabajo separados. En esta sección, describiremos a detalle cómo utilizar `pull_request_target` y utilizaremos los dos siguientes flujos de trabajo en cómo "[Manejar eventos `push`](#handling-push-events)". + +Debajo hay un ejemplo simple de un flujo de trabajo de una `pull_request` que podría estar fallando ahora: + +{% raw %} + +```yaml +### This workflow now has no secrets and a read-only token +name: Dependabot Workflow +on: + pull_request + +jobs: + dependabot: + runs-on: ubuntu-latest + # Always check the actor is Dependabot to prevent your workflow from failing on non-Dependabot PRs + if: ${{ github.actor == 'dependabot[bot]' }} + steps: + - uses: actions/checkout@v2 +``` + +{% endraw %} + +Puedes reemplazar a `pull_request` con `pull_request_target`, el cual se utiliza para las solicitudes de cambio de las bifurcaciones y revisar explícitamente el `HEAD` de la solicitud de cambios. + +{% warning %} + +**Advertencia:** El utilizar `pull_request_target` como sustituto de `pull_request` de expone a un comportamiento inseguro. Te recomendamos utilizar el método de dos flujos de trabajo de acuerdo con lo que se describe a continuación en "[Administrar eventos `push`](#handling-push-events)". + +{% endwarning %} + +{% raw %} + +```yaml +### This workflow has access to secrets and a read-write token +name: Dependabot Workflow +on: + pull_request_target + +permissions: + # Downscope as necessary, since you now have a read-write token + +jobs: + dependabot: + runs-on: ubuntu-latest + if: ${{ github.actor == 'dependabot[bot]' }} + steps: + - uses: actions/checkout@v2 + with: + # Check out the pull request HEAD + ref: ${{ github.event.pull_request.head.sha }} + github-token: ${{ secrets.GITHUB_TOKEN }} +``` + +{% endraw %} + +También se recomienda fuertemente que bajes el alcance de los permisos que otorgas al `GITHUB_TOKEN` para poder evitar que se fugue un token con más privilegios de lo necesario. Para obtener más información, consulta ña sección "[Permisos del `GITHUB_TOKEN`](/actions/reference/authentication-in-a-workflow#permissions-for-the-github_token)". + +### Manejar eventos `push` + +Ya que no hay un equivalente de `pull_request_target` para los eventos `push`, tendrás que utilizar dos flujos de trabajo: uno no confiable que termine cargando artefactos, el cual activará un segundo flujo de trabajo que descargará los artefactos y seguirá procesándose. + +El primer flujo de trabajo lleva a cabo cualquier trabajo no confiable: + +{% raw %} + +```yaml +### This workflow doesn't have access to secrets and has a read-only token +name: Dependabot Untrusted Workflow +on: + push + +jobs: + check-dependabot: + runs-on: ubuntu-latest + if: ${{ github.actor == 'dependabot[bot]' }} + steps: + - uses: ... +``` + +{% endraw %} + +El segundo flujo de trabajo llevará a cabo el trabajo confiable después de que el primero se complete exitosamente: + +{% raw %} + +```yaml +### This workflow has access to secrets and a read-write token +name: Dependabot Trusted Workflow +on: + workflow_run: + workflows: ["Dependabot Untrusted Workflow"] + types: + - completed + +permissions: + # Downscope as necessary, since you now have a read-write token + +jobs: + dependabot: + runs-on: ubuntu-latest + if: ${{ github.event.workflow_run.conclusion == 'success' }} + steps: + - uses: ... +``` + +{% endraw %} + +{% endif %} + +### Volver a ejecutar un flujo de trabajo manualmente + +También puedes volver a ejecutar un flujo de trabajo fallido del Dependabot manualmente y este seguirá ejecutándose con un token de lectura-escritura y con acceso a los secretos. Antes de volver a ejecutar los flujos de trabajo fallidos manualmente, siempre debes verificar la dependencia que se está actualizando para asegurarte de que el cambio no introduzca ningún comportamiento imprevisto o malicioso. + +## Automatizaciones comunes del Dependabot + +Aquí mostramos varios escenarios comunes que pueden automatizarse utilizando las {% data variables.product.prodname_actions %}. + +{% ifversion ghes = 3.3 %} + +{% note %} + +**Nota:** Si tu administrador de sitio anuló las restricciones del {% data variables.product.prodname_dependabot %} en {% data variables.product.product_location %}, puedes utilizar `pull_request` en vez de `pull_request_target` en los siguientes flujos de trabajo. + +{% endnote %} + +{% endif %} + +### Recuperar metadatos de una solicitud de cambios + +Automatizar mucho requiere saber información del contenido de la solicitud de cambios: cuál era el nombre de la dependencia, si es una dependencia productva y si es una actualización de parche menor o mayor. + +La acción `dependabot/fetch-metadata` te proporciona toda esta información: + +{% ifversion ghes = 3.3 %} + +{% raw %} + +```yaml +name: Dependabot fetch metadata +on: pull_request_target + +permissions: + pull-requests: write + issues: write + repository-projects: write + +jobs: + dependabot: + runs-on: ubuntu-latest + if: ${{ github.actor == 'dependabot[bot]' }} + steps: + - name: Dependabot metadata + id: dependabot-metadata + uses: dependabot/fetch-metadata@v1.1.1 + with: + github-token: "${{ secrets.GITHUB_TOKEN }}" + # The following properties are now available: + # - steps.dependabot-metadata.outputs.dependency-names + # - steps.dependabot-metadata.outputs.dependency-type + # - steps.dependabot-metadata.outputs.update-type +``` + +{% endraw %} + +{% else %} + +{% raw %} + +```yaml +name: Dependabot fetch metadata +on: pull_request + +permissions: + pull-requests: write + issues: write + repository-projects: write + +jobs: + dependabot: + runs-on: ubuntu-latest + if: ${{ github.actor == 'dependabot[bot]' }} + steps: + - name: Dependabot metadata + id: metadata + uses: dependabot/fetch-metadata@v1.1.1 + with: + github-token: "${{ secrets.GITHUB_TOKEN }}" + # The following properties are now available: + # - steps.metadata.outputs.dependency-names + # - steps.metadata.outputs.dependency-type + # - steps.metadata.outputs.update-type +``` + +{% endraw %} + +{% endif %} + +Para obtener más información, consulta el repositorio [`dependabot/fetch-metadata`](https://github.com/dependabot/fetch-metadata). + +### Etiquetar una solicitud de cambios + +Si tienes otros flujos de trabajo de automatización o clasificación que se basen en etiquetas de {% data variables.product.prodname_dotcom %}, puedes configurar una acción para asignar etiquetas con base en los metadatos proporcionados. + +Por ejemplo, si quieres etiquetar todas las actualizaciones de las dependencias de producción con una etiqueta: + +{% ifversion ghes = 3.3 %} + +{% raw %} + +```yaml +name: Dependabot auto-label +on: pull_request_target + +permissions: + pull-requests: write + issues: write + repository-projects: write + +jobs: + dependabot: + runs-on: ubuntu-latest + if: ${{ github.actor == 'dependabot[bot]' }} + steps: + - name: Dependabot metadata + id: dependabot-metadata + uses: dependabot/fetch-metadata@v1.1.1 + with: + github-token: "${{ secrets.GITHUB_TOKEN }}" + - name: Add a label for all production dependencies + if: ${{ steps.dependabot-metadata.outputs.dependency-type == 'direct:production' }} + run: gh pr edit "$PR_URL" --add-label "production" + env: + PR_URL: ${{github.event.pull_request.html_url}} +``` + +{% endraw %} + +{% else %} + +{% raw %} + +```yaml +name: Dependabot auto-label +on: pull_request + +permissions: + pull-requests: write + issues: write + repository-projects: write + +jobs: + dependabot: + runs-on: ubuntu-latest + if: ${{ github.actor == 'dependabot[bot]' }} + steps: + - name: Dependabot metadata + id: metadata + uses: dependabot/fetch-metadata@v1.1.1 + with: + github-token: "${{ secrets.GITHUB_TOKEN }}" + - name: Add a label for all production dependencies + if: ${{ steps.metadata.outputs.dependency-type == 'direct:production' }} + run: gh pr edit "$PR_URL" --add-label "production" + env: + PR_URL: ${{github.event.pull_request.html_url}} +``` + +{% endraw %} + +{% endif %} + +### Aprobar una solicitud de cambios + +Si quieres aprobar las solicitudes de cambios del Dependabot automáticamente, puedes utilizar el {% data variables.product.prodname_cli %} en un flujo de trabajo: + +{% ifversion ghes = 3.3 %} + +{% raw %} + +```yaml +name: Dependabot auto-approve +on: pull_request_target + +permissions: + pull-requests: write + +jobs: + dependabot: + runs-on: ubuntu-latest + if: ${{ github.actor == 'dependabot[bot]' }} + steps: + - name: Dependabot metadata + id: dependabot-metadata + uses: dependabot/fetch-metadata@v1.1.1 + with: + github-token: "${{ secrets.GITHUB_TOKEN }}" + - name: Approve a PR + run: gh pr review --approve "$PR_URL" + env: + PR_URL: ${{github.event.pull_request.html_url}} + GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} +``` + +{% endraw %} + +{% else %} + +{% raw %} + +```yaml +name: Dependabot auto-approve +on: pull_request + +permissions: + pull-requests: write + +jobs: + dependabot: + runs-on: ubuntu-latest + if: ${{ github.actor == 'dependabot[bot]' }} + steps: + - name: Dependabot metadata + id: metadata + uses: dependabot/fetch-metadata@v1.1.1 + with: + github-token: "${{ secrets.GITHUB_TOKEN }}" + - name: Approve a PR + run: gh pr review --approve "$PR_URL" + env: + PR_URL: ${{github.event.pull_request.html_url}} + GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} +``` + +{% endraw %} + +{% endif %} + +### Habilita la fusión automática en una solicitud de cambios + +Si quieres fusionar tus solicitudes de cambios automáticamente, puedes utilizar la funcionalidad de fusión automática de {% data variables.product.prodname_dotcom %}. Esto habilita a la solicitud de cambios para que se fusione cuando se cumpla con todas las pruebas y aprobaciones requeridas. Para obtener más información sobre la fusión automática, consulta la sección "[Fusionar una solicitud de cambios automáticamente](/pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/automatically-merging-a-pull-request)". + +Aquí tienes un ejemplo de cómo habilitar la fusión automática para todas las actualizaciones de parche en `my-dependency`: + +{% ifversion ghes = 3.3 %} + +{% raw %} + +```yaml +name: Dependabot auto-merge +on: pull_request_target + +permissions: + pull-requests: write + contents: write + +jobs: + dependabot: + runs-on: ubuntu-latest + if: ${{ github.actor == 'dependabot[bot]' }} + steps: + - name: Dependabot metadata + id: dependabot-metadata + uses: dependabot/fetch-metadata@v1.1.1 + with: + github-token: "${{ secrets.GITHUB_TOKEN }}" + - name: Enable auto-merge for Dependabot PRs + if: ${{contains(steps.dependabot-metadata.outputs.dependency-names, 'my-dependency') && steps.dependabot-metadata.outputs.update-type == 'version-update:semver-patch'}} + run: gh pr merge --auto --merge "$PR_URL" + env: + PR_URL: ${{github.event.pull_request.html_url}} + GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} +``` + +{% endraw %} + +{% else %} + +{% raw %} + +```yaml +name: Dependabot auto-merge +on: pull_request + +permissions: + pull-requests: write + contents: write + +jobs: + dependabot: + runs-on: ubuntu-latest + if: ${{ github.actor == 'dependabot[bot]' }} + steps: + - name: Dependabot metadata + id: metadata + uses: dependabot/fetch-metadata@v1.1.1 + with: + github-token: "${{ secrets.GITHUB_TOKEN }}" + - name: Enable auto-merge for Dependabot PRs + if: ${{contains(steps.metadata.outputs.dependency-names, 'my-dependency') && steps.metadata.outputs.update-type == 'version-update:semver-patch'}} + run: gh pr merge --auto --merge "$PR_URL" + env: + PR_URL: ${{github.event.pull_request.html_url}} + GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} +``` + +{% endraw %} + +{% endif %} + +## Solucionar los problemas de las ejecuciones de flujo de trabajo fallidas + +Si tu ejecución de flujo de trabajo falla, verifica lo siguiente: + +{% ifversion ghes = 3.3 %} + +- Estás ejecutando el flujo de trabajo únicamente cuando el actor adecuado lo activa. +- Estás verificando la `ref` de tu `pull_request`. +- No estás intentando acceder a los secretos desde un evento de `pull_request`, `pull_request_review`, `pull_request_review_comment`, o `push` activado por el Dependabot. +- No estás intentando llevar a cabo ninguna acción de `write` desde dentro de un evento de tipo `pull_request`, `pull_request_review`, `pull_request_review_comment`, o `push` que haya activado el Dependabot. + +{% else %} + +- Estás ejecutando el flujo de trabajo únicamente cuando el actor adecuado lo activa. +- Estás verificando la `ref` de tu `pull_request`. +- Tus secretos están disponibles en los secretos del {% data variables.product.prodname_dependabot %}, en vez de como secretos de las {% data variables.product.prodname_actions %}. +- Si tienes un `GITHUB_TOKEN` con los permisos correctos. + +{% endif %} + +Para obtener más información sobre cómo escribir y depurar las {% data variables.product.prodname_actions %}, consulta la sección "[Aprender sobre las Acciones de GitHub](/actions/learn-github-actions)". diff --git a/translations/es-ES/content/code-security/dependabot/working-with-dependabot/index.md b/translations/es-ES/content/code-security/dependabot/working-with-dependabot/index.md new file mode 100644 index 0000000000..2ff0dbc0da --- /dev/null +++ b/translations/es-ES/content/code-security/dependabot/working-with-dependabot/index.md @@ -0,0 +1,24 @@ +--- +title: Working with Dependabot +shortTitle: Work with Dependabot +intro: 'Guidance and recommendations for working with {% data variables.product.prodname_dependabot %}, such as managing pull requests raised by {% data variables.product.prodname_dependabot %}, using {% data variables.product.prodname_actions %} with {% data variables.product.prodname_dependabot %}, and troubleshooting {% data variables.product.prodname_dependabot %} errors.' +versions: + fpt: '*' + ghec: '*' + ghes: '>3.2' +topics: + - Repositories + - Dependabot + - Version updates + - Security updates + - Dependencies + - Pull requests +children: + - /managing-pull-requests-for-dependency-updates + - /automating-dependabot-with-github-actions + - /keeping-your-actions-up-to-date-with-dependabot + - /managing-encrypted-secrets-for-dependabot + - /troubleshooting-the-detection-of-vulnerable-dependencies + - /troubleshooting-dependabot-errors +--- + diff --git a/translations/es-ES/content/code-security/dependabot/working-with-dependabot/keeping-your-actions-up-to-date-with-dependabot.md b/translations/es-ES/content/code-security/dependabot/working-with-dependabot/keeping-your-actions-up-to-date-with-dependabot.md new file mode 100644 index 0000000000..15b1f0c5c3 --- /dev/null +++ b/translations/es-ES/content/code-security/dependabot/working-with-dependabot/keeping-your-actions-up-to-date-with-dependabot.md @@ -0,0 +1,65 @@ +--- +title: Mantener tus acciones actualizadas con el Dependabot +intro: 'Puedes utilizar el {% data variables.product.prodname_dependabot %} para mantener las acciones que utilizas actualizadas en sus versiones más recientes.' +redirect_from: + - /github/administering-a-repository/keeping-your-actions-up-to-date-with-github-dependabot + - /github/administering-a-repository/keeping-your-actions-up-to-date-with-dependabot + - /code-security/supply-chain-security/keeping-your-actions-up-to-date-with-dependabot + - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/keeping-your-actions-up-to-date-with-dependabot +versions: + fpt: '*' + ghec: '*' + ghes: '>3.2' +type: how_to +topics: + - Repositories + - Dependabot + - Version updates + - Actions +shortTitle: Acciones de actualización automática +--- + +{% data reusables.dependabot.beta-security-and-version-updates %} + +{% data reusables.dependabot.enterprise-enable-dependabot %} + +## Acerca de {% data variables.product.prodname_dependabot_version_updates %} para las acciones + +Las acciones a menudo se actualizan con correcciones de errores y con nuevas características para que los procesos automatizados sean más confiables, rápidos y seguros. Cundo habilitas las {% data variables.product.prodname_dependabot_version_updates %} para {% data variables.product.prodname_actions %}, {% data variables.product.prodname_dependabot %} te ayudará a asegurarte de que las referencias para las acciones en el archivo *workflow.yml* de un repositorio se mantengan actualizadas. El {% data variables.product.prodname_dependabot %} verifica la referencia de la acción para cada una de ellas en el archivo (habitualmente un número de versión o identificador de confirmación que se asocie con la acción) contra la última versión. Si alguna versión más reciente de la acción está disponible, el {% data variables.product.prodname_dependabot %} te enviará una solicitud de extracción que actualice la referencia en el archivo de flujo de trabajo a su última versión. Para obtener más información acerca de las {% data variables.product.prodname_dependabot_version_updates %}, consulta la sección "[Acerca del {% data variables.product.prodname_dependabot_version_updates %}](/github/administering-a-repository/about-dependabot-version-updates)". Para obtener más información acerca de configurar flujos de trabajo para las {% data variables.product.prodname_actions %}, consulta la sección "[Aprende sobre las {% data variables.product.prodname_actions %}](/actions/learn-github-actions)". + +{% data reusables.actions.workflow-runs-dependabot-note %} + +## Habilitar las {% data variables.product.prodname_dependabot_version_updates %} para las acciones + +{% data reusables.dependabot.create-dependabot-yml %}Si ya habilitaste las {% data variables.product.prodname_dependabot_version_updates %} para otros ecosistemas o administradores de paquetes, simplemente abre el archivo *dependabot.yml* existente. +1. Especifica `"github-actions"` como el `package-ecosystem` a monitorear. +1. Configura el `directory` como `"/"` para verificar los archivos de flujo de trabajo en `.github/workflows`. +1. Configura un `schedule.interval` para especificar la frecuencia en la que se revisará si hay versiones nuevas. +{% data reusables.dependabot.check-in-dependabot-yml %}Si editaste un archivo existente, guarda tus cambios. + +También puedes habilitar las {% data variables.product.prodname_dependabot_version_updates %} en las bifurcaciones. For more information, see "[Configuring {% data variables.product.prodname_dependabot %} version updates](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-dependabot-version-updates#enabling-version-updates-on-forks)." + +### Archivo de ejemplo de *dependabot.yml* para {% data variables.product.prodname_actions %} + +El siguiente ejemplo de archivo de *dependabot.yml* configura las actualizaciones de versión para {% data variables.product.prodname_actions %}. El `directory` debe configurarse como `"/"` para verificar los archivos de flujo de trabajo en `.github/workflows`. El `schedule.interval` se configura en `"daily"`. Después de que se verifique o actualice este archivo, el {% data variables.product.prodname_dependabot %} revisará si hay versiones nuevas de tus acciones. El {% data variables.product.prodname_dependabot %} levantará solicitudes de extracción para las actualizaciones de versión de cualquier acción desactualizada que encuentre. Después de las actualizaciones de versión iniciales, el {% data variables.product.prodname_dependabot %} seguirá buscando versiones desactualizadas para las acciones una vez por día. + +```yaml +# Set update schedule for GitHub Actions + +version: 2 +updates: + + - package-ecosystem: "github-actions" + directory: "/" + schedule: + # Check for updates to GitHub Actions every weekday + interval: "daily" +``` + +## Configurar las {% data variables.product.prodname_dependabot_version_updates %} para las acciones + +Cuando habilitas las {% data variables.product.prodname_dependabot_version_updates %} para las acciones, debes especificar los valores de `package-ecosystem`, `directory`, y `schedule.interval`. Hay muchas más propiedades opcionales que puedes configurar para personalizar tus actualizaciones de versión aún más. For more information, see "[Configuration options for the dependabot.yml file](/github/administering-a-repository/configuration-options-for-dependency-updates)." + +## Leer más + +- "[Acerca de GitHub Actions](/actions/getting-started-with-github-actions/about-github-actions)" diff --git a/translations/es-ES/content/code-security/dependabot/working-with-dependabot/managing-encrypted-secrets-for-dependabot.md b/translations/es-ES/content/code-security/dependabot/working-with-dependabot/managing-encrypted-secrets-for-dependabot.md new file mode 100644 index 0000000000..a1e0968781 --- /dev/null +++ b/translations/es-ES/content/code-security/dependabot/working-with-dependabot/managing-encrypted-secrets-for-dependabot.md @@ -0,0 +1,91 @@ +--- +title: Administrar los secretos cifrados para el Dependabot +intro: 'Puedes almacenar la información sensible, como las contraseñas y tokens de acceso, como secretos cifrados y luego referenciarlos en el archivo de configuración del {% data variables.product.prodname_dependabot %}.' +redirect_from: + - /github/administering-a-repository/managing-encrypted-secrets-for-dependabot + - /code-security/supply-chain-security/managing-encrypted-secrets-for-dependabot + - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/managing-encrypted-secrets-for-dependabot +versions: + fpt: '*' + ghec: '*' + ghes: '>3.2' +type: how_to +topics: + - Dependabot + - Version updates + - Secret store + - Repositories + - Dependencies +shortTitle: Administrar los secretos cifrados +--- + +{% data reusables.dependabot.beta-security-and-version-updates %} + +## Acerca de los secretos cifrados para los {% data variables.product.prodname_dependabot %} + +Los secretos del {% data variables.product.prodname_dependabot %} son credenciales cifradas que creas ya sea a nivel de la organización o del repositorio. +Cuando agregas un secreto a nivel de la organización, puedes especificar qué repositorios pueden acceder a éste. Puedes utilizar secretos para permitir que el {% data variables.product.prodname_dependabot %} actualice las dependencias que se ubiquen en los registros del paquete. Cuando agregas un secreto que está cifrado antes de llegar a {% data variables.product.prodname_dotcom %} y permanece cifrado hasta que lo utiliza el {% data variables.product.prodname_dependabot %} para acceder a un registro de paquetes privado. + +Después de que agregas un secreto del {% data variables.product.prodname_dependabot %}, puedes referenciarlo en el archivo de configuración _dependabot.yml_ de esta forma: {% raw %}`${{secrets.NAME}}`{% endraw %}, en donde "NAME" es el nombre que eliges para el secreto. Por ejemplo: + +{% raw %} +```yaml +password: ${{secrets.MY_ARTIFACTORY_PASSWORD}} +``` +{% endraw %} + +For more information, see "[Configuration options for the dependabot.yml file](/github/administering-a-repository/configuration-options-for-dependency-updates#configuration-options-for-private-registries)." + +### Nombrar tus secretos + +El nombre de un secreto del {% data variables.product.prodname_dependabot %}: +* Solo puede contener caracteres alfanuméricos (`[A-Z]`, `[0-9]`) o guiones bajos (`_`). No se permiten espacios. Si escribes en minúscula, se cambiará todo a mayúsculas. +* No puede iniciar con el prefijo `GITHUB_`. +* No puede iniciar con un número. + +## Agregar un secreto de repositorio para el {% data variables.product.prodname_dependabot %} + +{% data reusables.actions.permissions-statement-secrets-repository %} + +{% data reusables.repositories.navigate-to-repo %} +{% data reusables.repositories.sidebar-settings %} +{% data reusables.actions.sidebar-secret %} +{% data reusables.dependabot.dependabot-secrets-button %} +1. Da clic en **Secreto de repositorio nuevo**. +1. Teclea un nombre para tu secreto en el cuadro de entrada **Name**. +1. Ingresa el valor de tu secreto. +1. Haz clic en **Agregar secreto** (Agregar secreto). + + El nombre del secreto se lista en la página de secretos del Dependabot. Puedes hacer clic en **Actualizar** para cambiar el valor del secreto. Puedes hacer clic en **Eliminar** para borrar el secreto. + + ![Actualizar o eliminar un secreto del repositorio](/assets/images/help/dependabot/update-remove-repo-secret.png) + +## Agregar un secreto de organización para el {% data variables.product.prodname_dependabot %} + +Cuando creas un secreto en una organización, puedes utilizar una política para limitar el acceso de los repositorios a este. Por ejemplo, puedes otorgar acceso a todos los repositorios, o limitarlo a solo los repositorios privados o a una lista específica de estos. + +{% data reusables.actions.permissions-statement-secrets-organization %} + +{% data reusables.organizations.navigate-to-org %} +{% data reusables.organizations.org_settings %} +{% data reusables.actions.sidebar-secret %} +{% data reusables.dependabot.dependabot-secrets-button %} +1. Da clic en **Secreto de organización nuevo**. +1. Teclea un nombre para tu secreto en el cuadro de entrada **Name**. +1. Ingresa el **Valor** para tu secreto. +1. Desde la lista desplegable **Acceso de los repositorios**, elige una política de acceso. +1. Si eliges **Repositorios seleccionados**: + + * Da clic en {% octicon "gear" aria-label="The Gear icon" %}. + * Elige los repositorios que pueden acceder a este secreto. ![Selecciona los repositorios para este secreto](/assets/images/help/dependabot/secret-repository-access.png) + * Haz clic en **Actualizar selección**. + +1. Haz clic en **Agregar secreto** (Agregar secreto). + + El nombre del secreto se lista en la página de secretos del Dependabot. Puedes hacer clic en **Actualizar** para cambiar el valor del secreto o su política de acceso. Puedes hacer clic en **Eliminar** para borrar el secreto. + + ![Actualiza o elimina un secreto de organización](/assets/images/help/dependabot/update-remove-org-secret.png) + +## Agregar al {% data variables.product.prodname_dependabot %} a tu lista de direcciones IP permitidas de tus registros + +Si tu registro privado se configura con una lista de direcciones IP permitidas, puedes encontrar las direcciones IP que utiliza el {% data variables.product.prodname_dependabot %} para acceder al registro en la terminal API del meta, bajo la clave `dependabot`. Para obtener más información, consulta la sección "[Meta](/rest/reference/meta)". diff --git a/translations/es-ES/content/code-security/dependabot/working-with-dependabot/managing-pull-requests-for-dependency-updates.md b/translations/es-ES/content/code-security/dependabot/working-with-dependabot/managing-pull-requests-for-dependency-updates.md new file mode 100644 index 0000000000..2d6833e15f --- /dev/null +++ b/translations/es-ES/content/code-security/dependabot/working-with-dependabot/managing-pull-requests-for-dependency-updates.md @@ -0,0 +1,66 @@ +--- +title: Administrar las solicitudes de extracción para las actualizaciones de dependencia +intro: 'Administrarás las solicitudes de extracción que levante el {% data variables.product.prodname_dependabot %} de casi la misma forma que cualquier otra solicitud de extracción, pero hay algunas opciones adicionales.' +redirect_from: + - /github/administering-a-repository/managing-pull-requests-for-dependency-updates + - /code-security/supply-chain-security/managing-pull-requests-for-dependency-updates + - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/managing-pull-requests-for-dependency-updates +versions: + fpt: '*' + ghec: '*' + ghes: '> 3.2' +type: how_to +topics: + - Repositories + - Version updates + - Security updates + - Pull requests + - Dependencies + - Vulnerabilities +shortTitle: Administrar las solicitudes de cambios del Dependabot +--- + +{% data reusables.dependabot.beta-security-and-version-updates %} +{% data reusables.dependabot.enterprise-enable-dependabot %} + +## Acerca de las solicitudes de extracción del {% data variables.product.prodname_dependabot %} + +{% data reusables.dependabot.pull-request-introduction %} + +Cuando el {% data variables.product.prodname_dependabot %} levanta una solicitud de extracción, se te notificará con el método que hayas escogido para el repositorio. Cada solicitud de cambios contiene información detallada sobre el cambio propusto, que se toma del administrador de paquetes. Estas solicitudes de extracción siguen las revisiones y pruebas normales que se definieron en tu repositorio. +{% ifversion fpt or ghec %}Adicionalmente, cuando haya suficiente información disponible, verás una puntuación de compatibilidad. Esto también podría ayudarte a decidir si quieres fusionar el cambio o no. Para obtener información sobre esta puntuación, consulta la sección "[Acerca de las {% data variables.product.prodname_dependabot_security_updates %}](/github/managing-security-vulnerabilities/about-dependabot-security-updates)".{% endif %} + +Si tienes muchas dependencias para administrar, tal vez quieras personalizar la configuración para cada administrador de paquete y que así, las solicitudes de extracción tengan revisores, asignados, y etiquetas específicos. Para obtener más información, consulta la sección "[Personalizar actualizaciones de dependencias](/github/administering-a-repository/customizing-dependency-updates)". + +## Visualizar las solicitudes de extracción del {% data variables.product.prodname_dependabot %} + +{% data reusables.repositories.navigate-to-repo %} +{% data reusables.repositories.sidebar-pr %} +1. Cualquier solicitud de cambio de actualizaciones de versión o de seguridad se puede identificar fácilmente. + - El autor es {% ifversion fpt or ghec %}[dependabot](https://github.com/dependabot){% else %}dependabot{% endif %}, la cuenta bot que utiliza el {% data variables.product.prodname_dependabot %}. + - Predeterminadamente, tienen la etiqueta `dependencies`. + +## Cambiar la estrategia de rebase para las solicitudes de extracción del {% data variables.product.prodname_dependabot %} + +Predeterminadamente, el {% data variables.product.prodname_dependabot %} rebasa automáticamente las solicitudes de extracción para resolver cualquier conflicto. Si prefieres manejar los conflictos de fusión manualmente, puedes inhabilitar esta opción utilizando la opción de `rebase-strategy`. For details, see "[Configuration options for the dependabot.yml file](/github/administering-a-repository/configuration-options-for-dependency-updates#rebase-strategy)." + +## Administrar las solicitudes de extracción del {% data variables.product.prodname_dependabot %} con comandos de comentario + +El {% data variables.product.prodname_dependabot %} responde a comandos simples en los comentarios. Cada solicitud de cambios contiene detalles de los comandos que puedes utilizar para procesarla (por ejemplo: para fusionarla, combinarla, reabrirla, cerrarla o rebasarla) bajo la sección de "comandos y opciones del {% data variables.product.prodname_dependabot %}". El objetivo es facilitar tanto como sea posible el que se pueda clasificar automáticamente las solicitudes de extracción generadas. + +Puedes utilizar cualquiera de los siguientes comandos en una solicitud de cambios del {% data variables.product.prodname_dependabot %}. + +- `@dependabot cancel merge` cancela una fusión previamente solicitada. +- `@dependabot close` cierra la solicitud de cambios y previene que el {% data variables.product.prodname_dependabot %} vuelva a crearla. Puedes lograr el mismo resultado si cierras la solicitud de cambios manualmente. +- `@dependabot ignore this dependency` cierra la solicitud de cambios y previene que {% data variables.product.prodname_dependabot %} cree más solicitudes de cambios para esta dependencia (a menos de que vuelvas a abrir la solicitud de cambios para mejorarla a la versión sugerida de la dependencia tú mismo). +- `@dependabot ignore this major version` cierra la solicitud de cambios y previene que el {% data variables.product.prodname_dependabot %} cree más solicitudes de cambio para esta versión mayor (a menos de que vuelvas a abrir la solicitud de cambios o de que tú mismo mejores a esta versión mayor). +- `@dependabot ignore this minor version` cierra la solicitud de cambios y previene que el {% data variables.product.prodname_dependabot %} cree más solicitudes de cambio para esta versión menor (a menos de que vuelvas a abrir la solicitud de cambios o que tú mismo mejores a esta versión menor). +- `@dependabot merge` fusiona la solicitud de cambios una vez que tus pruebas de IC hayan pasado. +- `@dependabot rebase` rebasa la solicitud de cambios. +- `@dependabot recreate` vuelve a crear la solicitud de cambios, sobreescribiendo cualquier edición que se le haya hecho. +- `@dependabot reopen` vuelve a abrir la solicitud de cambios si es que se había cerrado. +- `@dependabot squash and merge` combina y fusiona la solicitud de cambios una vez que hayan pasado tus pruebas de IC. + +El {% data variables.product.prodname_dependabot %} reaccionará con un emoji de "pulgares arriba" para reconocer el comando y podrá responder con un comentario de la solicitud de cambios. Si bien el {% data variables.product.prodname_dependabot %} a menudo responde rápidamente, algunos comandos podrían tardar varios minutos para completarse si el {% data variables.product.prodname_dependabot %} está ocupado procesando otras actualizaciones o comandos. + +Si ejecutas cualquiera de los comandos para ignorar las dependencias o las versiones, el {% data variables.product.prodname_dependabot %} almacena las preferencias para el repositorio centralmente. Si bien esta es una solución rápida, para aquellos repositorios con más de un colaborador, es mejor definir explícitamente las dependencias y versiones a ignorar en el archivo de configuración. Esto hace que todos los colaboradores puedan ver más fácilmente por qué una dependencia en particular no se está actualizando automáticamente. For more information, see "[Configuration options for the dependabot.yml file](/github/administering-a-repository/configuration-options-for-dependency-updates#ignore)." diff --git a/translations/es-ES/content/code-security/dependabot/working-with-dependabot/troubleshooting-dependabot-errors.md b/translations/es-ES/content/code-security/dependabot/working-with-dependabot/troubleshooting-dependabot-errors.md new file mode 100644 index 0000000000..0566e72e6b --- /dev/null +++ b/translations/es-ES/content/code-security/dependabot/working-with-dependabot/troubleshooting-dependabot-errors.md @@ -0,0 +1,129 @@ +--- +title: Solucionar problemas de los errores del Dependabot +intro: 'Algunas veces, el {% data variables.product.prodname_dependabot %} no puede levantar solicitudes de cambios para actualizar tus dependencias. Puedes revisar el error y desbloquear al {% data variables.product.prodname_dependabot %}.' +shortTitle: Solución de errores +redirect_from: + - /github/managing-security-vulnerabilities/troubleshooting-github-dependabot-errors + - /github/managing-security-vulnerabilities/troubleshooting-dependabot-errors + - /code-security/supply-chain-security/troubleshooting-dependabot-errors + - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/troubleshooting-dependabot-errors +versions: + fpt: '*' + ghec: '*' + ghes: '>3.2' +type: how_to +topics: + - Dependabot + - Security updates + - Version updates + - Repositories + - Pull requests + - Troubleshooting + - Errors + - Dependencies +--- + +{% data reusables.dependabot.beta-security-and-version-updates %} + +{% data reusables.dependabot.enterprise-enable-dependabot %} + +## Acerca de los errores del {% data variables.product.prodname_dependabot %} + +{% data reusables.dependabot.pull-request-introduction %} + +Si existe algo que impida que el {% data variables.product.prodname_dependabot %} levante una solicitud de cambios, esto se reporta como un error. + +## Investigar los errores de las {% data variables.product.prodname_dependabot_security_updates %} + +Cuando se bloquea al {% data variables.product.prodname_dependabot %} y no puede crear una solicitud de cambios para arreglar una alerta del {% data variables.product.prodname_dependabot %}, éste publica el mensaje de error en la alerta. La vista de {% data variables.product.prodname_dependabot_alerts %} muestra una lista de cualquier alerta que aún no se haya resuelto. Para acceder a la vista de alertas, da clic en **{% data variables.product.prodname_dependabot_alerts %}** en la pestaña de **Seguridad** del repositorio. Donde sea que se genere una solicitud de cambios que arregle una dependencia vulnerable, la alerta incluirá un enlace a dicha solicitud. + +![Vista de las {% data variables.product.prodname_dependabot_alerts %} que muestra un enlace a una solicitud de cambios](/assets/images/help/dependabot/dependabot-alert-pr-link.png) + +Hay tres razones por las cuales una alerta pudiera no tener un enlace a una solicitud de cambios: + +1. No se han habilitado las {% data variables.product.prodname_dependabot_security_updates %} en el repositorio. +1. La alerta es para una dependencia transitoria o indirecta que no se definió explícitamente en un archivo de bloqueo. +1. Un error bloqueó al {% data variables.product.prodname_dependabot %} y éste no puede crear una solicitud de cambios. + +Si existe un error que bloqueó al {% data variables.product.prodname_dependabot %} y éste no puede crear una solicitud de cambios, puedes mostrar los detalles del error si das clic en la alerta. + +## Investigar los errores de las {% data variables.product.prodname_dependabot_version_updates %} + +Cuando el {% data variables.product.prodname_dependabot %} se bloquea y no puede crear una solicitud de cambios para actualizar una dependencia en un ecosistema, éste publica el icono de error en el archivo de manifiesto. Los archivos de manifiesto que administra el {% data variables.product.prodname_dependabot %} se listan en la pestaña de {% data variables.product.prodname_dependabot %}. Para acceder a esta pestaña, en la pestaña de **perspectivas** del repositorio, da clic en **Gráfica de dependencias**, y luego en la pestaña **{% data variables.product.prodname_dependabot %}**. + +![vista del {% data variables.product.prodname_dependabot %} que muestra un error](/assets/images/help/dependabot/dependabot-tab-view-error.png) + +{% ifversion fpt or ghec %} + +Para ver el archivo de bitácora de cualquier archivo de manifiesto, da clic en el enlace de **Última revisión hace TIEMPO**. Cuando muestras el archivo de bitácora de un manifiesto que se muestra con un símbolo de error (por ejemplo, Maven en la impresión de pantalla anterior), cualquier error se mostrará también. + +![Error y bitácora de una actualizacón de versión del {% data variables.product.prodname_dependabot %} ](/assets/images/help/dependabot/dependabot-version-update-error.png) + +{% else %} + +Para ver las bitácoras de cualquier archivo de manifiesto, haz clic en el enlace de **Verificado por última vez HACE** y luego en **Ver bitácoras**. + +![Error y bitácora de una actualizacón de versión del {% data variables.product.prodname_dependabot %} ](/assets/images/enterprise/3.3/dependabot/dependabot-version-update-error.png) + +{% endif %} + +## Entender los errores del {% data variables.product.prodname_dependabot %} + +Las solicitudes de cambios para las actualizaciones de seguridad actúan para mejorar una dependencia vulnerable a la versión mínima que incluya un arreglo de la vulnerabilidad. Por el contrario, las solicitudes de cambios para las actualizaciones de versión actúan para mejorar una dependencia a la última versión que permite el paquete de archivos de manifiesto y de configuración del {% data variables.product.prodname_dependabot %}. Como consecuencia, algunos errores son específicos de un tipo de actualización. + +### El {% data variables.product.prodname_dependabot %} no puede actualizar la DEPENDENCIA a una versión no-vulnerable + +**Únicamente actualizaciones de seguridad.** El {% data variables.product.prodname_dependabot %} no puede crear una solicitud de cambios para actualizar la dependencia vulnerable a una versión segura sin afectar otras dependencias en la gráfica de dependencias de este repositorio. + +Cada aplicación que tenga dependencias tiene una gráfica de dependencias, esto es, una gráfica acíclica dirigida de cada versión de paquete de la cual depende la aplicación directa o indirectamente. Cada vez que se actualiza una dependencia, esta gráfica debe resolverse o la aplicación no se compilará. Cuando un ecosistema tiene una gráfica de dependencias profunda y compleja, por ejemplo, npm y RubyGems, es a menudo imposible mejorar una sola dependencia sin mejorar todo el ecosistema. + +La mejor forma de evitar este problema es mantenerse actualizado con los lanzamientos de versiones más recientes, por ejemplo, habilitando las actualizaciones de versión. Esto aumenta la probabilidad de que una vulnerabilidad en alguna dependencia pueda resolverse con una mejora simple que no afecte la gráfica de dependencias. For more information, see "[Configuring {% data variables.product.prodname_dependabot %} version updates](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-dependabot-version-updates)." + +### El {% data variables.product.prodname_dependabot %} no puede actualizar a la versión requerida porque ya existe una solicitud de cambios abierta para la última versión + +**Únicamente actualizaciones de seguridad.** El {% data variables.product.prodname_dependabot %}no creará una solicitud de cambios para actualizar la dependencia vulnerable a una versión segura porque ya existe una solicitud de cambios abierta para actualizar dicha dependencia. Verás éste error cuando se detecte una vulnerabilidad en una dependencia específica y ya exista una solicitud de cambios abierta para actualizar dicha dependencia a la última versión disponible. + +Existen dos opciones: puedes revisar la solicitud de cambios abierta y fusionarla tan pronto como puedas garantizar que el cambio es seguro, o cerrar la solicitud de cambios y activar una solicitud nueva de actualización de seguridad. Para obtener más información, consulta la sección "[Activar una solicitud de cambios del {% data variables.product.prodname_dependabot %} manualmente](#triggering-a-dependabot-pull-request-manually)". + +### El {% data variables.product.prodname_dependabot %} agotó el tiempo de espera durante su actualización + +El {% data variables.product.prodname_dependabot %} tardó más del límite de tiempo máximo permitido para valorar la actualización requerida y preparar una solicitud de cambios. Este error a menudo se ve únicamente en los repositorios grandes con muchos archivos de manifiesto, por ejemplo, en los proyectos de npm o yarn monorepo, que tienen cientos de archivos *package.json*. Las actualizaciones en el ecosistema de Composer también llevan más tiempo para su valoración y podrían exceder el tiempo de espera. + +Es difícil tratar a este error. Si una actualización de versión excede el tiempo de espera, podrías especificar las dependencias más importantes a actualizar utilizando el parámetro `allow` o, como alternativa, utilizar el parámetro `ignore` para excluir algunas de las dependencias de estas actualizaciones. El actualizar tu configuración podría permitir que el {% data variables.product.prodname_dependabot %} revise la actualización de versión y genere la solicitud de cambios en el tiempo disponible. + +Si una actualización de seguridad excede el tiempo de espera, puedes reducir la probabilidad de que esto suceda si mantienes las dependencias actualizadas, por ejemplo, habilitando las actualizaciones de versión. For more information, see "[Configuring {% data variables.product.prodname_dependabot %} version updates](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-dependabot-version-updates)." + +### El {% data variables.product.prodname_dependabot %} no puede abrir más solicitudes de cambios + +Hay un límite en la cantidad de solicitudes de cambios abiertas que el {% data variables.product.prodname_dependabot %} puede generar. Cuando se llega a éste límite, no se podrán abrir más solicitudes de cambios y se reportará este error. La mejor forma de resolver este error es revisar y fusionar algunas de las solicitudes de cambios abiertas. + +Hay límites separados para las solicitudes de cambios de actualización de seguridad y de versión, y esto es para que aquellas de actualización de versión no bloqueen la creación de las de actualización de seguridad. El límite para las solicitudes de cambios de actualizaciones de seguridad es de 10. Predeterminadamente, el límite para las actualizaciones de versión es de 5, pero puedes cambiar ésto utilizando el parámetro `open-pull-requests-limit` en el archivo de configuración. For more information, see "[Configuration options for the dependabot.yml file](/github/administering-a-repository/configuration-options-for-dependency-updates#open-pull-requests-limit)." + +La mejor forma de resolver este error es fusionar o cerrar algunas de las solicitudes de cambios existentes y activar una solicitud de cambios nueva manualmente. Para obtener más información, consulta la sección "[Activar una solicitud de cambios del {% data variables.product.prodname_dependabot %} manualmente](#triggering-a-dependabot-pull-request-manually)". + +### El {% data variables.product.prodname_dependabot %} no puede resolver o acceder a tus dependencias + +Si el {% data variables.product.prodname_dependabot %} intenta verificar si las referencias de la dependencia necesitan actualizarse en un repositorio, pero no puede acceder a uno o más de los archivos referenciados, la operación fallará con el mensaje de error "{% data variables.product.prodname_dependabot %} can't resolve your LANGUAGE dependency files". El tipo de error de la API es `git_dependencies_not_reachable`. + +De forma similar, si el {% data variables.product.prodname_dependabot %} no puede acceder a un registro de un paquete privado en el cual se ubica la dependencia, se generará alguno de los siguientes errores: + +* "El dependabot no puede llegar a la dependencia en un registro de paquete privado"
(Tipo de error de la API: `private_source_not_reachable`) +* "El Dependabot no puede autenticarse en un registro de paquete privado"
(Tipo de error de la API:`private_source_authentication_failure`) +* "El Dependabot llegó al límite de tiempo de espera para un registro de paquete privado"
(Tipo de error de la API:`private_source_timed_out`) +* "El Dependabot no pudo validar el certificado para un registro de paquete privado"
(Tipo de error de la API:`private_source_certificate_failure`) + +Para permitir añ {% data variables.product.prodname_dependabot %} actualizar las referencias de dependencia exitosamente, asegúrate que todas las dependencias referencias se hospeden en ubicaciones accesibles. + +**Únicamente actualizaciones de versión** {% data reusables.dependabot.private-dependencies-note %} Adicionalmente, el {% data variables.product.prodname_dependabot %} no es compatible con dependencias de {% data variables.product.prodname_dotcom %} privadas para todos los administradores de paquetes. Para obtener más información, consulta la sección "[Acerca de las actualizaciones de versión del Dependabot](/github/administering-a-repository/about-dependabot-version-updates#supported-repositories-and-ecosystems)". + +## Activar una solicitud de cambios del {% data variables.product.prodname_dependabot %} manualmente + +Si desbloqueas al {% data variables.product.prodname_dependabot %}, puedes activar manualmente un nuevo intento de crear una solicitud de cambios. + +- **Actualizaciones de seguridad**—muestra la alerta del {% data variables.product.prodname_dependabot %} que presente el error que arreglaste y da clic en **Crear una actualización de seguridad del {% data variables.product.prodname_dependabot %}**. +- **Actualizaciones de versión**—en la pestaña de **Perspectivas** del repositorio, da clic en **Gráfica de dependencias** y luego en la pestaña de **Dependabot**. Da clic en **Verificado hace *TIME*** para ver el archivo de bitácora que generó el {% data variables.product.prodname_dependabot %} durante la última verificación de actualizaciones de versión. Da clic en **Verificar actualizaciones**. + +## Leer más + +- "[Troubleshooting the dependency graph](/code-security/supply-chain-security/understanding-your-software-supply-chain/troubleshooting-the-dependency-graph)" +- "[Solucionar problemas en la detección de dependencias vulnerables](/code-security/dependabot/working-with-dependabot/troubleshooting-the-detection-of-vulnerable-dependencies)" diff --git a/translations/es-ES/content/code-security/dependabot/working-with-dependabot/troubleshooting-the-detection-of-vulnerable-dependencies.md b/translations/es-ES/content/code-security/dependabot/working-with-dependabot/troubleshooting-the-detection-of-vulnerable-dependencies.md new file mode 100644 index 0000000000..f74b635180 --- /dev/null +++ b/translations/es-ES/content/code-security/dependabot/working-with-dependabot/troubleshooting-the-detection-of-vulnerable-dependencies.md @@ -0,0 +1,93 @@ +--- +title: Solucionar problemas en la detección de dependencias vulnerables +intro: 'Si la información de la dependencia que reportó {% data variables.product.product_name %} no es lo que esperabas, hay varios puntos a considerar y varias cosas que puedes revisar.' +shortTitle: Troubleshoot vulnerability detection +redirect_from: + - /github/managing-security-vulnerabilities/troubleshooting-the-detection-of-vulnerable-dependencies + - /code-security/supply-chain-security/troubleshooting-the-detection-of-vulnerable-dependencies + - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/troubleshooting-the-detection-of-vulnerable-dependencies +versions: + fpt: '*' + ghes: '*' + ghae: issue-4864 + ghec: '*' +type: how_to +topics: + - Dependabot + - Alerts + - Troubleshooting + - Errors + - Security updates + - Dependencies + - Vulnerabilities + - CVEs + - Repositories +--- + +{% data reusables.dependabot.beta-security-and-version-updates %} +{% data reusables.dependabot.result-discrepancy %} + +## ¿Por qué parece que faltan algunas dependencias? + +{% data variables.product.prodname_dotcom %} genera y muestra los datos de las dependencias de forma diferente a otras herramientas. En consecuencia, si has estado utilizando otra herramienta para identificar dependencias, muy probablemente encuentres resultados diferentes. Considera lo sigueinte: + +* {% data variables.product.prodname_advisory_database %} es una de las fuentes de datos que utiliza {% data variables.product.prodname_dotcom %} para identificar las dependencias vulnerables. Es una base de datos de información de vulnerabilidades orgtanizada y gratuita para los ecosistemas de paquetes comunes en {% data variables.product.prodname_dotcom %}. Esta incluye tanto los datos reportados directamente a {% data variables.product.prodname_dotcom %} desde {% data variables.product.prodname_security_advisories %}, así como las fuentes oficiales y las comunitarias. {% data variables.product.prodname_dotcom %} revisa y organiza estos datos para garantizar que la información falsa o inprocesable no se comparta con la comunidad de desarrollo. {% data reusables.security-advisory.link-browsing-advisory-db %} +* La gráfica de dependencias analiza todos los archivos de manifiesto de paquetes conocidos en un repositorio de usuario. Por ejemplo, para npm analizará el archivo _package-lock.json_. Construye una gráfica de todas las dependencias del repositorio y de los dependientes públicos. Esto sucede cuando habilitas la gráfica de dependencias y cuando alguien hace cargas a la rama predeterminada, y esto incluye a las confirmaciones que hacen cambios a un formato de manifiesto compatible. For more information, see "[About the dependency graph](/github/visualizing-repository-data-with-graphs/about-the-dependency-graph)" and "[Troubleshooting the dependency graph](/code-security/supply-chain-security/understanding-your-software-supply-chain/troubleshooting-the-dependency-graph)." +* {% data variables.product.prodname_dependabot %} escanea cualquier subida a la rama predeterminada que contenga un archivo de manifiesto. Cuando se agrega un registro de vulnerabilidad nuevo, este escanea todos los repositorios existentes y genera una alerta para cada repositorio vulnerable. Las {% data variables.product.prodname_dependabot_alerts %} se agregan a nivel del repositorio, en vez de crear una alerta por cada vulnerabilidad. For more information, see "[About {% data variables.product.prodname_dependabot_alerts %}](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)." +* {% ifversion fpt or ghec or ghes > 3.2 %}{% data variables.product.prodname_dependabot_security_updates %} se activa cuando recibes una alerta sobre una dependencia vulnerable en tu repositorio. Cuando sea posible, el {% data variables.product.prodname_dependabot %} creará una solicitud de cambios en tu repositorio para actualizar la dependencia vulnerable a la versión segura mínima posible que se requiere para evitar la vulnerabilidad. Para obtener más información, consulta las secciones "[Acerca de las {% data variables.product.prodname_dependabot_security_updates %}](/github/managing-security-vulnerabilities/about-dependabot-security-updates)" y "[Solucionar problemas en los errores del {% data variables.product.prodname_dependabot %}](/github/managing-security-vulnerabilities/troubleshooting-dependabot-errors)". + + {% endif %}El {% data variables.product.prodname_dependabot %} no escanea los repositorios para encontrar dependencias vulnerables en horarios específicos, sino cuando algo cambia. Por ejemplo, se activará un escaneo cuando se agregue una dependencia nueva ({% data variables.product.prodname_dotcom %} verifica esto en cada subida) o cuando se agrega una vulnerabilidad a la base de datos de las asesorías {% ifversion ghes or ghae-issue-4864 %} y se sincroniza con {% data variables.product.product_location %}{% endif %}. Para obtener más información, consulta la sección "[Acerca de las {% data variables.product.prodname_dependabot_alerts %}](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies#detection-of-vulnerable-dependencies)". + +## Do {% data variables.product.prodname_dependabot_alerts %} only relate to vulnerable dependencies in manifests and lockfiles? + +Las {% data variables.product.prodname_dependabot_alerts %} te asesoran sobre las dependencias que debes actualizar, incluyendo aquellas transitivas en donde la versión se puede determinar desde un manifiesto o lockfile. {% ifversion fpt or ghec or ghes > 3.2 %}Las {% data variables.product.prodname_dependabot_security_updates %} solo sugieren un cambio donde el {% data variables.product.prodname_dependabot %} pueda "arreglar" la dependencia directamente, es decir, cuando estas son: +* Dependencias directas declaradas explícitamente en un manifiesto o lockfile +* Dependencias transitorias declaradas en un archivo de bloqueo{% endif %} + +**Verifica**; ¿Acaso no se especifica la vulnerabilidad no detectada para un componente en el manifiesto o lockfile del repositorio? + +## ¿Por qué no me llegan alertas de vulnerabilidades de algunos ecosistemas? + +{% data variables.product.prodname_dotcom %} limita su soporte para alertas de vulnerabilidades a un conjunto de ecosistemas donde podemos proporcionar datos procesables de alta calidad. Las vulnerabilidades que se seleccionan para la {% data variables.product.prodname_advisory_database %}, la gráfica de dependencias, las actualizaciones de seguridad del {% ifversion fpt or ghec %}{% data variables.product.prodname_dependabot %} {% endif %}y las {% data variables.product.prodname_dependabot_alerts %} se proporcionan para diversos ecosistemas, incluyendo Maven de Java, Yarn y npm de Javascript, NuGet de .NET, pip de Python, RubyGems de Ruby y Composer de PHP. Seguiremos agregando soporte para más ecosistemas a la larga. Para obtener una vista general de los ecosistemas de paquete que soportamos, consulta la sección "[Acerca del gráfico de dependencias](/github/visualizing-repository-data-with-graphs/about-the-dependency-graph#supported-package-ecosystems)". + +No vale de nada que las Asesorías de Seguridad de {% data variables.product.prodname_dotcom %} pudiese existir para otros ecosistemas. La información en una asesoría de seguridad la porporcionan los mantenedores de un repositorio específico. Estos datos no se organizan de la misma forma que la información para los ecosistemas compatibles. {% ifversion fpt or ghec %}Para obtener más información, consulta la sección "[Acerca de las Asesorías de Seguridad de {% data variables.product.prodname_dotcom %}](/github/managing-security-vulnerabilities/about-github-security-advisories)."{% endif %} + +**Verifica**: ¿Acaso la vulnerabilidad que no se detectó aplica a algún ecosistema no compatible? + +## ¿Acaso el {% data variables.product.prodname_dependabot %} genera alertas para vulnerabilidades que se han conocido por muchos años? + +La {% data variables.product.prodname_advisory_database %} se lanzó en noviembre de 2019 e incialmente rellenó la inclusión de vulnerabilidades informáticas para los ecosistemas compatibles, comenzando en 2017. Cuando agregas CVE a la base de datos, priorizamos la organización de CVE nuevos y los CVE que afecten las versiones nuevas del software. + +Alguna información sobre las vulnerabilidades antiguas se encuentra disponible, especialmente en donde estos CVE se diseminan específicamente, sin embargo, algunas vulnerabilidades no se incluyen en la {% data variables.product.prodname_advisory_database %}. Si hay una vulnerabilidad antigua específica la cual necesites incluir en la base de datos, contacta a {% data variables.contact.contact_support %}. + +**Verifica**: ¿Acaso la vulnerabilidad no detectada tiene una fecha depublicación más antigua de 2017 en la Base de Datos de Vulnerabilidades Nacional? + +## Por qué la {% data variables.product.prodname_advisory_database %} utiliza un subconjunto de datos de vulnerabilidades publicados? + +Algunas herramientas de terceros utilizan datos de CVE sin organizar y no las verificó ni filtró un humano. Esto significa que los CVE con errores de etiquetado o de severidad, o con cualquier problema de calidad, causarán alertas más frecuentes, ruidosas y menos útiles. + +Ya que {% data variables.product.prodname_dependabot %} utiliza datos organizado en la {% data variables.product.prodname_advisory_database %}, la cantidad de alertas podría ser menor, pero las alertas que sí recibas serán exactas y relevantes. + +{% ifversion fpt or ghec %} +## ¿Acaso cada vulnerabilidad de la dependencia genera una alerta separada? + +Cuando una dependencia tiene vulnerabilidades múltiples, se genera una alerta para cada una de ellas a nivel de la asesoría más el manifiesto. + +![Captura de pantalla de la pestaña de {% data variables.product.prodname_dependabot_alerts %} que muestra dos alertas del mismo paquete con diferentes manifiestos.](/assets/images/help/repository/dependabot-alerts-view.png) + +Las {% data variables.product.prodname_dependabot_alerts %} tradicionales se agruparon en una sola alerta agregada con todas las vulnerabilidades de la misma dependencia. Si navegas a un enlace a una alerta tradicional del {% data variables.product.prodname_dependabot %}, se te redirigirá a la pestaña de {% data variables.product.prodname_dependabot_alerts %} filtrada para mostrar vulnerabilidades de ese paquete y manifiesto dependientes. + +![Captura de pantalla de la pestaña de {% data variables.product.prodname_dependabot_alerts %} que muestra las alertas filtradas cuando se navega desde una alerta tradicional del {% data variables.product.prodname_dependabot %}.](/assets/images/help/repository/legacy-dependabot-alerts-view.png) + +El conteo de {% data variables.product.prodname_dependabot_alerts %} en {% data variables.product.prodname_dotcom %} muestra el total de la cantidad de alertas, el cual es el número de vulnerabilidades y no la cantidad de dependencias. + +**Verifica**: Si hay alguna discrepancia en los totales que ves, verifica que no estés comparando números de alerta con números de dependencia. También, verifica que estés viendo todas las alertas y no solo un subconjunto de alertas filtradas. +{% endif %} + +## Leer más + +- "[Acerca de las {% data variables.product.prodname_dependabot_alerts %}](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)" +- "[Viewing {% data variables.product.prodname_dependabot_alerts %} for vulnerable dependencies](/github/managing-security-vulnerabilities/viewing-and-updating-vulnerable-dependencies-in-your-repository)" +- "[Administrar la configuración de seguridad y de análisis para tu organización](/github/administering-a-repository/managing-security-and-analysis-settings-for-your-repository)" +- "[Troubleshooting the dependency graph](/code-security/supply-chain-security/understanding-your-software-supply-chain/troubleshooting-the-dependency-graph)"{% ifversion fpt or ghec or ghes > 3.2 %} +- "[Solucionar problemas de los errores del {% data variables.product.prodname_dependabot %}](/github/managing-security-vulnerabilities/troubleshooting-dependabot-errors)"{% endif %} diff --git a/translations/es-ES/content/code-security/getting-started/github-security-features.md b/translations/es-ES/content/code-security/getting-started/github-security-features.md index 19655b0a18..21c6e0e3f7 100644 --- a/translations/es-ES/content/code-security/getting-started/github-security-features.md +++ b/translations/es-ES/content/code-security/getting-started/github-security-features.md @@ -37,7 +37,7 @@ Privately discuss and fix security vulnerabilities in your repository's code. Yo ### {% data variables.product.prodname_dependabot_alerts %} and security updates -View alerts about dependencies that are known to contain security vulnerabilities, and choose whether to have pull requests generated automatically to update these dependencies. For more information, see "[About alerts for vulnerable dependencies](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)" +View alerts about dependencies that are known to contain security vulnerabilities, and choose whether to have pull requests generated automatically to update these dependencies. For more information, see "[About {% data variables.product.prodname_dependabot_alerts %}](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)" and "[About {% data variables.product.prodname_dependabot_security_updates %}](/github/managing-security-vulnerabilities/about-dependabot-security-updates)." {% endif %} @@ -46,7 +46,7 @@ and "[About {% data variables.product.prodname_dependabot_security_updates %}](/ {% data reusables.dependabot.dependabot-alerts-beta %} -View alerts about dependencies that are known to contain security vulnerabilities, and manage these alerts. For more information, see "[About alerts for vulnerable dependencies](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)." +View alerts about dependencies that are known to contain security vulnerabilities, and manage these alerts. For more information, see "[About {% data variables.product.prodname_dependabot_alerts %}](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)." {% endif %} {% ifversion fpt or ghec or ghes > 3.2 %} diff --git a/translations/es-ES/content/code-security/getting-started/securing-your-organization.md b/translations/es-ES/content/code-security/getting-started/securing-your-organization.md index bd40761fce..667abbef44 100644 --- a/translations/es-ES/content/code-security/getting-started/securing-your-organization.md +++ b/translations/es-ES/content/code-security/getting-started/securing-your-organization.md @@ -48,7 +48,7 @@ You can create a default security policy that will display in any of your organi {% data reusables.dependabot.dependabot-alerts-beta %} {% data reusables.dependabot.dependabot-alerts-dependency-graph-enterprise %} -For more information, see "[About alerts for vulnerable dependencies](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)," "[Exploring the dependencies of a repository](/code-security/supply-chain-security/exploring-the-dependencies-of-a-repository#enabling-and-disabling-the-dependency-graph-for-a-private-repository)," and "[Managing security and analysis settings for your organization](/organizations/keeping-your-organization-secure/managing-security-and-analysis-settings-for-your-organization)." +For more information, see "[About {% data variables.product.prodname_dependabot_alerts %}](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)," "[Exploring the dependencies of a repository](/code-security/supply-chain-security/exploring-the-dependencies-of-a-repository#enabling-and-disabling-the-dependency-graph-for-a-private-repository)," and "[Managing security and analysis settings for your organization](/organizations/keeping-your-organization-secure/managing-security-and-analysis-settings-for-your-organization)." {% endif %} {% ifversion fpt or ghes > 3.1 or ghae-issue-4864 or ghec %} @@ -79,7 +79,7 @@ For more information, see "[About {% data variables.product.prodname_dependabot_ You can enable {% data variables.product.prodname_dependabot %} to automatically raise pull requests to keep your dependencies up-to-date. For more information, see "[About {% data variables.product.prodname_dependabot_version_updates %}](/code-security/supply-chain-security/about-dependabot-version-updates)." -To enable {% data variables.product.prodname_dependabot_version_updates %}, you must create a *dependabot.yml* configuration file. For more information, see "[Enabling and disabling {% data variables.product.prodname_dependabot %} version updates](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-dependabot-version-updates)." +To enable {% data variables.product.prodname_dependabot_version_updates %}, you must create a *dependabot.yml* configuration file. For more information, see "[Configuring {% data variables.product.prodname_dependabot %} version updates](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-dependabot-version-updates)." {% endif %} @@ -135,7 +135,7 @@ For more information, see "[Managing security and analysis settings for your org ## Next steps {% ifversion fpt or ghes > 3.1 or ghec %}You can view, filter, and sort security alerts for repositories owned by your organization in the security overview. For more information, see "[About the security overview](/code-security/security-overview/about-the-security-overview)."{% endif %} -You can view and manage alerts from security features to address dependencies and vulnerabilities in your code. For more information, see {% ifversion fpt or ghes or ghec %} "[Viewing and updating vulnerable dependencies in your repository](/code-security/supply-chain-security/viewing-and-updating-vulnerable-dependencies-in-your-repository),"{% endif %} {% ifversion fpt or ghec or ghes > 3.2 %}"[Managing pull requests for dependency updates](/code-security/supply-chain-security/managing-pull-requests-for-dependency-updates)," {% endif %}"[Managing {% data variables.product.prodname_code_scanning %} for your repository](/code-security/secure-coding/managing-code-scanning-alerts-for-your-repository)," and "[Managing alerts from {% data variables.product.prodname_secret_scanning %}](/code-security/secret-security/managing-alerts-from-secret-scanning)." +You can view and manage alerts from security features to address dependencies and vulnerabilities in your code. For more information, see {% ifversion fpt or ghes or ghec %} "[Viewing {% data variables.product.prodname_dependabot_alerts %} for vulnerable dependencies](/code-security/supply-chain-security/viewing-and-updating-vulnerable-dependencies-in-your-repository),"{% endif %} {% ifversion fpt or ghec or ghes > 3.2 %}"[Managing pull requests for dependency updates](/code-security/supply-chain-security/managing-pull-requests-for-dependency-updates)," {% endif %}"[Managing {% data variables.product.prodname_code_scanning %} for your repository](/code-security/secure-coding/managing-code-scanning-alerts-for-your-repository)," and "[Managing alerts from {% data variables.product.prodname_secret_scanning %}](/code-security/secret-security/managing-alerts-from-secret-scanning)." {% ifversion fpt or ghec %}If you have a security vulnerability, you can create a security advisory to privately discuss and fix the vulnerability. For more information, see "[About {% data variables.product.prodname_security_advisories %}](/code-security/security-advisories/about-github-security-advisories)" and "[Creating a security advisory](/code-security/security-advisories/creating-a-security-advisory)." {% endif %} diff --git a/translations/es-ES/content/code-security/getting-started/securing-your-repository.md b/translations/es-ES/content/code-security/getting-started/securing-your-repository.md index 293eb3185b..1073b342f8 100644 --- a/translations/es-ES/content/code-security/getting-started/securing-your-repository.md +++ b/translations/es-ES/content/code-security/getting-started/securing-your-repository.md @@ -75,7 +75,7 @@ For more information, see "[Exploring the dependencies of a repository](/code-se {% data reusables.dependabot.dependabot-alerts-beta %} {% data reusables.dependabot.dependabot-alerts-dependency-graph-enterprise %} -For more information, see "[About alerts for vulnerable dependencies](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies){% ifversion fpt or ghec %}" and "[Managing security and analysis settings for your user account](/github/setting-up-and-managing-your-github-user-account/managing-security-and-analysis-settings-for-your-user-account){% endif %}." +For more information, see "[About {% data variables.product.prodname_dependabot_alerts %}](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies){% ifversion fpt or ghec %}" and "[Managing security and analysis settings for your user account](/github/setting-up-and-managing-your-github-user-account/managing-security-and-analysis-settings-for-your-user-account){% endif %}." {% endif %} @@ -111,7 +111,7 @@ For more information, see "[About {% data variables.product.prodname_dependabot_ You can enable {% data variables.product.prodname_dependabot %} to automatically raise pull requests to keep your dependencies up-to-date. For more information, see "[About {% data variables.product.prodname_dependabot_version_updates %}](/code-security/supply-chain-security/about-dependabot-version-updates)." -To enable {% data variables.product.prodname_dependabot_version_updates %}, you must create a *dependabot.yml* configuration file. For more information, see "[Enabling and disabling {% data variables.product.prodname_dependabot %} version updates](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-dependabot-version-updates)." +To enable {% data variables.product.prodname_dependabot_version_updates %}, you must create a *dependabot.yml* configuration file. For more information, see "[Configuring {% data variables.product.prodname_dependabot %} version updates](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-dependabot-version-updates)." {% endif %} @@ -132,7 +132,7 @@ You can set up {% data variables.product.prodname_code_scanning %} to automatica {% endif %} ## Next steps -You can view and manage alerts from security features to address dependencies and vulnerabilities in your code. For more information, see {% ifversion fpt or ghes or ghec %} "[Viewing and updating vulnerable dependencies in your repository](/code-security/supply-chain-security/viewing-and-updating-vulnerable-dependencies-in-your-repository),"{% endif %} {% ifversion fpt or ghec or ghes > 3.2 %}"[Managing pull requests for dependency updates](/code-security/supply-chain-security/managing-pull-requests-for-dependency-updates)," {% endif %}"[Managing {% data variables.product.prodname_code_scanning %} for your repository](/code-security/secure-coding/managing-code-scanning-alerts-for-your-repository)," and "[Managing alerts from {% data variables.product.prodname_secret_scanning %}](/code-security/secret-security/managing-alerts-from-secret-scanning)." +You can view and manage alerts from security features to address dependencies and vulnerabilities in your code. For more information, see {% ifversion fpt or ghes or ghec %} "[Viewing {% data variables.product.prodname_dependabot_alerts %} for vulnerable dependencies](/code-security/supply-chain-security/viewing-and-updating-vulnerable-dependencies-in-your-repository),"{% endif %} {% ifversion fpt or ghec or ghes > 3.2 %}"[Managing pull requests for dependency updates](/code-security/supply-chain-security/managing-pull-requests-for-dependency-updates)," {% endif %}"[Managing {% data variables.product.prodname_code_scanning %} for your repository](/code-security/secure-coding/managing-code-scanning-alerts-for-your-repository)," and "[Managing alerts from {% data variables.product.prodname_secret_scanning %}](/code-security/secret-security/managing-alerts-from-secret-scanning)." {% ifversion fpt or ghec %}If you have a security vulnerability, you can create a security advisory to privately discuss and fix the vulnerability. For more information, see "[About {% data variables.product.prodname_security_advisories %}](/code-security/security-advisories/about-github-security-advisories)" and "[Creating a security advisory](/code-security/security-advisories/creating-a-security-advisory)." {% endif %} diff --git a/translations/es-ES/content/code-security/guides.md b/translations/es-ES/content/code-security/guides.md index 5a086ef693..f039f78ff4 100644 --- a/translations/es-ES/content/code-security/guides.md +++ b/translations/es-ES/content/code-security/guides.md @@ -75,7 +75,6 @@ includeGuides: - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/managing-pull-requests-for-dependency-updates - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-alerts-for-vulnerable-dependencies - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-dependabot-security-updates - - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-managing-vulnerable-dependencies - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/browsing-security-vulnerabilities-in-the-github-advisory-database - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/editing-security-advisories-in-the-github-advisory-database - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/configuring-dependabot-security-updates diff --git a/translations/es-ES/content/code-security/index.md b/translations/es-ES/content/code-security/index.md index 19f3861138..e7248afec2 100644 --- a/translations/es-ES/content/code-security/index.md +++ b/translations/es-ES/content/code-security/index.md @@ -54,6 +54,7 @@ children: - /code-scanning - /repository-security-advisories - /supply-chain-security + - /dependabot - /security-overview - /guides --- diff --git a/translations/es-ES/content/code-security/security-overview/about-the-security-overview.md b/translations/es-ES/content/code-security/security-overview/about-the-security-overview.md index caac5c1400..5f830ae100 100644 --- a/translations/es-ES/content/code-security/security-overview/about-the-security-overview.md +++ b/translations/es-ES/content/code-security/security-overview/about-the-security-overview.md @@ -28,7 +28,7 @@ shortTitle: Acerca del resumen de seguridad Puedes utilizar el resumen de seguirdad para tener una vista de nivel alto del estado de seguridad de tu organización o para identificar repositorios problemáticos que requieren intervención. You can view aggregate or repository-specific security information in the security overview. You can also use the security overview to see which security features are enabled for your repositories and to configure any available security features that are not currently in use. -El resumen de seguridad indica si se encuentran habilitadas las características de {% ifversion fpt or ghes > 3.1 or ghec %}seguridad{% endif %}{% ifversion ghae %}{% data variables.product.prodname_GH_advanced_security %}{% endif %} para los repositorios que pertenecen a tu organización y consolida las alertas para cada característica.{% ifversion fpt or ghes > 3.1 or ghec %} Las características de seguridad incluyen aquellas de {% data variables.product.prodname_GH_advanced_security %}, como el {% data variables.product.prodname_code_scanning %} y el {% data variables.product.prodname_secret_scanning %}, así como las {% data variables.product.prodname_dependabot_alerts %}.{% endif %} Para obtener más información sobre las características de la {% data variables.product.prodname_GH_advanced_security %}, consulta la sección "[Acerca de la {% data variables.product.prodname_GH_advanced_security %}](/get-started/learning-about-github/about-github-advanced-security)".{% ifversion fpt or ghes > 3.1 or ghec %} Para obtener más información sobre las {% data variables.product.prodname_dependabot_alerts %}, consulta la sección "[Acerca de las alertas para las dependencias vulnerables](/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-alerts-for-vulnerable-dependencies#dependabot-alerts-for-vulnerable-dependencies)".{% endif %} +The security overview indicates whether {% ifversion fpt or ghes > 3.1 or ghec %}security{% endif %}{% ifversion ghae %}{% data variables.product.prodname_GH_advanced_security %}{% endif %} features are enabled for repositories owned by your organization and consolidates alerts for each feature.{% ifversion fpt or ghes > 3.1 or ghec %} Security features include {% data variables.product.prodname_GH_advanced_security %} features, such as {% data variables.product.prodname_code_scanning %} and {% data variables.product.prodname_secret_scanning %}, as well as {% data variables.product.prodname_dependabot_alerts %}.{% endif %} For more information about {% data variables.product.prodname_GH_advanced_security %} features, see "[About {% data variables.product.prodname_GH_advanced_security %}](/get-started/learning-about-github/about-github-advanced-security)."{% ifversion fpt or ghes > 3.1 or ghec %} For more information about {% data variables.product.prodname_dependabot_alerts %}, see "[About {% data variables.product.prodname_dependabot_alerts %}](/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-alerts-for-vulnerable-dependencies#dependabot-alerts-for-vulnerable-dependencies)."{% endif %} Para obtener más información sobre cómo proteger tu código a nivel de repositorio u organización, consulta las secciones "[Proteger tu repositorio](/code-security/getting-started/securing-your-repository)" y "[Proteger tu organización](/code-security/getting-started/securing-your-organization)". @@ -54,7 +54,7 @@ Para cada repositorio en el resumen de seguridad, verás iconos de cada tipo de | ------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | {% octicon "code-square" aria-label="Code scanning alerts" %} | Alertas de {% data variables.product.prodname_code_scanning_capc %}. Para obtener más información, consulta la sección "[Acerca del {% data variables.product.prodname_code_scanning %}](/code-security/secure-coding/about-code-scanning)". | | {% octicon "key" aria-label="Secret scanning alerts" %} | alertas del {% data variables.product.prodname_secret_scanning_caps %}. Para obtener más información, consulta la sección "[Acerca del {% data variables.product.prodname_secret_scanning %}](/code-security/secret-security/about-secret-scanning)". | -| {% octicon "hubot" aria-label="Dependabot alerts" %} | {% data variables.product.prodname_dependabot_alerts %}. Para obtener más información, consulta la sección "[Acerca de las alertas para las dependencias vulnerables](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)". | +| {% octicon "hubot" aria-label="Dependabot alerts" %} | {% data variables.product.prodname_dependabot_alerts %}. For more information, see "[About {% data variables.product.prodname_dependabot_alerts %}](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)." | | {% octicon "check" aria-label="Check" %} | La característica de seguridad se habilitó pero no levanta alertas en este repositorio. | | {% octicon "x" aria-label="x" %} | La característica de seguridad no es compatible con este repositorio. | diff --git a/translations/es-ES/content/code-security/supply-chain-security/index.md b/translations/es-ES/content/code-security/supply-chain-security/index.md index d21ada7e42..25c7cbfb69 100644 --- a/translations/es-ES/content/code-security/supply-chain-security/index.md +++ b/translations/es-ES/content/code-security/supply-chain-security/index.md @@ -16,8 +16,6 @@ topics: - Repositories children: - /understanding-your-software-supply-chain - - /keeping-your-dependencies-updated-automatically - - /managing-vulnerabilities-in-your-projects-dependencies - /end-to-end-supply-chain --- diff --git a/translations/es-ES/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/about-dependabot-version-updates.md b/translations/es-ES/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/about-dependabot-version-updates.md deleted file mode 100644 index 0a2e98654a..0000000000 --- a/translations/es-ES/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/about-dependabot-version-updates.md +++ /dev/null @@ -1,68 +0,0 @@ ---- -title: About Dependabot version updates -intro: 'You can use {% data variables.product.prodname_dependabot %} to keep the packages you use updated to the latest versions.' -redirect_from: - - /github/administering-a-repository/about-dependabot - - /github/administering-a-repository/about-github-dependabot - - /github/administering-a-repository/about-github-dependabot-version-updates - - /github/administering-a-repository/about-dependabot-version-updates - - /code-security/supply-chain-security/about-dependabot-version-updates - - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/upgrading-from-dependabotcom-to-github-native-dependabot -versions: - fpt: '*' - ghec: '*' - ghes: '> 3.2' -type: overview -topics: - - Dependabot - - Version updates - - Repositories - - Dependencies - - Pull requests -shortTitle: Dependabot version updates ---- - -{% data reusables.dependabot.beta-security-and-version-updates %} -{% data reusables.dependabot.enterprise-enable-dependabot %} - -## About {% data variables.product.prodname_dependabot_version_updates %} - -{% data variables.product.prodname_dependabot %} takes the effort out of maintaining your dependencies. You can use it to ensure that your repository automatically keeps up with the latest releases of the packages and applications it depends on. - -You enable {% data variables.product.prodname_dependabot_version_updates %} by checking a configuration file into your repository. The configuration file specifies the location of the manifest, or of other package definition files, stored in your repository. {% data variables.product.prodname_dependabot %} uses this information to check for outdated packages and applications. {% data variables.product.prodname_dependabot %} determines if there is a new version of a dependency by looking at the semantic versioning ([semver](https://semver.org/)) of the dependency to decide whether it should update to that version. For certain package managers, {% data variables.product.prodname_dependabot_version_updates %} also supports vendoring. Vendored (or cached) dependencies are dependencies that are checked in to a specific directory in a repository rather than referenced in a manifest. Vendored dependencies are available at build time even if package servers are unavailable. {% data variables.product.prodname_dependabot_version_updates %} can be configured to check vendored dependencies for new versions and update them if necessary. - -When {% data variables.product.prodname_dependabot %} identifies an outdated dependency, it raises a pull request to update the manifest to the latest version of the dependency. For vendored dependencies, {% data variables.product.prodname_dependabot %} raises a pull request to replace the outdated dependency with the new version directly. You check that your tests pass, review the changelog and release notes included in the pull request summary, and then merge it. For more information, see "[Enabling and disabling {% data variables.product.prodname_dependabot %} version updates](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-dependabot-version-updates)." - -If you enable _security updates_, {% data variables.product.prodname_dependabot %} also raises pull requests to update vulnerable dependencies. For more information, see "[About {% data variables.product.prodname_dependabot_security_updates %}](/github/managing-security-vulnerabilities/about-dependabot-security-updates)." - -{% data reusables.dependabot.pull-request-security-vs-version-updates %} - -{% data reusables.dependabot.dependabot-tos %} - -## Frequency of {% data variables.product.prodname_dependabot %} pull requests - -You specify how often to check each ecosystem for new versions in the configuration file: daily, weekly, or monthly. - -{% data reusables.dependabot.initial-updates %} - -If you've enabled security updates, you'll sometimes see extra pull requests for security updates. These are triggered by a {% data variables.product.prodname_dependabot %} alert for a dependency on your default branch. {% data variables.product.prodname_dependabot %} automatically raises a pull request to update the vulnerable dependency. - -## Supported repositories and ecosystems - - -You can configure version updates for repositories that contain a dependency manifest or lock file for one of the supported package managers. For some package managers, you can also configure vendoring for dependencies. For more information, see "[Configuration options for dependency updates](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/configuration-options-for-dependency-updates#vendor)." -{% note %} - -{% data reusables.dependabot.private-dependencies-note %} - -{% data variables.product.prodname_dependabot %} doesn't support private {% data variables.product.prodname_dotcom %} dependencies for all package managers. See the details in the table below. - -{% endnote %} - -{% data reusables.dependabot.supported-package-managers %} - -If your repository already uses an integration for dependency management, you will need to disable this before enabling {% data variables.product.prodname_dependabot %}. {% ifversion fpt or ghec %}For more information, see "[About integrations](/github/customizing-your-github-workflow/about-integrations)."{% endif %} - -## About notifications for {% data variables.product.prodname_dependabot %} version updates - -You can filter your notifications on {% data variables.product.company_short %} to show notifications for pull requests created by {% data variables.product.prodname_dependabot %}. For more information, see "[Managing notifications from your inbox](/github/managing-subscriptions-and-notifications-on-github/managing-notifications-from-your-inbox)." diff --git a/translations/es-ES/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/automating-dependabot-with-github-actions.md b/translations/es-ES/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/automating-dependabot-with-github-actions.md deleted file mode 100644 index 9b97e577a9..0000000000 --- a/translations/es-ES/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/automating-dependabot-with-github-actions.md +++ /dev/null @@ -1,555 +0,0 @@ ---- -title: Automating Dependabot with GitHub Actions -intro: 'Examples of how you can use {% data variables.product.prodname_actions %} to automate common {% data variables.product.prodname_dependabot %} related tasks.' -permissions: 'People with write permissions to a repository can configure {% data variables.product.prodname_actions %} to respond to {% data variables.product.prodname_dependabot %}-created pull requests.' -miniTocMaxHeadingLevel: 3 -versions: - fpt: '*' - ghec: '*' - ghes: '>3.2' -type: how_to -topics: - - Actions - - Dependabot - - Version updates - - Security updates - - Repositories - - Dependencies - - Pull requests -shortTitle: Use Dependabot with Actions ---- - -{% data reusables.dependabot.beta-security-and-version-updates %} -{% data reusables.dependabot.enterprise-enable-dependabot %} - -## About {% data variables.product.prodname_dependabot %} and {% data variables.product.prodname_actions %} - -{% data variables.product.prodname_dependabot %} creates pull requests to keep your dependencies up to date, and you can use {% data variables.product.prodname_actions %} to perform automated tasks when these pull requests are created. For example, fetch additional artifacts, add labels, run tests, or otherwise modifying the pull request. - -## Responding to events - -{% data variables.product.prodname_dependabot %} is able to trigger {% data variables.product.prodname_actions %} workflows on its pull requests and comments; however, certain events are treated differently. - -{% ifversion fpt or ghec or ghes > 3.3 or ghae-issue-5792 %} -For workflows initiated by {% data variables.product.prodname_dependabot %} (`github.actor == "dependabot[bot]"`) using the `pull_request`, `pull_request_review`, `pull_request_review_comment`, `push`, `create`, `deployment`, and `deployment_status` events, the following restrictions apply: -{% endif %} - -- {% ifversion ghes = 3.3 %}`GITHUB_TOKEN` has read-only permissions, unless your administrator has removed restrictions.{% else %}`GITHUB_TOKEN` has read-only permissions by default.{% endif %} -- {% ifversion ghes = 3.3 %}Secrets are inaccessible, unless your administrator has removed restrictions.{% else %}Secrets are populated from {% data variables.product.prodname_dependabot %} secrets. {% data variables.product.prodname_actions %} secrets are not available.{% endif %} - -{% ifversion fpt or ghec or ghes > 3.3 or ghae-issue-5792 %} -For workflows initiated by {% data variables.product.prodname_dependabot %} (`github.actor == "dependabot[bot]"`) using the `pull_request_target` event, if the base ref of the pull request was created by {% data variables.product.prodname_dependabot %} (`github.actor == "dependabot[bot]"`), the `GITHUB_TOKEN` will be read-only and secrets are not available. -{% endif %} - -For more information, see ["Keeping your GitHub Actions and workflows secure: Preventing pwn requests"](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/). - -{% ifversion fpt or ghec or ghes > 3.3 %} - -### Changing `GITHUB_TOKEN` permissions - -By default, {% data variables.product.prodname_actions %} workflows triggered by {% data variables.product.prodname_dependabot %} get a `GITHUB_TOKEN` with read-only permissions. You can use the `permissions` key in your workflow to increase the access for the token: - -{% raw %} - -```yaml -name: CI -on: pull_request - -# Set the access for individual scopes, or use permissions: write-all -permissions: - pull-requests: write - issues: write - repository-projects: write - ... - -jobs: - ... -``` - -{% endraw %} - -For more information, see "[Modifying the permissions for the GITHUB_TOKEN](/actions/security-guides/automatic-token-authentication#modifying-the-permissions-for-the-github_token)." - -### Accessing secrets - -When a {% data variables.product.prodname_dependabot %} event triggers a workflow, the only secrets available to the workflow are {% data variables.product.prodname_dependabot %} secrets. {% data variables.product.prodname_actions %} secrets are not available. Consequently, you must store any secrets that are used by a workflow triggered by {% data variables.product.prodname_dependabot %} events as {% data variables.product.prodname_dependabot %} secrets. For more information, see "[Managing encrypted secrets for Dependabot](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/managing-encrypted-secrets-for-dependabot)". - -{% data variables.product.prodname_dependabot %} secrets are added to the `secrets` context and referenced using exactly the same syntax as secrets for {% data variables.product.prodname_actions %}. For more information, see "[Encrypted secrets](/actions/security-guides/encrypted-secrets#using-encrypted-secrets-in-a-workflow)." - -If you have a workflow that will be triggered by {% data variables.product.prodname_dependabot %} and also by other actors, the simplest solution is to store the token with the permissions required in an action and in a {% data variables.product.prodname_dependabot %} secret with identical names. Then the workflow can include a single call to these secrets. If the secret for {% data variables.product.prodname_dependabot %} has a different name, use conditions to specify the correct secrets for different actors to use. For examples that use conditions, see "[Common automations](#common-dependabot-automations)" below. - -To access a private container registry on AWS with a user name and password, a workflow must include a secret for `username` and `password`. In the example below, when {% data variables.product.prodname_dependabot %} triggers the workflow, the {% data variables.product.prodname_dependabot %} secrets with the names `READONLY_AWS_ACCESS_KEY_ID` and `READONLY_AWS_ACCESS_KEY` are used. If another actor triggers the workflow, the actions secrets with those names are used. - -{% raw %} - -```yaml -name: CI -on: - pull_request: - branches: [ main ] - -jobs: - build: - runs-on: ubuntu-latest - steps: - - name: Checkout repository - uses: actions/checkout@v2 - - - name: Login to private container registry for dependencies - uses: docker/login-action@v1 - with: - registry: https://1234567890.dkr.ecr.us-east-1.amazonaws.com - username: ${{ secrets.READONLY_AWS_ACCESS_KEY_ID }} - password: ${{ secrets.READONLY_AWS_ACCESS_KEY }} - - - name: Build the Docker image - run: docker build . --file Dockerfile --tag my-image-name:$(date +%s) -``` - -{% endraw %} - -{% endif %} - -{% ifversion ghes = 3.3 %} - -{% note %} - -**Note:** Your site administrator can override these restrictions for {% data variables.product.product_location %}. For more information, see "[Troubleshooting {% data variables.product.prodname_actions %} for your enterprise](/admin/github-actions/advanced-configuration-and-troubleshooting/troubleshooting-github-actions-for-your-enterprise#troubleshooting-failures-when-dependabot-triggers-existing-workflows)." - -If the restrictions are removed, when a workflow is triggered by {% data variables.product.prodname_dependabot %} it will have access to {% data variables.product.prodname_actions %} secrets and can use the `permissions` term to increase the default scope of the `GITHUB_TOKEN` from read-only access. You can ignore the specific steps in the "Handling `pull_request` events" and "Handling `push` events" sections, as it no longer applies. - -{% endnote %} - -### Handling `pull_request` events - -If your workflow needs access to secrets or a `GITHUB_TOKEN` with write permissions, you have two options: using `pull_request_target`, or using two separate workflows. We will detail using `pull_request_target` in this section, and using two workflows below in "[Handling `push` events](#handling-push-events)." - -Below is a simple example of a `pull_request` workflow that might now be failing: - -{% raw %} - -```yaml -### This workflow now has no secrets and a read-only token -name: Dependabot Workflow -on: - pull_request - -jobs: - dependabot: - runs-on: ubuntu-latest - # Always check the actor is Dependabot to prevent your workflow from failing on non-Dependabot PRs - if: ${{ github.actor == 'dependabot[bot]' }} - steps: - - uses: actions/checkout@v2 -``` - -{% endraw %} - -You can replace `pull_request` with `pull_request_target`, which is used for pull requests from forks, and explicitly check out the pull request `HEAD`. - -{% warning %} - -**Warning:** Using `pull_request_target` as a substitute for `pull_request` exposes you to insecure behavior. We recommend you use the two workflow method, as described below in "[Handling `push` events](#handling-push-events)." - -{% endwarning %} - -{% raw %} - -```yaml -### This workflow has access to secrets and a read-write token -name: Dependabot Workflow -on: - pull_request_target - -permissions: - # Downscope as necessary, since you now have a read-write token - -jobs: - dependabot: - runs-on: ubuntu-latest - if: ${{ github.actor == 'dependabot[bot]' }} - steps: - - uses: actions/checkout@v2 - with: - # Check out the pull request HEAD - ref: ${{ github.event.pull_request.head.sha }} - github-token: ${{ secrets.GITHUB_TOKEN }} -``` - -{% endraw %} - -It is also strongly recommended that you downscope the permissions granted to the `GITHUB_TOKEN` in order to avoid leaking a token with more privilege than necessary. For more information, see "[Permissions for the `GITHUB_TOKEN`](/actions/reference/authentication-in-a-workflow#permissions-for-the-github_token)." - -### Handling `push` events - -As there is no `pull_request_target` equivalent for `push` events, you will have to use two workflows: one untrusted workflow that ends by uploading artifacts, which triggers a second trusted workflow that downloads artifacts and continues processing. - -The first workflow performs any untrusted work: - -{% raw %} - -```yaml -### This workflow doesn't have access to secrets and has a read-only token -name: Dependabot Untrusted Workflow -on: - push - -jobs: - check-dependabot: - runs-on: ubuntu-latest - if: ${{ github.actor == 'dependabot[bot]' }} - steps: - - uses: ... -``` - -{% endraw %} - -The second workflow performs trusted work after the first workflow completes successfully: - -{% raw %} - -```yaml -### This workflow has access to secrets and a read-write token -name: Dependabot Trusted Workflow -on: - workflow_run: - workflows: ["Dependabot Untrusted Workflow"] - types: - - completed - -permissions: - # Downscope as necessary, since you now have a read-write token - -jobs: - dependabot: - runs-on: ubuntu-latest - if: ${{ github.event.workflow_run.conclusion == 'success' }} - steps: - - uses: ... -``` - -{% endraw %} - -{% endif %} - -### Manually re-running a workflow - -You can also manually re-run a failed Dependabot workflow, and it will run with a read-write token and access to secrets. Before manually re-running a failed workflow, you should always check the dependency being updated to ensure that the change doesn't introduce any malicious or unintended behavior. - -## Common Dependabot automations - -Here are several common scenarios that can be automated using {% data variables.product.prodname_actions %}. - -{% ifversion ghes = 3.3 %} - -{% note %} - -**Note:** If your site administrator has overridden restrictions for {% data variables.product.prodname_dependabot %} on {% data variables.product.product_location %}, you can use `pull_request` instead of `pull_request_target` in the following workflows. - -{% endnote %} - -{% endif %} - -### Fetch metadata about a pull request - -A large amount of automation requires knowing information about the contents of the pull request: what the dependency name was, if it's a production dependency, and if it's a major, minor, or patch update. - -The `dependabot/fetch-metadata` action provides all that information for you: - -{% ifversion ghes = 3.3 %} - -{% raw %} - -```yaml -name: Dependabot fetch metadata -on: pull_request_target - -permissions: - pull-requests: write - issues: write - repository-projects: write - -jobs: - dependabot: - runs-on: ubuntu-latest - if: ${{ github.actor == 'dependabot[bot]' }} - steps: - - name: Dependabot metadata - id: dependabot-metadata - uses: dependabot/fetch-metadata@v1.1.1 - with: - github-token: "${{ secrets.GITHUB_TOKEN }}" - # The following properties are now available: - # - steps.dependabot-metadata.outputs.dependency-names - # - steps.dependabot-metadata.outputs.dependency-type - # - steps.dependabot-metadata.outputs.update-type -``` - -{% endraw %} - -{% else %} - -{% raw %} - -```yaml -name: Dependabot fetch metadata -on: pull_request - -permissions: - pull-requests: write - issues: write - repository-projects: write - -jobs: - dependabot: - runs-on: ubuntu-latest - if: ${{ github.actor == 'dependabot[bot]' }} - steps: - - name: Dependabot metadata - id: metadata - uses: dependabot/fetch-metadata@v1.1.1 - with: - github-token: "${{ secrets.GITHUB_TOKEN }}" - # The following properties are now available: - # - steps.metadata.outputs.dependency-names - # - steps.metadata.outputs.dependency-type - # - steps.metadata.outputs.update-type -``` - -{% endraw %} - -{% endif %} - -For more information, see the [`dependabot/fetch-metadata`](https://github.com/dependabot/fetch-metadata) repository. - -### Label a pull request - -If you have other automation or triage workflows based on {% data variables.product.prodname_dotcom %} labels, you can configure an action to assign labels based on the metadata provided. - -For example, if you want to flag all production dependency updates with a label: - -{% ifversion ghes = 3.3 %} - -{% raw %} - -```yaml -name: Dependabot auto-label -on: pull_request_target - -permissions: - pull-requests: write - issues: write - repository-projects: write - -jobs: - dependabot: - runs-on: ubuntu-latest - if: ${{ github.actor == 'dependabot[bot]' }} - steps: - - name: Dependabot metadata - id: dependabot-metadata - uses: dependabot/fetch-metadata@v1.1.1 - with: - github-token: "${{ secrets.GITHUB_TOKEN }}" - - name: Add a label for all production dependencies - if: ${{ steps.dependabot-metadata.outputs.dependency-type == 'direct:production' }} - run: gh pr edit "$PR_URL" --add-label "production" - env: - PR_URL: ${{github.event.pull_request.html_url}} -``` - -{% endraw %} - -{% else %} - -{% raw %} - -```yaml -name: Dependabot auto-label -on: pull_request - -permissions: - pull-requests: write - issues: write - repository-projects: write - -jobs: - dependabot: - runs-on: ubuntu-latest - if: ${{ github.actor == 'dependabot[bot]' }} - steps: - - name: Dependabot metadata - id: metadata - uses: dependabot/fetch-metadata@v1.1.1 - with: - github-token: "${{ secrets.GITHUB_TOKEN }}" - - name: Add a label for all production dependencies - if: ${{ steps.metadata.outputs.dependency-type == 'direct:production' }} - run: gh pr edit "$PR_URL" --add-label "production" - env: - PR_URL: ${{github.event.pull_request.html_url}} -``` - -{% endraw %} - -{% endif %} - -### Approve a pull request - -If you want to automatically approve Dependabot pull requests, you can use the {% data variables.product.prodname_cli %} in a workflow: - -{% ifversion ghes = 3.3 %} - -{% raw %} - -```yaml -name: Dependabot auto-approve -on: pull_request_target - -permissions: - pull-requests: write - -jobs: - dependabot: - runs-on: ubuntu-latest - if: ${{ github.actor == 'dependabot[bot]' }} - steps: - - name: Dependabot metadata - id: dependabot-metadata - uses: dependabot/fetch-metadata@v1.1.1 - with: - github-token: "${{ secrets.GITHUB_TOKEN }}" - - name: Approve a PR - run: gh pr review --approve "$PR_URL" - env: - PR_URL: ${{github.event.pull_request.html_url}} - GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} -``` - -{% endraw %} - -{% else %} - -{% raw %} - -```yaml -name: Dependabot auto-approve -on: pull_request - -permissions: - pull-requests: write - -jobs: - dependabot: - runs-on: ubuntu-latest - if: ${{ github.actor == 'dependabot[bot]' }} - steps: - - name: Dependabot metadata - id: metadata - uses: dependabot/fetch-metadata@v1.1.1 - with: - github-token: "${{ secrets.GITHUB_TOKEN }}" - - name: Approve a PR - run: gh pr review --approve "$PR_URL" - env: - PR_URL: ${{github.event.pull_request.html_url}} - GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} -``` - -{% endraw %} - -{% endif %} - -### Enable auto-merge on a pull request - -If you want to auto-merge your pull requests, you can use {% data variables.product.prodname_dotcom %}'s auto-merge functionality. This enables the pull request to be merged when all required tests and approvals are successfully met. For more information on auto-merge, see "[Automatically merging a pull request"](/pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/automatically-merging-a-pull-request)." - -Here is an example of enabling auto-merge for all patch updates to `my-dependency`: - -{% ifversion ghes = 3.3 %} - -{% raw %} - -```yaml -name: Dependabot auto-merge -on: pull_request_target - -permissions: - pull-requests: write - contents: write - -jobs: - dependabot: - runs-on: ubuntu-latest - if: ${{ github.actor == 'dependabot[bot]' }} - steps: - - name: Dependabot metadata - id: dependabot-metadata - uses: dependabot/fetch-metadata@v1.1.1 - with: - github-token: "${{ secrets.GITHUB_TOKEN }}" - - name: Enable auto-merge for Dependabot PRs - if: ${{contains(steps.dependabot-metadata.outputs.dependency-names, 'my-dependency') && steps.dependabot-metadata.outputs.update-type == 'version-update:semver-patch'}} - run: gh pr merge --auto --merge "$PR_URL" - env: - PR_URL: ${{github.event.pull_request.html_url}} - GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} -``` - -{% endraw %} - -{% else %} - -{% raw %} - -```yaml -name: Dependabot auto-merge -on: pull_request - -permissions: - pull-requests: write - contents: write - -jobs: - dependabot: - runs-on: ubuntu-latest - if: ${{ github.actor == 'dependabot[bot]' }} - steps: - - name: Dependabot metadata - id: metadata - uses: dependabot/fetch-metadata@v1.1.1 - with: - github-token: "${{ secrets.GITHUB_TOKEN }}" - - name: Enable auto-merge for Dependabot PRs - if: ${{contains(steps.metadata.outputs.dependency-names, 'my-dependency') && steps.metadata.outputs.update-type == 'version-update:semver-patch'}} - run: gh pr merge --auto --merge "$PR_URL" - env: - PR_URL: ${{github.event.pull_request.html_url}} - GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} -``` - -{% endraw %} - -{% endif %} - -## Troubleshooting failed workflow runs - -If your workflow run fails, check the following: - -{% ifversion ghes = 3.3 %} - -- You are running the workflow only when the correct actor triggers it. -- You are checking out the correct `ref` for your `pull_request`. -- You aren't trying to access secrets from within a Dependabot-triggered `pull_request`, `pull_request_review`, `pull_request_review_comment`, or `push` event. -- You aren't trying to perform any `write` actions from within a Dependabot-triggered `pull_request`, `pull_request_review`, `pull_request_review_comment`, or `push` event. - -{% else %} - -- You are running the workflow only when the correct actor triggers it. -- You are checking out the correct `ref` for your `pull_request`. -- Your secrets are available in {% data variables.product.prodname_dependabot %} secrets rather than as {% data variables.product.prodname_actions %} secrets. -- You have a `GITHUB_TOKEN` with the correct permissions. - -{% endif %} - -For information on writing and debugging {% data variables.product.prodname_actions %}, see "[Learning GitHub Actions](/actions/learn-github-actions)." diff --git a/translations/es-ES/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/configuration-options-for-dependency-updates.md b/translations/es-ES/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/configuration-options-for-dependency-updates.md deleted file mode 100644 index 4e18304d1a..0000000000 --- a/translations/es-ES/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/configuration-options-for-dependency-updates.md +++ /dev/null @@ -1,967 +0,0 @@ ---- -title: Configuration options for dependency updates -intro: 'Detailed information for all the options you can use to customize how {% data variables.product.prodname_dependabot %} maintains your repositories.' -permissions: 'People with write permissions to a repository can configure {% data variables.product.prodname_dependabot %} for the repository.' -redirect_from: - - /github/administering-a-repository/configuration-options-for-dependency-updates - - /code-security/supply-chain-security/configuration-options-for-dependency-updates -miniTocMaxHeadingLevel: 3 -versions: - fpt: '*' - ghec: '*' - ghes: '>3.2' -type: reference -topics: - - Dependabot - - Version updates - - Repositories - - Dependencies - - Pull requests -shortTitle: Configuration options ---- - -{% data reusables.dependabot.beta-security-and-version-updates %} -{% data reusables.dependabot.enterprise-enable-dependabot %} - -## About the *dependabot.yml* file - -The {% data variables.product.prodname_dependabot %} configuration file, *dependabot.yml*, uses YAML syntax. If you're new to YAML and want to learn more, see "[Learn YAML in five minutes](https://www.codeproject.com/Articles/1214409/Learn-YAML-in-five-minutes)." - -You must store this file in the `.github` directory of your repository. When you add or update the *dependabot.yml* file, this triggers an immediate check for version updates. For more information and an example, see "[Enabling and disabling {% data variables.product.prodname_dependabot %} version updates](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-dependabot-version-updates#enabling-dependabot-version-updates)." - -Any options that also affect security updates are used the next time a security alert triggers a pull request for a security update. For more information, see "[Configuring {% data variables.product.prodname_dependabot_security_updates %}](/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/configuring-dependabot-security-updates)." - -The *dependabot.yml* file has two mandatory top-level keys: `version`, and `updates`. You can, optionally, include a top-level `registries` key. The file must start with `version: 2`. - -## Configuration options for updates - -The top-level `updates` key is mandatory. You use it to configure how {% data variables.product.prodname_dependabot %} updates the versions or your project's dependencies. Each entry configures the update settings for a particular package manager. You can use the following options. - -| Option | Required | Description | -|:---|:---:|:---| -| [`package-ecosystem`](#package-ecosystem) | **X** | Package manager to use | -| [`directory`](#directory) | **X** | Location of package manifests | -| [`schedule.interval`](#scheduleinterval) | **X** | How often to check for updates | -| [`allow`](#allow) | | Customize which updates are allowed | -| [`assignees`](#assignees) | | Assignees to set on pull requests | -| [`commit-message`](#commit-message) | | Commit message preferences | -| [`ignore`](#ignore) | | Ignore certain dependencies or versions | -| [`insecure-external-code-execution`](#insecure-external-code-execution) | | Allow or deny code execution in manifest files | -| [`labels`](#labels) | | Labels to set on pull requests | -| [`milestone`](#milestone) | | Milestone to set on pull requests | -| [`open-pull-requests-limit`](#open-pull-requests-limit) | | Limit number of open pull requests for version updates| -| [`pull-request-branch-name.separator`](#pull-request-branch-nameseparator) | | Change separator for pull request branch names | -| [`rebase-strategy`](#rebase-strategy) | | Disable automatic rebasing | -| [`registries`](#registries) | | Private registries that {% data variables.product.prodname_dependabot %} can access| -| [`reviewers`](#reviewers) | | Reviewers to set on pull requests | -| [`schedule.day`](#scheduleday) | | Day of week to check for updates | -| [`schedule.time`](#scheduletime) | | Time of day to check for updates (hh:mm) | -| [`schedule.timezone`](#scheduletimezone) | | Timezone for time of day (zone identifier) | -| [`target-branch`](#target-branch) | | Branch to create pull requests against | -| [`vendor`](#vendor) | | Update vendored or cached dependencies | -| [`versioning-strategy`](#versioning-strategy) | | How to update manifest version requirements | - -These options fit broadly into the following categories. - -- Essential set up options that you must include in all configurations: [`package-ecosystem`](#package-ecosystem), [`directory`](#directory),[`schedule.interval`](#scheduleinterval). -- Options to customize the update schedule: [`schedule.time`](#scheduletime), [`schedule.timezone`](#scheduletimezone), [`schedule.day`](#scheduleday). -- Options to control which dependencies are updated: [`allow`](#allow), [`ignore`](#ignore), [`vendor`](#vendor). -- Options to add metadata to pull requests: [`reviewers`](#reviewers), [`assignees`](#assignees), [`labels`](#labels), [`milestone`](#milestone). -- Options to change the behavior of the pull requests: [`target-branch`](#target-branch), [`versioning-strategy`](#versioning-strategy), [`commit-message`](#commit-message), [`rebase-strategy`](#rebase-strategy), [`pull-request-branch-name.separator`](#pull-request-branch-nameseparator). - -In addition, the [`open-pull-requests-limit`](#open-pull-requests-limit) option changes the maximum number of pull requests for version updates that {% data variables.product.prodname_dependabot %} can open. - -{% note %} - -**Note:** Some of these configuration options may also affect pull requests raised for security updates of vulnerable package manifests. - -Security updates are raised for vulnerable package manifests only on the default branch. When configuration options are set for the same branch (true unless you use `target-branch`), and specify a `package-ecosystem` and `directory` for the vulnerable manifest, then pull requests for security updates use relevant options. - -In general, security updates use any configuration options that affect pull requests, for example, adding metadata or changing their behavior. For more information about security updates, see "[Configuring {% data variables.product.prodname_dependabot_security_updates %}](/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/configuring-dependabot-security-updates)." - -{% endnote %} - -### `package-ecosystem` - -**Required**. You add one `package-ecosystem` element for each package manager that you want {% data variables.product.prodname_dependabot %} to monitor for new versions. The repository must also contain a dependency manifest or lock file for each of these package managers. If you want to enable vendoring for a package manager that supports it, the vendored dependencies must be located in the required directory. For more information, see [`vendor`](#vendor) below. - -{% data reusables.dependabot.supported-package-managers %} - -```yaml -# Basic set up for three package managers - -version: 2 -updates: - - # Maintain dependencies for GitHub Actions - - package-ecosystem: "github-actions" - directory: "/" - schedule: - interval: "daily" - - # Maintain dependencies for npm - - package-ecosystem: "npm" - directory: "/" - schedule: - interval: "daily" - - # Maintain dependencies for Composer - - package-ecosystem: "composer" - directory: "/" - schedule: - interval: "daily" -``` - -### `directory` - -**Required**. You must define the location of the package manifests for each package manager (for example, the *package.json* or *Gemfile*). You define the directory relative to the root of the repository for all ecosystems except GitHub Actions. For GitHub Actions, set the directory to `/` to check for workflow files in `.github/workflows`. - -```yaml -# Specify location of manifest files for each package manager - -version: 2 -updates: - - package-ecosystem: "composer" - # Files stored in repository root - directory: "/" - schedule: - interval: "daily" - - - package-ecosystem: "npm" - # Files stored in `app` directory - directory: "/app" - schedule: - interval: "daily" - - - package-ecosystem: "github-actions" - # Workflow files stored in the - # default location of `.github/workflows` - directory: "/" - schedule: - interval: "daily" -``` - -### `schedule.interval` - -**Required**. You must define how often to check for new versions for each package manager. By default, {% data variables.product.prodname_dependabot %} randomly assigns a time to apply all the updates in the configuration file. To set a specific time, you can use [`schedule.time`](#scheduletime) and [`schedule.timezone`](#scheduletimezone). - -- `daily`—runs on every weekday, Monday to Friday. -- `weekly`—runs once each week. By default, this is on Monday. To modify this, use [`schedule.day`](#scheduleday). -- `monthly`—runs once each month. This is on the first day of the month. - -```yaml -# Set update schedule for each package manager - -version: 2 -updates: - - - package-ecosystem: "github-actions" - directory: "/" - schedule: - # Check for updates to GitHub Actions every weekday - interval: "daily" - - - package-ecosystem: "composer" - directory: "/" - schedule: - # Check for updates managed by Composer once a week - interval: "weekly" -``` - -{% note %} - -**Note**: `schedule` defines when {% data variables.product.prodname_dependabot %} attempts a new update. However, it's not the only time you may receive pull requests. Updates can be triggered based on changes to your `dependabot.yml` file, changes to your manifest file(s) after a failed update, or {% data variables.product.prodname_dependabot_security_updates %}. For more information, see "[Frequency of {% data variables.product.prodname_dependabot %} pull requests](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/about-dependabot-version-updates#frequency-of-dependabot-pull-requests)" and "[About {% data variables.product.prodname_dependabot_security_updates %}](/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-dependabot-security-updates)." - -{% endnote %} - -### `allow` - -{% data reusables.dependabot.default-dependencies-allow-ignore %} - -Use the `allow` option to customize which dependencies are updated. This applies to both version and security updates. You can use the following options: - -- `dependency-name`—use to allow updates for dependencies with matching names, optionally using `*` to match zero or more characters. For Java dependencies, the format of the `dependency-name` attribute is: `groupId:artifactId`, for example: `org.kohsuke:github-api`. -- `dependency-type`—use to allow updates for dependencies of specific types. - - | Dependency types | Supported by package managers | Allow updates | - |------------------|-------------------------------|--------| - | `direct` | All | All explicitly defined dependencies. | - | `indirect` | `bundler`, `pip`, `composer`, `cargo` | Dependencies of direct dependencies (also known as sub-dependencies, or transient dependencies).| - | `all` | All | All explicitly defined dependencies. For `bundler`, `pip`, `composer`, `cargo`, also the dependencies of direct dependencies.| - | `production` | `bundler`, `composer`, `mix`, `maven`, `npm`, `pip` | Only dependencies in the "Production dependency group". | - | `development`| `bundler`, `composer`, `mix`, `maven`, `npm`, `pip` | Only dependencies in the "Development dependency group". | - -```yaml -# Use `allow` to specify which dependencies to maintain - -version: 2 -updates: - - package-ecosystem: "npm" - directory: "/" - schedule: - interval: "daily" - allow: - # Allow updates for Lodash - - dependency-name: "lodash" - # Allow updates for React and any packages starting "react" - - dependency-name: "react*" - - - package-ecosystem: "composer" - directory: "/" - schedule: - interval: "daily" - allow: - # Allow both direct and indirect updates for all packages - - dependency-type: "all" - - - package-ecosystem: "pip" - directory: "/" - schedule: - interval: "daily" - allow: - # Allow only direct updates for - # Django and any packages starting "django" - - dependency-name: "django*" - dependency-type: "direct" - # Allow only production updates for Sphinx - - dependency-name: "sphinx" - dependency-type: "production" -``` - -### `assignees` - -Use `assignees` to specify individual assignees for all pull requests raised for a package manager. - -{% data reusables.dependabot.option-affects-security-updates %} - -```yaml -# Specify assignees for pull requests - -version: 2 -updates: - - package-ecosystem: "npm" - directory: "/" - schedule: - interval: "daily" - # Add assignees - assignees: - - "octocat" -``` - -### `commit-message` - -By default, {% data variables.product.prodname_dependabot %} attempts to detect your commit message preferences and use similar patterns. Use the `commit-message` option to specify your preferences explicitly. - -Supported options - -- `prefix` specifies a prefix for all commit messages. -- `prefix-development` specifies a separate prefix for all commit messages that update dependencies in the Development dependency group. When you specify a value for this option, the `prefix` is used only for updates to dependencies in the Production dependency group. This is supported by: `bundler`, `composer`, `mix`, `maven`, `npm`, and `pip`. -- `include: "scope"` specifies that any prefix is followed by a list of the dependencies updated in the commit. - -{% data reusables.dependabot.option-affects-security-updates %} - -```yaml -# Customize commit messages - -version: 2 -updates: - - package-ecosystem: "npm" - directory: "/" - schedule: - interval: "daily" - commit-message: - # Prefix all commit messages with "npm" - prefix: "npm" - - - package-ecosystem: "composer" - directory: "/" - schedule: - interval: "daily" - # Prefix all commit messages with "Composer" - # include a list of updated dependencies - commit-message: - prefix: "Composer" - include: "scope" - - - package-ecosystem: "pip" - directory: "/" - schedule: - interval: "daily" - # Include a list of updated dependencies - # with a prefix determined by the dependency group - commit-message: - prefix: "pip prod" - prefix-development: "pip dev" - include: "scope" -``` - -### `ignore` - -{% data reusables.dependabot.default-dependencies-allow-ignore %} - -Dependencies can be ignored either by adding them to `ignore` or by using the `@dependabot ignore` command on a pull request opened by {% data variables.product.prodname_dependabot %}. - -#### Creating `ignore` conditions from `@dependabot ignore` - -Dependencies ignored by using the `@dependabot ignore` command are stored centrally for each package manager. If you start ignoring dependencies in the `dependabot.yml` file, these existing preferences are considered alongside the `ignore` dependencies in the configuration. - -You can check whether a repository has stored `ignore` preferences by searching the repository for `"@dependabot ignore" in:comments`. If you wish to un-ignore a dependency ignored this way, re-open the pull request. - -For more information about the `@dependabot ignore` commands, see "[Managing pull requests for dependency updates](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/managing-pull-requests-for-dependency-updates#managing-dependabot-pull-requests-with-comment-commands)." - -#### Specifying dependencies and versions to ignore - -You can use the `ignore` option to customize which dependencies are updated. The `ignore` option supports the following options. - -- `dependency-name`—use to ignore updates for dependencies with matching names, optionally using `*` to match zero or more characters. For Java dependencies, the format of the `dependency-name` attribute is: `groupId:artifactId` (for example: `org.kohsuke:github-api`). -- `versions`—use to ignore specific versions or ranges of versions. If you want to define a range, use the standard pattern for the package manager (for example: `^1.0.0` for npm, or `~> 2.0` for Bundler). -- `update-types`—use to ignore types of updates, such as semver `major`, `minor`, or `patch` updates on version updates (for example: `version-update:semver-patch` will ignore patch updates). You can combine this with `dependency-name: "*"` to ignore particular `update-types` for all dependencies. Currently, `version-update:semver-major`, `version-update:semver-minor`, and `version-update:semver-patch` are the only supported options. Security updates are unaffected by this setting. - -If `versions` and `update-types` are used together, {% data variables.product.prodname_dependabot %} will ignore any update in either set. - -{% data reusables.dependabot.option-affects-security-updates %} - -```yaml -# Use `ignore` to specify dependencies that should not be updated - -version: 2 -updates: - - package-ecosystem: "npm" - directory: "/" - schedule: - interval: "daily" - ignore: - - dependency-name: "express" - # For Express, ignore all updates for version 4 and 5 - versions: ["4.x", "5.x"] - # For Lodash, ignore all updates - - dependency-name: "lodash" - # For AWS SDK, ignore all patch updates - - dependency-name: "aws-sdk" - update-types: ["version-update:semver-patch"] -``` - -{% note %} - -**Note**: {% data variables.product.prodname_dependabot %} can only run version updates on manifest or lock files if it can access all of the dependencies in the file, even if you add inaccessible dependencies to the `ignore` option of your configuration file. For more information, see "[Managing security and analysis settings for your organization](/organizations/keeping-your-organization-secure/managing-security-and-analysis-settings-for-your-organization#allowing-dependabot-to-access-private-dependencies)" and "[Troubleshooting {% data variables.product.prodname_dependabot %} errors](/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/troubleshooting-dependabot-errors#dependabot-cant-resolve-your-dependency-files)." - - -{% endnote %} - -### `insecure-external-code-execution` - -Package managers with the `package-ecosystem` values `bundler`, `mix`, and `pip` may execute external code in the manifest as part of the version update process. This might allow a compromised package to steal credentials or gain access to configured registries. When you add a [`registries`](#registries) setting within an `updates` configuration, {% data variables.product.prodname_dependabot %} automatically prevents external code execution, in which case the version update may fail. You can choose to override this behavior and allow external code execution for `bundler`, `mix`, and `pip` package managers by setting `insecure-external-code-execution` to `allow`. - -You can explicitly deny external code execution, irrespective of whether there is a `registries` setting for this update configuration, by setting `insecure-external-code-execution` to `deny`. - -{% raw %} -```yaml -# Allow external code execution when updating dependencies from private registries - -version: 2 -registries: - ruby-github: - type: rubygems-server - url: https://rubygems.pkg.github.com/octocat/github_api - token: ${{secrets.MY_GITHUB_PERSONAL_TOKEN}} -updates: - - package-ecosystem: "bundler" - directory: "/rubygems-server" - insecure-external-code-execution: allow - registries: "*" - schedule: - interval: "monthly" -``` -{% endraw %} - -### `labels` - -{% data reusables.dependabot.default-labels %} - -Use `labels` to override the default labels and specify alternative labels for all pull requests raised for a package manager. If any of these labels is not defined in the repository, it is ignored. -To disable all labels, including the default labels, use `labels: [ ]`. - -{% data reusables.dependabot.option-affects-security-updates %} - -```yaml -# Specify labels for pull requests - -version: 2 -updates: - - package-ecosystem: "npm" - directory: "/" - schedule: - interval: "daily" - # Specify labels for npm pull requests - labels: - - "npm" - - "dependencies" -``` - -### `milestone` - -Use `milestone` to associate all pull requests raised for a package manager with a milestone. You need to specify the numeric identifier of the milestone and not its label. If you view a milestone, the final part of the page URL, after `milestone`, is the identifier. For example: `https://github.com///milestone/3`. - -{% data reusables.dependabot.option-affects-security-updates %} - -```yaml -# Specify a milestone for pull requests - -version: 2 -updates: - - package-ecosystem: "npm" - directory: "/" - schedule: - interval: "daily" - # Associate pull requests with milestone "4" - milestone: 4 -``` - -### `open-pull-requests-limit` - -By default, {% data variables.product.prodname_dependabot %} opens a maximum of five pull requests for version updates. Once there are five open pull requests, new requests are blocked until you merge or close some of the open requests, after which new pull requests can be opened on subsequent updates. Use `open-pull-requests-limit` to change this limit. This also provides a simple way to temporarily disable version updates for a package manager. - -This option has no impact on security updates, which have a separate, internal limit of ten open pull requests. - -```yaml -# Specify the number of open pull requests allowed - -version: 2 -updates: - - package-ecosystem: "npm" - directory: "/" - schedule: - interval: "daily" - # Disable version updates for npm dependencies - open-pull-requests-limit: 0 - - - package-ecosystem: "pip" - directory: "/" - schedule: - interval: "daily" - # Allow up to 10 open pull requests for pip dependencies - open-pull-requests-limit: 10 -``` - -### `pull-request-branch-name.separator` - -{% data variables.product.prodname_dependabot %} generates a branch for each pull request. Each branch name includes `dependabot`, and the package manager and dependency that are updated. By default, these parts are separated by a `/` symbol, for example: `dependabot/npm_and_yarn/next_js/acorn-6.4.1`. - -Use `pull-request-branch-name.separator` to specify a different separator. This can be one of: `"-"`, `_` or `/`. The hyphen symbol must be quoted because otherwise it's interpreted as starting an empty YAML list. - -{% data reusables.dependabot.option-affects-security-updates %} - -```yaml -# Specify a different separator for branch names - -version: 2 -updates: - - package-ecosystem: "npm" - directory: "/" - schedule: - interval: "daily" - pull-request-branch-name: - # Separate sections of the branch name with a hyphen - # for example, `dependabot-npm_and_yarn-next_js-acorn-6.4.1` - separator: "-" -``` - -### `rebase-strategy` - -By default, {% data variables.product.prodname_dependabot %} automatically rebases open pull requests when it detects any changes to the pull request. Use `rebase-strategy` to disable this behavior. - -Available rebase strategies - -- `disabled` to disable automatic rebasing. -- `auto` to use the default behavior and rebase open pull requests when changes are detected. - -{% data reusables.dependabot.option-affects-security-updates %} - -```yaml -# Disable automatic rebasing - -version: 2 -updates: - - package-ecosystem: "npm" - directory: "/" - schedule: - interval: "daily" - # Disable rebasing for npm pull requests - rebase-strategy: "disabled" -``` - -### `registries` - -To allow {% data variables.product.prodname_dependabot %} to access a private package registry when performing a version update, you must include a `registries` setting within the relevant `updates` configuration. You can allow all of the defined registries to be used by setting `registries` to `"*"`. Alternatively, you can list the registries that the update can use. To do this, use the name of the registry as defined in the top-level `registries` section of the _dependabot.yml_ file. For more information, see "[Configuration options for private registries](#configuration-options-for-private-registries)" below. - -To allow {% data variables.product.prodname_dependabot %} to use `bundler`, `mix`, and `pip` package managers to update dependencies in private registries, you can choose to allow external code execution. For more information, see [`insecure-external-code-execution`](#insecure-external-code-execution) above. - -```yaml -# Allow {% data variables.product.prodname_dependabot %} to use one of the two defined private registries -# when updating dependency versions for this ecosystem - -{% raw %} -version: 2 -registries: - maven-github: - type: maven-repository - url: https://maven.pkg.github.com/octocat - username: octocat - password: ${{secrets.MY_ARTIFACTORY_PASSWORD}} - npm-npmjs: - type: npm-registry - url: https://registry.npmjs.org - username: octocat - password: ${{secrets.MY_NPM_PASSWORD}} -updates: - - package-ecosystem: "gitsubmodule" - directory: "/" - registries: - - maven-github - schedule: - interval: "monthly" -{% endraw %} -``` - -### `reviewers` - -Use `reviewers` to specify individual reviewers or teams of reviewers for all pull requests raised for a package manager. You must use the full team name, including the organization, as if you were @mentioning the team. - -{% data reusables.dependabot.option-affects-security-updates %} - -```yaml -# Specify reviewers for pull requests - -version: 2 -updates: - - package-ecosystem: "pip" - directory: "/" - schedule: - interval: "daily" - # Add reviewers - reviewers: - - "octocat" - - "my-username" - - "my-org/python-team" -``` - -### `schedule.day` - -When you set a `weekly` update schedule, by default, {% data variables.product.prodname_dependabot %} checks for new versions on Monday at a random set time for the repository. Use `schedule.day` to specify an alternative day to check for updates. - -Supported values - -- `monday` -- `tuesday` -- `wednesday` -- `thursday` -- `friday` -- `saturday` -- `sunday` - -```yaml -# Specify the day for weekly checks - -version: 2 -updates: - - package-ecosystem: "npm" - directory: "/" - schedule: - interval: "weekly" - # Check for npm updates on Sundays - day: "sunday" -``` - -### `schedule.time` - -By default, {% data variables.product.prodname_dependabot %} checks for new versions at a random set time for the repository. Use `schedule.time` to specify an alternative time of day to check for updates (format: `hh:mm`). - -```yaml -# Set a time for checks -version: 2 -updates: - - package-ecosystem: "npm" - directory: "/" - schedule: - interval: "daily" - # Check for npm updates at 9am UTC - time: "09:00" -``` - -### `schedule.timezone` - -By default, {% data variables.product.prodname_dependabot %} checks for new versions at a random set time for the repository. Use `schedule.timezone` to specify an alternative time zone. The time zone identifier must be from the Time Zone database maintained by [iana](https://www.iana.org/time-zones). For more information, see [List of tz database time zones](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones). - -```yaml -# Specify the timezone for checks - -version: 2 -updates: - - package-ecosystem: "npm" - directory: "/" - schedule: - interval: "daily" - time: "09:00" - # Use Japan Standard Time (UTC +09:00) - timezone: "Asia/Tokyo" -``` - -### `target-branch` - -By default, {% data variables.product.prodname_dependabot %} checks for manifest files on the default branch and raises pull requests for version updates against this branch. Use `target-branch` to specify a different branch for manifest files and for pull requests. When you use this option, the settings for this package manager will no longer affect any pull requests raised for security updates. - -```yaml -# Specify a non-default branch for pull requests for pip - -version: 2 -updates: - - package-ecosystem: "pip" - directory: "/" - schedule: - interval: "daily" - # Raise pull requests for version updates - # to pip against the `develop` branch - target-branch: "develop" - # Labels on pull requests for version updates only - labels: - - "pip dependencies" - - - package-ecosystem: "npm" - directory: "/" - schedule: - interval: "weekly" - # Check for npm updates on Sundays - day: "sunday" - # Labels on pull requests for security and version updates - labels: - - "npm dependencies" -``` - -### `vendor` - -Use the `vendor` option to tell {% data variables.product.prodname_dependabot %} to vendor dependencies when updating them. Don't use this option if you're using `gomod` as {% data variables.product.prodname_dependabot %} automatically detects vendoring for this tool. - -```yaml -# Configure version updates for both dependencies defined in manifests and vendored dependencies - -version: 2 -updates: - - package-ecosystem: "bundler" - # Raise pull requests to update vendored dependencies that are checked in to the repository - vendor: true - directory: "/" - schedule: - interval: "weekly" -``` - -{% data variables.product.prodname_dependabot %} only updates the vendored dependencies located in specific directories in a repository. - -| Package manager | Required file path for vendored dependencies | More information | - |------------------|-------------------------------|--------| - | `bundler` | The dependencies must be in the _vendor/cache_ directory.
Other file paths are not supported. | [`bundle cache` documentation](https://bundler.io/man/bundle-cache.1.html) | - | `gomod` | No path requirement (dependencies are usually located in the _vendor_ directory) | [`go mod vendor` documentation](https://golang.org/ref/mod#go-mod-vendor) | - - -### `versioning-strategy` - -When {% data variables.product.prodname_dependabot %} edits a manifest file to update a version, it uses the following overall strategies: - -- For apps, the version requirements are increased, for example: npm, pip and Composer. -- For libraries, the range of versions is widened, for example: Bundler and Cargo. - -Use the `versioning-strategy` option to change this behavior for supported package managers. - -{% data reusables.dependabot.option-affects-security-updates %} - -Available update strategies - -| Option | Supported by | Action | -|--------|--------------|--------| -| `lockfile-only` | `bundler`, `cargo`, `composer`, `mix`, `npm`, `pip` | Only create pull requests to update lockfiles. Ignore any new versions that would require package manifest changes. | -| `auto` | `bundler`, `cargo`, `composer`, `mix`, `npm`, `pip` | Follow the default strategy described above.| -| `widen`| `composer`, `npm` | Relax the version requirement to include both the new and old version, when possible. | -| `increase`| `bundler`, `composer`, `npm` | Always increase the version requirement to match the new version. | -| `increase-if-necessary` | `bundler`, `composer`, `npm` | Increase the version requirement only when required by the new version. | - -```yaml -# Customize the manifest version strategy - -version: 2 -updates: - - package-ecosystem: "npm" - directory: "/" - schedule: - interval: "daily" - # Update the npm manifest file to relax - # the version requirements - versioning-strategy: widen - - - package-ecosystem: "composer" - directory: "/" - schedule: - interval: "daily" - # Increase the version requirements for Composer - # only when required - versioning-strategy: increase-if-necessary - - - package-ecosystem: "pip" - directory: "/" - schedule: - interval: "daily" - # Only allow updates to the lockfile for pip and - # ignore any version updates that affect the manifest - versioning-strategy: lockfile-only -``` - -## Configuration options for private registries - -The top-level `registries` key is optional. It allows you to specify authentication details that {% data variables.product.prodname_dependabot %} can use to access private package registries. - -{% note %} - -**Note:** Private registries behind firewalls on private networks are not supported. - -{% endnote %} - -The value of the `registries` key is an associative array, each element of which consists of a key that identifies a particular registry and a value which is an associative array that specifies the settings required to access that registry. The following *dependabot.yml* file, configures a registry identified as `dockerhub` in the `registries` section of the file and then references this in the `updates` section of the file. - -{% raw %} -```yaml -# Minimal settings to update dependencies in one private registry - -version: 2 -registries: - dockerhub: # Define access for a private registry - type: docker-registry - url: registry.hub.docker.com - username: octocat - password: ${{secrets.DOCKERHUB_PASSWORD}} -updates: - - package-ecosystem: "docker" - directory: "/docker-registry/dockerhub" - registries: - - dockerhub # Allow version updates for dependencies in this registry - schedule: - interval: "monthly" -``` -{% endraw %} - -You use the following options to specify access settings. Registry settings must contain a `type` and a `url`, and typically either a `username` and `password` combination or a `token`. - -| Option                 | Description | -|:---|:---| -| `type` | Identifies the type of registry. See the full list of types below. | -| `url` | The URL to use to access the dependencies in this registry. The protocol is optional. If not specified, `https://` is assumed. {% data variables.product.prodname_dependabot %} adds or ignores trailing slashes as required. | -| `username` | The username that {% data variables.product.prodname_dependabot %} uses to access the registry. | -| `password` | A reference to a {% data variables.product.prodname_dependabot %} secret containing the password for the specified user. For more information, see "[Managing encrypted secrets for Dependabot](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/managing-encrypted-secrets-for-dependabot)." | -| `key` | A reference to a {% data variables.product.prodname_dependabot %} secret containing an access key for this registry. For more information, see "[Managing encrypted secrets for Dependabot](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/managing-encrypted-secrets-for-dependabot)." | -| `token` | A reference to a {% data variables.product.prodname_dependabot %} secret containing an access token for this registry. For more information, see "[Managing encrypted secrets for Dependabot](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/managing-encrypted-secrets-for-dependabot)." | -| `replaces-base` | For registries with `type: python-index`, if the boolean value is `true`, pip resolves dependencies by using the specified URL rather than the base URL of the Python Package Index (by default `https://pypi.org/simple`). | - - -Each configuration `type` requires you to provide particular settings. Some types allow more than one way to connect. The following sections provide details of the settings you should use for each `type`. - -### `composer-repository` - -The `composer-repository` type supports username and password. - -{% raw %} -```yaml -registries: - composer: - type: composer-repository - url: https://repo.packagist.com/example-company/ - username: octocat - password: ${{secrets.MY_PACKAGIST_PASSWORD}} -``` -{% endraw %} - -### `docker-registry` - -The `docker-registry` type supports username and password. - -{% raw %} -```yaml -registries: - dockerhub: - type: docker-registry - url: https://registry.hub.docker.com - username: octocat - password: ${{secrets.MY_DOCKERHUB_PASSWORD}} -``` -{% endraw %} - -The `docker-registry` type can also be used to pull from Amazon ECR using static AWS credentials. - -{% raw %} -```yaml -registries: - ecr-docker: - type: docker-registry - url: https://1234567890.dkr.ecr.us-east-1.amazonaws.com - username: ${{secrets.ECR_AWS_ACCESS_KEY_ID}} - password: ${{secrets.ECR_AWS_SECRET_ACCESS_KEY}} -``` -{% endraw %} - -### `git` - -The `git` type supports username and password. - -{% raw %} -```yaml -registries: - github-octocat: - type: git - url: https://github.com - username: x-access-token - password: ${{secrets.MY_GITHUB_PERSONAL_TOKEN}} -``` -{% endraw %} - -### `hex-organization` - -The `hex-organization` type supports organization and key. - -{% raw %} -```yaml -registries: - github-hex-org: - type: hex-organization - organization: github - key: ${{secrets.MY_HEX_ORGANIZATION_KEY}} -``` -{% endraw %} - -### `maven-repository` - -The `maven-repository` type supports username and password. - -{% raw %} -```yaml -registries: - maven-artifactory: - type: maven-repository - url: https://artifactory.example.com - username: octocat - password: ${{secrets.MY_ARTIFACTORY_PASSWORD}} -``` -{% endraw %} - -### `npm-registry` - -The `npm-registry` type supports username and password, or token. - -When using username and password, your `.npmrc`'s auth token may contain a `base64` encoded `_password`; however, the password referenced in your {% data variables.product.prodname_dependabot %} configuration file must be the original (unencoded) password. - -{% raw %} -```yaml -registries: - npm-npmjs: - type: npm-registry - url: https://registry.npmjs.org - username: octocat - password: ${{secrets.MY_NPM_PASSWORD}} # Must be an unencoded password -``` -{% endraw %} - -{% raw %} -```yaml -registries: - npm-github: - type: npm-registry - url: https://npm.pkg.github.com - token: ${{secrets.MY_GITHUB_PERSONAL_TOKEN}} -``` -{% endraw %} - -### `nuget-feed` - -The `nuget-feed` type supports username and password, or token. - -{% raw %} -```yaml -registries: - nuget-example: - type: nuget-feed - url: https://nuget.example.com/v3/index.json - username: octocat@example.com - password: ${{secrets.MY_NUGET_PASSWORD}} -``` -{% endraw %} - -{% raw %} -```yaml -registries: - nuget-azure-devops: - type: nuget-feed - url: https://pkgs.dev.azure.com/.../_packaging/My_Feed/nuget/v3/index.json - token: ${{secrets.MY_AZURE_DEVOPS_TOKEN}} -``` -{% endraw %} - -### `python-index` - -The `python-index` type supports username and password, or token. - -{% raw %} -```yaml -registries: - python-example: - type: python-index - url: https://example.com/_packaging/my-feed/pypi/example - username: octocat - password: ${{secrets.MY_BASIC_AUTH_PASSWORD}} - replaces-base: true -``` -{% endraw %} - -{% raw %} -```yaml -registries: - python-azure: - type: python-index - url: https://pkgs.dev.azure.com/octocat/_packaging/my-feed/pypi/example - token: ${{secrets.MY_AZURE_DEVOPS_TOKEN}} - replaces-base: true -``` -{% endraw %} - -### `rubygems-server` - -The `rubygems-server` type supports username and password, or token. - -{% raw %} -```yaml -registries: - ruby-example: - type: rubygems-server - url: https://rubygems.example.com - username: octocat@example.com - password: ${{secrets.MY_RUBYGEMS_PASSWORD}} -``` -{% endraw %} - -{% raw %} -```yaml -registries: - ruby-github: - type: rubygems-server - url: https://rubygems.pkg.github.com/octocat/github_api - token: ${{secrets.MY_GITHUB_PERSONAL_TOKEN}} -``` -{% endraw %} - -### `terraform-registry` - -The `terraform-registry` type supports a token. - -{% raw %} -```yaml -registries: - terraform-example: - type: terraform-registry - url: https://terraform.example.com - token: ${{secrets.MY_TERRAFORM_API_TOKEN}} -``` -{% endraw %} diff --git a/translations/es-ES/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/customizing-dependency-updates.md b/translations/es-ES/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/customizing-dependency-updates.md deleted file mode 100644 index 217257ceb2..0000000000 --- a/translations/es-ES/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/customizing-dependency-updates.md +++ /dev/null @@ -1,143 +0,0 @@ ---- -title: Customizing dependency updates -intro: 'You can customize how {% data variables.product.prodname_dependabot %} maintains your dependencies.' -permissions: 'People with write permissions to a repository can configure {% data variables.product.prodname_dependabot %} for the repository.' -redirect_from: - - /github/administering-a-repository/customizing-dependency-updates - - /code-security/supply-chain-security/customizing-dependency-updates -versions: - fpt: '*' - ghec: '*' - ghes: '>3.2' -type: how_to -topics: - - Dependabot - - Version updates - - Security updates - - Repositories - - Dependencies - - Pull requests - - Vulnerabilities -shortTitle: Customize updates ---- - -{% data reusables.dependabot.beta-security-and-version-updates %} -{% data reusables.dependabot.enterprise-enable-dependabot %} - -## About customizing dependency updates - -After you've enabled version updates, you can customize how {% data variables.product.prodname_dependabot %} maintains your dependencies by adding further options to the *dependabot.yml* file. For example, you could: - -- Specify which day of the week to open pull requests for version updates: `schedule.day` -- Set reviewers, assignees, and labels for each package manager: `reviewers`, `assignees`, and `labels` -- Define a versioning strategy for changes to each manifest file: `versioning-strategy` -- Change the maximum number of open pull requests for version updates from the default of 5: `open-pull-requests-limit` -- Open pull requests for version updates to target a specific branch, instead of the default branch: `target-branch` - -For more information about the configuration options, see "[Configuration options for dependency updates](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/configuration-options-for-dependency-updates)." - -When you update the *dependabot.yml* file in your repository, {% data variables.product.prodname_dependabot %} runs an immediate check with the new configuration. Within minutes you will see an updated list of dependencies on the **{% data variables.product.prodname_dependabot %}** tab, this may take longer if the repository has many dependencies. You may also see new pull requests for version updates. For more information, see "[Listing dependencies configured for version updates](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/listing-dependencies-configured-for-version-updates)." - -## Impact of configuration changes on security updates - -If you customize the *dependabot.yml* file, you may notice some changes to the pull requests raised for security updates. These pull requests are always triggered by a security advisory for a dependency, rather than by the {% data variables.product.prodname_dependabot %} schedule. However, they inherit relevant configuration settings from the *dependabot.yml* file unless you specify a different target branch for version updates. - -For an example, see "[Setting custom labels](#setting-custom-labels)" below. - -## Modifying scheduling - -When you set a `daily` update schedule, by default, {% data variables.product.prodname_dependabot %} checks for new versions at 05:00 UTC. You can use `schedule.time` to specify an alternative time of day to check for updates (format: `hh:mm`). - -The example *dependabot.yml* file below expands the npm configuration to specify when {% data variables.product.prodname_dependabot %} should check for version updates to dependencies. - -```yaml -# dependabot.yml file with -# customized schedule for version updates - -version: 2 -updates: - # Keep npm dependencies up to date - - package-ecosystem: "npm" - directory: "/" - # Check the npm registry for updates at 2am UTC - schedule: - interval: "daily" - time: "02:00" -``` - -## Setting reviewers and assignees - -By default, {% data variables.product.prodname_dependabot %} raises pull requests without any reviewers or assignees. - -You can use `reviewers` and `assignees` to specify reviewers and assignees for all pull requests raised for a package manager. When you specify a team, you must use the full team name, as if you were @mentioning the team (including the organization). - -The example *dependabot.yml* file below changes the npm configuration so that all pull requests opened with version and security updates for npm will have two reviewers and one assignee. - -```yaml -# dependabot.yml file with -# reviews and an assignee for all npm pull requests - -version: 2 -updates: - # Keep npm dependencies up to date - - package-ecosystem: "npm" - directory: "/" - schedule: - interval: "daily" - # Raise all npm pull requests with reviewers - reviewers: - - "my-org/team-name" - - "octocat" - # Raise all npm pull requests with an assignee - assignees: - - "user-name" -``` - -## Setting custom labels - -{% data reusables.dependabot.default-labels %} - -You can use `labels` to override the default labels and specify alternative labels for all pull requests raised for a package manager. You can't create new labels in the *dependabot.yml* file, so the alternative labels must already exist in the repository. - -The example *dependabot.yml* file below changes the npm configuration so that all pull requests opened with version and security updates for npm will have custom labels. It also changes the Docker configuration to check for version updates against a custom branch and to raise pull requests with custom labels against that custom branch. The changes to Docker will not affect security update pull requests because security updates are always made against the default branch. - -{% note %} - -**Note:** The new `target-branch` must contain a Dockerfile to update, otherwise this change will have the effect of disabling version updates for Docker. - -{% endnote %} - -```yaml -# dependabot.yml file with -# customized npm configuration - -version: 2 -updates: - # Keep npm dependencies up to date - - package-ecosystem: "npm" - directory: "/" - schedule: - interval: "daily" - # Raise all npm pull requests with custom labels - labels: - - "npm dependencies" - - "triage-board" - - # Keep Docker dependencies up to date - - package-ecosystem: "docker" - directory: "/" - schedule: - interval: "daily" - # Raise pull requests for Docker version updates - # against the "develop" branch. The Docker configuration - # no longer affects security update pull requests. - target-branch: "develop" - # Use custom labels on pull requests for Docker version updates - labels: - - "Docker dependencies" - - "triage-board" -``` - -## More examples - -For more examples, see "[Configuration options for dependency updates](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/configuration-options-for-dependency-updates)." diff --git a/translations/es-ES/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-dependabot-version-updates.md b/translations/es-ES/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-dependabot-version-updates.md deleted file mode 100644 index ab9c946fed..0000000000 --- a/translations/es-ES/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-dependabot-version-updates.md +++ /dev/null @@ -1,140 +0,0 @@ ---- -title: Enabling and disabling Dependabot version updates -intro: 'You can configure your repository so that {% data variables.product.prodname_dependabot %} automatically updates the packages you use.' -permissions: 'People with write permissions to a repository can enable or disable {% data variables.product.prodname_dependabot_version_updates %} for the repository.' -redirect_from: - - /github/administering-a-repository/enabling-and-disabling-version-updates - - /code-security/supply-chain-security/enabling-and-disabling-version-updates - - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-version-updates -versions: - fpt: '*' - ghec: '*' - ghes: '> 3.2' -type: how_to -topics: - - Dependabot - - Version updates - - Repositories - - Dependencies - - Pull requests -shortTitle: Enable and disable updates ---- - -{% data reusables.dependabot.beta-security-and-version-updates %} -{% data reusables.dependabot.enterprise-enable-dependabot %} - -## About version updates for dependencies - -You enable {% data variables.product.prodname_dependabot_version_updates %} by checking a *dependabot.yml* configuration file in to your repository's `.github` directory. {% data variables.product.prodname_dependabot %} then raises pull requests to keep the dependencies you configure up-to-date. For each package manager's dependencies that you want to update, you must specify the location of the package manifest files and how often to check for updates to the dependencies listed in those files. For information about enabling security updates, see "[Configuring {% data variables.product.prodname_dependabot_security_updates %}](/github/managing-security-vulnerabilities/configuring-dependabot-security-updates)." - -{% data reusables.dependabot.initial-updates %} For more information, see "[Customizing dependency updates](/github/administering-a-repository/customizing-dependency-updates)." - -{% data reusables.dependabot.private-dependencies-note %} Additionally, {% data variables.product.prodname_dependabot %} doesn't support private {% data variables.product.prodname_dotcom %} dependencies for all package managers. For more information, see "[About Dependabot version updates](/github/administering-a-repository/about-dependabot-version-updates#supported-repositories-and-ecosystems)" and "[{% data variables.product.prodname_dotcom %} language support](/github/getting-started-with-github/github-language-support)." - -## Enabling {% data variables.product.prodname_dependabot_version_updates %} - -{% data reusables.dependabot.create-dependabot-yml %} For information, see "[Configuration options for dependency updates](/github/administering-a-repository/configuration-options-for-dependency-updates)." -1. Add a `version`. -1. Optionally, if you have dependencies in a private registry, add a `registries` section containing authentication details. -1. Add an `updates` section, with an entry for each package manager you want {% data variables.product.prodname_dependabot %} to monitor. -1. For each package manager, use: - - `package-ecosystem` to specify the package manager. - - `directory` to specify the location of the manifest or other definition files. - - `schedule.interval` to specify how often to check for new versions. -{% data reusables.dependabot.check-in-dependabot-yml %} - -### Example *dependabot.yml* file - -The example *dependabot.yml* file below configures version updates for two package managers: npm and Docker. When this file is checked in, {% data variables.product.prodname_dependabot %} checks the manifest files on the default branch for outdated dependencies. If it finds outdated dependencies, it will raise pull requests against the default branch to update the dependencies. - -```yaml -# Basic dependabot.yml file with -# minimum configuration for two package managers - -version: 2 -updates: - # Enable version updates for npm - - package-ecosystem: "npm" - # Look for `package.json` and `lock` files in the `root` directory - directory: "/" - # Check the npm registry for updates every day (weekdays) - schedule: - interval: "daily" - - # Enable version updates for Docker - - package-ecosystem: "docker" - # Look for a `Dockerfile` in the `root` directory - directory: "/" - # Check for updates once a week - schedule: - interval: "weekly" -``` - -In the example above, if the Docker dependencies were very outdated, you might want to start with a `daily` schedule until the dependencies are up-to-date, and then drop back to a weekly schedule. - -### Enabling version updates on forks - -If you want to enable version updates on forks, there's an extra step. Version updates are not automatically enabled on forks when a *dependabot.yml* configuration file is present. This ensures that fork owners don't unintentionally enable version updates when they pull changes including a *dependabot.yml* configuration file from the original repository. - -On a fork, you also need to explicitly enable {% data variables.product.prodname_dependabot %}. - -{% data reusables.repositories.navigate-to-repo %} -{% data reusables.repositories.accessing-repository-graphs %} -{% data reusables.repositories.click-dependency-graph %} -{% data reusables.dependabot.click-dependabot-tab %} -5. Under "Enable Dependabot", click **Enable Dependabot**. - -## Checking the status of version updates - -After you enable version updates, the **Dependabot** tab in the dependency graph for the repository is populated. This tab shows which package managers {% data variables.product.prodname_dependabot %} is configured to monitor and when {% data variables.product.prodname_dependabot %} last checked for new versions. - -![Repository Insights tab, Dependency graph, Dependabot tab](/assets/images/help/dependabot/dependabot-tab-view.png) - -For information, see "[Listing dependencies configured for version updates](/github/administering-a-repository/listing-dependencies-configured-for-version-updates)." - -## Disabling {% data variables.product.prodname_dependabot_version_updates %} - -You can disable version updates entirely by deleting the *dependabot.yml* file from your repository. More usually, you want to disable updates temporarily for one or more dependencies, or package managers. - -- Package managers: disable by setting `open-pull-requests-limit: 0` or by commenting out the relevant `package-ecosystem` in the configuration file. -- Specific dependencies: disable by adding `ignore` attributes for packages or applications that you want to exclude from updates. - -When you disable dependencies, you can use wild cards to match a set of related libraries. You can also specify which versions to exclude. This is particularly useful if you need to block updates to a library, pending work to support a breaking change to its API, but want to get any security fixes to the version you use. - -### Example disabling version updates for some dependencies - -The example *dependabot.yml* file below includes examples of the different ways to disable updates to some dependencies, while allowing other updates to continue. - -```yaml -# dependabot.yml file with updates -# disabled for Docker and limited for npm - -version: 2 -updates: - # Configuration for Dockerfile - - package-ecosystem: "docker" - directory: "/" - schedule: - interval: "weekly" - # Disable all pull requests for Docker dependencies - open-pull-requests-limit: 0 - - # Configuration for npm - - package-ecosystem: "npm" - directory: "/" - schedule: - interval: "daily" - ignore: - # Ignore updates to packages that start with 'aws' - # Wildcards match zero or more arbitrary characters - - dependency-name: "aws*" - # Ignore some updates to the 'express' package - - dependency-name: "express" - # Ignore only new versions for 4.x and 5.x - versions: ["4.x", "5.x"] - # For all packages, ignore all patch updates - - dependency-name: "*" - update-types: ["version-update:semver-patch"] -``` - -For more information about checking for existing ignore preferences, see "[Configuration options for dependency updates](/github/administering-a-repository/configuration-options-for-dependency-updates#ignore)." diff --git a/translations/es-ES/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/index.md b/translations/es-ES/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/index.md deleted file mode 100644 index e01e8e1116..0000000000 --- a/translations/es-ES/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/index.md +++ /dev/null @@ -1,29 +0,0 @@ ---- -title: Keeping your dependencies updated automatically -intro: '{% data variables.product.prodname_dependabot %} can maintain your repository''s dependencies automatically.' -redirect_from: - - /github/administering-a-repository/keeping-your-dependencies-updated-automatically -versions: - fpt: '*' - ghec: '*' - ghes: '>3.2' -topics: - - Repositories - - Dependabot - - Version updates - - Dependencies - - Pull requests -children: - - /about-dependabot-version-updates - - /enabling-and-disabling-dependabot-version-updates - - /listing-dependencies-configured-for-version-updates - - /managing-pull-requests-for-dependency-updates - - /automating-dependabot-with-github-actions - - /managing-encrypted-secrets-for-dependabot - - /customizing-dependency-updates - - /configuration-options-for-dependency-updates - - /keeping-your-actions-up-to-date-with-dependabot -shortTitle: Auto-update dependencies ---- - -{% data reusables.dependabot.beta-security-and-version-updates %} diff --git a/translations/es-ES/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/keeping-your-actions-up-to-date-with-dependabot.md b/translations/es-ES/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/keeping-your-actions-up-to-date-with-dependabot.md deleted file mode 100644 index 7261cc6b3b..0000000000 --- a/translations/es-ES/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/keeping-your-actions-up-to-date-with-dependabot.md +++ /dev/null @@ -1,64 +0,0 @@ ---- -title: Keeping your actions up to date with Dependabot -intro: 'You can use {% data variables.product.prodname_dependabot %} to keep the actions you use updated to the latest versions.' -redirect_from: - - /github/administering-a-repository/keeping-your-actions-up-to-date-with-github-dependabot - - /github/administering-a-repository/keeping-your-actions-up-to-date-with-dependabot - - /code-security/supply-chain-security/keeping-your-actions-up-to-date-with-dependabot -versions: - fpt: '*' - ghec: '*' - ghes: '>3.2' -type: how_to -topics: - - Repositories - - Dependabot - - Version updates - - Actions -shortTitle: Auto-update actions ---- - -{% data reusables.dependabot.beta-security-and-version-updates %} - -{% data reusables.dependabot.enterprise-enable-dependabot %} - -## About {% data variables.product.prodname_dependabot_version_updates %} for actions - -Actions are often updated with bug fixes and new features to make automated processes more reliable, faster, and safer. When you enable {% data variables.product.prodname_dependabot_version_updates %} for {% data variables.product.prodname_actions %}, {% data variables.product.prodname_dependabot %} will help ensure that references to actions in a repository's *workflow.yml* file are kept up to date. For each action in the file, {% data variables.product.prodname_dependabot %} checks the action's reference (typically a version number or commit identifier associated with the action) against the latest version. If a more recent version of the action is available, {% data variables.product.prodname_dependabot %} will send you a pull request that updates the reference in the workflow file to the latest version. For more information about {% data variables.product.prodname_dependabot_version_updates %}, see "[About {% data variables.product.prodname_dependabot_version_updates %}](/github/administering-a-repository/about-dependabot-version-updates)." For more information about configuring workflows for {% data variables.product.prodname_actions %}, see "[Learn {% data variables.product.prodname_actions %}](/actions/learn-github-actions)." - -{% data reusables.actions.workflow-runs-dependabot-note %} - -## Enabling {% data variables.product.prodname_dependabot_version_updates %} for actions - -{% data reusables.dependabot.create-dependabot-yml %} If you have already enabled {% data variables.product.prodname_dependabot_version_updates %} for other ecosystems or package managers, simply open the existing *dependabot.yml* file. -1. Specify `"github-actions"` as a `package-ecosystem` to monitor. -1. Set the `directory` to `"/"` to check for workflow files in `.github/workflows`. -1. Set a `schedule.interval` to specify how often to check for new versions. -{% data reusables.dependabot.check-in-dependabot-yml %} If you have edited an existing file, save your changes. - -You can also enable {% data variables.product.prodname_dependabot_version_updates %} on forks. For more information, see "[Enabling and disabling {% data variables.product.prodname_dependabot %} version updates](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-dependabot-version-updates#enabling-version-updates-on-forks)." - -### Example *dependabot.yml* file for {% data variables.product.prodname_actions %} - -The example *dependabot.yml* file below configures version updates for {% data variables.product.prodname_actions %}. The `directory` must be set to `"/"` to check for workflow files in `.github/workflows`. The `schedule.interval` is set to `"daily"`. After this file has been checked in or updated, {% data variables.product.prodname_dependabot %} checks for new versions of your actions. {% data variables.product.prodname_dependabot %} will raise pull requests for version updates for any outdated actions that it finds. After the initial version updates, {% data variables.product.prodname_dependabot %} will continue to check for outdated versions of actions once a day. - -```yaml -# Set update schedule for GitHub Actions - -version: 2 -updates: - - - package-ecosystem: "github-actions" - directory: "/" - schedule: - # Check for updates to GitHub Actions every weekday - interval: "daily" -``` - -## Configuring {% data variables.product.prodname_dependabot_version_updates %} for actions - -When enabling {% data variables.product.prodname_dependabot_version_updates %} for actions, you must specify values for `package-ecosystem`, `directory`, and `schedule.interval`. There are many more optional properties that you can set to further customize your version updates. For more information, see "[Configuration options for dependency updates](/github/administering-a-repository/configuration-options-for-dependency-updates)." - -## Further reading - -- "[About GitHub Actions](/actions/getting-started-with-github-actions/about-github-actions)" diff --git a/translations/es-ES/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/listing-dependencies-configured-for-version-updates.md b/translations/es-ES/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/listing-dependencies-configured-for-version-updates.md deleted file mode 100644 index 4a0585c911..0000000000 --- a/translations/es-ES/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/listing-dependencies-configured-for-version-updates.md +++ /dev/null @@ -1,41 +0,0 @@ ---- -title: Listing dependencies configured for version updates -intro: 'You can view the dependencies that {% data variables.product.prodname_dependabot %} monitors for updates.' -redirect_from: - - /github/administering-a-repository/listing-dependencies-configured-for-version-updates - - /code-security/supply-chain-security/listing-dependencies-configured-for-version-updates -versions: - fpt: '*' - ghec: '*' - ghes: '>3.2' -type: how_to -topics: - - Repositories - - Dependabot - - Version updates - - Dependencies -shortTitle: List configured dependencies ---- - -{% data reusables.dependabot.beta-security-and-version-updates %} -{% data reusables.dependabot.enterprise-enable-dependabot %} - -## Viewing dependencies monitored by {% data variables.product.prodname_dependabot %} - -After you've enabled version updates, you can confirm that your configuration is correct using the **{% data variables.product.prodname_dependabot %}** tab in the dependency graph for the repository. For more information, see "[Enabling and disabling {% data variables.product.prodname_dependabot %} version updates](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-dependabot-version-updates)." - -{% data reusables.repositories.navigate-to-repo %} -{% data reusables.repositories.accessing-repository-graphs %} -{% data reusables.repositories.click-dependency-graph %} -{% data reusables.dependabot.click-dependabot-tab %} -1. Optionally, to view the files monitored for a package manager, click the associated {% octicon "kebab-horizontal" aria-label="The horizontal kebab icon" %}. - ![Monitored dependency files](/assets/images/help/dependabot/monitored-dependency-files.png) - -If any dependencies are missing, check the log files for errors. If any package managers are missing, review the configuration file. - -## Viewing {% data variables.product.prodname_dependabot %} log files - -1. On the **{% data variables.product.prodname_dependabot %}** tab, click **Last checked *TIME* ago** to see the log file that {% data variables.product.prodname_dependabot %} generated during the last check for version updates. - ![View log file](/assets/images/help/dependabot/last-checked-link.png) -2. Optionally, to rerun the version check, click **Check for updates**. - ![Check for updates](/assets/images/help/dependabot/check-for-updates.png) diff --git a/translations/es-ES/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/managing-encrypted-secrets-for-dependabot.md b/translations/es-ES/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/managing-encrypted-secrets-for-dependabot.md deleted file mode 100644 index 2227c45900..0000000000 --- a/translations/es-ES/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/managing-encrypted-secrets-for-dependabot.md +++ /dev/null @@ -1,91 +0,0 @@ ---- -title: Managing encrypted secrets for Dependabot -intro: 'You can store sensitive information, like passwords and access tokens, as encrypted secrets and then reference these in the {% data variables.product.prodname_dependabot %} configuration file.' -redirect_from: - - /github/administering-a-repository/managing-encrypted-secrets-for-dependabot - - /code-security/supply-chain-security/managing-encrypted-secrets-for-dependabot -versions: - fpt: '*' - ghec: '*' - ghes: '>3.2' -type: how_to -topics: - - Dependabot - - Version updates - - Secret store - - Repositories - - Dependencies -shortTitle: Manage encrypted secrets ---- - -{% data reusables.dependabot.beta-security-and-version-updates %} - -## About encrypted secrets for {% data variables.product.prodname_dependabot %} - -{% data variables.product.prodname_dependabot %} secrets are encrypted credentials that you create at either the organization level or the repository level. -When you add a secret at the organization level, you can specify which repositories can access the secret. You can use secrets to allow {% data variables.product.prodname_dependabot %} to update dependencies located in private package registries. When you add a secret it's encrypted before it reaches {% data variables.product.prodname_dotcom %} and it remains encrypted until it's used by {% data variables.product.prodname_dependabot %} to access a private package registry. - -After you add a {% data variables.product.prodname_dependabot %} secret, you can reference it in the _dependabot.yml_ configuration file like this: {% raw %}`${{secrets.NAME}}`{% endraw %}, where "NAME" is the name you chose for the secret. For example: - -{% raw %} -```yaml -password: ${{secrets.MY_ARTIFACTORY_PASSWORD}} -``` -{% endraw %} - -For more information, see "[Configuration options for dependency updates](/github/administering-a-repository/configuration-options-for-dependency-updates#configuration-options-for-private-registries)." - -### Naming your secrets - -The name of a {% data variables.product.prodname_dependabot %} secret: -* Can only contain alphanumeric characters (`[A-Z]`, `[0-9]`) or underscores (`_`). Spaces are not allowed. If you enter lowercase letters these are changed to uppercase. -* Must not start with the `GITHUB_` prefix. -* Must not start with a number. - -## Adding a repository secret for {% data variables.product.prodname_dependabot %} - -{% data reusables.actions.permissions-statement-secrets-repository %} - -{% data reusables.repositories.navigate-to-repo %} -{% data reusables.repositories.sidebar-settings %} -{% data reusables.actions.sidebar-secret %} -{% data reusables.dependabot.dependabot-secrets-button %} -1. Click **New repository secret**. -1. Type a name for your secret in the **Name** input box. -1. Enter the value for your secret. -1. Click **Add secret**. - - The name of the secret is listed on the Dependabot secrets page. You can click **Update** to change the secret value. You can click **Remove** to delete the secret. - - ![Update or remove a repository secret](/assets/images/help/dependabot/update-remove-repo-secret.png) - -## Adding an organization secret for {% data variables.product.prodname_dependabot %} - -When creating a secret in an organization, you can use a policy to limit which repositories can access that secret. For example, you can grant access to all repositories, or limit access to only private repositories or a specified list of repositories. - -{% data reusables.actions.permissions-statement-secrets-organization %} - -{% data reusables.organizations.navigate-to-org %} -{% data reusables.organizations.org_settings %} -{% data reusables.actions.sidebar-secret %} -{% data reusables.dependabot.dependabot-secrets-button %} -1. Click **New organization secret**. -1. Type a name for your secret in the **Name** input box. -1. Enter the **Value** for your secret. -1. From the **Repository access** dropdown list, choose an access policy. -1. If you chose **Selected repositories**: - - * Click {% octicon "gear" aria-label="The Gear icon" %}. - * Choose the repositories that can access this secret. - ![Select repositories for this secret](/assets/images/help/dependabot/secret-repository-access.png) - * Click **Update selection**. - -1. Click **Add secret**. - - The name of the secret is listed on the Dependabot secrets page. You can click **Update** to change the secret value or its access policy. You can click **Remove** to delete the secret. - - ![Update or remove an organization secret](/assets/images/help/dependabot/update-remove-org-secret.png) - -## Adding {% data variables.product.prodname_dependabot %} to your registries IP allow list - -If your private registry is configured with an IP allow list, you can find the IP addresses {% data variables.product.prodname_dependabot %} uses to access the registry in the meta API endpoint, under the `dependabot` key. For more information, see "[Meta](/rest/reference/meta)." diff --git a/translations/es-ES/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/managing-pull-requests-for-dependency-updates.md b/translations/es-ES/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/managing-pull-requests-for-dependency-updates.md deleted file mode 100644 index 99176596b7..0000000000 --- a/translations/es-ES/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/managing-pull-requests-for-dependency-updates.md +++ /dev/null @@ -1,65 +0,0 @@ ---- -title: Managing pull requests for dependency updates -intro: 'You manage pull requests raised by {% data variables.product.prodname_dependabot %} in much the same way as other pull requests, but there are some extra options.' -redirect_from: - - /github/administering-a-repository/managing-pull-requests-for-dependency-updates - - /code-security/supply-chain-security/managing-pull-requests-for-dependency-updates -versions: - fpt: '*' - ghec: '*' - ghes: '> 3.2' -type: how_to -topics: - - Repositories - - Version updates - - Security updates - - Pull requests - - Dependencies - - Vulnerabilities -shortTitle: Manage Dependabot PRs ---- - -{% data reusables.dependabot.beta-security-and-version-updates %} -{% data reusables.dependabot.enterprise-enable-dependabot %} - -## About {% data variables.product.prodname_dependabot %} pull requests - -{% data reusables.dependabot.pull-request-introduction %} - -When {% data variables.product.prodname_dependabot %} raises a pull request, you're notified by your chosen method for the repository. Each pull request contains detailed information about the proposed change, taken from the package manager. These pull requests follow the normal checks and tests defined in your repository. -{% ifversion fpt or ghec %}In addition, where enough information is available, you'll see a compatibility score. This may also help you decide whether or not to merge the change. For information about this score, see "[About {% data variables.product.prodname_dependabot_security_updates %}](/github/managing-security-vulnerabilities/about-dependabot-security-updates)."{% endif %} - -If you have many dependencies to manage, you may want to customize the configuration for each package manager so that pull requests have specific reviewers, assignees, and labels. For more information, see "[Customizing dependency updates](/github/administering-a-repository/customizing-dependency-updates)." - -## Viewing {% data variables.product.prodname_dependabot %} pull requests - -{% data reusables.repositories.navigate-to-repo %} -{% data reusables.repositories.sidebar-pr %} -1. Any pull requests for security or version updates are easy to identify. - - The author is {% ifversion fpt or ghec %}[dependabot](https://github.com/dependabot){% else %}dependabot{% endif %}, the bot account used by {% data variables.product.prodname_dependabot %}. - - By default, they have the `dependencies` label. - -## Changing the rebase strategy for {% data variables.product.prodname_dependabot %} pull requests - -By default, {% data variables.product.prodname_dependabot %} automatically rebases pull requests to resolve any conflicts. If you'd prefer to handle merge conflicts manually, you can disable this using the `rebase-strategy` option. For details, see "[Configuration options for dependency updates](/github/administering-a-repository/configuration-options-for-dependency-updates#rebase-strategy)." - -## Managing {% data variables.product.prodname_dependabot %} pull requests with comment commands - -{% data variables.product.prodname_dependabot %} responds to simple commands in comments. Each pull request contains details of the commands you can use to process the pull request (for example: to merge, squash, reopen, close, or rebase the pull request) under the "{% data variables.product.prodname_dependabot %} commands and options" section. The aim is to make it as easy as possible for you to triage these automatically generated pull requests. - -You can use any of the following commands on a {% data variables.product.prodname_dependabot %} pull request. - -- `@dependabot cancel merge` cancels a previously requested merge. -- `@dependabot close` closes the pull request and prevents {% data variables.product.prodname_dependabot %} from recreating that pull request. You can achieve the same result by closing the pull request manually. -- `@dependabot ignore this dependency` closes the pull request and prevents {% data variables.product.prodname_dependabot %} from creating any more pull requests for this dependency (unless you reopen the pull request or upgrade to the suggested version of the dependency yourself). -- `@dependabot ignore this major version` closes the pull request and prevents {% data variables.product.prodname_dependabot %} from creating any more pull requests for this major version (unless you reopen the pull request or upgrade to this major version yourself). -- `@dependabot ignore this minor version` closes the pull request and prevents {% data variables.product.prodname_dependabot %} from creating any more pull requests for this minor version (unless you reopen the pull request or upgrade to this minor version yourself). -- `@dependabot merge` merges the pull request once your CI tests have passed. -- `@dependabot rebase` rebases the pull request. -- `@dependabot recreate` recreates the pull request, overwriting any edits that have been made to the pull request. -- `@dependabot reopen` reopens the pull request if the pull request is closed. -- `@dependabot squash and merge` squashes and merges the pull request once your CI tests have passed. - -{% data variables.product.prodname_dependabot %} will react with a "thumbs up" emoji to acknowledge the command, and may respond with a comment on the pull request. While {% data variables.product.prodname_dependabot %} usually responds quickly, some commands may take several minutes to complete if {% data variables.product.prodname_dependabot %} is busy processing other updates or commands. - -If you run any of the commands for ignoring dependencies or versions, {% data variables.product.prodname_dependabot %} stores the preferences for the repository centrally. While this is a quick solution, for repositories with more than one contributor it is better to explicitly define the dependencies and versions to ignore in the configuration file. This makes it easy for all contributors to see why a particular dependency isn't being updated automatically. For more information, see "[Configuration options for dependency updates](/github/administering-a-repository/configuration-options-for-dependency-updates#ignore)." diff --git a/translations/es-ES/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-alerts-for-vulnerable-dependencies.md b/translations/es-ES/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-alerts-for-vulnerable-dependencies.md deleted file mode 100644 index 52b0aa9c64..0000000000 --- a/translations/es-ES/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-alerts-for-vulnerable-dependencies.md +++ /dev/null @@ -1,99 +0,0 @@ ---- -title: About alerts for vulnerable dependencies -intro: '{% data variables.product.product_name %} sends {% data variables.product.prodname_dependabot_alerts %} when we detect vulnerabilities affecting your repository.' -redirect_from: - - /articles/about-security-alerts-for-vulnerable-dependencies - - /github/managing-security-vulnerabilities/about-security-alerts-for-vulnerable-dependencies - - /github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies - - /code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies -versions: - fpt: '*' - ghes: '*' - ghae: issue-4864 - ghec: '*' -type: overview -topics: - - Dependabot - - Alerts - - Vulnerabilities - - Repositories - - Dependencies -shortTitle: Dependabot alerts ---- - - -## About vulnerable dependencies - -{% data reusables.repositories.a-vulnerability-is %} - -When your code depends on a package that has a security vulnerability, this vulnerable dependency can cause a range of problems for your project or the people who use it. - -## Detection of vulnerable dependencies - -{% data reusables.dependabot.dependabot-alerts-beta %} - -{% data variables.product.prodname_dependabot %} performs a scan to detect vulnerable dependencies and sends {% data variables.product.prodname_dependabot_alerts %} when: - -{% ifversion fpt or ghec %} -- A new vulnerability is added to the {% data variables.product.prodname_advisory_database %}. For more information, see "[Browsing security vulnerabilities in the {% data variables.product.prodname_advisory_database %}](/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/browsing-security-vulnerabilities-in-the-github-advisory-database)" and "[About {% data variables.product.prodname_security_advisories %}](/code-security/security-advisories/about-github-security-advisories)."{% else %} -- New advisory data is synchronized to {% data variables.product.product_location %} each hour from {% data variables.product.prodname_dotcom_the_website %}. {% data reusables.security-advisory.link-browsing-advisory-db %}{% endif %} - {% note %} - - **Note:** Only advisories that have been reviewed by {% data variables.product.company_short %} will trigger {% data variables.product.prodname_dependabot_alerts %}. - - {% endnote %} -- The dependency graph for a repository changes. For example, when a contributor pushes a commit to change the packages or versions it depends on{% ifversion fpt or ghec %}, or when the code of one of the dependencies changes{% endif %}. For more information, see "[About the dependency graph](/code-security/supply-chain-security/about-the-dependency-graph)." - -{% data reusables.repositories.dependency-review %} - -For a list of the ecosystems that {% data variables.product.product_name %} can detect vulnerabilities and dependencies for, see "[Supported package ecosystems](/github/visualizing-repository-data-with-graphs/about-the-dependency-graph#supported-package-ecosystems)." - -{% note %} - -**Note:** It is important to keep your manifest and lock files up to date. If the dependency graph doesn't accurately reflect your current dependencies and versions, then you could miss alerts for vulnerable dependencies that you use. You may also get alerts for dependencies that you no longer use. - -{% endnote %} - -## {% data variables.product.prodname_dependabot_alerts %} for vulnerable dependencies - -{% data reusables.repositories.enable-security-alerts %} - -{% ifversion fpt or ghec %}{% data variables.product.prodname_dotcom %} detects vulnerable dependencies in _public_ repositories and displays the dependency graph, but does not generate {% data variables.product.prodname_dependabot_alerts %} by default. Repository owners or people with admin access can enable {% data variables.product.prodname_dependabot_alerts %} for public repositories. Owners of private repositories, or people with admin access, can enable {% data variables.product.prodname_dependabot_alerts %} by enabling the dependency graph and {% data variables.product.prodname_dependabot_alerts %} for their repositories. - -You can also enable or disable {% data variables.product.prodname_dependabot_alerts %} for all repositories owned by your user account or organization. For more information, see "[Managing security and analysis settings for your user account](/github/setting-up-and-managing-your-github-user-account/managing-security-and-analysis-settings-for-your-user-account)" or "[Managing security and analysis settings for your organization](/organizations/keeping-your-organization-secure/managing-security-and-analysis-settings-for-your-organization)." - -For information about access requirements for actions related to {% data variables.product.prodname_dependabot_alerts %}, see "[Repository roles for an organization](/organizations/managing-access-to-your-organizations-repositories/repository-roles-for-an-organization#access-requirements-for-security-features)." - -{% data variables.product.product_name %} starts generating the dependency graph immediately and generates alerts for any vulnerable dependencies as soon as they are identified. The graph is usually populated within minutes but this may take longer for repositories with many dependencies. For more information, see "[Managing data use settings for your private repository](/get-started/privacy-on-github/managing-data-use-settings-for-your-private-repository)." -{% endif %} - -When {% data variables.product.product_name %} identifies a vulnerable dependency, we generate a {% data variables.product.prodname_dependabot %} alert and display it {% ifversion fpt or ghec or ghes %} on the Security tab for the repository and{% endif %} in the repository's dependency graph. The alert includes {% ifversion fpt or ghec or ghes %}a link to the affected file in the project, and {% endif %}information about a fixed version. {% data variables.product.product_name %} may also notify the maintainers of affected repositories about the new alert according to their notification preferences. For more information, see "[Configuring notifications for vulnerable dependencies](/code-security/supply-chain-security/configuring-notifications-for-vulnerable-dependencies)." - -{% ifversion fpt or ghec or ghes > 3.2 %} -For repositories where {% data variables.product.prodname_dependabot_security_updates %} are enabled, the alert may also contain a link to a pull request to update the manifest or lock file to the minimum version that resolves the vulnerability. For more information, see "[About {% data variables.product.prodname_dependabot_security_updates %}](/github/managing-security-vulnerabilities/about-dependabot-security-updates)." -{% endif %} - -{% warning %} - -**Note**: {% data variables.product.product_name %}'s security features do not claim to catch all vulnerabilities. Though we are always trying to update our vulnerability database and generate alerts with our most up-to-date information, we will not be able to catch everything or tell you about known vulnerabilities within a guaranteed time frame. These features are not substitutes for human review of each dependency for potential vulnerabilities or any other issues, and we recommend consulting with a security service or conducting a thorough vulnerability review when necessary. - -{% endwarning %} - -## Access to {% data variables.product.prodname_dependabot_alerts %} - -You can see all of the alerts that affect a particular project{% ifversion fpt or ghec %} on the repository's Security tab or{% endif %} in the repository's dependency graph. For more information, see "[Viewing and updating vulnerable dependencies in your repository](/github/managing-security-vulnerabilities/viewing-and-updating-vulnerable-dependencies-in-your-repository)." - -By default, we notify people with admin permissions in the affected repositories about new {% data variables.product.prodname_dependabot_alerts %}. {% ifversion fpt or ghec %}{% data variables.product.product_name %} never publicly discloses identified vulnerabilities for any repository. You can also make {% data variables.product.prodname_dependabot_alerts %} visible to additional people or teams working repositories that you own or have admin permissions for. For more information, see "[Managing security and analysis settings for your repository](/github/administering-a-repository/managing-security-and-analysis-settings-for-your-repository#granting-access-to-security-alerts)." -{% endif %} - -{% data reusables.notifications.vulnerable-dependency-notification-enable %} -{% data reusables.notifications.vulnerable-dependency-notification-delivery-method-customization2 %} For more information, see "[Configuring notifications for vulnerable dependencies](/code-security/supply-chain-security/configuring-notifications-for-vulnerable-dependencies)." - -You can also see all the {% data variables.product.prodname_dependabot_alerts %} that correspond to a particular vulnerability in the {% data variables.product.prodname_advisory_database %}. {% data reusables.security-advisory.link-browsing-advisory-db %} - -{% ifversion fpt or ghec or ghes > 3.2 %} -## Further reading - -- "[About {% data variables.product.prodname_dependabot_security_updates %}](/github/managing-security-vulnerabilities/about-dependabot-security-updates)" -- "[Viewing and updating vulnerable dependencies in your repository](/articles/viewing-and-updating-vulnerable-dependencies-in-your-repository)"{% endif %} -{% ifversion fpt or ghec %}- "[Privacy on {% data variables.product.prodname_dotcom %}](/get-started/privacy-on-github)"{% endif %} diff --git a/translations/es-ES/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-dependabot-security-updates.md b/translations/es-ES/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-dependabot-security-updates.md deleted file mode 100644 index b283a4b5e0..0000000000 --- a/translations/es-ES/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-dependabot-security-updates.md +++ /dev/null @@ -1,66 +0,0 @@ ---- -title: About Dependabot security updates -intro: '{% data variables.product.prodname_dependabot %} can fix vulnerable dependencies for you by raising pull requests with security updates.' -shortTitle: Dependabot security updates -redirect_from: - - /github/managing-security-vulnerabilities/about-github-dependabot-security-updates - - /github/managing-security-vulnerabilities/about-dependabot-security-updates - - /code-security/supply-chain-security/about-dependabot-security-updates -versions: - fpt: '*' - ghec: '*' - ghes: '> 3.2' -type: overview -topics: - - Dependabot - - Security updates - - Vulnerabilities - - Repositories - - Dependencies - - Pull requests ---- - - - -{% data reusables.dependabot.beta-security-and-version-updates %} -{% data reusables.dependabot.enterprise-enable-dependabot %} - -## About {% data variables.product.prodname_dependabot_security_updates %} - -{% data variables.product.prodname_dependabot_security_updates %} make it easier for you to fix vulnerable dependencies in your repository. If you enable this feature, when a {% data variables.product.prodname_dependabot %} alert is raised for a vulnerable dependency in the dependency graph of your repository, {% data variables.product.prodname_dependabot %} automatically tries to fix it. For more information, see "[About alerts for vulnerable dependencies](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)" and "[Configuring {% data variables.product.prodname_dependabot_security_updates %}](/github/managing-security-vulnerabilities/configuring-dependabot-security-updates)." - -{% data variables.product.prodname_dotcom %} may send {% data variables.product.prodname_dependabot_alerts %} to repositories affected by a vulnerability disclosed by a recently published {% data variables.product.prodname_dotcom %} security advisory. {% data reusables.security-advisory.link-browsing-advisory-db %} - -{% data variables.product.prodname_dependabot %} checks whether it's possible to upgrade the vulnerable dependency to a fixed version without disrupting the dependency graph for the repository. Then {% data variables.product.prodname_dependabot %} raises a pull request to update the dependency to the minimum version that includes the patch and links the pull request to the {% data variables.product.prodname_dependabot %} alert, or reports an error on the alert. For more information, see "[Troubleshooting {% data variables.product.prodname_dependabot %} errors](/github/managing-security-vulnerabilities/troubleshooting-dependabot-errors)." - -{% note %} - -**Note** - -The {% data variables.product.prodname_dependabot_security_updates %} feature is available for repositories where you have enabled the dependency graph and {% data variables.product.prodname_dependabot_alerts %}. You will see a {% data variables.product.prodname_dependabot %} alert for every vulnerable dependency identified in your full dependency graph. However, security updates are triggered only for dependencies that are specified in a manifest or lock file. {% data variables.product.prodname_dependabot %} is unable to update an indirect or transitive dependency that is not explicitly defined. For more information, see "[About the dependency graph](/github/visualizing-repository-data-with-graphs/about-the-dependency-graph#dependencies-included)." - -{% endnote %} - -You can enable a related feature, {% data variables.product.prodname_dependabot_version_updates %}, so that {% data variables.product.prodname_dependabot %} raises pull requests to update the manifest to the latest version of the dependency, whenever it detects an outdated dependency. For more information, see "[About {% data variables.product.prodname_dependabot %} version updates](/github/administering-a-repository/about-dependabot-version-updates)." - -{% data reusables.dependabot.pull-request-security-vs-version-updates %} - -## About pull requests for security updates - -Each pull request contains everything you need to quickly and safely review and merge a proposed fix into your project. This includes information about the vulnerability like release notes, changelog entries, and commit details. Details of which vulnerability a pull request resolves are hidden from anyone who does not have access to {% data variables.product.prodname_dependabot_alerts %} for the repository. - -When you merge a pull request that contains a security update, the corresponding {% data variables.product.prodname_dependabot %} alert is marked as resolved for your repository. For more information about {% data variables.product.prodname_dependabot %} pull requests, see "[Managing pull requests for dependency updates](/github/administering-a-repository/managing-pull-requests-for-dependency-updates)." - -{% data reusables.dependabot.automated-tests-note %} - -{% ifversion fpt or ghec %} - -## About compatibility scores - -{% data variables.product.prodname_dependabot_security_updates %} may include compatibility scores to let you know whether updating a dependency could cause breaking changes to your project. These are calculated from CI tests in other public repositories where the same security update has been generated. An update's compatibility score is the percentage of CI runs that passed when updating between specific versions of the dependency. - -{% endif %} - -## About notifications for {% data variables.product.prodname_dependabot %} security updates - -You can filter your notifications on {% data variables.product.company_short %} to show {% data variables.product.prodname_dependabot %} security updates. For more information, see "[Managing notifications from your inbox](/github/managing-subscriptions-and-notifications-on-github/managing-notifications-from-your-inbox#dependabot-custom-filters)." diff --git a/translations/es-ES/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-managing-vulnerable-dependencies.md b/translations/es-ES/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-managing-vulnerable-dependencies.md deleted file mode 100644 index ee0c826d03..0000000000 --- a/translations/es-ES/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-managing-vulnerable-dependencies.md +++ /dev/null @@ -1,46 +0,0 @@ ---- -title: About managing vulnerable dependencies -intro: '{% data variables.product.product_name %} helps you to avoid using third-party software that contains known vulnerabilities.' -redirect_from: - - /github/managing-security-vulnerabilities/about-managing-vulnerable-dependencies - - /code-security/supply-chain-security/about-managing-vulnerable-dependencies -versions: - fpt: '*' - ghes: '>=3.2' - ghae: issue-4864 - ghec: '*' -type: overview -topics: - - Dependabot - - Dependency graph - - Dependency review - - Vulnerabilities - - Repositories - - Dependencies - - Pull requests -shortTitle: Vulnerable dependencies ---- - - -{% data variables.product.product_name %} provides the following tools for removing and avoiding vulnerable dependencies. - -## Dependency graph -The dependency graph is a summary of the manifest and lock files stored in a repository. It shows you the ecosystems and packages your codebase depends on (its dependencies) and the repositories and packages that depend on your project (its dependents). The information in the dependency graph is used by dependency review and {% data variables.product.prodname_dependabot %}. -For more information, see "[About the dependency graph](/github/visualizing-repository-data-with-graphs/about-the-dependency-graph)." - -## Dependency review - -{% data reusables.dependency-review.beta %} - -By checking the dependency reviews on pull requests you can avoid introducing vulnerabilities from dependencies into your codebase. If the pull requests adds a vulnerable dependency, or changes a dependency to a vulnerable version, this is highlighted in the dependency review. You can change the dependency to a patched version before merging the pull request. For more information, see "[About dependency review](/code-security/supply-chain-security/about-dependency-review)." - -## {% data variables.product.prodname_dependabot_alerts %} -{% data variables.product.product_name %} can create {% data variables.product.prodname_dependabot_alerts %} when it detects vulnerable dependencies in your repository. The alert is displayed on the Security tab for the repository. The alert includes a link to the affected file in the project, and information about a fixed version. {% data variables.product.product_name %} also notifies the maintainers of the repository, according to their notification preferences. For more information, see "[About alerts for vulnerable dependencies](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)." - -{% ifversion fpt or ghec or ghes > 3.2 %} -## {% data variables.product.prodname_dependabot_security_updates %} -When {% data variables.product.product_name %} generates a {% data variables.product.prodname_dependabot %} alert for a vulnerable dependency in your repository, {% data variables.product.prodname_dependabot %} can automatically try to fix it for you. {% data variables.product.prodname_dependabot_security_updates %} are automatically generated pull requests that update a vulnerable dependency to a fixed version. For more information, see "[About {% data variables.product.prodname_dependabot_security_updates %}](/github/managing-security-vulnerabilities/about-dependabot-security-updates)." - -## {% data variables.product.prodname_dependabot_version_updates %} -Enabling {% data variables.product.prodname_dependabot_version_updates %} takes the effort out of maintaining your dependencies. With {% data variables.product.prodname_dependabot_version_updates %}, whenever {% data variables.product.prodname_dotcom %} identifies an outdated dependency, it raises a pull request to update the manifest to the latest version of the dependency. By contrast, {% data variables.product.prodname_dependabot_security_updates %} only raises pull requests to fix vulnerable dependencies. For more information, see "[About Dependabot version updates](/github/administering-a-repository/about-dependabot-version-updates)." -{% endif %} diff --git a/translations/es-ES/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/configuring-dependabot-security-updates.md b/translations/es-ES/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/configuring-dependabot-security-updates.md deleted file mode 100644 index 4b5d03893f..0000000000 --- a/translations/es-ES/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/configuring-dependabot-security-updates.md +++ /dev/null @@ -1,79 +0,0 @@ ---- -title: Configuring Dependabot security updates -intro: 'You can use {% data variables.product.prodname_dependabot_security_updates %} or manual pull requests to easily update vulnerable dependencies.' -shortTitle: Configure security updates -redirect_from: - - /articles/configuring-automated-security-fixes - - /github/managing-security-vulnerabilities/configuring-automated-security-fixes - - /github/managing-security-vulnerabilities/configuring-automated-security-updates - - /github/managing-security-vulnerabilities/configuring-github-dependabot-security-updates - - /github/managing-security-vulnerabilities/configuring-dependabot-security-updates - - /code-security/supply-chain-security/configuring-dependabot-security-updates -versions: - fpt: '*' - ghec: '*' - ghes: '>3.2' -type: how_to -topics: - - Dependabot - - Security updates - - Alerts - - Dependencies - - Pull requests - - Repositories ---- - - -{% data reusables.dependabot.beta-security-and-version-updates %} -{% data reusables.dependabot.enterprise-enable-dependabot %} - -## About configuring {% data variables.product.prodname_dependabot_security_updates %} - -You can enable {% data variables.product.prodname_dependabot_security_updates %} for any repository that uses {% data variables.product.prodname_dependabot_alerts %} and the dependency graph. For more information, see "[About {% data variables.product.prodname_dependabot_security_updates %}](/github/managing-security-vulnerabilities/about-dependabot-security-updates)." - -You can disable {% data variables.product.prodname_dependabot_security_updates %} for an individual repository or for all repositories owned by your user account or organization. For more information, see "[Managing {% data variables.product.prodname_dependabot_security_updates %} for your repositories](#managing-dependabot-security-updates-for-your-repositories)" below. - -{% ifversion fpt or ghec %}{% data reusables.dependabot.dependabot-tos %}{% endif %} - -## Supported repositories - -{% data variables.product.prodname_dotcom %} automatically enables {% data variables.product.prodname_dependabot_security_updates %} for every repository that meets these prerequisites. - -{% note %} - -**Note**: You can manually enable {% data variables.product.prodname_dependabot_security_updates %}, even if the repository doesn't meet some of the prerequisites below. For example, you can enable {% data variables.product.prodname_dependabot_security_updates %} on a fork, or for a package manager that isn't directly supported by following the instructions in "[Managing {% data variables.product.prodname_dependabot_security_updates %} for your repositories](#managing-dependabot-security-updates-for-your-repositories)." - -{% endnote %} - -| Automatic enablement prerequisite | More information | -| ----------------- | ----------------------- | -| Repository is not a fork | "[About forks](/github/collaborating-with-issues-and-pull-requests/about-forks)" | -| Repository is not archived | "[Archiving repositories](/github/creating-cloning-and-archiving-repositories/archiving-repositories)" |{% ifversion fpt or ghec %} -| Repository is public, or repository is private and you have enabled read-only analysis by {% data variables.product.prodname_dotcom %}, dependency graph, and vulnerability alerts in the repository's settings | "[Managing data use settings for your private repository](/get-started/privacy-on-github/managing-data-use-settings-for-your-private-repository)." |{% endif %} -| Repository contains dependency manifest file from a package ecosystem that {% data variables.product.prodname_dotcom %} supports | "[Supported package ecosystems](/github/visualizing-repository-data-with-graphs/about-the-dependency-graph#supported-package-ecosystems)" | -| {% data variables.product.prodname_dependabot_security_updates %} are not disabled for the repository | "[Managing {% data variables.product.prodname_dependabot_security_updates %} for your repository](#managing-dependabot-security-updates-for-your-repositories)" | - -If security updates are not enabled for your repository and you don't know why, first try enabling them using the instructions given in the procedural sections below. If security updates are still not working, you can contact {% data variables.contact.contact_support %}. - -## Managing {% data variables.product.prodname_dependabot_security_updates %} for your repositories - -You can enable or disable {% data variables.product.prodname_dependabot_security_updates %} for an individual repository (see below). - -You can also enable or disable {% data variables.product.prodname_dependabot_security_updates %} for all repositories owned by your user account or organization. For more information, see "[Managing security and analysis settings for your user account](/github/setting-up-and-managing-your-github-user-account/managing-security-and-analysis-settings-for-your-user-account)" or "[Managing security and analysis settings for your organization](/organizations/keeping-your-organization-secure/managing-security-and-analysis-settings-for-your-organization)." - -{% data variables.product.prodname_dependabot_security_updates %} require specific repository settings. For more information, see "[Supported repositories](#supported-repositories)." - -### Enabling or disabling {% data variables.product.prodname_dependabot_security_updates %} for an individual repository - -{% data reusables.repositories.navigate-to-repo %} -{% data reusables.repositories.sidebar-settings %} -{% data reusables.repositories.navigate-to-security-and-analysis %} -1. Under "Code security and analysis", to the right of "{% data variables.product.prodname_dependabot %} security updates", click **Enable** to enable the feature or **Disable** to disable it. {% ifversion fpt or ghec %}For public repositories, the button is disabled if the feature is always enabled.{% endif %} - {% ifversion fpt or ghec %}!["Code security and analysis" section with button to enable {% data variables.product.prodname_dependabot_security_updates %}](/assets/images/help/repository/enable-dependabot-security-updates-button.png){% else %}!["Code security and analysis" section with button to enable {% data variables.product.prodname_dependabot_security_updates %}](/assets/images/enterprise/3.3/repository/security-and-analysis-disable-or-enable-ghes.png){% endif %} - - -## Further reading - -- "[About alerts for vulnerable dependencies](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)"{% ifversion fpt or ghec %} -- "[Managing data use settings for your private repository](/get-started/privacy-on-github/managing-data-use-settings-for-your-private-repository)"{% endif %} -- "[Supported package ecosystems](/github/visualizing-repository-data-with-graphs/about-the-dependency-graph#supported-package-ecosystems)" diff --git a/translations/es-ES/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/index.md b/translations/es-ES/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/index.md deleted file mode 100644 index 69351ec479..0000000000 --- a/translations/es-ES/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/index.md +++ /dev/null @@ -1,36 +0,0 @@ ---- -title: Administrar vulnerabilidades en las dependencias de tus proyectos -intro: 'Puedes rastrear las dependencias de tu repositorio y recibir {% data variables.product.prodname_dependabot_alerts %} cuando {% data variables.product.product_name %} detecte dependencias vulnerables.' -redirect_from: - - /articles/updating-your-project-s-dependencies - - /articles/updating-your-projects-dependencies - - /articles/managing-security-vulnerabilities-in-your-projects-dependencies - - /articles/managing-vulnerabilities-in-your-projects-dependencies - - /github/managing-security-vulnerabilities/managing-vulnerabilities-in-your-projects-dependencies -versions: - fpt: '*' - ghes: '*' - ghae: issue-4864 - ghec: '*' -topics: - - Repositories - - Dependabot - - Version updates - - Dependencies - - Pull requests - - Vulnerabilities - - Alerts -children: - - /about-managing-vulnerable-dependencies - - /browsing-security-vulnerabilities-in-the-github-advisory-database - - /editing-security-advisories-in-the-github-advisory-database - - /about-alerts-for-vulnerable-dependencies - - /configuring-notifications-for-vulnerable-dependencies - - /about-dependabot-security-updates - - /configuring-dependabot-security-updates - - /viewing-and-updating-vulnerable-dependencies-in-your-repository - - /troubleshooting-the-detection-of-vulnerable-dependencies - - /troubleshooting-dependabot-errors -shortTitle: Arreglar dependencias vulnerables ---- - diff --git a/translations/es-ES/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/troubleshooting-dependabot-errors.md b/translations/es-ES/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/troubleshooting-dependabot-errors.md deleted file mode 100644 index f0e5dc57aa..0000000000 --- a/translations/es-ES/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/troubleshooting-dependabot-errors.md +++ /dev/null @@ -1,127 +0,0 @@ ---- -title: Troubleshooting Dependabot errors -intro: 'Sometimes {% data variables.product.prodname_dependabot %} is unable to raise a pull request to update your dependencies. You can review the error and unblock {% data variables.product.prodname_dependabot %}.' -shortTitle: Troubleshoot errors -redirect_from: - - /github/managing-security-vulnerabilities/troubleshooting-github-dependabot-errors - - /github/managing-security-vulnerabilities/troubleshooting-dependabot-errors - - /code-security/supply-chain-security/troubleshooting-dependabot-errors -versions: - fpt: '*' - ghec: '*' - ghes: '>3.2' -type: how_to -topics: - - Dependabot - - Security updates - - Version updates - - Repositories - - Pull requests - - Troubleshooting - - Errors - - Dependencies ---- - -{% data reusables.dependabot.beta-security-and-version-updates %} - -{% data reusables.dependabot.enterprise-enable-dependabot %} - -## About {% data variables.product.prodname_dependabot %} errors - -{% data reusables.dependabot.pull-request-introduction %} - -If anything prevents {% data variables.product.prodname_dependabot %} from raising a pull request, this is reported as an error. - -## Investigating errors with {% data variables.product.prodname_dependabot_security_updates %} - -When {% data variables.product.prodname_dependabot %} is blocked from creating a pull request to fix a {% data variables.product.prodname_dependabot %} alert, it posts the error message on the alert. The {% data variables.product.prodname_dependabot_alerts %} view shows a list of any alerts that have not been resolved yet. To access the alerts view, click **{% data variables.product.prodname_dependabot_alerts %}** on the **Security** tab for the repository. Where a pull request that will fix the vulnerable dependency has been generated, the alert includes a link to that pull request. - -![{% data variables.product.prodname_dependabot_alerts %} view showing a pull request link](/assets/images/help/dependabot/dependabot-alert-pr-link.png) - -There are three reasons why an alert may have no pull request link: - -1. {% data variables.product.prodname_dependabot_security_updates %} are not enabled for the repository. -1. The alert is for an indirect or transitive dependency that is not explicitly defined in a lock file. -1. An error blocked {% data variables.product.prodname_dependabot %} from creating a pull request. - -If an error blocked {% data variables.product.prodname_dependabot %} from creating a pull request, you can display details of the error by clicking the alert. - -## Investigating errors with {% data variables.product.prodname_dependabot_version_updates %} - -When {% data variables.product.prodname_dependabot %} is blocked from creating a pull request to update a dependency in an ecosystem, it posts the error icon on the manifest file. The manifest files that are managed by {% data variables.product.prodname_dependabot %} are listed on the {% data variables.product.prodname_dependabot %} tab. To access this tab, on the **Insights** tab for the repository click **Dependency graph**, and then click the **{% data variables.product.prodname_dependabot %}** tab. - -![{% data variables.product.prodname_dependabot %} view showing an error](/assets/images/help/dependabot/dependabot-tab-view-error.png) - -{% ifversion fpt or ghec %} - -To see the log file for any manifest file, click the **Last checked TIME ago** link. When you display the log file for a manifest that's shown with an error symbol (for example, Maven in the screenshot above), any errors are also displayed. - -![{% data variables.product.prodname_dependabot %} version update error and log ](/assets/images/help/dependabot/dependabot-version-update-error.png) - -{% else %} - -To see the logs for any manifest file, click the **Last checked TIME ago** link, and then click **View logs**. - -![{% data variables.product.prodname_dependabot %} version update error and log ](/assets/images/enterprise/3.3/dependabot/dependabot-version-update-error.png) - -{% endif %} - -## Understanding {% data variables.product.prodname_dependabot %} errors - -Pull requests for security updates act to upgrade a vulnerable dependency to the minimum version that includes a fix for the vulnerability. In contrast, pull requests for version updates act to upgrade a dependency to the latest version allowed by the package manifest and {% data variables.product.prodname_dependabot %} configuration files. Consequently, some errors are specific to one type of update. - -### {% data variables.product.prodname_dependabot %} cannot update DEPENDENCY to a non-vulnerable version - -**Security updates only.** {% data variables.product.prodname_dependabot %} cannot create a pull request to update the vulnerable dependency to a secure version without breaking other dependencies in the dependency graph for this repository. - -Every application that has dependencies has a dependency graph, that is, a directed acyclic graph of every package version that the application directly or indirectly depends on. Every time a dependency is updated, this graph must resolve otherwise the application won't build. When an ecosystem has a deep and complex dependency graph, for example, npm and RubyGems, it is often impossible to upgrade a single dependency without upgrading the whole ecosystem. - -The best way to avoid this problem is to stay up to date with the most recently released versions, for example, by enabling version updates. This increases the likelihood that a vulnerability in one dependency can be resolved by a simple upgrade that doesn't break the dependency graph. For more information, see "[Enabling and disabling {% data variables.product.prodname_dependabot %} version updates](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-dependabot-version-updates)." - -### {% data variables.product.prodname_dependabot %} cannot update to the required version as there is already an open pull request for the latest version - -**Security updates only.** {% data variables.product.prodname_dependabot %} will not create a pull request to update the vulnerable dependency to a secure version because there is already an open pull request to update this dependency. You will see this error when a vulnerability is detected in a single dependency and there's already an open pull request to update the dependency to the latest version. - -There are two options: you can review the open pull request and merge it as soon as you are confident that the change is safe, or close that pull request and trigger a new security update pull request. For more information, see "[Triggering a {% data variables.product.prodname_dependabot %} pull request manually](#triggering-a-dependabot-pull-request-manually)." - -### {% data variables.product.prodname_dependabot %} timed out during its update - -{% data variables.product.prodname_dependabot %} took longer than the maximum time allowed to assess the update required and prepare a pull request. This error is usually seen only for large repositories with many manifest files, for example, npm or yarn monorepo projects with hundreds of *package.json* files. Updates to the Composer ecosystem also take longer to assess and may time out. - -This error is difficult to address. If a version update times out, you could specify the most important dependencies to update using the `allow` parameter or, alternatively, use the `ignore` parameter to exclude some dependencies from updates. Updating your configuration might allow {% data variables.product.prodname_dependabot %} to review the version update and generate the pull request in the time available. - -If a security update times out, you can reduce the chances of this happening by keeping the dependencies updated, for example, by enabling version updates. For more information, see "[Enabling and disabling {% data variables.product.prodname_dependabot %} version updates](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-dependabot-version-updates)." - -### {% data variables.product.prodname_dependabot %} cannot open any more pull requests - -There's a limit on the number of open pull requests {% data variables.product.prodname_dependabot %} will generate. When this limit is reached, no new pull requests are opened and this error is reported. The best way to resolve this error is to review and merge some of the open pull requests. - -There are separate limits for security and version update pull requests, so that open version update pull requests cannot block the creation of a security update pull request. The limit for security update pull requests is 10. By default, the limit for version updates is 5 but you can change this using the `open-pull-requests-limit` parameter in the configuration file. For more information, see "[Configuration options for dependency updates](/github/administering-a-repository/configuration-options-for-dependency-updates#open-pull-requests-limit)." - -The best way to resolve this error is to merge or close some of the existing pull requests and trigger a new pull request manually. For more information, see "[Triggering a {% data variables.product.prodname_dependabot %} pull request manually](#triggering-a-dependabot-pull-request-manually)." - -### {% data variables.product.prodname_dependabot %} can't resolve or access your dependencies - -If {% data variables.product.prodname_dependabot %} attempts to check whether dependency references need to be updated in a repository, but can't access one or more of the referenced files, the operation will fail with the error message "{% data variables.product.prodname_dependabot %} can't resolve your LANGUAGE dependency files." The API error type is `git_dependencies_not_reachable`. - -Similarly, if {% data variables.product.prodname_dependabot %} can't access a private package registry in which a dependency is located, one of the following errors is generated: - -* "Dependabot can't reach a dependency in a private package registry"
- (API error type: `private_source_not_reachable`) -* "Dependabot can't authenticate to a private package registry"
- (API error type:`private_source_authentication_failure`) -* "Dependabot timed out while waiting for a private package registry"
- (API error type:`private_source_timed_out`) -* "Dependabot couldn't validate the certificate for a private package registry"
- (API error type:`private_source_certificate_failure`) - -To allow {% data variables.product.prodname_dependabot %} to update the dependency references successfully, make sure that all of the referenced dependencies are hosted at accessible locations. - -**Version updates only.** {% data reusables.dependabot.private-dependencies-note %} Additionally, {% data variables.product.prodname_dependabot %} doesn't support private {% data variables.product.prodname_dotcom %} dependencies for all package managers. For more information, see "[About Dependabot version updates](/github/administering-a-repository/about-dependabot-version-updates#supported-repositories-and-ecosystems)." - -## Triggering a {% data variables.product.prodname_dependabot %} pull request manually - -If you unblock {% data variables.product.prodname_dependabot %}, you can manually trigger a fresh attempt to create a pull request. - -- **Security updates**—display the {% data variables.product.prodname_dependabot %} alert that shows the error you have fixed and click **Create {% data variables.product.prodname_dependabot %} security update**. -- **Version updates**—on the **Insights** tab for the repository click **Dependency graph**, and then click the **Dependabot** tab. Click **Last checked *TIME* ago** to see the log file that {% data variables.product.prodname_dependabot %} generated during the last check for version updates. Click **Check for updates**. diff --git a/translations/es-ES/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/troubleshooting-the-detection-of-vulnerable-dependencies.md b/translations/es-ES/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/troubleshooting-the-detection-of-vulnerable-dependencies.md deleted file mode 100644 index 4a967cf2fb..0000000000 --- a/translations/es-ES/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/troubleshooting-the-detection-of-vulnerable-dependencies.md +++ /dev/null @@ -1,124 +0,0 @@ ---- -title: Troubleshooting the detection of vulnerable dependencies -intro: 'If the dependency information reported by {% data variables.product.product_name %} is not what you expected, there are a number of points to consider, and various things you can check.' -shortTitle: Troubleshoot detection -redirect_from: - - /github/managing-security-vulnerabilities/troubleshooting-the-detection-of-vulnerable-dependencies - - /code-security/supply-chain-security/troubleshooting-the-detection-of-vulnerable-dependencies -versions: - fpt: '*' - ghes: '*' - ghae: issue-4864 - ghec: '*' -type: how_to -topics: - - Dependabot - - Alerts - - Troubleshooting - - Errors - - Security updates - - Dependencies - - Vulnerabilities - - Dependency graph - - Alerts - - CVEs - - Repositories ---- - -{% data reusables.dependabot.beta-security-and-version-updates %} - -The results of dependency detection reported by {% data variables.product.product_name %} may be different from the results returned by other tools. There are good reasons for this and it's helpful to understand how {% data variables.product.prodname_dotcom %} determines dependencies for your project. - -## Why do some dependencies seem to be missing? - -{% data variables.product.prodname_dotcom %} generates and displays dependency data differently than other tools. Consequently, if you've been using another tool to identify dependencies you will almost certainly see different results. Consider the following: - -* {% data variables.product.prodname_advisory_database %} is one of the data sources that {% data variables.product.prodname_dotcom %} uses to identify vulnerable dependencies. It's a free, curated database of vulnerability information for common package ecosystems on {% data variables.product.prodname_dotcom %}. It includes both data reported directly to {% data variables.product.prodname_dotcom %} from {% data variables.product.prodname_security_advisories %}, as well as official feeds and community sources. This data is reviewed and curated by {% data variables.product.prodname_dotcom %} to ensure that false or unactionable information is not shared with the development community. {% data reusables.security-advisory.link-browsing-advisory-db %} -* The dependency graph parses all known package manifest files in a user’s repository. For example, for npm it will parse the _package-lock.json_ file. It constructs a graph of all of the repository’s dependencies and public dependents. This happens when you enable the dependency graph and when anyone pushes to the default branch, and it includes commits that makes changes to a supported manifest format. For more information, see "[About the dependency graph](/github/visualizing-repository-data-with-graphs/about-the-dependency-graph)." -* {% data variables.product.prodname_dependabot %} scans any push, to the default branch, that contains a manifest file. When a new vulnerability record is added, it scans all existing repositories and generates an alert for each vulnerable repository. {% data variables.product.prodname_dependabot_alerts %} are aggregated at the repository level, rather than creating one alert per vulnerability. For more information, see "[About alerts for vulnerable dependencies](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)." -* {% ifversion fpt or ghec or ghes > 3.2 %}{% data variables.product.prodname_dependabot_security_updates %} are triggered when you receive an alert about a vulnerable dependency in your repository. Where possible, {% data variables.product.prodname_dependabot %} creates a pull request in your repository to upgrade the vulnerable dependency to the minimum possible secure version needed to avoid the vulnerability. For more information, see "[About {% data variables.product.prodname_dependabot_security_updates %}](/github/managing-security-vulnerabilities/about-dependabot-security-updates)" and "[Troubleshooting {% data variables.product.prodname_dependabot %} errors](/github/managing-security-vulnerabilities/troubleshooting-dependabot-errors)." - - {% endif %}{% data variables.product.prodname_dependabot %} doesn't scan repositories for vulnerable dependencies on a schedule, but rather when something changes. For example, a scan is triggered when a new dependency is added ({% data variables.product.prodname_dotcom %} checks for this on every push), or when a new vulnerability is added to the advisory database{% ifversion ghes or ghae-issue-4864 %} and synchronized to {% data variables.product.product_location %}{% endif %}. For more information, see "[About alerts for vulnerable dependencies](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies#detection-of-vulnerable-dependencies)." - -## Why don't I get vulnerability alerts for some ecosystems? - -{% data variables.product.prodname_dotcom %} limits its support for vulnerability alerts to a set of ecosystems where we can provide high-quality, actionable data. Curated vulnerabilities in the {% data variables.product.prodname_advisory_database %}, the dependency graph, {% ifversion fpt or ghec %}{% data variables.product.prodname_dependabot %} security updates, {% endif %}and {% data variables.product.prodname_dependabot_alerts %} are provided for several ecosystems, including Java’s Maven, JavaScript’s npm and Yarn, .NET’s NuGet, Python’s pip, Ruby's RubyGems, and PHP’s Composer. We'll continue to add support for more ecosystems over time. For an overview of the package ecosystems that we support, see "[About the dependency graph](/github/visualizing-repository-data-with-graphs/about-the-dependency-graph#supported-package-ecosystems)." - -It's worth noting that {% data variables.product.prodname_dotcom %} Security Advisories may exist for other ecosystems. The information in a security advisory is provided by the maintainers of a particular repository. This data is not curated in the same way as information for the supported ecosystems. {% ifversion fpt or ghec %}For more information, see "[About {% data variables.product.prodname_dotcom %} Security Advisories](/github/managing-security-vulnerabilities/about-github-security-advisories)."{% endif %} - -**Check**: Does the uncaught vulnerability apply to an unsupported ecosystem? - -## Does the dependency graph only find dependencies in manifests and lockfiles? - -The dependency graph includes information on dependencies that are explicitly declared in your environment. That is, dependencies that are specified in a manifest or a lockfile. The dependency graph generally also includes transitive dependencies, even when they aren't specified in a lockfile, by looking at the dependencies of the dependencies in a manifest file. - -{% data variables.product.prodname_dependabot_alerts %} advise you about dependencies you should update, including transitive dependencies, where the version can be determined from a manifest or a lockfile. {% ifversion fpt or ghec or ghes > 3.2 %}{% data variables.product.prodname_dependabot_security_updates %} only suggest a change where {% data variables.product.prodname_dependabot %} can directly "fix" the dependency, that is, when these are: -* Direct dependencies explicitly declared in a manifest or lockfile -* Transitive dependencies declared in a lockfile{% endif %} - -The dependency graph doesn't include "loose" dependencies. "Loose" dependencies are individual files that are copied from another source and checked into the repository directly or within an archive (such as a ZIP or JAR file), rather than being referenced by in a package manager’s manifest or lockfile. - -**Check**: Is the uncaught vulnerability for a component that's not specified in the repository's manifest or lockfile? - -## Does the dependency graph detect dependencies specified using variables? - -The dependency graph analyzes manifests as they’re pushed to {% data variables.product.prodname_dotcom %}. The dependency graph doesn't, therefore, have access to the build environment of the project, so it can't resolve variables used within manifests. If you use variables within a manifest to specify the name, or more commonly the version of a dependency, then that dependency will not be included in the dependency graph. - -**Check**: Is the missing dependency declared in the manifest by using a variable for its name or version? - -## Are there limits which affect the dependency graph data? - -Yes, the dependency graph has two categories of limits: - -1. **Processing limits** - - These affect the dependency graph displayed within {% data variables.product.prodname_dotcom %} and also prevent {% data variables.product.prodname_dependabot_alerts %} being created. - - Manifests over 0.5 MB in size are only processed for enterprise accounts. For other accounts, manifests over 0.5 MB are ignored and will not create {% data variables.product.prodname_dependabot_alerts %}. - - By default, {% data variables.product.prodname_dotcom %} will not process more than 20 manifests per repository. {% data variables.product.prodname_dependabot_alerts %} are not created for manifests beyond this limit. If you need to increase the limit, contact {% data variables.contact.contact_support %}. - -2. **Visualization limits** - - These affect what's displayed in the dependency graph within {% data variables.product.prodname_dotcom %}. However, they don't affect the {% data variables.product.prodname_dependabot_alerts %} that are created. - - The Dependencies view of the dependency graph for a repository only displays 100 manifests. Typically this is adequate as it is significantly higher than the processing limit described above. In situations where the processing limit is over 100, {% data variables.product.prodname_dependabot_alerts %} are still created for any manifests that are not shown within {% data variables.product.prodname_dotcom %}. - -**Check**: Is the missing dependency in a manifest file that's over 0.5 MB, or in a repository with a large number of manifests? - -## Does {% data variables.product.prodname_dependabot %} generate alerts for vulnerabilities that have been known for many years? - -The {% data variables.product.prodname_advisory_database %} was launched in November 2019, and initially back-filled to include vulnerability information for the supported ecosystems, starting from 2017. When adding CVEs to the database, we prioritize curating newer CVEs, and CVEs affecting newer versions of software. - -Some information on older vulnerabilities is available, especially where these CVEs are particularly widespread, however some old vulnerabilities are not included in the {% data variables.product.prodname_advisory_database %}. If there's a specific old vulnerability that you need to be included in the database, contact {% data variables.contact.contact_support %}. - -**Check**: Does the uncaught vulnerability have a publish date earlier than 2017 in the National Vulnerability Database? - -## Why does {% data variables.product.prodname_advisory_database %} use a subset of published vulnerability data? - -Some third-party tools use uncurated CVE data that isn't checked or filtered by a human. This means that CVEs with tagging or severity errors, or other quality issues, will cause more frequent, more noisy, and less useful alerts. - -Since {% data variables.product.prodname_dependabot %} uses curated data in the {% data variables.product.prodname_advisory_database %}, the volume of alerts may be lower, but the alerts you do receive will be accurate and relevant. - -{% ifversion fpt or ghec %} -## Does each dependency vulnerability generate a separate alert? - -When a dependency has multiple vulnerabilities, an alert is generated for each vulnerability at the level of advisory plus manifest. - -![Screenshot of the {% data variables.product.prodname_dependabot_alerts %} tab showing two alerts from the same package with different manifests.](/assets/images/help/repository/dependabot-alerts-view.png) - -Legacy {% data variables.product.prodname_dependabot_alerts %} were grouped into a single aggregated alert with all the vulnerabilities for the same dependency. If you navigate to a link to a legacy {% data variables.product.prodname_dependabot %} alert, you will be redirected to the {% data variables.product.prodname_dependabot_alerts %} tab filtered to display vulnerabilities for that dependent package and manifest. - -![Screenshot of the {% data variables.product.prodname_dependabot_alerts %} tab showing the filtered alerts from navigating to a legacy {% data variables.product.prodname_dependabot %} alert.](/assets/images/help/repository/legacy-dependabot-alerts-view.png) - -The {% data variables.product.prodname_dependabot_alerts %} count in {% data variables.product.prodname_dotcom %} shows a total for the number of alerts, which is the number of vulnerabilities, not the number of dependencies. - -**Check**: If there is a discrepancy in the totals you are seeing, check that you are not comparing alert numbers with dependency numbers. Also check that you are viewing all alerts and not a subset of filtered alerts. -{% endif %} - -## Further reading - -- "[About alerts for vulnerable dependencies](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)" -- "[Viewing and updating vulnerable dependencies in your repository](/github/managing-security-vulnerabilities/viewing-and-updating-vulnerable-dependencies-in-your-repository)" -- "[Managing security and analysis settings for your repository](/github/administering-a-repository/managing-security-and-analysis-settings-for-your-repository)"{% ifversion fpt or ghec or ghes > 3.2 %} -- "[Troubleshooting {% data variables.product.prodname_dependabot %} errors](/github/managing-security-vulnerabilities/troubleshooting-dependabot-errors)"{% endif %} diff --git a/translations/es-ES/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/viewing-and-updating-vulnerable-dependencies-in-your-repository.md b/translations/es-ES/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/viewing-and-updating-vulnerable-dependencies-in-your-repository.md deleted file mode 100644 index ce51732a37..0000000000 --- a/translations/es-ES/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/viewing-and-updating-vulnerable-dependencies-in-your-repository.md +++ /dev/null @@ -1,119 +0,0 @@ ---- -title: Viewing and updating vulnerable dependencies in your repository -intro: 'If {% data variables.product.product_name %} discovers vulnerable dependencies in your project, you can view them on the Dependabot alerts tab of your repository. Then, you can update your project to resolve or dismiss the vulnerability.' -redirect_from: - - /articles/viewing-and-updating-vulnerable-dependencies-in-your-repository - - /github/managing-security-vulnerabilities/viewing-and-updating-vulnerable-dependencies-in-your-repository - - /code-security/supply-chain-security/viewing-and-updating-vulnerable-dependencies-in-your-repository -permissions: Repository administrators and organization owners can view and update dependencies. -shortTitle: View vulnerable dependencies -versions: - fpt: '*' - ghes: '*' - ghae: issue-4864 - ghec: '*' -type: how_to -topics: - - Dependabot - - Security updates - - Alerts - - Dependencies - - Pull requests - - Repositories ---- - -{% data reusables.dependabot.beta-security-and-version-updates %} -{% data reusables.dependabot.enterprise-enable-dependabot %} - -Your repository's {% data variables.product.prodname_dependabot_alerts %} tab lists all open and closed {% data variables.product.prodname_dependabot_alerts %}{% ifversion fpt or ghec or ghes > 3.2 %} and corresponding {% data variables.product.prodname_dependabot_security_updates %}{% endif %}. You can{% ifversion fpt or ghec or ghes > 3.4 or ghae-issue-5638 %} filter alerts by package, ecosystem, or manifest. You can also{% endif %} sort the list of alerts, and you can click into specific alerts for more details. For more information, see "[About alerts for vulnerable dependencies](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)." - -{% ifversion fpt or ghec or ghes > 3.2 %} -You can enable automatic security updates for any repository that uses {% data variables.product.prodname_dependabot_alerts %} and the dependency graph. For more information, see "[About {% data variables.product.prodname_dependabot_security_updates %}](/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-dependabot-security-updates)." -{% endif %} - -{% data reusables.repositories.dependency-review %} - -{% ifversion fpt or ghec or ghes > 3.2 %} -## About updates for vulnerable dependencies in your repository - -{% data variables.product.product_name %} generates {% data variables.product.prodname_dependabot_alerts %} when we detect that your codebase is using dependencies with known vulnerabilities. For repositories where {% data variables.product.prodname_dependabot_security_updates %} are enabled, when {% data variables.product.product_name %} detects a vulnerable dependency in the default branch, {% data variables.product.prodname_dependabot %} creates a pull request to fix it. The pull request will upgrade the dependency to the minimum possible secure version needed to avoid the vulnerability. - -{% ifversion fpt or ghec or ghes > 3.4 or ghae-issue-5638 %}You can sort and filter {% data variables.product.prodname_dependabot_alerts %} with the dropdown menus in the {% data variables.product.prodname_dependabot_alerts %} tab or by typing filters as `key:value` pairs into the search bar. The available filters are repository (for example, `repo:my-repository`), package (for example, `package:django`), ecosystem (for example, `ecosystem:npm`), manifest (for example, `manifest:webwolf/pom.xml`), state (for example, `is:open`), and whether an advisory has a patch (for example, `has: patch`). - -Each {% data variables.product.prodname_dependabot %} alert has a unique numeric identifier and the {% data variables.product.prodname_dependabot_alerts %} tab lists an alert for every detected vulnerability. Legacy {% data variables.product.prodname_dependabot_alerts %} grouped vulnerabilities by dependency and generated a single alert per dependency. If you navigate to a legacy {% data variables.product.prodname_dependabot %} alert, you will be redirected to a {% data variables.product.prodname_dependabot_alerts %} tab filtered for that package. {% endif %} -{% endif %} - -## Viewing and updating vulnerable dependencies - -{% ifversion fpt or ghec or ghes > 3.4 or ghae-issue-5638 %} -{% data reusables.repositories.navigate-to-repo %} -{% data reusables.repositories.sidebar-security %} -{% data reusables.repositories.sidebar-dependabot-alerts %} -1. Optionally, to filter alerts, select the **Repository**, **Package**, **Ecosystem**, or **Manifest** dropdown menu then click the filter that you would like to apply. You can also type filters into the search bar. For example, `ecosystem:npm` or `has:patch`. To sort alerts, select the **Sort** dropdown menu then click the option that you would like to sort by. - ![Screenshot of the filter and sort menus in the {% data variables.product.prodname_dependabot_alerts %} tab](/assets/images/help/graphs/dependabot-alerts-filters.png) -1. Click the alert that you would like to view. - ![Alert selected in list of alerts](/assets/images/help/graphs/click-alert-in-alerts-list-ungrouped.png) -1. Review the details of the vulnerability and, if available, the pull request containing the automated security update. -1. Optionally, if there isn't already a {% data variables.product.prodname_dependabot_security_updates %} update for the alert, to create a pull request to resolve the vulnerability, click **Create {% data variables.product.prodname_dependabot %} security update**. - ![Create {% data variables.product.prodname_dependabot %} security update button](/assets/images/help/repository/create-dependabot-security-update-button-ungrouped.png) -1. When you're ready to update your dependency and resolve the vulnerability, merge the pull request. Each pull request raised by {% data variables.product.prodname_dependabot %} includes information on commands you can use to control {% data variables.product.prodname_dependabot %}. For more information, see "[Managing pull requests for dependency updates](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/managing-pull-requests-for-dependency-updates#managing-dependabot-pull-requests-with-comment-commands)." -1. Optionally, if the alert is being fixed, if it's incorrect, or located in unused code, select the "Dismiss" dropdown, and click a reason for dismissing the alert.{% if reopen-dependabot-alerts %} Unfixed dismissed alerts can be reopened later.{% endif %} - ![Choosing reason for dismissing the alert via the "Dismiss" drop-down](/assets/images/help/repository/dependabot-alert-dismiss-drop-down-ungrouped.png) - -{% elsif ghes = 3.3 %} -{% data reusables.repositories.navigate-to-repo %} -{% data reusables.repositories.sidebar-security %} -{% data reusables.repositories.sidebar-dependabot-alerts %} -1. Click the alert you'd like to view. - ![Alert selected in list of alerts](/assets/images/help/graphs/click-alert-in-alerts-list.png) -1. Review the details of the vulnerability and, if available, the pull request containing the automated security update. -1. Optionally, if there isn't already a {% data variables.product.prodname_dependabot_security_updates %} update for the alert, to create a pull request to resolve the vulnerability, click **Create {% data variables.product.prodname_dependabot %} security update**. - ![Create {% data variables.product.prodname_dependabot %} security update button](/assets/images/help/repository/create-dependabot-security-update-button.png) -1. When you're ready to update your dependency and resolve the vulnerability, merge the pull request. Each pull request raised by {% data variables.product.prodname_dependabot %} includes information on commands you can use to control {% data variables.product.prodname_dependabot %}. For more information, see "[Managing pull requests for dependency updates](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/managing-pull-requests-for-dependency-updates#managing-dependabot-pull-requests-with-comment-commands)." -1. Optionally, if the alert is being fixed, if it's incorrect, or located in unused code, select the "Dismiss" drop-down, and click a reason for dismissing the alert. - ![Choosing reason for dismissing the alert via the "Dismiss" drop-down](/assets/images/help/repository/dependabot-alert-dismiss-drop-down.png) - -{% elsif ghes = 3.1 or ghes = 3.2 or ghae-issue-4864 %} -{% data reusables.repositories.navigate-to-repo %} -{% data reusables.repositories.sidebar-security %} -{% data reusables.repositories.sidebar-dependabot-alerts %} -1. Click the alert you'd like to view. - ![Alert selected in list of alerts](/assets/images/enterprise/graphs/click-alert-in-alerts-list.png) -1. Review the details of the vulnerability and determine whether or not you need to update the dependency. -1. When you merge a pull request that updates the manifest or lock file to a secure version of the dependency, this will resolve the alert. Alternatively, if you decide not to update the dependency, select the **Dismiss** drop-down, and click a reason for dismissing the alert. - ![Choosing reason for dismissing the alert via the "Dismiss" drop-down](/assets/images/enterprise/repository/dependabot-alert-dismiss-drop-down.png) - -{% else %} -{% data reusables.repositories.navigate-to-repo %} -{% data reusables.repositories.accessing-repository-graphs %} -{% data reusables.repositories.click-dependency-graph %} -1. Click the version number of the vulnerable dependency to display detailed information. - ![Detailed information on the vulnerable dependency](/assets/images/enterprise/3.0/dependabot-alert-info.png) -1. Review the details of the vulnerability and determine whether or not you need to update the dependency. When you merge a pull request that updates the manifest or lock file to a secure version of the dependency, this will resolve the alert. -1. The banner at the top of the **Dependencies** tab is displayed until all the vulnerable dependencies are resolved or you dismiss it. Click **Dismiss** in the top right corner of the banner and select a reason for dismissing the alert. - ![Dismiss security banner](/assets/images/enterprise/3.0/dependabot-alert-dismiss.png) -{% endif %} - -{% if reopen-dependabot-alerts %} - -## Viewing and updating closed alerts - -{% data reusables.repositories.navigate-to-repo %} -{% data reusables.repositories.sidebar-security %} -{% data reusables.repositories.sidebar-dependabot-alerts %} -1. To just view closed alerts, click **Closed**. - ![Screenshot showing the "Closed" option](/assets/images/help/repository/dependabot-alerts-closed.png) -1. Click the alert that you would like to view or update. - ![Screenshot showing a highlighted dependabot alert](/assets/images/help/repository/dependabot-alerts-select-closed-alert.png) -2. Optionally, if the alert was dismissed and you wish to reopen it, click **Reopen**. - ![Screenshot showing the "Reopen" button](/assets/images/help/repository/reopen-dismissed-alert.png) - -{% endif %} - -## Further reading - -- "[About alerts for vulnerable dependencies](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)"{% ifversion fpt or ghec or ghes > 3.2 %} -- "[Configuring {% data variables.product.prodname_dependabot_security_updates %}](/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/configuring-dependabot-security-updates)"{% endif %} -- "[Managing security and analysis settings for your repository](/github/administering-a-repository/managing-security-and-analysis-settings-for-your-repository)" -- "[Troubleshooting the detection of vulnerable dependencies](/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/troubleshooting-the-detection-of-vulnerable-dependencies)"{% ifversion fpt or ghec or ghes > 3.2 %} -- "[Troubleshooting {% data variables.product.prodname_dependabot %} errors](/github/managing-security-vulnerabilities/troubleshooting-dependabot-errors)"{% endif %} diff --git a/translations/es-ES/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review.md b/translations/es-ES/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review.md index a6b5986909..fdc3d5e35b 100644 --- a/translations/es-ES/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review.md +++ b/translations/es-ES/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review.md @@ -41,7 +41,7 @@ Sometimes you might just want to update the version of one dependency in a manif By checking the dependency reviews in a pull request, and changing any dependencies that are flagged as vulnerable, you can avoid vulnerabilities being added to your project. For more information about how dependency review works, see "[Reviewing dependency changes in a pull request](/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/reviewing-dependency-changes-in-a-pull-request)." -{% data variables.product.prodname_dependabot_alerts %} will find vulnerabilities that are already in your dependencies, but it's much better to avoid introducing potential problems than to fix problems at a later date. For more information about {% data variables.product.prodname_dependabot_alerts %}, see "[About alerts for vulnerable dependencies](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies#dependabot-alerts-for-vulnerable-dependencies)." +{% data variables.product.prodname_dependabot_alerts %} will find vulnerabilities that are already in your dependencies, but it's much better to avoid introducing potential problems than to fix problems at a later date. For more information about {% data variables.product.prodname_dependabot_alerts %}, see "[About {% data variables.product.prodname_dependabot_alerts %}](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies#dependabot-alerts-for-vulnerable-dependencies)." Dependency review supports the same languages and package management ecosystems as the dependency graph. For more information, see "[About the dependency graph](/github/visualizing-repository-data-with-graphs/about-the-dependency-graph#supported-package-ecosystems)." @@ -49,4 +49,4 @@ Dependency review supports the same languages and package management ecosystems ## Enabling dependency review The dependency review feature becomes available when you enable the dependency graph. {% ifversion ghec %}For more information, see "[Enabling the dependency graph](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph#enabling-the-dependency-graph)."{% endif %}{% ifversion ghes or ghae %}For more information, see "[Enabling the dependency graph for your enterprise](/admin/code-security/managing-supply-chain-security-for-your-enterprise/enabling-the-dependency-graph-for-your-enterprise)."{% endif %} -{% endif %} \ No newline at end of file +{% endif %} diff --git a/translations/es-ES/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-supply-chain-security.md b/translations/es-ES/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-supply-chain-security.md new file mode 100644 index 0000000000..a23eb06134 --- /dev/null +++ b/translations/es-ES/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-supply-chain-security.md @@ -0,0 +1,154 @@ +--- +title: About supply chain security +intro: '{% data variables.product.product_name %} helps you secure your supply chain, from understanding the dependencies in your environment, to knowing about vulnerabilities in those dependencies{% ifversion fpt or ghec or ghes > 3.2 %}, and patching them{% endif %}.' +miniTocMaxHeadingLevel: 3 +shortTitle: Seguridad de la cadena de suministro +redirect_from: + - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies +versions: + fpt: '*' + ghes: '*' + ghae: issue-4864 + ghec: '*' +type: overview +topics: + - Advanced Security + - Dependency review + - Dependency graph + - Vulnerabilities + - Dependencies + - Pull requests + - Repositories +--- + +## About supply chain security at GitHub + +With the accelerated use of open source, most projects depend on hundreds of open-source dependencies. This poses a security problem: what if the dependencies you're using are vulnerable? You could be putting your users at risk of a supply chain attack. One of the most important things you can do to protect your supply chain is to patch your vulnerabilities. + +You add dependencies directly to your supply chain when you specify them in a manifest file or a lockfile. Dependencies can also be included transitively, that is, even if you don’t specify a particular dependency, but a dependency of yours uses it, then you’re also dependent on that dependency. + +{% data variables.product.product_name %} offers a range of features to help you understand the dependencies in your environment{% ifversion ghes < 3.3 or ghae %} and know about vulnerabilities in those dependencies{% endif %}{% ifversion fpt or ghec or ghes > 3.2 %}, know about vulnerabilities in those dependencies, and patch them{% endif %}. + +The supply chain features on {% data variables.product.product_name %} are: +- **Gráfica de dependencias** +{% ifversion fpt or ghec or ghes > 3.1 or ghae %}- **Dependency review**{% endif %} +- **{% data variables.product.prodname_dependabot_alerts %} ** +{% ifversion fpt or ghec or ghes > 3.2 %}- **{% data variables.product.prodname_dependabot_updates %}** + - **{% data variables.product.prodname_dependabot_security_updates %}** + - **{% data variables.product.prodname_dependabot_version_updates %}**{% endif %} + +The dependency graph is central to supply chain security. The dependency graph identifies all upstream dependencies and public downstream dependents of a repository or package. You can see your repository’s dependencies and some of their properties, like vulnerability information, on the dependency graph for the repository. + +{% ifversion fpt or ghec or ghes > 3.1 or ghae %} +Other supply chain features on {% data variables.product.prodname_dotcom %} rely on the information provided by the dependency graph. + +- Dependency review uses the dependency graph to identify dependency changes and help you understand the security impact of these changes when you review pull requests. +- {% data variables.product.prodname_dependabot %} cross-references dependency data provided by the dependency graph with the list of known vulnerabilities published in the {% data variables.product.prodname_advisory_database %}, scans your dependecies and generates {% data variables.product.prodname_dependabot_alerts %} when a potential vulnerability is detected. +{% ifversion fpt or ghec or ghes > 3.2 %}- {% data variables.product.prodname_dependabot_security_updates %} use the dependency graph and {% data variables.product.prodname_dependabot_alerts %} to help you update dependencies with known vulnerabilities in your repository. + +{% data variables.product.prodname_dependabot_version_updates %} don't use the dependency graph and rely on the semantic versioning of dependencies instead. {% data variables.product.prodname_dependabot_version_updates %} help you keep your dependencies updated, even when they don’t have any vulnerabilities. +{% endif %} +{% endif %} + +{% ifversion ghes < 3.2 %} +{% data variables.product.prodname_dependabot %} cross-references dependency data provided by the dependency graph with the list of known vulnerabilities published in the {% data variables.product.prodname_advisory_database %}, scans your dependencies and generates {% data variables.product.prodname_dependabot_alerts %} when a potential vulnerability is detected. + {% endif %} + +## Feature overview + +### What is the dependency graph + +To generate the dependency graph, {% data variables.product.company_short %} looks at a repository’s explicit dependencies declared in the manifest and lockfiles. When enabled, the dependency graph automatically parses all known package manifest files in the repository, and uses this to construct a graph with known dependency names and versions. + +- The dependency graph includes information on your _direct_ dependencies and _transitive_ dependencies. +- The dependency graph is automatically updated when you push a commit to {% data variables.product.company_short %} that changes or adds a supported manifest or lock file to the default branch, and when anyone pushes a change to the repository of one of your dependencies. +- You can see the dependency graph by opening the repository's main page on {% data variables.product.product_name %}, and navigating to the **Insights** tab. + +For more information about the dependency graph, see "[About the dependency graph](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph)." + +{% ifversion fpt or ghec or ghes > 3.1 or ghae %} +### What is dependency review + +Dependency review helps reviewers and contributors understand dependency changes and their security impact in every pull request. + +- Dependency review tells you which dependencies were added, removed, or updated, in a pull request. You can use the release dates, popularity of dependencies, and vulnerability information to help you decide whether to accept the change. +- You can see the dependency review for a pull request by showing the rich diff on the **Files Changed** tab. + +For more information about dependency review, see "[About dependency review](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review)." + +{% endif %} + +### What is Dependabot + +{% data variables.product.prodname_dependabot %} keeps your dependencies up to date by informing you of any security vulnerabilities in your dependencies{% ifversion fpt or ghec or ghes > 3.2 or ghae %}, and automatically opens pull requests to upgrade your dependencies to the next available secure version when a {% data variables.product.prodname_dependabot %} alert is triggered, or to the latest version when a release is published{% else %} so that you can update that dependency{% endif %}. + +{% ifversion fpt or ghec or ghes > 3.2 %} +The term "{% data variables.product.prodname_dependabot %}" encompasses the following features: +- {% data variables.product.prodname_dependabot_alerts %}—Displayed notification on the **Security** tab for the repository, and in the repository's dependency graph. La alerta incluye un enlace al archivo afectado en el proyecto e información acerca de la versión arreglada. +- {% data variables.product.prodname_dependabot_updates %}: + - {% data variables.product.prodname_dependabot_security_updates %}—Triggered updates to upgrade your dependencies to a secure version when an alert is triggered. + - {% data variables.product.prodname_dependabot_version_updates %}—Scheduled updates to keep your dependencies up to date with the latest version. +{% endif %} + +#### What are Dependabot alerts + +{% data variables.product.prodname_dependabot_alerts %} highlight repositories affected by a newly discovered vulnerability based on the dependency graph and the {% data variables.product.prodname_advisory_database %}, which contains the versions on known vulnerability lists. + +- El {% data variables.product.prodname_dependabot %} lleva a cabo un escaneo para detectar las dependencias vulnerables y envía {% data variables.product.prodname_dependabot_alerts %} cuando: +{% ifversion fpt or ghec %} + - A new vulnerability is added to the {% data variables.product.prodname_advisory_database %}.{% else %} + - Se sincronizan los datos de las asesorías nuevas en {% data variables.product.product_location %} cada hora desde {% data variables.product.prodname_dotcom_the_website %}. {% data reusables.security-advisory.link-browsing-advisory-db %}{% endif %} + - The dependency graph for the repository changes. +- {% data variables.product.prodname_dependabot_alerts %} are displayed {% ifversion fpt or ghec or ghes > 3.0 %} on the **Security** tab for the repository and{% endif %} in the repository's dependency graph. La alerta incluye {% ifversion fpt or ghec or ghes > 3.0 %}un enlace al archivo afectado en el proyecto e{% endif %}información sobre una versión corregida. + +For more information about {% data variables.product.prodname_dependabot_alerts %}, see "[About alerts for vulnerable dependencies](/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-alerts-for-vulnerable-dependencies)." + +{% ifversion fpt or ghec or ghes > 3.2 %} +#### What are Dependabot updates + +There are two types of {% data variables.product.prodname_dependabot_updates %}: {% data variables.product.prodname_dependabot %} _security_ updates and _version_ updates. {% data variables.product.prodname_dependabot %} generates automatic pull requests to update your dependencies in both cases, but there are several differences. + +{% data variables.product.prodname_dependabot_security_updates %}: + - Triggered by a {% data variables.product.prodname_dependabot %} alert + - Update dependencies to the minimum version that resolves a known vulnerability + - Supported for ecosystems the dependency graph supports + +{% data variables.product.prodname_dependabot_version_updates %}: + - Run on a schedule you configure + - Update dependencies to the latest version that matches the configuration + - Supported for a different group of ecosystems + +For more information about {% data variables.product.prodname_dependabot_updates %}, see "[About {% data variables.product.prodname_dependabot_security_updates %}](/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-dependabot-security-updates)" and "[About {% data variables.product.prodname_dependabot_version_updates %}](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/about-dependabot-version-updates)." +{% endif %} + +## Feature availability + +{% ifversion fpt or ghec %} + +Public repositories: +- **Dependency graph**—enabled by default and cannot be disabled. +- **Dependency review**—enabled by default and cannot be disabled. +- **{% data variables.product.prodname_dependabot_alerts %}**—not enabled by default. {% data variables.product.prodname_dotcom %} detects vulnerable dependencies and displays information in the dependency graph, but does not generate {% data variables.product.prodname_dependabot_alerts %} by default. Repository owners or people with admin access can enable {% data variables.product.prodname_dependabot_alerts %}. You can also enable or disable Dependabot alerts for all repositories owned by your user account or organization. For more information, see "[Managing security and analysis settings for your user account](/account-and-profile/setting-up-and-managing-your-github-user-account/managing-user-account-settings/managing-security-and-analysis-settings-for-your-user-account)" or "[Managing security and analysis settings for your organization](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization)." + +Private repositories: +- **Dependency graph**—not enabled by default. The feature can be enabled by repository administrators. Para obtener más información, consulta la sección "[Explorar las dependencias de un repositorio](/code-security/supply-chain-security/understanding-your-software-supply-chain/exploring-the-dependencies-of-a-repository#enabling-and-disabling-the-dependency-graph-for-a-private-repository)". +{% ifversion fpt %} +- **Dependency review**—available in private repositories owned by organizations that use {% data variables.product.prodname_ghe_cloud %} and have a license for {% data variables.product.prodname_GH_advanced_security %}. Para obtener más información, consulta la [documentación de {% data variables.product.prodname_ghe_cloud %}](/enterprise-cloud@latest/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review). +{% elsif ghec %} +- **Dependency review**—available in private repositories owned by organizations provided you have a license for {% data variables.product.prodname_GH_advanced_security %} and the dependency graph enabled. For more information, see "[About {% data variables.product.prodname_GH_advanced_security %}](/get-started/learning-about-github/about-github-advanced-security)" and "[Exploring the dependencies of a repository](/code-security/supply-chain-security/understanding-your-software-supply-chain/exploring-the-dependencies-of-a-repository#enabling-and-disabling-the-dependency-graph-for-a-private-repository)." +{% endif %} +- **{% data variables.product.prodname_dependabot_alerts %}**—not enabled by default. Los propietarios de los repositorios privados o las personas con acceso administrativo puede habilitar las {% data variables.product.prodname_dependabot_alerts %} si habilitan la gráfica de dependencias y las {% data variables.product.prodname_dependabot_alerts %} para sus repositorios. You can also enable or disable Dependabot alerts for all repositories owned by your user account or organization. For more information, see "[Managing security and analysis settings for your user account](/account-and-profile/setting-up-and-managing-your-github-user-account/managing-user-account-settings/managing-security-and-analysis-settings-for-your-user-account)" or "[Managing security and analysis settings for your organization](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization)." + +Any repository type: +- **{% data variables.product.prodname_dependabot_security_updates %}**—not enabled by default. Puedes habilitar las {% data variables.product.prodname_dependabot_security_updates %} para cualquier repositorio que utilice {% data variables.product.prodname_dependabot_alerts %} y la gráfica de dependencias. Para obtener más información, consulta la sección "[Acerca de las {% data variables.product.prodname_dependabot_security_updates %}](/github/managing-security-vulnerabilities/about-dependabot-security-updates)". +- **{% data variables.product.prodname_dependabot_version_updates %}**—not enabled by default. People with write permissions to a repository can enable {% data variables.product.prodname_dependabot_version_updates %}. Para obtener más información sobre habilitar las actualizaciones de seguridad, consulta la sección "[Configurar las {% data variables.product.prodname_dependabot_security_updates %}](/github/managing-security-vulnerabilities/configuring-dependabot-security-updates)". +{% endif %} + +{% ifversion ghes or ghae %} +- **Dependency graph** and **{% data variables.product.prodname_dependabot_alerts %}**—not enabled by default. Both features are configured at an enterprise level by the enterprise owner. Para obtener más información, consulta la sección {% ifversion ghes %}"[Habilitar la gráfica de dependencias para tu empresa](/admin/code-security/managing-supply-chain-security-for-your-enterprise/enabling-the-dependency-graph-for-your-enterprise)" y {% endif %}"[Habilitar el {% data variables.product.prodname_dependabot %} para tu empresa](/admin/configuration/configuring-github-connect/enabling-dependabot-for-your-enterprise)". +- **Dependency review**—available when dependency graph is enabled for {% data variables.product.product_location %} and {% data variables.product.prodname_advanced_security %} is enabled for the organization or repository. For more information, see "[About {% data variables.product.prodname_GH_advanced_security %}](/get-started/learning-about-github/about-github-advanced-security)." +{% endif %} +{% ifversion ghes > 3.2 %} +- **{% data variables.product.prodname_dependabot_security_updates %}**—not enabled by default. Puedes habilitar las {% data variables.product.prodname_dependabot_security_updates %} para cualquier repositorio que utilice {% data variables.product.prodname_dependabot_alerts %} y la gráfica de dependencias. Para obtener más información, consulta la sección "[Acerca de las {% data variables.product.prodname_dependabot_security_updates %}](/github/managing-security-vulnerabilities/about-dependabot-security-updates)". +- **{% data variables.product.prodname_dependabot_version_updates %}**—not enabled by default. People with write permissions to a repository can enable {% data variables.product.prodname_dependabot_version_updates %}. Para obtener más información sobre habilitar las actualizaciones de seguridad, consulta la sección "[Configurar las {% data variables.product.prodname_dependabot_security_updates %}](/github/managing-security-vulnerabilities/configuring-dependabot-security-updates)". +{% endif %} diff --git a/translations/es-ES/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph.md b/translations/es-ES/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph.md index 53c972c93f..91b871b9ef 100644 --- a/translations/es-ES/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph.md +++ b/translations/es-ES/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph.md @@ -55,7 +55,7 @@ You can use the dependency graph to: - Explore the repositories your code depends on{% ifversion fpt or ghec %}, and those that depend on it{% endif %}. For more information, see "[Exploring the dependencies of a repository](/github/visualizing-repository-data-with-graphs/exploring-the-dependencies-of-a-repository)." {% ifversion fpt or ghec %} - View a summary of the dependencies used in your organization's repositories in a single dashboard. For more information, see "[Viewing insights for your organization](/articles/viewing-insights-for-your-organization#viewing-organization-dependency-insights)."{% endif %} -- View and update vulnerable dependencies for your repository. For more information, see "[About alerts for vulnerable dependencies](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)."{% ifversion fpt or ghes > 3.1 or ghec %} +- View and update vulnerable dependencies for your repository. For more information, see "[About {% data variables.product.prodname_dependabot_alerts %}](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)."{% ifversion fpt or ghes > 3.1 or ghec %} - See information about vulnerable dependencies in pull requests. For more information, see "[Reviewing dependency changes in a pull request](/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/reviewing-dependency-changes-in-a-pull-request)."{% endif %} ## Enabling the dependency graph @@ -111,5 +111,5 @@ The recommended formats explicitly define which versions are used for all direct - "[Dependency graph](https://en.wikipedia.org/wiki/Dependency_graph)" on Wikipedia - "[Exploring the dependencies of a repository](/github/visualizing-repository-data-with-graphs/exploring-the-dependencies-of-a-repository)"{% ifversion fpt or ghec %} - "[Viewing insights for your organization](/organizations/collaborating-with-groups-in-organizations/viewing-insights-for-your-organization)"{% endif %} -- "[Viewing and updating vulnerable dependencies in your repository](/github/managing-security-vulnerabilities/viewing-and-updating-vulnerable-dependencies-in-your-repository)" +- "[Viewing {% data variables.product.prodname_dependabot_alerts %} for vulnerable dependencies](/github/managing-security-vulnerabilities/viewing-and-updating-vulnerable-dependencies-in-your-repository)" - "[Troubleshooting the detection of vulnerable dependencies](/github/managing-security-vulnerabilities/troubleshooting-the-detection-of-vulnerable-dependencies)" diff --git a/translations/es-ES/content/code-security/supply-chain-security/understanding-your-software-supply-chain/exploring-the-dependencies-of-a-repository.md b/translations/es-ES/content/code-security/supply-chain-security/understanding-your-software-supply-chain/exploring-the-dependencies-of-a-repository.md index a9acbfc377..8b1c81aaf8 100644 --- a/translations/es-ES/content/code-security/supply-chain-security/understanding-your-software-supply-chain/exploring-the-dependencies-of-a-repository.md +++ b/translations/es-ES/content/code-security/supply-chain-security/understanding-your-software-supply-chain/exploring-the-dependencies-of-a-repository.md @@ -40,7 +40,7 @@ Enterprise owners can configure the dependency graph at an enterprise level. For ### Dependencies view {% ifversion fpt or ghec %} -Dependencies are grouped by ecosystem. You can expand a dependency to view its dependencies. For dependencies on public repositories hosted on {% data variables.product.product_name %}, you can also click a dependency to view the repository. Dependencies on private repositories, private packages, or unrecognized files are shown in plain text. +Dependencies are grouped by ecosystem. You can expand a dependency to view its dependencies. Dependencies on private repositories, private packages, or unrecognized files are shown in plain text. If the package manager for the dependency is in a public repository, {% data variables.product.product_name %} will display a link to that repository. If vulnerabilities have been detected in the repository, these are shown at the top of the view for users with access to {% data variables.product.prodname_dependabot_alerts %}. @@ -84,7 +84,10 @@ You can disable the dependency graph at any time by clicking **Disable** next to ## Changing the "Used by" package -If the dependency graph is enabled, and your repository contains a package that's published on a supported package ecosystem, {% data variables.product.prodname_dotcom %} displays a "Used by" section in the sidebar of the **Code** tab of your repository. For more information about the supported package ecosystems, see "[About the dependency graph](/github/visualizing-repository-data-with-graphs/about-the-dependency-graph#supported-package-ecosystems)." +You may notice some repositories have a "Used by" section in the sidebar of the **Code** tab. Your repository will have a "Used by" section if: + * The dependency graph is enabled for the repository (see the above section for more details). + * Your repository contains a package that is published on a [supported package ecosystem](/github/visualizing-repository-data-with-graphs/about-the-dependency-graph#supported-package-ecosystems). + * Within the ecosystem, your package has a link to a _public_ repository where the source is stored. The "Used by" section shows the number of public references to the package that were found, and displays the avatars of some of the owners of the dependent projects. @@ -114,7 +117,7 @@ If a manifest or lock file is not processed, its dependencies are omitted from t ## Further reading - "[About the dependency graph](/github/visualizing-repository-data-with-graphs/about-the-dependency-graph)" -- "[Viewing and updating vulnerable dependencies in your repository](/github/managing-security-vulnerabilities/viewing-and-updating-vulnerable-dependencies-in-your-repository)"{% ifversion fpt or ghec %} +- "[Viewing {% data variables.product.prodname_dependabot_alerts %} for vulnerable dependencies](/github/managing-security-vulnerabilities/viewing-and-updating-vulnerable-dependencies-in-your-repository)"{% ifversion fpt or ghec %} - "[Viewing insights for your organization](/organizations/collaborating-with-groups-in-organizations/viewing-insights-for-your-organization)" - "[Understanding how {% data variables.product.prodname_dotcom %} uses and protects your data](/get-started/privacy-on-github)" {% endif %} diff --git a/translations/es-ES/content/code-security/supply-chain-security/understanding-your-software-supply-chain/index.md b/translations/es-ES/content/code-security/supply-chain-security/understanding-your-software-supply-chain/index.md index 0e1e4f1579..646c4e30f1 100644 --- a/translations/es-ES/content/code-security/supply-chain-security/understanding-your-software-supply-chain/index.md +++ b/translations/es-ES/content/code-security/supply-chain-security/understanding-your-software-supply-chain/index.md @@ -9,10 +9,12 @@ topics: - Dependency graph - Dependencies - Repositories -children: - - /about-the-dependency-graph - - /exploring-the-dependencies-of-a-repository - - /about-dependency-review shortTitle: Understand your supply chain +children: + - /about-supply-chain-security + - /about-the-dependency-graph + - /about-dependency-review + - /exploring-the-dependencies-of-a-repository + - /troubleshooting-the-dependency-graph --- diff --git a/translations/es-ES/content/code-security/supply-chain-security/understanding-your-software-supply-chain/troubleshooting-the-dependency-graph.md b/translations/es-ES/content/code-security/supply-chain-security/understanding-your-software-supply-chain/troubleshooting-the-dependency-graph.md new file mode 100644 index 0000000000..f4e8203720 --- /dev/null +++ b/translations/es-ES/content/code-security/supply-chain-security/understanding-your-software-supply-chain/troubleshooting-the-dependency-graph.md @@ -0,0 +1,62 @@ +--- +title: Solución de problemas del gráfico de dependencias +intro: 'If the dependency information reported by the dependency graph is not what you expected, there are a number of points to consider, and various things you can check.' +shortTitle: Troubleshoot dependency graph +versions: + fpt: '*' + ghes: '*' + ghae: issue-4864 + ghec: '*' +type: how_to +topics: + - Troubleshooting + - Errors + - Dependencies + - Vulnerabilities + - Dependency graph + - CVEs + - Repositories +--- + +{% data reusables.dependabot.result-discrepancy %} + +## ¿Acaso la gráfica de dependencias solo encuentra depedencias en los manifiestos y lockfiles? + +La gráfica de dependencias incluye información sobre las dependencias, la cual se declara explícitamente en tu ambiente. Esto es, dependencias que se especifican en un manifiesto o en un lockfile. La gráfica de dependencias también incluye dependencias transitivas generalmente, aún cuando no se especifican en un lockfile, mediante la revisión de las dependencias de las dependencias en un archivo de manifiesto. + +La gráfica de dependencias no incluye dependencias "sueltas". Las dependencias "sueltas" son archivos individuales que se copian de otra fuernte y se revisan directamente en el repositorio o dentro de un archivo (tal como un archivo ZIP o JAR) en ves de que se referencien en un manifiesto de paquete de administrador o en un lockfile. + +**Check**: Is the missing dependency for a component that's not specified in the repository's manifest or lockfile? + +## ¿Acaso la gráfica de dependencias detecta dependencias que se especifican utilizando variables? + +La gráfica de dependencias analiza los manifiestos mientras se suben a {% data variables.product.prodname_dotcom %}. Por lo tanto, la gráfica de dependencias no tiene acceso al ambiente de compilación del proyecto, así que no puede resolver variables que se utilizan dentro de los manifiestos. Si utilizas variables dentro de un manifiesto para especificar el nombre, o más comunmente la versión de una dependencia, entonces dicha dependencia no se incluirá en la gráfica de dependencias. + +**Verifica**: ¿Acaso la dependencia faltante se declara en el manifiesto utilizando una variable para su nombre o versión? + +## ¿Existen límites que afecten los datos de la gráfica de dependencias? + +Sí, la gráfica de dependencias tiene dos categorías de límites: + +1. **Límites de procesamiento** + + Estos afectan la gráfica de dependencias que se muestra dentro de {% data variables.product.prodname_dotcom %} y también previenen la creación de {% data variables.product.prodname_dependabot_alerts %}. + + Los manifiestos mayores a 0.5 MB solo se procesan para las cuentas empresariales. En el caso de otras cuentas, los manifiestos mayores a 0.5 MB se ingoran y no crearán {% data variables.product.prodname_dependabot_alerts %}. + + Predeterminadamente, {% data variables.product.prodname_dotcom %} no procesará más de 20 manifiestos por repositorio. Las {% data variables.product.prodname_dependabot_alerts %} no se crean para los manifiestos más allá de este límite. Si necesitas incrementar el límite, contacta a {% data variables.contact.contact_support %}. + +2. **Límites de visualización** + + Estos afectan a lo que se muestra en la gráfica de dependencias dentro de {% data variables.product.prodname_dotcom %}. Sin embargo, estos no afectan las {% data variables.product.prodname_dependabot_alerts %} que se crean. + + La vista de dependencias de la gráfica de dependencias para un repositorio solo muestra 1000 manifiestos. Habitualmente, esto es tan adecuado como es significativamente más alto que el límite de procesamiento descrito anteriormente. En situaciones en donde le límite de procesamiento es mayor a 100, las {% data variables.product.prodname_dependabot_alerts %} se crearán aún para cualquier manifiesto que no se muestre dentro de {% data variables.product.prodname_dotcom %}. + +**Verifica**: ¿La dependencia faltante está en un archivo de manifiesto que tiene más de 0.5 MB, o en un repositorio con una gran cantidad de manifiesto? + +## Leer más + +- "[Acerca de la gráfica de dependencias](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph)" +- "[Administrar la configuración de seguridad y de análisis para tu organización](/github/administering-a-repository/managing-security-and-analysis-settings-for-your-repository)" +- "[Solucionar problemas en la detección de dependencias vulnerables](/code-security/dependabot/working-with-dependabot/troubleshooting-the-detection-of-vulnerable-dependencies)"{% ifversion fpt or ghec or ghes > 3.2 %} +- "[Solucionar problemas de los errores del {% data variables.product.prodname_dependabot %}](/github/managing-security-vulnerabilities/troubleshooting-dependabot-errors)"{% endif %} diff --git a/translations/es-ES/content/developers/apps/building-github-apps/creating-a-github-app-using-url-parameters.md b/translations/es-ES/content/developers/apps/building-github-apps/creating-a-github-app-using-url-parameters.md index f0a7fb41f4..d2d0c30d06 100644 --- a/translations/es-ES/content/developers/apps/building-github-apps/creating-a-github-app-using-url-parameters.md +++ b/translations/es-ES/content/developers/apps/building-github-apps/creating-a-github-app-using-url-parameters.md @@ -59,39 +59,39 @@ La lista completa de parámetros de consulta, permisos y eventos disponibles se Puedes seleccionar los permisos en una secuencia de consulta utilizando los nombres de permiso conforme en la siguiente tabla a manera de nombres de parámetro de consulta y usando el tipo de permiso como el valor de la consulta. Por ejemplo, para seleccionar los permisos de `Read & write` en la interface de usuario para `contents`, tu secuencia de consulta incluiría `&contents=write`. Para seleccionar los permisos de `Read-only` en la interface de usuario para `blocking`, tu secuencia de consulta incluiría `&blocking=read`. Para seleccionar `no-access` en la interface de usuario para las `checks`, tu secuencia de consulta no incluiría el permiso `checks`. -| Permiso | Descripción | -| -------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | +| Permiso | Descripción | +| -------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | [`administration`](/rest/reference/permissions-required-for-github-apps/#permission-on-administration) | Otorga acceso a diversas terminales para la administración de organizaciones y repositorios. Puede ser uno de entre `none`, `read`, o `write`.{% ifversion fpt or ghec %} | [`blocking`](/rest/reference/permissions-required-for-github-apps/#permission-on-blocking) | Otorga acceso a la [API de Bloqueo de Usuarios](/rest/reference/users#blocking). Puede ser uno de entre `none`, `read`, o `write`.{% endif %} | [`verificaciones`](/rest/reference/permissions-required-for-github-apps/#permission-on-checks) | Otorga acceso a la [API de verificaciones](/rest/reference/checks). Puede ser uno de entre `none`, `read`, o `write`.{% ifversion ghes < 3.4 %} | `content_references` | Otorga acceso a la terminal "[Crear un adjunto de contenido](/rest/reference/apps#create-a-content-attachment)". Puede ser uno de entre `none`, `read`, o `write`.{% endif %} -| [`contenidos`](/rest/reference/permissions-required-for-github-apps/#permission-on-contents) | Otorga acceso a diversas terminales que te permiten modificar el contenido de los repositorios. Puede ser uno de entre `none`, `read`, o `write`. | +| [`contenidos`](/rest/reference/permissions-required-for-github-apps/#permission-on-contents) | Otorga acceso a diversas terminales que te permiten modificar el contenido de los repositorios. Puede ser uno de entre `none`, `read`, o `write`. | | [`implementaciones`](/rest/reference/permissions-required-for-github-apps/#permission-on-deployments) | Otorga acceso a la [API de despliegues](/rest/reference/repos#deployments). Puede ser uno de entre `none`, `read`, o `write`.{% ifversion fpt or ghes or ghec %} | [`emails`](/rest/reference/permissions-required-for-github-apps/#permission-on-emails) | Otorga acceso a la [API de Correos electrónicos](/rest/reference/users#emails). Puede ser uno de entre `none`, `read`, o `write`.{% endif %} -| [`followers`](/rest/reference/permissions-required-for-github-apps/#permission-on-followers) | Otorga acceso a la [API de Seguidores](/rest/reference/users#followers). Puede ser uno de entre `none`, `read`, o `write`. | -| [`gpg_keys`](/rest/reference/permissions-required-for-github-apps/#permission-on-gpg-keys) | Otorga acceso a la [API de Llaves GPG](/rest/reference/users#gpg-keys). Puede ser uno de entre `none`, `read`, o `write`. | -| [`propuestas`](/rest/reference/permissions-required-for-github-apps/#permission-on-issues) | Otorga acceso a la [API de Informe de problemas](/rest/reference/issues). Puede ser uno de entre `none`, `read`, o `write`. | -| [`keys`](/rest/reference/permissions-required-for-github-apps/#permission-on-keys) | Otorga acceso a la [API de Llaves Públicas](/rest/reference/users#keys). Puede ser uno de entre `none`, `read`, o `write`. | +| [`followers`](/rest/reference/permissions-required-for-github-apps/#permission-on-followers) | Otorga acceso a la [API de Seguidores](/rest/reference/users#followers). Puede ser uno de entre `none`, `read`, o `write`. | +| [`gpg_keys`](/rest/reference/permissions-required-for-github-apps/#permission-on-gpg-keys) | Otorga acceso a la [API de Llaves GPG](/rest/reference/users#gpg-keys). Puede ser uno de entre `none`, `read`, o `write`. | +| [`propuestas`](/rest/reference/permissions-required-for-github-apps/#permission-on-issues) | Otorga acceso a la [API de Informe de problemas](/rest/reference/issues). Puede ser uno de entre `none`, `read`, o `write`. | +| [`keys`](/rest/reference/permissions-required-for-github-apps/#permission-on-keys) | Otorga acceso a la [API de Llaves Públicas](/rest/reference/users#keys). Puede ser uno de entre `none`, `read`, o `write`. | | [`members`](/rest/reference/permissions-required-for-github-apps/#permission-on-members) | Otorga acceso para administrar los miembros de una organización. Puede ser uno de entre `none`, `read`, o `write`.{% ifversion fpt or ghec %} -| [`metadatos`](/rest/reference/permissions-required-for-github-apps/#metadata-permissions) | Otorga acceso a las terminales de solo lectura que no filtran datos sensibles. Puede ser `read` o `none`. Su valor predeterminado es `read` cuando configuras cualquier permiso, o bien, `none` cuando no especificas ningún permiso para la {% data variables.product.prodname_github_app %}. | +| [`metadatos`](/rest/reference/permissions-required-for-github-apps/#metadata-permissions) | Otorga acceso a las terminales de solo lectura que no filtran datos sensibles. Puede ser `read` o `none`. Su valor predeterminado es `read` cuando configuras cualquier permiso, o bien, `none` cuando no especificas ningún permiso para la {% data variables.product.prodname_github_app %}. | | [`organization_administration`](/rest/reference/permissions-required-for-github-apps/#permission-on-organization-administration) | Otorga acceso a la terminal "[Actualizar una organización](/rest/reference/orgs#update-an-organization)" y a la [API de Restricciones de Interacción en la Organización](/rest/reference/interactions#set-interaction-restrictions-for-an-organization). Puede ser uno de entre `none`, `read`, o `write`.{% endif %} -| [`organization_hooks`](/rest/reference/permissions-required-for-github-apps/#permission-on-organization-hooks) | Otorga acceso a la [API de Webhooks de la Organización](/rest/reference/orgs#webhooks/). Puede ser uno de entre `none`, `read`, o `write`. | -| `organization_plan` | Otorga acceso para obtener información acerca del plan de una organización que utilice la terminal "[Obtener una organización](/rest/reference/orgs#get-an-organization)". Puede ser uno de entre `none` o `read`. | +| [`organization_hooks`](/rest/reference/permissions-required-for-github-apps/#permission-on-organization-hooks) | Otorga acceso a la [API de Webhooks de la Organización](/rest/reference/orgs#webhooks/). Puede ser uno de entre `none`, `read`, o `write`. | +| `organization_plan` | Otorga acceso para obtener información acerca del plan de una organización que utilice la terminal "[Obtener una organización](/rest/reference/orgs#get-an-organization)". Puede ser uno de entre `none` o `read`. | | [`organization_projects`](/rest/reference/permissions-required-for-github-apps/#permission-on-organization-projects) | Otorga acceso a la [API de Proyectos](/rest/reference/projects). Puede ser uno de entre: `none`, `read`, `write`, o `admin`.{% ifversion fpt or ghec %} | [`organization_user_blocking`](/rest/reference/permissions-required-for-github-apps/#permission-on-organization-projects) | Otorga acceso a la [API de Bloqueo de Usuarios de la Organización](/rest/reference/orgs#blocking). Puede ser uno de entre `none`, `read`, o `write`.{% endif %} -| [`páginas`](/rest/reference/permissions-required-for-github-apps/#permission-on-pages) | Otorga acceso a la [API de páginas](/rest/reference/repos#pages). Puede ser uno de entre `none`, `read`, o `write`. | -| `plan` | Otorga acceso para obtener información acerca del plan de GitHub de un usuario que utilice la terminal "[Obtener un usuario](/rest/reference/users#get-a-user)". Puede ser uno de entre `none` o `read`. | -| [`pull_requests`](/rest/reference/permissions-required-for-github-apps/#permission-on-pull-requests) | Otorga acceso a varias terminales de solicitud de extracción. Puede ser uno de entre `none`, `read`, o `write`. | -| [`repository_hooks`](/rest/reference/permissions-required-for-github-apps/#permission-on-repository-hooks) | Otorga acceso a la [API de Webhooks del Repositorio](/rest/reference/repos#hooks). Puede ser uno de entre `none`, `read`, o `write`. | +| [`páginas`](/rest/reference/permissions-required-for-github-apps/#permission-on-pages) | Otorga acceso a la [API de páginas](/rest/reference/repos#pages). Puede ser uno de entre `none`, `read`, o `write`. | +| `plan` | Otorga acceso para obtener información acerca del plan de GitHub de un usuario que utilice la terminal "[Obtener un usuario](/rest/reference/users#get-a-user)". Puede ser uno de entre `none` o `read`. | +| [`pull_requests`](/rest/reference/permissions-required-for-github-apps/#permission-on-pull-requests) | Otorga acceso a varias terminales de solicitud de extracción. Puede ser uno de entre `none`, `read`, o `write`. | +| [`repository_hooks`](/rest/reference/permissions-required-for-github-apps/#permission-on-repository-hooks) | Otorga acceso a la [API de Webhooks del Repositorio](/rest/reference/repos#hooks). Puede ser uno de entre `none`, `read`, o `write`. | | [`repository_projects`](/rest/reference/permissions-required-for-github-apps/#permission-on-repository-projects) | Otorga acceso a la [API de Proyectos](/rest/reference/projects). Puede ser uno de entre: `none`, `read`, `write`, o `admin`.{% ifversion fpt or ghes or ghec %} | [`secret_scanning_alerts`](/rest/reference/permissions-required-for-github-apps/#permission-on-secret-scanning-alerts) | Otorga acceso a la [API de escaneo de secretos](/rest/reference/secret-scanning). Puede ser uno de entre: `none`, `read`, o `write`.{% endif %}{% ifversion fpt or ghes or ghec %} | [`security_events`](/rest/reference/permissions-required-for-github-apps/#permission-on-security-events) | Otorga acceso a la [API de escaneo de código](/rest/reference/code-scanning/). Puede ser uno de entre `none`, `read`, o `write`.{% endif %} -| [`single_file`](/rest/reference/permissions-required-for-github-apps/#permission-on-single-file) | Otorga acceso a la [API de Contenidos](/rest/reference/repos#contents). Puede ser uno de entre `none`, `read`, o `write`. | -| [`starring`](/rest/reference/permissions-required-for-github-apps/#permission-on-starring) | Otorga acceso a la [API de marcar con estrella](/rest/reference/activity#starring). Puede ser uno de entre `none`, `read`, o `write`. | -| [`estados`](/rest/reference/permissions-required-for-github-apps/#permission-on-statuses) | Otorga acceso a la [API de Estados](/rest/reference/commits#commit-statuses). Puede ser uno de entre `none`, `read`, o `write`. | +| [`single_file`](/rest/reference/permissions-required-for-github-apps/#permission-on-single-file) | Otorga acceso a la [API de Contenidos](/rest/reference/repos#contents). Puede ser uno de entre `none`, `read`, o `write`. | +| [`starring`](/rest/reference/permissions-required-for-github-apps/#permission-on-starring) | Otorga acceso a la [API de marcar con estrella](/rest/reference/activity#starring). Puede ser uno de entre `none`, `read`, o `write`. | +| [`estados`](/rest/reference/permissions-required-for-github-apps/#permission-on-statuses) | Otorga acceso a la [API de Estados](/rest/reference/commits#commit-statuses). Puede ser uno de entre `none`, `read`, o `write`. | | [`team_discussions`](/rest/reference/permissions-required-for-github-apps/#permission-on-team-discussions) | Otorga acceso a la [API de debates de equipo](/rest/reference/teams#discussions) y a la [API de comentarios en debates de equipo](/rest/reference/teams#discussion-comments). Puede ser uno de entre `none`, `read`, o `write`.{% ifversion fpt or ghes or ghae-issue-4864 or ghec %} -| `vulnerability_alerts` | Otorga acceso para recibir alertas de seguridad para las dependencias vulnerables en un repositorio. Consulta la sección "[Acerca de las alertas para las dependencias vulnerables](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies/)" para aprender más. Puede ser uno de entre: `none` o `read`.{% endif %} -| `observando` | Otorga acceso a la lista y cambia los repositorios a los que un usuario está suscrito. Puede ser uno de entre `none`, `read`, o `write`. | +| `vulnerability_alerts` | Grants access to receive {% data variables.product.prodname_dependabot_alerts %} for vulnerable dependencies in a repository. See "[About {% data variables.product.prodname_dependabot_alerts %}](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies/)" to learn more. Puede ser uno de entre: `none` o `read`.{% endif %} +| `observando` | Otorga acceso a la lista y cambia los repositorios a los que un usuario está suscrito. Puede ser uno de entre `none`, `read`, o `write`. | ## Eventos de webhook de {% data variables.product.prodname_github_app %} diff --git a/translations/es-ES/content/developers/webhooks-and-events/webhooks/webhook-events-and-payloads.md b/translations/es-ES/content/developers/webhooks-and-events/webhooks/webhook-events-and-payloads.md index a9784b5ada..f7674ed0db 100644 --- a/translations/es-ES/content/developers/webhooks-and-events/webhooks/webhook-events-and-payloads.md +++ b/translations/es-ES/content/developers/webhooks-and-events/webhooks/webhook-events-and-payloads.md @@ -1246,7 +1246,7 @@ Este evento ocurre cuando una {% data variables.product.prodname_github_app %} e La actividad relacionada con una asesoría de seguridad que revisó {% data variables.product.company_short %}. Una asesoría de seguridad que haya revisado {% data variables.product.company_short %} proporciona información sobre las vulnerabilidades relacionadas con la seguridad en el software de {% data variables.product.prodname_dotcom %}. -El conjunto de datos de asesoría de seguridad también impulsa las {% data variables.product.prodname_dependabot_alerts %} de GitHub. Para obtener más información, consulta la sección "[Acerca de las alertas para las dependencias vulnerables](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies/)". +El conjunto de datos de asesoría de seguridad también impulsa las {% data variables.product.prodname_dependabot_alerts %} de GitHub. Para obtener más información, consulta la sección "[Acerca de{% data variables.product.prodname_dependabot_alerts %}](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies/)". ### Disponibilidad diff --git a/translations/es-ES/content/get-started/privacy-on-github/about-githubs-use-of-your-data.md b/translations/es-ES/content/get-started/privacy-on-github/about-githubs-use-of-your-data.md index a43d48e1c9..4d7dd3edd0 100644 --- a/translations/es-ES/content/get-started/privacy-on-github/about-githubs-use-of-your-data.md +++ b/translations/es-ES/content/get-started/privacy-on-github/about-githubs-use-of-your-data.md @@ -20,7 +20,7 @@ shortTitle: Cómo utiliza tus datos GitHub {% data reusables.repositories.about-github-archive-program %} Para obtener más información, consulta la sección "[Acerca de archivar contenido y datos en {% data variables.product.prodname_dotcom %}](/github/creating-cloning-and-archiving-repositories/about-archiving-content-and-data-on-github#about-the-github-archive-program)". -{% data reusables.user-settings.export-data %} For more information, see "[Requesting an archive of your personal account's data](/articles/requesting-an-archive-of-your-personal-account-s-data)." +{% data reusables.user-settings.export-data %} Para obtener más información, consulta "[Solicitar un archivo de los datos de tu cuenta personal](/articles/requesting-an-archive-of-your-personal-account-s-data)". Si decides utilizar datos para un repositorio privado, seguiremos tratando tus datos privados, código abierto, o secretos comerciales como confidenciales y privados de acuerdo con nuestras [Condiciones de Servicio](/free-pro-team@latest/github/site-policy/github-terms-of-service). La información que obtenemos viene solo de los datos agregados. Para obtener más información, consulta la sección "[Administrar la configuración de uso de datos para tu repositorio privado](/get-started/privacy-on-github/managing-data-use-settings-for-your-private-repository)". @@ -28,7 +28,7 @@ Anunciaremos nuevas funciones sustanciales que usen metadatos o datos agregados ## Cómo mejoran los datos las recomendaciones de seguridad -Como ejemplo de cómo deberían usarse tus datos, podemos detectar y alertarte sobre una vulnerabilidad de seguridad en las dependencias de tu repositorio público. Para obtener más información, consulta la sección "[Acerca de las alertas para las dependencias vulnerables](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)". +Como ejemplo de cómo deberían usarse tus datos, podemos detectar y alertarte sobre una vulnerabilidad de seguridad en las dependencias de tu repositorio público. Para obtener más información, consulta la sección "[Acerca de{% data variables.product.prodname_dependabot_alerts %}](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)". Para detectar posibles vulnerabilidades de seguridad {% data variables.product.product_name %} escanea los contenidos del archivo de manifiesto de dependencias para hacer una lista de las dependencias de tu proyecto. diff --git a/translations/es-ES/content/get-started/privacy-on-github/managing-data-use-settings-for-your-private-repository.md b/translations/es-ES/content/get-started/privacy-on-github/managing-data-use-settings-for-your-private-repository.md index 3931df21cb..8225f20512 100644 --- a/translations/es-ES/content/get-started/privacy-on-github/managing-data-use-settings-for-your-private-repository.md +++ b/translations/es-ES/content/get-started/privacy-on-github/managing-data-use-settings-for-your-private-repository.md @@ -16,7 +16,7 @@ shortTitle: Administrar el uso de datos para un repositorio privado ## Acerca del uso de datos para tu repositorio privado -Cuando habilitas el uso de datos para tu repositorio privado, podrás acceder a la gráfica de dependencias, en donde puedes rastrear las dependencias de tus repositorios y recibir las {% data variables.product.prodname_dependabot_alerts %} cuando {% data variables.product.product_name %} detecte las dependencias vulnerables. Para obtener más información, consulta la sección "[Acerca de las alertas para las dependencias vulnerables](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies#dependabot-alerts-for-vulnerable-dependencies)". +Cuando habilitas el uso de datos para tu repositorio privado, podrás acceder a la gráfica de dependencias, en donde puedes rastrear las dependencias de tus repositorios y recibir las {% data variables.product.prodname_dependabot_alerts %} cuando {% data variables.product.product_name %} detecte las dependencias vulnerables. For more information, see "[About {% data variables.product.prodname_dependabot_alerts %}](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies#dependabot-alerts-for-vulnerable-dependencies)." ## Habilitar o inhabilitar las características para el uso de datos @@ -31,5 +31,5 @@ Cuando habilitas el uso de datos para tu repositorio privado, podrás acceder a ## Leer más - "[Acerca del uso de tus datos de {% data variables.product.prodname_dotcom %}](/articles/about-github-s-use-of-your-data)" -- "[Ver y actualizar las dependencias vulnerables en tu repositorio](/github/managing-security-vulnerabilities/viewing-and-updating-vulnerable-dependencies-in-your-repository)" +- "[Viewing {% data variables.product.prodname_dependabot_alerts %} for vulnerable dependencies](/github/managing-security-vulnerabilities/viewing-and-updating-vulnerable-dependencies-in-your-repository)" - "[Administrar la configuración de seguridad y de análisis para tu organización](/github/administering-a-repository/managing-security-and-analysis-settings-for-your-repository)" diff --git a/translations/es-ES/content/get-started/signing-up-for-github/setting-up-a-trial-of-github-enterprise-server.md b/translations/es-ES/content/get-started/signing-up-for-github/setting-up-a-trial-of-github-enterprise-server.md index 1328f54580..7e14e81eae 100644 --- a/translations/es-ES/content/get-started/signing-up-for-github/setting-up-a-trial-of-github-enterprise-server.md +++ b/translations/es-ES/content/get-started/signing-up-for-github/setting-up-a-trial-of-github-enterprise-server.md @@ -18,7 +18,7 @@ shortTitle: Enterprise Server trial You can request a 45-day trial to evaluate {% data variables.product.prodname_ghe_server %}. Your trial will be installed as a virtual appliance, with options for on-premises or cloud deployment. For a list of supported visualization platforms, see "[Setting up a GitHub Enterprise Server instance](/enterprise-server@latest/admin/installation/setting-up-a-github-enterprise-server-instance)." -{% ifversion ghes %}{% data variables.product.prodname_dependabot %}{% else %}Security{% endif %} alerts and {% data variables.product.prodname_github_connect %} are not currently available in trials of {% data variables.product.prodname_ghe_server %}. For a demonstration of these features, contact {% data variables.contact.contact_enterprise_sales %}. For more information about these features, see "[About alerts for vulnerable dependencies](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)" and "[Connecting your enterprise account to {% data variables.product.prodname_ghe_cloud %}](/enterprise-server@latest/admin/configuration/managing-connections-between-your-enterprise-accounts/connecting-your-enterprise-account-to-github-enterprise-cloud)." +{% ifversion ghes %}{% data variables.product.prodname_dependabot %}{% else %}Security{% endif %} alerts and {% data variables.product.prodname_github_connect %} are not currently available in trials of {% data variables.product.prodname_ghe_server %}. For a demonstration of these features, contact {% data variables.contact.contact_enterprise_sales %}. For more information about these features, see "[About {% data variables.product.prodname_dependabot_alerts %}](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)" and "[Connecting your enterprise account to {% data variables.product.prodname_ghe_cloud %}](/enterprise-server@latest/admin/configuration/managing-connections-between-your-enterprise-accounts/connecting-your-enterprise-account-to-github-enterprise-cloud)." Trials are also available for {% data variables.product.prodname_ghe_cloud %}. For more information, see "[Setting up a trial of {% data variables.product.prodname_ghe_cloud %}](/articles/setting-up-a-trial-of-github-enterprise-cloud)." diff --git a/translations/es-ES/content/get-started/writing-on-github/working-with-advanced-formatting/creating-and-highlighting-code-blocks.md b/translations/es-ES/content/get-started/writing-on-github/working-with-advanced-formatting/creating-and-highlighting-code-blocks.md index 70a8e87988..86c868920b 100644 --- a/translations/es-ES/content/get-started/writing-on-github/working-with-advanced-formatting/creating-and-highlighting-code-blocks.md +++ b/translations/es-ES/content/get-started/writing-on-github/working-with-advanced-formatting/creating-and-highlighting-code-blocks.md @@ -70,10 +70,9 @@ Usamos [Lingüista](https://github.com/github/linguist) para realizar la detecci {% if mermaid %} ## Crear diagramas -You can use Mermaid syntax to add diagrams. For more information, see "[Creating diagrams](/get-started/writing-on-github/working-with-advanced-formatting/creating-diagrams)." +You can also use code blocks to create diagrams in Markdown. GitHub supports Mermaid, geoJSON, topoJSON, and ASCII STL syntax. For more information, see "[Creating diagrams](/get-started/writing-on-github/working-with-advanced-formatting/creating-diagrams)." {% endif %} - ## Leer más - [{% data variables.product.prodname_dotcom %} Especificaciones del formato Markdown](https://github.github.com/gfm/) diff --git a/translations/es-ES/content/get-started/writing-on-github/working-with-advanced-formatting/creating-diagrams.md b/translations/es-ES/content/get-started/writing-on-github/working-with-advanced-formatting/creating-diagrams.md index 4f4f1a2e26..15392c84d0 100644 --- a/translations/es-ES/content/get-started/writing-on-github/working-with-advanced-formatting/creating-diagrams.md +++ b/translations/es-ES/content/get-started/writing-on-github/working-with-advanced-formatting/creating-diagrams.md @@ -1,12 +1,18 @@ --- -title: Creating diagrams +title: Crear diagramas intro: Create diagrams to convey information through charts and graphs versions: feature: mermaid shortTitle: Create diagrams --- -You can use Mermaid syntax to create diagrams. Mermaid is a Markdown-inspired tool that renders text into diagrams. For example, Mermaid can render flow charts, sequence diagrams, pie charts and more. For more information, see the [Mermaid documentation](https://mermaid-js.github.io/mermaid/#/). +## About creating diagrams + +You can create diagrams in Markdown using three different syntaxes: mermaid, geoJSON and topoJSON, and ASCII STL. + +## Creating Mermaid diagrams + +Mermaid is a Markdown-inspired tool that renders text into diagrams. For example, Mermaid can render flow charts, sequence diagrams, pie charts and more. For more information, see the [Mermaid documentation](https://mermaid-js.github.io/mermaid/#/). To create a Mermaid diagram, add Mermaid syntax inside a fenced code block with the `mermaid` language identifier. For more information about creating code blocks, see "[Creating and highlighting code blocks](/get-started/writing-on-github/working-with-advanced-formatting/creating-and-highlighting-code-blocks)." @@ -31,3 +37,122 @@ graph TD; **Note:** You may observe errors if you run a third-party Mermaid plugin when using Mermaid syntax on {% data variables.product.company_short %}. {% endnote %} + +## Creating geoJSON and topoJSON maps + +You can use geo/topoJSON syntax to create interactive maps. To create a map, add geoJSON or topoJSON inside a fenced code block with the `geojson` or `topojson` syntax identifier. Para obtener más información, consulta "[Crear y resaltar bloques de código](/get-started/writing-on-github/working-with-advanced-formatting/creating-and-highlighting-code-blocks)". + +### Using geoJSON + +For example, you can create a simple map: + +
+```geojson
+{
+  "type": "Polygon",
+  "coordinates": [
+      [
+          [-90,30],
+          [-90,35],
+          [-90,35],
+          [-85,35],
+          [-85,30]
+      ]
+  ]
+}
+```
+
+ +![Rendered map](/assets/images/help/writing/fenced-geojson-rendered-map.png) + +### Using topoJSON + +For example, you can create a simple topoJSON map: + +
+```topojson
+{
+  "type": "Topology",
+  "transform": {
+    "scale": [0.0005000500050005, 0.00010001000100010001],
+    "translate": [100, 0]
+  },
+  "objects": {
+    "example": {
+      "type": "GeometryCollection",
+      "geometries": [
+        {
+          "type": "Point",
+          "properties": {"prop0": "value0"},
+          "coordinates": [4000, 5000]
+        },
+        {
+          "type": "LineString",
+          "properties": {"prop0": "value0", "prop1": 0},
+          "arcs": [0]
+        },
+        {
+          "type": "Polygon",
+          "properties": {"prop0": "value0",
+            "prop1": {"this": "that"}
+          },
+          "arcs": [[1]]
+        }
+      ]
+    }
+  },
+  "arcs": [[[4000, 0], [1999, 9999], [2000, -9999], [2000, 9999]],[[0, 0], [0, 9999], [2000, 0], [0, -9999], [-2000, 0]]]
+}
+```
+
+ +![Rendered topojson map](/assets/images/help/writing/fenced-topojson-rendered-map.png) + +For more information on working with `.geojson` and `.topojson` files, see "[Working with non-code files](/repositories/working-with-files/using-files/working-with-non-code-files#mapping-geojson-files-on-github)." + + +## Creating STL 3D models + +You can use ASCII STL syntax directly in markdown to create interactive 3D models. To display a model, add ASCII STL syntax inside a fenced code block with the `stl` syntax identifier. Para obtener más información, consulta "[Crear y resaltar bloques de código](/get-started/writing-on-github/working-with-advanced-formatting/creating-and-highlighting-code-blocks)". + +For example, you can create a simple 3D model: + +
+```stl
+solid cube_corner
+  facet normal 0.0 -1.0 0.0
+    outer loop
+      vertex 0.0 0.0 0.0
+      vertex 1.0 0.0 0.0
+      vertex 0.0 0.0 1.0
+    endloop
+  endfacet
+  facet normal 0.0 0.0 -1.0
+    outer loop
+      vertex 0.0 0.0 0.0
+      vertex 0.0 1.0 0.0
+      vertex 1.0 0.0 0.0
+    endloop
+  endfacet
+  facet normal -1.0 0.0 0.0
+    outer loop
+      vertex 0.0 0.0 0.0
+      vertex 0.0 0.0 1.0
+      vertex 0.0 1.0 0.0
+    endloop
+  endfacet
+  facet normal 0.577 0.577 0.577
+    outer loop
+      vertex 1.0 0.0 0.0
+      vertex 0.0 1.0 0.0
+      vertex 0.0 0.0 1.0
+    endloop
+  endfacet
+endsolid
+```
+
+ +![Rendered 3D model](/assets/images/help/writing/fenced-stl-rendered-object.png) + +For more information on working with `.stl` files, see "[Working with non-code files](/repositories/working-with-files/using-files/working-with-non-code-files#3d-file-viewer)." + diff --git a/translations/es-ES/content/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization.md b/translations/es-ES/content/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization.md index a51f09e2eb..8627e20aec 100644 --- a/translations/es-ES/content/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization.md +++ b/translations/es-ES/content/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization.md @@ -122,7 +122,7 @@ El {% data variables.product.prodname_dependabot %} puede verificar si hay refer Predeterminadamente, el {% data variables.product.prodname_dependabot %} no puede actualizar las dependencias que se ubican en los repositorios o en los registros de paquetes privados. Sin embargo, si una dependencia se encuentra en un repositorio privado de {% data variables.product.prodname_dotcom %} dentro de la misma organización que el proyecto que la utiliza, puedes permitir al {% data variables.product.prodname_dependabot %} actualizar la versión exitosamente si le otorgas acceso al repositorio en el que se hospeda. -Si tu código depende de paquetes en un registro privado, puedes permitir que el {% data variables.product.prodname_dependabot %} actualice las versiones de estas dependencias si configuras esto a nivel del repositorio. Puedes hacer esto si agregas los detalles de autenticación al archivo _dependabot.yml_ para el repositorio. Para obtener más información, consulta la sección "[Opciones de configuración para las actualizaciones de dependencias](/github/administering-a-repository/configuration-options-for-dependency-updates#configuration-options-for-private-registries)". +Si tu código depende de paquetes en un registro privado, puedes permitir que el {% data variables.product.prodname_dependabot %} actualice las versiones de estas dependencias si configuras esto a nivel del repositorio. Puedes hacer esto si agregas los detalles de autenticación al archivo _dependabot.yml_ para el repositorio. For more information, see "[Configuration options for the dependabot.yml file](/github/administering-a-repository/configuration-options-for-dependency-updates#configuration-options-for-private-registries)." Para permitir que el {% data variables.product.prodname_dependabot %} acceda a un repositorio privado de {% data variables.product.prodname_dotcom %}: @@ -157,6 +157,5 @@ Puedes administrar el acceso a las características de la {% data variables.prod - "[Asegurar tu repositorio](/code-security/getting-started/securing-your-repository)"{% ifversion not fpt %} - "[Acerca del escaneo de secretos](/github/administering-a-repository/about-secret-scanning)"{% endif %}{% ifversion not ghae %} -- "[Acerca de la gráfica de dependencias](/github/visualizing-repository-data-with-graphs/about-the-dependency-graph)" -- "[Administrar las vulnerabilidades en las dependencias de tus proyectos](/github/managing-security-vulnerabilities/managing-vulnerabilities-in-your-projects-dependencies)"{% endif %}{% ifversion fpt or ghec or ghes > 3.2 %} -- "[Mantener tus dependencias actualizacas automáticamente](/github/administering-a-repository/keeping-your-dependencies-updated-automatically)"{% endif %} +- "[About the dependency graph](/github/visualizing-repository-data-with-graphs/about-the-dependency-graph)"{% endif %}{% ifversion fpt or ghec or ghes or ghae-issue-4864 %} +- "[About supply chain security](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-supply-chain-security)"{% endif %} diff --git a/translations/es-ES/content/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization.md b/translations/es-ES/content/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization.md index 394db84028..f2d6133d98 100644 --- a/translations/es-ES/content/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization.md +++ b/translations/es-ES/content/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization.md @@ -42,7 +42,7 @@ Para buscar eventos específicos, utiliza el calificador `action` en tu consulta | [`facturación`](#billing-category-actions) | Contiene todas las actividades relacionadas con la facturación de tu organización. | | [`business`](#business-category-actions) | Contiene actividades relacionadas con los ajustes de negocios para una empresa. | | [`codespaces`](#codespaces-category-actions) | Contiene todas las actividades relacionadas con los codespaces de tu organización. |{% endif %}{% ifversion fpt or ghec or ghes > 3.2 %} -| [`dependabot_alerts`](#dependabot_alerts-category-actions) | Contiene actividades de configuración a nivel organizacional para las {% data variables.product.prodname_dependabot_alerts %} en los repositorios existentes. Para obtener más información, consulta la sección "[Acerca de las alertas para las dependencias vulnerables](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)". | +| [`dependabot_alerts`](#dependabot_alerts-category-actions) | Contiene actividades de configuración a nivel organizacional para las {% data variables.product.prodname_dependabot_alerts %} en los repositorios existentes. Para obtener más información, consulta la sección "[Acerca de{% data variables.product.prodname_dependabot_alerts %}](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)". | | [`dependabot_alerts_new_repos`](#dependabot_alerts_new_repos-category-actions) | Contiene las actividades de configuración a nivel de organización para las {% data variables.product.prodname_dependabot_alerts %} en los repositorios nuevos que se crearon en la organización. | | [`dependabot_security_updates`](#dependabot_security_updates-category-actions) | Contiene las actividades de configuración a nivel organizacional para las {% data variables.product.prodname_dependabot_security_updates %} en los repositorios existentes. Para obtener más información, consulta la sección "[Configurar las {% data variables.product.prodname_dependabot_security_updates %}](/github/managing-security-vulnerabilities/configuring-dependabot-security-updates)". | | [`dependabot_security_updates_new_repos`](#dependabot_security_updates_new_repos-category-actions) | Contiene las actividades de configuración a nivel de organización para las {% data variables.product.prodname_dependabot_security_updates %} para los repositorios nuevos que se crean en ella.{% endif %}{% ifversion fpt or ghec %} @@ -680,11 +680,11 @@ Para obtener más información, consulta la sección "[Administrar la publicaci {% endif %}{% ifversion fpt or ghes or ghae-issue-4864 or ghec %} ### acciones de la categoría `repository_vulnerability_alert` -| Acción | Descripción | -| ---------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -| `create (crear)` | Se activa cuando {% data variables.product.product_name %} crea una alerta del {% data variables.product.prodname_dependabot %} para un repositorio que utiliza una dependencia vulnerable. Para obtener más información, consulta la sección "[Acerca de las alertas para las dependencias vulnerables](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)". | -| `descartar` | Se activa cuando un propietario de organización o persona con acceso administrativo al repositorio descarta una alerta del {% data variables.product.prodname_dependabot %} sobre una dependencia vulnerable. | -| `resolver` | Se activa cuando alguien con acceso de escritura en un repositorio sube cambios para actualizar y resolver una vulnerabilidad en una dependencia de proyecto. | +| Acción | Descripción | +| ---------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| `create (crear)` | Se activa cuando {% data variables.product.product_name %} crea una alerta del {% data variables.product.prodname_dependabot %} para un repositorio que utiliza una dependencia vulnerable. Para obtener más información, consulta la sección "[Acerca de{% data variables.product.prodname_dependabot_alerts %}](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)". | +| `descartar` | Se activa cuando un propietario de organización o persona con acceso administrativo al repositorio descarta una alerta del {% data variables.product.prodname_dependabot %} sobre una dependencia vulnerable. | +| `resolver` | Se activa cuando alguien con acceso de escritura en un repositorio sube cambios para actualizar y resolver una vulnerabilidad en una dependencia de proyecto. | {% endif %}{% ifversion fpt or ghec %} ### acciones de la categoría `repository_vulnerability_alerts` diff --git a/translations/es-ES/content/packages/working-with-a-github-packages-registry/working-with-the-rubygems-registry.md b/translations/es-ES/content/packages/working-with-a-github-packages-registry/working-with-the-rubygems-registry.md index b3a5b600b9..01a56b4478 100644 --- a/translations/es-ES/content/packages/working-with-a-github-packages-registry/working-with-the-rubygems-registry.md +++ b/translations/es-ES/content/packages/working-with-a-github-packages-registry/working-with-the-rubygems-registry.md @@ -136,7 +136,7 @@ You can use gems from {% data variables.product.prodname_registry %} much like y end ``` -3. For Bundler versions earlier than 1.7.0, you need to add a new global `source`. For more information on using Bundler, see the [bundler.io documentation](http://bundler.io/v1.5/gemfile.html). +3. For Bundler versions earlier than 1.7.0, you need to add a new global `source`. For more information on using Bundler, see the [bundler.io documentation](https://bundler.io/gemfile.html). ```ruby source "https://{% ifversion fpt or ghec %}rubygems.pkg.github.com{% else %}REGISTRY-URL{% endif %}/OWNER" diff --git a/translations/es-ES/content/pages/setting-up-a-github-pages-site-with-jekyll/testing-your-github-pages-site-locally-with-jekyll.md b/translations/es-ES/content/pages/setting-up-a-github-pages-site-with-jekyll/testing-your-github-pages-site-locally-with-jekyll.md index 3a41bb01bb..6c4bb22f84 100644 --- a/translations/es-ES/content/pages/setting-up-a-github-pages-site-with-jekyll/testing-your-github-pages-site-locally-with-jekyll.md +++ b/translations/es-ES/content/pages/setting-up-a-github-pages-site-with-jekyll/testing-your-github-pages-site-locally-with-jekyll.md @@ -50,6 +50,12 @@ Antes de que puedas usar Jekyll para probar un sitio, debes hacer lo siguiente: ``` 3. Para previsualizar tu sitio, en tu navegador web, navega hasta `http://localhost:4000`. +{% note %} + +**Note:** If you are using Ruby 3.0 and Jekyll 4.2.x or older, you will need to add the `webrick` gem to your project's Gemfile prior to running `bundle install`. + +{% endnote %} + ## Actualizar la gema de {% data variables.product.prodname_pages %} Jekyll es un proyecto de código abierto activo que se actualiza de manera frecuente. Si la gema de `github-pages` de tu computadora está desactualizada con respecto a la gema de `github-pages` del servidor de {% data variables.product.prodname_pages %}, tu sitio puede verse diferente cuando se compile localmente en comparación a cómo se vea cuando se publique en {% data variables.product.product_name %}. Para evitar esto, actualiza de manera regular la gema de `github-pages` en tu computadora. diff --git a/translations/es-ES/content/repositories/viewing-activity-and-data-for-your-repository/understanding-connections-between-repositories.md b/translations/es-ES/content/repositories/viewing-activity-and-data-for-your-repository/understanding-connections-between-repositories.md index ae41d1224e..3e35c0e7b2 100644 --- a/translations/es-ES/content/repositories/viewing-activity-and-data-for-your-repository/understanding-connections-between-repositories.md +++ b/translations/es-ES/content/repositories/viewing-activity-and-data-for-your-repository/understanding-connections-between-repositories.md @@ -73,5 +73,5 @@ Casi todo el software depende de el código que otros desarrolladores mantienen La gráfica de dependencias proporciona una forma genial de visualizar y explorar las depdendencias para un repositorio. Para obtener más información, consulta las secciones "[Acerca de la gráfica de dependencias](/code-security/supply-chain-security/about-the-dependency-graph)" y "[Explorar las dependencias de un repositorio](/code-security/supply-chain-security/exploring-the-dependencies-of-a-repository)". -También puedes configurar tu repositorio para que {% data variables.product.company_short %} te alerte automáticamente en cualquier momento en el que se encuentre una vulnerabilidad de seguridad en alguna de tus dependencias. Para obtener más información, consulta la sección "[Acerca de las alertas para las dependencias vulnerables](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)". +También puedes configurar tu repositorio para que {% data variables.product.company_short %} te alerte automáticamente en cualquier momento en el que se encuentre una vulnerabilidad de seguridad en alguna de tus dependencias. Para obtener más información, consulta la sección "[Acerca de{% data variables.product.prodname_dependabot_alerts %}](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)". {% endif %} diff --git a/translations/es-ES/content/repositories/working-with-files/using-files/working-with-non-code-files.md b/translations/es-ES/content/repositories/working-with-files/using-files/working-with-non-code-files.md index d2e6c666bc..63c5ea85d9 100644 --- a/translations/es-ES/content/repositories/working-with-files/using-files/working-with-non-code-files.md +++ b/translations/es-ES/content/repositories/working-with-files/using-files/working-with-non-code-files.md @@ -130,6 +130,12 @@ Por defecto, la representación insertada es de 420 píxeles de ancho por 620 de {% endtip %} +{% if mermaid %} +### Rendering in Markdown + +You can embed ASCII STL syntax directly in Markdown. For more information, see "[Creating diagrams](/get-started/writing-on-github/working-with-advanced-formatting/creating-diagrams#creating-stl-3d-models)." +{% endif %} + ## Representar datos CSV y TSV GitHub admite la representación de datos tabulares en la forma de archivos *.csv* (separados por coma) y .*tsv* (separados por pestaña). @@ -233,7 +239,7 @@ Cuando haces clic en el ícono de papel a la derecha, también verás los cambio ![Captura de pantalla de conmutación de representación de fuente](/assets/images/help/repository/source-render-toggle-geojson.png) -### Tipos de Geometry +### Geometry types Los mapas en {% data variables.product.product_name %} utilizan [Leaflet.js](http://leafletjs.com) y admiten todos los tipos de Geometry indicados en [las especificaciones de geoJSON](http://www.geojson.org/geojson-spec.html) (Point, LineString, Polygon, MultiPoint, MultiLineString, MultiPolygon y GeometryCollection). Los archivos TopoJSON deberían ser del tipo "Topology" y adherir a las especificaciones [topoJSON](https://github.com/mbostock/topojson/wiki/Specification). @@ -274,6 +280,12 @@ Por defecto, el mapa incrustado es 420px x 620px, pero puedes personalizar el re {% endtip %} +{% if mermaid %} +### Mapping in Markdown + +You can embed geoJSON and topoJSON directly in Markdown. For more information, see "[Creating diagrams](/get-started/writing-on-github/working-with-advanced-formatting/creating-diagrams#creating-geojson-and-topojson-maps)." +{% endif %} + ### Agrupación Si tu mapa contiende una gran cantidad de marcadores (aproximadamente más de 750), GitHub automáticamente agrupará marcadores cercanos en niveles superiores de zoom. Simplemente haz clic la agrupación o el zoom de acercamiento para ver los marcadores individuales. @@ -292,7 +304,7 @@ Por otra parte, si tu archivo `.geojson` es particularmente grande (superior a 1 Todavía se podrían representar los datos al convertir el archivo `.geojson` a [TopoJSON](https://github.com/mbostock/topojson), un formato de compresión que, en algunos casos, puede reducir el tamaño del archivo hasta un 80 %. Por supuesto, siempre puedes partir el archivo en fragmentos más pequeños (como por estado o por año), y almacenar los datos como archivos múltiples dentro del repositorio. -### Recursos adicionales +### Leer más * [Documentación Leaflet.js geojson](http://leafletjs.com/examples/geojson.html) * [Documentación de estilización de marcador MapBox](http://www.mapbox.com/developers/simplestyle/) @@ -320,3 +332,44 @@ $ jupyter nbconvert --to html NOTEBOOK-NAME.ipynb - [Repositorio GitHub de notebook Jupyter](https://github.com/jupyter/jupyter_notebook) - [Galería de notebooks Jupyter](https://github.com/jupyter/jupyter/wiki/A-gallery-of-interesting-Jupyter-Notebooks) + +{% if mermaid %} +## Displaying Mermaid files on {% data variables.product.prodname_dotcom %} + +{% data variables.product.product_name %} supports rendering Mermaid files within repositories. Commit the file as you would normally using a `.mermaid` or `.mmd` extension. Then, navigate to the path of the Mermaid file on {% data variables.product.prodname_dotcom %}. + +For example, if you add a `.mmd` file with the following content to your repository: + +``` +graph TD + A[Friend's Birthday] -->|Get money| B(Go shopping) + B --> C{Let me think} + C -->|One| D["Cool
Laptop"] + C -->|Two| E[iPhone] + C -->|Three| F[fa:fa-car Car] +``` + +When you view the file in the repository, it is rendered as a flow chart. ![Rendered mermaid file diagram](/assets/images/help/repository/mermaid-file-diagram.png) + +### Solución de problemas + +If your chart does not render at all, verify that it contains valid Mermaid Markdown syntax by checking your chart with the [Mermaid live editor](https://mermaid.live/edit). + +If the chart displays, but does not appear as you'd expect, you can create a new [feedback discussion](https://github.com/github/feedback/discussions/categories/general-feedback), and add the `mermaid` tag. + +#### Problemas conocidos + +* Sequence diagram charts frequently render with additional padding below the chart, with more padding added as the chart size increases. This is a known issue with the Mermaid library. +* Actor nodes with popover menus do not work as expected within sequence diagram charts. This is due to a discrepancy in how JavaScript events are added to a chart when the Mermaid library's API is used to render a chart. +* Not all charts are a11y compliant. This may affect users who rely on a screen reader. + +### Mermaid in Markdown + +You can embed Mermaid syntax directly in Markdown. For more information, see "[Creating diagrams](/get-started/writing-on-github/working-with-advanced-formatting/creating-diagrams#creating-mermaid-diagrams)." + +### Leer más + +* [Mermaid.js documentation](https://mermaid-js.github.io/mermaid/#/) +* [Mermaid.js live editor](https://mermaid.live/edit) +{% endif %} + diff --git a/translations/es-ES/content/rest/reference/deploy_keys.md b/translations/es-ES/content/rest/reference/deploy_keys.md new file mode 100644 index 0000000000..6c6e6d3f37 --- /dev/null +++ b/translations/es-ES/content/rest/reference/deploy_keys.md @@ -0,0 +1,17 @@ +--- +title: Deploy Keys +intro: The Deploy Keys API allows to create an SSH key that is stored on your server and grants access to a GitHub repository. +allowTitleToDifferFromFilename: true +versions: + fpt: '*' + ghes: '*' + ghae: '*' + ghec: '*' +topics: + - API +miniTocMaxHeadingLevel: 3 +--- + + diff --git a/translations/es-ES/content/rest/reference/deployments.md b/translations/es-ES/content/rest/reference/deployments.md index 58fa4aca8e..be49557e51 100644 --- a/translations/es-ES/content/rest/reference/deployments.md +++ b/translations/es-ES/content/rest/reference/deployments.md @@ -1,6 +1,6 @@ --- title: Implementaciones -intro: 'The deployments API allows you to create and delete deploy keys, deployments, and deployment environments.' +intro: The deployments API allows you to create and delete deployments and deployment environments. allowTitleToDifferFromFilename: true versions: fpt: '*' diff --git a/translations/es-ES/content/rest/reference/index.md b/translations/es-ES/content/rest/reference/index.md index a61999b339..7a273eb814 100644 --- a/translations/es-ES/content/rest/reference/index.md +++ b/translations/es-ES/content/rest/reference/index.md @@ -22,6 +22,7 @@ children: - /collaborators - /commits - /dependabot + - /deploy_keys - /deployments - /emojis - /enterprise-admin diff --git a/translations/es-ES/data/features/mermaid.yml b/translations/es-ES/data/features/mermaid.yml index 09870e35f9..db633f907d 100644 --- a/translations/es-ES/data/features/mermaid.yml +++ b/translations/es-ES/data/features/mermaid.yml @@ -1,8 +1,8 @@ --- -#Issue 5812 and 6172 -#Mermaid syntax support +#Issues 5812 and 6172, also 6411 +#Mermaid syntax support, also ASCII STL and geoJSON/topoJSON syntax support versions: fpt: '*' ghec: '*' - ghes: '>=3.5' + ghes: '>=3.6' ghae: 'issue-6172' diff --git a/translations/es-ES/data/learning-tracks/code-security.yml b/translations/es-ES/data/learning-tracks/code-security.yml index d23de46bf8..53a7ba5dba 100644 --- a/translations/es-ES/data/learning-tracks/code-security.yml +++ b/translations/es-ES/data/learning-tracks/code-security.yml @@ -18,39 +18,39 @@ dependabot_alerts: title: 'Obtén notificaciones para las dependencias vulnerables' description: 'Configurar al Dependabot para alertarte sobre vulnerabilidades nuevas en tus dependencias.' guides: - - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-alerts-for-vulnerable-dependencies + - /code-security/dependabot/dependabot-alerts/about-dependabot-alerts - '{% ifversion fpt or ghec or ghes > 3.2 %}/github/administering-a-repository/managing-repository-settings/managing-security-and-analysis-settings-for-your-repository{% endif %}' - - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/viewing-and-updating-vulnerable-dependencies-in-your-repository - - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/configuring-notifications-for-vulnerable-dependencies - - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/managing-pull-requests-for-dependency-updates - - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/troubleshooting-the-detection-of-vulnerable-dependencies - - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/troubleshooting-dependabot-errors + - /code-security/dependabot/dependabot-alerts/viewing-and-updating-dependabot-alerts + - /code-security/dependabot/dependabot-alerts/configuring-notifications-for-dependabot-alerts + - /code-security/dependabot/working-with-dependabot/managing-pull-requests-for-dependency-updates + - /code-security/dependabot/working-with-dependabot/troubleshooting-the-detection-of-vulnerable-dependencies + - /code-security/dependabot/working-with-dependabot/troubleshooting-dependabot-errors #Feature available on dotcom and GHES 3.3+, so articles available on GHAE and earlier GHES hidden to hide the learning track dependabot_security_updates: title: 'Obtén solicitudes de cambios para actualizar tus dependencias vulnerables' description: 'Configurar al Dependabot para crear solicitudes de cambios cuando se reporten vulnerabilidades nuevas.' guides: - - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-dependabot-security-updates - - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/configuring-dependabot-security-updates + - /code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates + - /code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates - '{% ifversion fpt or ghec or ghes > 3.2 %}/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/configuring-notifications-for-vulnerable-dependencies{% endif %}' - '{% ifversion fpt or ghec or ghes > 3.2 %}/github/administering-a-repository/managing-repository-settings/managing-security-and-analysis-settings-for-your-repository{% endif %}' - - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/managing-pull-requests-for-dependency-updates + - /code-security/dependabot/working-with-dependabot/managing-pull-requests-for-dependency-updates - '{% ifversion fpt or ghec or ghes > 3.2 %}/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/troubleshooting-the-detection-of-vulnerable-dependencies{% endif %}' #Feature available only on dotcom and GHES 3.3+ dependency_version_updates: title: 'Mantén tus dependencias actualizadas' description: 'Utilizar el Dependabot para verificar lanzamientos nuevos y crear solicitudes de cambios para actualizar tus dependencias.' guides: - - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/about-dependabot-version-updates - - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-dependabot-version-updates - - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/customizing-dependency-updates - - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/configuration-options-for-dependency-updates - - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/keeping-your-actions-up-to-date-with-dependabot - - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/automating-dependabot-with-github-actions - - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/listing-dependencies-configured-for-version-updates - - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/managing-encrypted-secrets-for-dependabot - - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/managing-pull-requests-for-dependency-updates - - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/troubleshooting-dependabot-errors + - /code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates + - /code-security/dependabot/dependabot-version-updates/configuring-dependabot-version-updates + - /code-security/dependabot/dependabot-version-updates/customizing-dependency-updates + - /code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file + - /code-security/dependabot/working-with-dependabot/keeping-your-actions-up-to-date-with-dependabot + - /code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions + - /code-security/dependabot/dependabot-version-updates/listing-dependencies-configured-for-version-updates + - /code-security/dependabot/working-with-dependabot/managing-encrypted-secrets-for-dependabot + - /code-security/dependabot/working-with-dependabot/managing-pull-requests-for-dependency-updates + - /code-security/dependabot/working-with-dependabot/troubleshooting-dependabot-errors #Feature available in GHEC, GHES 3.0 up, and GHAE. Feature limited on FPT so hidden there. secret_scanning: title: 'Escanear en búsqueda de secretos' diff --git a/translations/es-ES/data/product-examples/code-security/code-examples.yml b/translations/es-ES/data/product-examples/code-security/code-examples.yml index d652a07c64..3dbd1a0007 100644 --- a/translations/es-ES/data/product-examples/code-security/code-examples.yml +++ b/translations/es-ES/data/product-examples/code-security/code-examples.yml @@ -24,7 +24,7 @@ #Security policies title: Microsoft security policy template description: Política de seguridad de ejemplo - href: https://github.com/microsoft/repo-templates/blob/main/shared/SECURITY.md + href: /microsoft/repo-templates/blob/main/shared/SECURITY.md tags: - Política de seguridad - diff --git a/translations/es-ES/data/reusables/code-scanning/alert-default-branch.md b/translations/es-ES/data/reusables/code-scanning/alert-default-branch.md new file mode 100644 index 0000000000..c6a6029e70 --- /dev/null +++ b/translations/es-ES/data/reusables/code-scanning/alert-default-branch.md @@ -0,0 +1 @@ +The status and details on the alert page only reflect the state of the alert on the default branch of the repository, even if the alert exists in other branches. You can see the status of the alert on non-default branches in the **Affected branches** section on the right-hand side of the alert page. If an alert doesn't exist in the default branch, the status of the alert will display as "in pull request" or "in branch" and will be colored grey. \ No newline at end of file diff --git a/translations/es-ES/data/reusables/code-scanning/filter-non-default-branches.md b/translations/es-ES/data/reusables/code-scanning/filter-non-default-branches.md new file mode 100644 index 0000000000..4df28a76d5 --- /dev/null +++ b/translations/es-ES/data/reusables/code-scanning/filter-non-default-branches.md @@ -0,0 +1 @@ +Please note that if you have filtered for alerts on a non-default branch, but the same alerts exist on the default branch, the alert page for any given alert will still only reflect the alert's status on the default branch, even if that status conflicts with the status on a non-default branch. For example, an alert that appears in the "Open" list in the summary of alerts for `branch-x` could show a status of "Fixed" on the alert page, if the alert is already fixed on the default branch. You can view the status of the alert for the branch you filtered on in the **Affected branches** section on the right side of the alert page. \ No newline at end of file diff --git a/translations/es-ES/data/reusables/dependabot/private-dependencies-note.md b/translations/es-ES/data/reusables/dependabot/private-dependencies-note.md index 03135127fa..b62c55d55b 100644 --- a/translations/es-ES/data/reusables/dependabot/private-dependencies-note.md +++ b/translations/es-ES/data/reusables/dependabot/private-dependencies-note.md @@ -1 +1 @@ -Cuando ejecutas actualizaciones de versión o de seguridad, algunos ecosistemas deberán poder resolver todas las dependencias de su fuente para verificar que las actualizaciones sean exitosas. Si tus archivos de manifiesto o de bloqueo contienen cualquier dependencia privada, el {% data variables.product.prodname_dependabot %} deberá poder acceder a la ubicación en la que se hospedan dichas dependencias. Los propietarios de las organizaciones pueden otorgar acceso al {% data variables.product.prodname_dependabot %} para los repositorios privados que contengan dependencias para un proyecto dentro de la misma organización. Para obtener más información, consulta la sección "[Administrar la configuración de seguridad y análisis para tu organización](/organizations/keeping-your-organization-secure/managing-security-and-analysis-settings-for-your-organization#allowing-dependabot-to-access-private-dependencies)". Puedes configurar el acceso a los registros privados en el archivo de configuración _dependabot.yml_ de un repositorio. Para obtener más información, consulta la sección "[Opciones de configuración para las actualizaciones de dependencias](/github/administering-a-repository/configuration-options-for-dependency-updates#configuration-options-for-private-registries)". +Cuando ejecutas actualizaciones de versión o de seguridad, algunos ecosistemas deberán poder resolver todas las dependencias de su fuente para verificar que las actualizaciones sean exitosas. Si tus archivos de manifiesto o de bloqueo contienen cualquier dependencia privada, el {% data variables.product.prodname_dependabot %} deberá poder acceder a la ubicación en la que se hospedan dichas dependencias. Los propietarios de las organizaciones pueden otorgar acceso al {% data variables.product.prodname_dependabot %} para los repositorios privados que contengan dependencias para un proyecto dentro de la misma organización. Para obtener más información, consulta la sección "[Administrar la configuración de seguridad y análisis para tu organización](/organizations/keeping-your-organization-secure/managing-security-and-analysis-settings-for-your-organization#allowing-dependabot-to-access-private-dependencies)". Puedes configurar el acceso a los registros privados en el archivo de configuración _dependabot.yml_ de un repositorio. For more information, see "[Configuration options for the dependabot.yml file](/github/administering-a-repository/configuration-options-for-dependency-updates#configuration-options-for-private-registries)." diff --git a/translations/es-ES/data/reusables/dependabot/result-discrepancy.md b/translations/es-ES/data/reusables/dependabot/result-discrepancy.md new file mode 100644 index 0000000000..cd5055354a --- /dev/null +++ b/translations/es-ES/data/reusables/dependabot/result-discrepancy.md @@ -0,0 +1 @@ +Los resultados de la detección de dependencias que reporta {% data variables.product.product_name %} pueden ser diferentes a aquellos que devuelven otras herramientas. Esto está justificado y es útil el entender cómo {% data variables.product.prodname_dotcom %} determina las dependencias para tu proyecto. diff --git a/translations/es-ES/data/reusables/repositories/github-reviews-security-advisories.md b/translations/es-ES/data/reusables/repositories/github-reviews-security-advisories.md index 9f4b64aa2d..366124f1fe 100644 --- a/translations/es-ES/data/reusables/repositories/github-reviews-security-advisories.md +++ b/translations/es-ES/data/reusables/repositories/github-reviews-security-advisories.md @@ -1,3 +1,3 @@ {% data variables.product.prodname_dotcom %} revisará cada asesoría de seguridad que se haya publicado, la agregará a la {% data variables.product.prodname_advisory_database %}, y podría utilzar esta asesoría de seguridad para enviar {% data variables.product.prodname_dependabot_alerts %} a los repositorios que se vean afectados. Si la asesoría de seguridad viene de una bifurcación, únicamente enviaremos una alerta si ésta tiene un paquete que se publique con un nombre único y esté en un registro de paquetes público. Este proceso puede tomar hasta 72 horas y {% data variables.product.prodname_dotcom %} podría contactarte para obtener más información. -Para obtener más información sobre las {% data variables.product.prodname_dependabot_alerts %}, consulta las secciones "[Acerca de las alertas para las dependencias vulnerables](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies#dependabot-alerts-for-vulnerable-dependencies)" y "[Acerca de las {% data variables.product.prodname_dependabot_security_updates %}](/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-dependabot-security-updates)". Para obtener más información acerca de la {% data variables.product.prodname_advisory_database %}, consulta la sección "[Buscar vulnerabilidades de seguridad en la {% data variables.product.prodname_advisory_database %}](/github/managing-security-vulnerabilities/browsing-security-vulnerabilities-in-the-github-advisory-database)". +For more information about {% data variables.product.prodname_dependabot_alerts %}, see "[About {% data variables.product.prodname_dependabot_alerts %}](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies#dependabot-alerts-for-vulnerable-dependencies)" and "[About {% data variables.product.prodname_dependabot_security_updates %}](/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-dependabot-security-updates)." Para obtener más información acerca de la {% data variables.product.prodname_advisory_database %}, consulta la sección "[Buscar vulnerabilidades de seguridad en la {% data variables.product.prodname_advisory_database %}](/github/managing-security-vulnerabilities/browsing-security-vulnerabilities-in-the-github-advisory-database)". diff --git a/translations/es-ES/data/reusables/repositories/security-alert-delivery-options.md b/translations/es-ES/data/reusables/repositories/security-alert-delivery-options.md index 6b866fa868..e6e2e2b256 100644 --- a/translations/es-ES/data/reusables/repositories/security-alert-delivery-options.md +++ b/translations/es-ES/data/reusables/repositories/security-alert-delivery-options.md @@ -1,4 +1,4 @@ {% ifversion not ghae %} Si tu repositorio cuenta con un manifiesto compatible de la dependencia -{% ifversion fpt or ghec %} (y si configuraste la gráfica de dependencias en caso de que sea un repositorio privado){% endif %}, cada que {% data variables.product.product_name %} detecte una dependencia vulnerable en éste, recibirás un resumen semanal por correo electrónico. También puedes configurar tus alertas de seguridad y notificaciones web, notificaciones individuales por correo electrónico, resúmenes diarios por correo electrónico o alertas en la interfaz de {% data variables.product.product_name %}. Para obtener más información, consulta la sección "[Acerca de las alertas para las dependencias vulnerables](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)". +{% ifversion fpt or ghec %} (y si configuraste la gráfica de dependencias en caso de que sea un repositorio privado){% endif %}, cada que {% data variables.product.product_name %} detecte una dependencia vulnerable en éste, recibirás un resumen semanal por correo electrónico. También puedes configurar tus alertas de seguridad y notificaciones web, notificaciones individuales por correo electrónico, resúmenes diarios por correo electrónico o alertas en la interfaz de {% data variables.product.product_name %}. Para obtener más información, consulta la sección "[Acerca de{% data variables.product.prodname_dependabot_alerts %}](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)". {% endif %} diff --git a/translations/es-ES/data/reusables/rest-reference/deployments/keys.md b/translations/es-ES/data/reusables/rest-reference/deploy_keys/deploy_keys.md similarity index 91% rename from translations/es-ES/data/reusables/rest-reference/deployments/keys.md rename to translations/es-ES/data/reusables/rest-reference/deploy_keys/deploy_keys.md index 23b36b1d07..1324e759c8 100644 --- a/translations/es-ES/data/reusables/rest-reference/deployments/keys.md +++ b/translations/es-ES/data/reusables/rest-reference/deploy_keys/deploy_keys.md @@ -1,5 +1,3 @@ -## Llaves de implementación - {% data reusables.repositories.deploy-keys %} Las llaves de despliegue pueden ya sea configurarse utilizando las siguientes terminales de la API, o mediante GitHub. Para aprender cómo configurar las llaves de despliegue en GitHub, consulta la sección "[Administrar las llaves de despliegue](/developers/overview/managing-deploy-keys)". \ No newline at end of file diff --git a/translations/es-ES/data/reusables/webhooks/repository_vulnerability_alert_short_desc.md b/translations/es-ES/data/reusables/webhooks/repository_vulnerability_alert_short_desc.md index b06cba6d11..65fa711703 100644 --- a/translations/es-ES/data/reusables/webhooks/repository_vulnerability_alert_short_desc.md +++ b/translations/es-ES/data/reusables/webhooks/repository_vulnerability_alert_short_desc.md @@ -1 +1 @@ -Actividad relacionada con las alertas de vulnerabilidades de seguridad en un repositorio. {% data reusables.webhooks.action_type_desc %} Para obtener más información, consulta la sección "[Acerca de las alertas para las dependencias vulnerables](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies/)". +Actividad relacionada con las alertas de vulnerabilidades de seguridad en un repositorio. {% data reusables.webhooks.action_type_desc %} For more information, see the "[About {% data variables.product.prodname_dependabot_alerts %}](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies/)". diff --git a/translations/log/es-resets.csv b/translations/log/es-resets.csv index 5ada01d4f8..008987b785 100644 --- a/translations/log/es-resets.csv +++ b/translations/log/es-resets.csv @@ -118,24 +118,6 @@ translations/es-ES/content/code-security/guides.md,Listed in localization-suppor translations/es-ES/content/code-security/index.md,Listed in localization-support#489 translations/es-ES/content/code-security/secret-scanning/about-secret-scanning.md,Listed in localization-support#489 translations/es-ES/content/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning.md,Listed in localization-support#489 -translations/es-ES/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/about-dependabot-version-updates.md,Listed in localization-support#489 -translations/es-ES/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/automating-dependabot-with-github-actions.md,Listed in localization-support#489 -translations/es-ES/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/configuration-options-for-dependency-updates.md,Listed in localization-support#489 -translations/es-ES/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/customizing-dependency-updates.md,Listed in localization-support#489 -translations/es-ES/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-dependabot-version-updates.md,Listed in localization-support#489 -translations/es-ES/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-dependabot-version-updates.md,broken liquid tags -translations/es-ES/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/index.md,Listed in localization-support#489 -translations/es-ES/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/keeping-your-actions-up-to-date-with-dependabot.md,Listed in localization-support#489 -translations/es-ES/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/listing-dependencies-configured-for-version-updates.md,Listed in localization-support#489 -translations/es-ES/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/managing-encrypted-secrets-for-dependabot.md,Listed in localization-support#489 -translations/es-ES/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/managing-pull-requests-for-dependency-updates.md,Listed in localization-support#489 -translations/es-ES/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-alerts-for-vulnerable-dependencies.md,Listed in localization-support#489 -translations/es-ES/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-dependabot-security-updates.md,Listed in localization-support#489 -translations/es-ES/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-managing-vulnerable-dependencies.md,Listed in localization-support#489 -translations/es-ES/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/configuring-dependabot-security-updates.md,Listed in localization-support#489 -translations/es-ES/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/troubleshooting-dependabot-errors.md,Listed in localization-support#489 -translations/es-ES/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/troubleshooting-the-detection-of-vulnerable-dependencies.md,Listed in localization-support#489 -translations/es-ES/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/viewing-and-updating-vulnerable-dependencies-in-your-repository.md,Listed in localization-support#489 translations/es-ES/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review.md,Listed in localization-support#489 translations/es-ES/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph.md,Listed in localization-support#489 translations/es-ES/content/code-security/supply-chain-security/understanding-your-software-supply-chain/exploring-the-dependencies-of-a-repository.md,Listed in localization-support#489 From 3d298dd88d08f97228643ab3d102fe251a7de05e Mon Sep 17 00:00:00 2001 From: Peter Bengtsson Date: Fri, 18 Mar 2022 16:44:43 -0400 Subject: [PATCH 28/52] CLI tool to rename file or tree (#25306) * CLI tool to rename file or tree * it works * progress * progress * wip * wip * wip * debugging * fixed * remove console logging * add support for also updating learning-tracks * cope with the 'children' key in the root content/index.md unicorn * update childGroups too * guardrails * refactor * tidying up arguments * refactored for single files * nicer error in pre-validation of the first file argument * regression fix * fix for moving directories * delete lib/redirects/.redirects-cache.json if present --- script/move-content.mjs | 568 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 568 insertions(+) create mode 100755 script/move-content.mjs diff --git a/script/move-content.mjs b/script/move-content.mjs new file mode 100755 index 0000000000..ca943493a6 --- /dev/null +++ b/script/move-content.mjs @@ -0,0 +1,568 @@ +#!/usr/bin/env node + +// [start-readme] +// +// Helps you move (a.k.a. rename) a file or a folder and does what's +// needed with frontmatter redrect_from and equivalent in translations. +// +// [end-readme] + +import fs from 'fs' +import path from 'path' +import { execSync } from 'child_process' + +import program from 'commander' +import chalk from 'chalk' +import walk from 'walk-sync' +import yaml from 'js-yaml' + +import fm from '../lib/frontmatter.js' +import readFrontmatter from '../lib/read-frontmatter.js' + +const CONTENT_ROOT = path.resolve('content') +const DATA_ROOT = path.resolve('data') + +const REDIRECT_FROM_KEY = 'redirect_from' +const CHILDREN_KEY = 'children' +const CHILDGROUPS_KEY = 'childGroups' + +program + .description('Helps you move (rename) files or folders') + .option('-v, --verbose', 'Verbose outputs') + .option( + '--no-git', + "DON'T use 'git mv' and 'git commit' to move the file. Just regular file moves." + ) + .option('--undo', 'Reverse of moving. I.e. moving it back. Only applies to the last run.') + .arguments('old', 'old file or folder name') + .arguments('new', 'new file or folder name') + .parse(process.argv) + +main(program.opts(), program.args) + +async function main(opts, nameTuple) { + const { verbose, undo } = opts + if (nameTuple.length !== 2) { + console.error( + chalk.red(`Must be exactly 2 file paths as arguments. Not ${nameTuple.length} arguments.`) + ) + process.exit(1) + } + const [old, new_] = nameTuple + if (old === new_) { + throw new Error('old == new') + } + + const uppercases = new_.match(/[A-Z]+/g) || [] + if (uppercases.length > 0) { + throw new Error(`Uppercase in file name not allowed ('${uppercases}')`) + } + + let oldPath = old + let newPath = new_ + if (undo) { + oldPath = new_ + newPath = old + } else { + oldPath = old + newPath = new_ + } + + // The file you're about to move needs to exist + if (!fs.existsSync(oldPath)) { + console.error(chalk.red(`${oldPath} does not exist.`)) + process.exit(1) + } + + let isFolder = fs.lstatSync(oldPath).isDirectory() + + // Before validating, see if we need to fake that the newPath should be. + // This is to mimic how bash `mv` works where you can do: + // + // mv some/place/a/file.txt destin/ation/ + // + // which is implied to mean the same as; + // + // mv some/place/a/file.txt destin/ation/file.txt + // + if (undo) { + if (isFolder) { + const wouldBe = path.join(oldPath, path.basename(newPath)) + // We can't know if the `newPath` is a directory or file because + // whichever it is, it doesn't exist. + if (fs.existsSync(wouldBe) && !fs.lstatSync(wouldBe).isDirectory()) { + isFolder = false + oldPath = wouldBe + } + } + } else { + if (!isFolder) { + if (fs.existsSync(newPath) && fs.lstatSync(newPath).isDirectory()) { + newPath = path.join(newPath, path.basename(oldPath)) + } + } + } + + // This will exit non-zero if anything is wrong with these inputs + validateFileInputs(oldPath, newPath, isFolder) + + if (isFolder) { + // The folder must have an index.md file + const indexFilePath = path.join(oldPath, 'index.md') + if (!fs.existsSync(indexFilePath)) { + throw new Error(`${oldPath} does not have an index.md file`) + } + // Gather individual files by walking `oldPath` recursively + // The second argument is + const files = findFilesInFolder(oldPath, newPath, opts) + + // First take care of the `git mv` (or regular rename) part. + if (undo) { + undoFolder(oldPath, newPath, files, opts) + } else { + moveFolder(oldPath, newPath, files, opts) + } + + addToChildren(newPath, removeFromChildren(oldPath, opts), opts) + + if (undo) { + undoFiles(files, false, opts) + } else { + editFiles(files, false, opts) + } + } else { + // When it's just an individual file, it's easier. + const oldHref = makeHref(CONTENT_ROOT, undo ? newPath : oldPath) + const newHref = makeHref(CONTENT_ROOT, undo ? oldPath : newPath) + const files = [[oldPath, newPath, oldHref, newHref]] + + // First take care of the `git mv` (or regular rename) part. + moveFiles(files, opts) + + if (undo) { + undoFiles(files, true, opts) + } else { + editFiles(files, true, opts) + } + } + + if (!undo) { + if (verbose) { + console.log( + chalk.yellow( + 'To undo (reverse) what you just did, run the same exact command but with --undo added to the end' + ) + ) + } + } + + const redirectsCachingFile = 'lib/redirects/.redirects-cache.json' + if (fs.existsSync(redirectsCachingFile)) { + fs.unlinkSync(redirectsCachingFile) + if (verbose) { + console.log( + chalk.yellow( + `Deleted the redirects caching file ${redirectsCachingFile} to stale cache in local server testing.` + ) + ) + } + } +} + +function validateFileInputs(oldPath, newPath, isFolder) { + if (isFolder) { + // Make sure that only the last portion of the path is different + // and that all preceeding are equal. + const [oldBase, oldName] = splitDirectory(oldPath) + const [newBase] = splitDirectory(newPath) + if (oldBase !== newBase && !existsAndIsDirectory(newBase)) { + console.error( + chalk.red( + `When moving a directory, both bases need to be the same. '${oldBase}' != '${newBase}'` + ) + ) + console.warn(chalk.yellow(`Only the name (e.g. '${oldName}') can be different.`)) + process.exit(1) + } + } + + if (!path.resolve(newPath).startsWith(CONTENT_ROOT)) { + const relativeRoot = path.relative('.', CONTENT_ROOT) + console.error(chalk.red(`New path does not start with '${relativeRoot}'`)) + process.exit(1) + } + + if (!fs.existsSync(oldPath)) { + console.error(chalk.red(`${oldPath} does not resolve to an existing file or a folder`)) + process.exit(1) + } + if (path.basename(oldPath) === 'index.md') { + console.error( + chalk.red(`File path can't be 'index.md'. Refer to it by its foldername instead.`) + ) + process.exit(1) + } + if (path.basename(newPath) === 'index.md') { + console.error( + chalk.red(`File path can't be 'index.md'. Refer to it by its foldername instead.`) + ) + process.exit(1) + } + + if (fs.existsSync(newPath)) { + console.error(chalk.red(`Can't move to a ${isFolder ? 'folder' : 'file'} that already exists.`)) + process.exit(1) + } + + if (/\s/.test(newPath)) { + throw new Error(`New path (${newPath}) can't contain whitespace`) + } +} + +function existsAndIsDirectory(directory) { + return fs.existsSync(directory) && fs.lstatSync(directory).isDirectory() +} + +function splitDirectory(directory) { + return [path.dirname(directory), path.basename(directory)] +} + +function findFilesInFolder(oldPath, newPath, opts) { + const { undo, verbose } = opts + const files = [] + const allFiles = walk(oldPath, { includeBasePath: true, directories: false }) + for (const filePath of allFiles) { + const newFilePath = filePath.replace(oldPath, newPath) + const oldHref = makeHref(CONTENT_ROOT, undo ? newFilePath : filePath) + const newHref = makeHref(CONTENT_ROOT, undo ? filePath : newFilePath) + files.push([filePath, newFilePath, oldHref, newHref]) + } + if (verbose) { + console.log(chalk.yellow(`Found ${files.length} files within ${oldPath}`)) + } + return files +} + +function makeHref(root, filePath) { + const nameSplit = path.relative(root, filePath).split(path.sep) + if (nameSplit.slice(-1)[0] === 'index.md') { + nameSplit.pop() + } else { + nameSplit.push(nameSplit.pop().replace(/\.md$/, '')) + } + return '/' + nameSplit.join('/') +} + +function moveFolder(oldPath, newPath, files, opts) { + const { verbose, git: useGit } = opts + if (useGit) { + let cmd = `git mv ${oldPath} ${newPath}` + if (verbose) { + console.log(`git mv command: ${chalk.grey(cmd)}`) + } + execSync(cmd) + + cmd = `git commit -a -m "renamed ${files.length} files"` + if (verbose) { + console.log(`git commit command: ${chalk.grey(cmd)}`) + } + execSync(cmd) + } else { + fs.renameSync(oldPath, newPath) + if (verbose) { + console.log(`Renamed folder ${chalk.bold(oldPath)} to ${chalk.bold(newPath)}`) + } + } +} + +function undoFolder(oldPath, newPath, files, opts) { + const { verbose, git: useGit } = opts + + if (useGit) { + let cmd = `git mv ${oldPath} ${newPath}` + execSync(cmd) + if (verbose) { + console.log(`git mv command: ${chalk.grey(cmd)}`) + } + + cmd = `git commit -a -m "renamed ${files.length} files"` + execSync(cmd) + if (verbose) { + console.log(`git commit command: ${chalk.grey(cmd)}`) + } + } else { + fs.renameSync(oldPath, newPath) + if (verbose) { + console.log(`Renamed folder ${chalk.bold(oldPath)} to ${chalk.bold(newPath)}`) + } + } +} + +function getBasename(fileOrDirectory) { + // Note, can't use fs.lstatSync().isDirectory() because it's just a string + // at this point. It might not exist. + + if (fileOrDirectory.endsWith('index.md')) { + return path.basename(path.directory(fileOrDirectory)) + } + if (fileOrDirectory.endsWith('.md')) { + return path.basename(fileOrDirectory).replace(/\.md$/, '') + } + return path.basename(fileOrDirectory) +} + +function removeFromChildren(oldPath, opts) { + const { verbose } = opts + + const parentFilePath = path.join(path.dirname(oldPath), 'index.md') + const fileContent = fs.readFileSync(parentFilePath, 'utf-8') + const { content, data } = readFrontmatter(fileContent) + const oldName = getBasename(oldPath) + + let childrenPosition = -1 + if (CHILDREN_KEY in data) { + data[CHILDREN_KEY] = data[CHILDREN_KEY].filter((entry, i) => { + if (entry === oldName || entry === `/${oldName}`) { + childrenPosition = i + return false + } + return true + }) + if (data[CHILDREN_KEY].length === 0) { + delete data[CHILDREN_KEY] + } + } + + const childGroupPositions = [] + + ;(data[CHILDGROUPS_KEY] || []).forEach((group, i) => { + if (group.children) { + group.children = group.children.filter((entry, j) => { + if (entry === oldName || entry === `/${oldName}`) { + childGroupPositions.push([i, j]) + return false + } + return true + }) + } + }) + + fs.writeFileSync( + parentFilePath, + readFrontmatter.stringify(content, data, { lineWidth: 10000 }), + 'utf-8' + ) + if (verbose) { + console.log(`Removed 'children' (${oldName}) key in ${parentFilePath}`) + } + + return { childrenPosition, childGroupPositions } +} + +function addToChildren(newPath, positions, opts) { + const { verbose } = opts + const parentFilePath = path.join(path.dirname(newPath), 'index.md') + const fileContent = fs.readFileSync(parentFilePath, 'utf-8') + const { content, data } = readFrontmatter(fileContent) + const newName = getBasename(newPath) + + const { childrenPosition, childGroupPositions } = positions + if (childrenPosition > -1) { + const children = data[CHILDREN_KEY] || [] + let prefix = '' + if (children.every((entry) => entry.startsWith('/'))) { + prefix += '/' + } + if (childrenPosition > -1 && childrenPosition < children.length) { + children.splice(childrenPosition, 0, prefix + newName) + } else { + children.push(prefix + newName) + } + data[CHILDREN_KEY] = children + } + + if (CHILDGROUPS_KEY in data) { + for (const [groupIndex, childrenPosition] of childGroupPositions) { + if (groupIndex < data[CHILDGROUPS_KEY].length) { + const group = data[CHILDGROUPS_KEY][groupIndex] + if (childrenPosition < group.children.length) { + group.children.splice(childrenPosition, 0, newName) + } else { + group.children.push(newName) + } + } + } + } + + fs.writeFileSync( + parentFilePath, + readFrontmatter.stringify(content, data, { lineWidth: 10000 }), + 'utf-8' + ) + if (verbose) { + console.log(`Added 'children' (${newName}) key in ${parentFilePath}`) + } +} + +function moveFiles(files, opts) { + const { verbose, git: useGit } = opts + // Before we do anything, assert that the files are valid + for (const [oldPath] of files) { + const fileContent = fs.readFileSync(oldPath, 'utf-8') + const { errors } = fm(fileContent, { filepath: oldPath }) + errors.forEach((error, i) => { + if (!i) console.warn(chalk.yellow(`Error parsing file (${oldPath}) frontmatter:`)) + console.error(`${chalk.red(error.message)}: ${chalk.yellow(error.reason)}`) + }) + if (errors.length > 0) throw new Error('There were more than 0 parse errors') + } + + // In the first loop, we exclusively perform the rename. No file edits! + // The reason is that we don't want lump renaming and edits in the same + // git commit. + // By having a dedicated git commit that purely renames (without changing + // any content) is best practice to avoid complex 3-way diffs that + // `git merge` does when you later have to merge in the latest `main` + // into your ongoing renaming branch. + for (const [oldPath, newPath] of files) { + if (verbose) { + console.log(`Moving ${chalk.bold(oldPath)} to ${chalk.bold(newPath)}`) + } + + if (useGit) { + const cmd = `git mv ${oldPath} ${newPath}` + execSync(cmd) + if (verbose) { + console.log(`git mv command: ${chalk.grey(cmd)}`) + } + } else { + fs.renameSync(oldPath, newPath) + if (verbose) { + console.log(`Renamed ${chalk.bold(oldPath)} to ${chalk.bold(newPath)}`) + } + } + } + + if (useGit) { + const cmd = `git commit -a -m "renamed ${files.length} files"` + execSync(cmd) + if (verbose) { + console.log(`git commit command: ${chalk.grey(cmd)}`) + } + } +} + +function editFiles(files, updateParent, opts) { + const { verbose, git: useGit } = opts + + // Second loop. This time our only job is to edit the `redirects_from` + // frontmatter key. + // See comment in the first loop above for why we're looping over the files + // two times. + for (const [oldPath, newPath, oldHref, newHref] of files) { + const fileContent = fs.readFileSync(newPath, 'utf-8') + const { content, data } = readFrontmatter(fileContent) + if (!(REDIRECT_FROM_KEY in data)) { + data[REDIRECT_FROM_KEY] = [] + } + data[REDIRECT_FROM_KEY].push(oldHref) + fs.writeFileSync( + newPath, + readFrontmatter.stringify(content, data, { lineWidth: 10000 }), + 'utf-8' + ) + if (verbose) { + console.log(`Added ${oldHref} to 'redirects_from' in ${newPath}`) + } + + if (updateParent) { + addToChildren(newPath, removeFromChildren(oldPath, opts), opts) + } + + // Perhaps this was mentioned in a 'guide' in a learning track + for (const filePath of findInLearningTracks(oldHref)) { + changeLearningTracks(filePath, oldHref, newHref) + if (verbose) { + console.log(`Updated learning tracks in ${filePath}`) + } + } + } + + if (useGit) { + const cmd = `git commit -a -m "set ${REDIRECT_FROM_KEY} on ${files.length} files"` + execSync(cmd) + if (verbose) { + console.log(`git commit command: ${chalk.grey(cmd)}`) + } + } +} + +function undoFiles(files, updateParent, opts) { + const { verbose, git: useGit } = opts + + // First undo any edits to the file + for (const [oldPath, newPath, oldHref, newHref] of files) { + const fileContent = fs.readFileSync(newPath, 'utf-8') + const { content, data } = readFrontmatter(fileContent) + + data[REDIRECT_FROM_KEY] = (data[REDIRECT_FROM_KEY] || []).filter((entry) => entry !== oldHref) + if (data[REDIRECT_FROM_KEY].length === 0) { + delete data[REDIRECT_FROM_KEY] + } + + fs.writeFileSync( + newPath, + readFrontmatter.stringify(content, data, { lineWidth: 10000 }), + 'utf-8' + ) + if (updateParent) { + addToChildren(newPath, removeFromChildren(oldPath, opts), opts) + } + + // Perhaps this was mentioned in a 'guide' in a learning track + for (const filePath of findInLearningTracks(newHref)) { + changeLearningTracks(filePath, newHref, oldHref) + if (verbose) { + console.log(`Updated learning tracks in ${filePath}`) + } + } + } + if (useGit) { + const cmd = `git commit -a -m "unset ${REDIRECT_FROM_KEY} on ${files.length} files"` + execSync(cmd) + if (verbose) { + console.log(`git commit command: ${chalk.grey(cmd)}`) + } + } +} + +function findInLearningTracks(href) { + const allFiles = walk(path.join(DATA_ROOT, 'learning-tracks'), { + globs: ['*.yml'], + includeBasePath: true, + directories: false, + }) + const found = [] + for (const filePath of allFiles) { + const tracks = yaml.load(fs.readFileSync(filePath, 'utf-8')) + + if ( + Object.values(tracks).find((track) => { + const guides = track.guides || [] + return guides.includes(href) + }) + ) { + found.push(filePath) + } + } + return found +} + +function changeLearningTracks(filePath, oldHref, newHref) { + // Can't deserialize and serialize the Yaml because it would lose + // formatting and comments. So regex replace it. + const regex = new RegExp(`- ${oldHref}$`, 'gm') + const oldContent = fs.readFileSync(filePath, 'utf-8') + const newContent = oldContent.replace(regex, `- ${newHref}`) + fs.writeFileSync(filePath, newContent, 'utf-8') +} From 836260250303d3763f776c9b9e65961968e55b9a Mon Sep 17 00:00:00 2001 From: Peter Bengtsson Date: Fri, 18 Mar 2022 17:06:12 -0400 Subject: [PATCH 29/52] do rendering end-to-end tests with a real server (#26169) * reinstate * start server manually * routing tests too * skip more * sleep more and fail if not 200 * use e2etest for content/ too * feedbacked --- .github/workflows/test.yml | 10 ++ middleware/rate-limit.js | 2 +- tests/content/featured-links.js | 2 +- tests/content/search.js | 2 +- tests/content/webhooks.js | 2 +- tests/helpers/caching-headers.js | 14 ++ tests/helpers/e2etest.js | 83 +++++++++++ tests/rendering/breadcrumbs.js | 3 +- tests/rendering/curated-homepage-links.js | 2 +- tests/rendering/favicons.js | 2 +- tests/rendering/footer.js | 5 +- tests/rendering/head.js | 2 +- tests/rendering/header.js | 5 +- tests/rendering/learning-tracks.js | 3 +- tests/rendering/page-titles.js | 5 +- tests/rendering/pages-with-learning-tracks.js | 2 +- tests/rendering/rest.js | 5 +- tests/rendering/robots-txt.js | 8 +- tests/rendering/server.js | 23 +++- tests/rendering/sidebar.js | 5 +- tests/rendering/static-assets.js | 116 +--------------- tests/rendering/webhooks.js | 2 +- .../routing/deprecated-enterprise-versions.js | 130 ++++++++++-------- tests/routing/developer-site-redirects.js | 6 +- tests/routing/language-code-redirects.js | 29 ++-- tests/routing/redirects.js | 16 +-- tests/routing/release-notes.js | 2 +- tests/routing/remote-ip.js | 2 +- .../top-developer-site-path-redirects.js | 3 +- tests/{rendering => unit}/events.js | 0 tests/{rendering => unit}/octicon.js | 0 tests/unit/static-assets.js | 101 ++++++++++++++ 32 files changed, 360 insertions(+), 232 deletions(-) create mode 100644 tests/helpers/caching-headers.js create mode 100644 tests/helpers/e2etest.js rename tests/{rendering => unit}/events.js (100%) rename tests/{rendering => unit}/octicon.js (100%) create mode 100644 tests/unit/static-assets.js diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index de1034d14f..61e3e3c673 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -140,6 +140,16 @@ jobs: NODE_ENV: test run: ./script/warm-before-tests.mjs + - name: Start production-like server in the background + if: ${{ matrix.test-group == 'rendering' || matrix.test-group == 'routing' || matrix.test-group == 'content' }} + env: + NODE_ENV: test + PORT: 4000 + run: | + node server.mjs & + sleep 3 + curl --retry-connrefused --retry 5 -I --fail http://localhost:4000/healthz + - name: Run tests env: DIFF_FILE: get_diff_files.txt diff --git a/middleware/rate-limit.js b/middleware/rate-limit.js index 742eb549cb..2c037139ac 100644 --- a/middleware/rate-limit.js +++ b/middleware/rate-limit.js @@ -3,7 +3,7 @@ import statsd from '../lib/statsd.js' const EXPIRES_IN_AS_SECONDS = 60 -const MAX = process.env.RATE_LIMIT_MAX ? parseInt(process.env.RATE_LIMIT_MAX, 10) : 1000 +const MAX = process.env.RATE_LIMIT_MAX ? parseInt(process.env.RATE_LIMIT_MAX, 10) : 10000 if (isNaN(MAX)) { throw new Error(`process.env.RATE_LIMIT_MAX (${process.env.RATE_LIMIT_MAX}) not a number`) } diff --git a/tests/content/featured-links.js b/tests/content/featured-links.js index dcfce7cd3b..dc1f434bfd 100644 --- a/tests/content/featured-links.js +++ b/tests/content/featured-links.js @@ -7,7 +7,7 @@ import nock from 'nock' import japaneseCharacters from 'japanese-characters' import '../../lib/feature-flags.js' -import { getDOM, getJSON } from '../helpers/supertest.js' +import { getDOM, getJSON } from '../helpers/e2etest.js' import enterpriseServerReleases from '../../lib/enterprise-server-releases.js' const __dirname = path.dirname(fileURLToPath(import.meta.url)) diff --git a/tests/content/search.js b/tests/content/search.js index 5b0786b4b6..e42898d5c6 100644 --- a/tests/content/search.js +++ b/tests/content/search.js @@ -4,7 +4,7 @@ import { dates, supported } from '../../lib/enterprise-server-releases.js' import libLanguages from '../../lib/languages.js' import { namePrefix } from '../../lib/search/config.js' import lunrIndexNames from '../../script/search/lunr-get-index-names.js' -import { get } from '../helpers/supertest.js' +import { get } from '../helpers/e2etest.js' const languageCodes = Object.keys(libLanguages) diff --git a/tests/content/webhooks.js b/tests/content/webhooks.js index e5f13adc0b..0c7fe64887 100644 --- a/tests/content/webhooks.js +++ b/tests/content/webhooks.js @@ -1,5 +1,5 @@ import { difference } from 'lodash-es' -import { getJSON } from '../helpers/supertest.js' +import { getJSON } from '../helpers/e2etest.js' import { latest } from '../../lib/enterprise-server-releases.js' import { allVersions } from '../../lib/all-versions.js' import getWebhookPayloads from '../../lib/webhooks' diff --git a/tests/helpers/caching-headers.js b/tests/helpers/caching-headers.js new file mode 100644 index 0000000000..76a8b77bd6 --- /dev/null +++ b/tests/helpers/caching-headers.js @@ -0,0 +1,14 @@ +import { SURROGATE_ENUMS } from '../../middleware/set-fastly-surrogate-key.js' + +export function checkCachingHeaders(res, defaultSurrogateKey = false, minMaxAge = 60 * 60) { + expect(res.headers['set-cookie']).toBeUndefined() + expect(res.headers['cache-control']).toContain('public') + const maxAgeSeconds = parseInt(res.header['cache-control'].match(/max-age=(\d+)/)[1], 10) + // Let's not be too specific in the tests, just as long as it's testing + // that it's a reasonably large number of seconds. + expect(maxAgeSeconds).toBeGreaterThanOrEqual(minMaxAge) + // Because it doesn't have have a unique URL + expect(res.headers['surrogate-key']).toBe( + defaultSurrogateKey ? SURROGATE_ENUMS.DEFAULT : SURROGATE_ENUMS.MANUAL + ) +} diff --git a/tests/helpers/e2etest.js b/tests/helpers/e2etest.js new file mode 100644 index 0000000000..e666bd4d7f --- /dev/null +++ b/tests/helpers/e2etest.js @@ -0,0 +1,83 @@ +import cheerio from 'cheerio' +import got from 'got' + +export async function get( + route, + opts = { + method: 'get', + body: undefined, + followRedirects: false, + followAllRedirects: false, + headers: {}, + } +) { + const method = opts.method || 'get' + const fn = got[method] + if (!fn || typeof fn !== 'function') throw new Error(`No method function for '${method}'`) + const absURL = `http://localhost:4000${route}` + const res = await fn(absURL, { + body: opts.body, + headers: opts.headers, + retry: { limit: 0 }, + throwHttpErrors: false, + followRedirect: opts.followAllRedirects || opts.followRedirects, + }) + // follow all redirects, or just follow one + if (opts.followAllRedirects && [301, 302].includes(res.status)) { + // res = await get(res.headers.location, opts) + throw new Error('A') + } else if (opts.followRedirects && [301, 302].includes(res.status)) { + // res = await get(res.headers.location) + throw new Error('B') + } + + const text = res.body + const status = res.statusCode + const headers = res.headers + return { + text, + status, + statusCode: status, // Legacy + headers, + header: headers, // Legacy + url: res.url, + } +} + +export async function head(route, opts = { followRedirects: false }) { + const res = await get(route, { method: 'head', followRedirects: opts.followRedirects }) + return res +} + +export function post(route, opts) { + return get(route, Object.assign({}, opts, { method: 'post' })) +} + +export async function getDOM( + route, + { headers, allow500s, allow404 } = { headers: undefined, allow500s: false, allow404: false } +) { + const res = await get(route, { followRedirects: true, headers }) + if (!allow500s && res.status >= 500) { + throw new Error(`Server error (${res.status}) on ${route}`) + } + if (!allow404 && res.status === 404) { + throw new Error(`Page not found on ${route}`) + } + const $ = cheerio.load(res.text || '', { xmlMode: true }) + $.res = Object.assign({}, res) + return $ +} + +// For use with the ?json query param +// e.g. await getJSON('/en?json=breadcrumbs') +export async function getJSON(route) { + const res = await get(route, { followRedirects: true }) + if (res.status >= 500) { + throw new Error(`Server error (${res.status}) on ${route}`) + } + if (res.status >= 400) { + console.warn(`${res.status} on ${route} and the response might not be JSON`) + } + return JSON.parse(res.text) +} diff --git a/tests/rendering/breadcrumbs.js b/tests/rendering/breadcrumbs.js index b85fee737a..02e68b711a 100644 --- a/tests/rendering/breadcrumbs.js +++ b/tests/rendering/breadcrumbs.js @@ -1,6 +1,7 @@ -import { getDOM, getJSON } from '../helpers/supertest.js' import { jest } from '@jest/globals' +import { getDOM, getJSON } from '../helpers/e2etest.js' + // TODO: Use `describeViaActionsOnly` instead. See tests/rendering/server.js const describeInternalOnly = process.env.GITHUB_REPOSITORY === 'github/docs-internal' ? describe : describe.skip diff --git a/tests/rendering/curated-homepage-links.js b/tests/rendering/curated-homepage-links.js index 56f5780529..ccbba75c04 100644 --- a/tests/rendering/curated-homepage-links.js +++ b/tests/rendering/curated-homepage-links.js @@ -1,4 +1,4 @@ -import { getDOM } from '../helpers/supertest.js' +import { getDOM } from '../helpers/e2etest.js' import { jest } from '@jest/globals' describe('curated homepage links', () => { diff --git a/tests/rendering/favicons.js b/tests/rendering/favicons.js index 07268dee16..0d54429da6 100644 --- a/tests/rendering/favicons.js +++ b/tests/rendering/favicons.js @@ -1,7 +1,7 @@ import { expect } from '@jest/globals' import { SURROGATE_ENUMS } from '../../middleware/set-fastly-surrogate-key.js' -import { get } from '../helpers/supertest.js' +import { get } from '../helpers/e2etest.js' describe('favicon assets', () => { it('should serve a valid and aggressively caching /favicon.ico', async () => { diff --git a/tests/rendering/footer.js b/tests/rendering/footer.js index ff06162b2c..d5171f4f0a 100644 --- a/tests/rendering/footer.js +++ b/tests/rendering/footer.js @@ -1,7 +1,8 @@ -import { getDOM } from '../helpers/supertest.js' -import nonEnterpriseDefaultVersion from '../../lib/non-enterprise-default-version.js' import { jest } from '@jest/globals' +import { getDOM } from '../helpers/e2etest.js' +import nonEnterpriseDefaultVersion from '../../lib/non-enterprise-default-version.js' + describe('footer', () => { jest.setTimeout(10 * 60 * 1000) diff --git a/tests/rendering/head.js b/tests/rendering/head.js index 8d3fdfd1b3..1a117d8c60 100644 --- a/tests/rendering/head.js +++ b/tests/rendering/head.js @@ -1,4 +1,4 @@ -import { getDOM } from '../helpers/supertest.js' +import { getDOM } from '../helpers/e2etest.js' import languages from '../../lib/languages.js' import { jest } from '@jest/globals' diff --git a/tests/rendering/header.js b/tests/rendering/header.js index 5c7ffbb5ff..78c223a31d 100644 --- a/tests/rendering/header.js +++ b/tests/rendering/header.js @@ -1,7 +1,8 @@ -import { getDOM } from '../helpers/supertest.js' -import { oldestSupported } from '../../lib/enterprise-server-releases.js' import { jest } from '@jest/globals' +import { getDOM } from '../helpers/e2etest.js' +import { oldestSupported } from '../../lib/enterprise-server-releases.js' + describe('header', () => { jest.setTimeout(5 * 60 * 1000) diff --git a/tests/rendering/learning-tracks.js b/tests/rendering/learning-tracks.js index 2f9f2ce872..42a9f50a34 100644 --- a/tests/rendering/learning-tracks.js +++ b/tests/rendering/learning-tracks.js @@ -1,6 +1,7 @@ -import { getDOM } from '../helpers/supertest.js' import { jest } from '@jest/globals' +import { getDOM } from '../helpers/e2etest.js' + jest.setTimeout(3 * 60 * 1000) describe('learning tracks', () => { diff --git a/tests/rendering/page-titles.js b/tests/rendering/page-titles.js index 8877130fa3..8126587dbe 100644 --- a/tests/rendering/page-titles.js +++ b/tests/rendering/page-titles.js @@ -1,7 +1,8 @@ -import enterpriseServerReleases from '../../lib/enterprise-server-releases.js' -import { getDOM } from '../helpers/supertest.js' import { jest } from '@jest/globals' +import enterpriseServerReleases from '../../lib/enterprise-server-releases.js' +import { getDOM } from '../helpers/e2etest.js' + describe('page titles', () => { jest.setTimeout(300 * 1000) diff --git a/tests/rendering/pages-with-learning-tracks.js b/tests/rendering/pages-with-learning-tracks.js index 17a7311804..fb122ba9fe 100644 --- a/tests/rendering/pages-with-learning-tracks.js +++ b/tests/rendering/pages-with-learning-tracks.js @@ -1,6 +1,6 @@ import { jest, expect } from '@jest/globals' -import { getDOM } from '../helpers/supertest.js' +import { getDOM } from '../helpers/e2etest.js' import { loadPages } from '../../lib/page-data.js' describe('process learning tracks', () => { diff --git a/tests/rendering/rest.js b/tests/rendering/rest.js index 25641c6a76..4a6481ae84 100644 --- a/tests/rendering/rest.js +++ b/tests/rendering/rest.js @@ -1,6 +1,7 @@ -import { getDOM } from '../helpers/supertest.js' -import getRest, { getEnabledForApps } from '../../lib/rest/index.js' import { jest } from '@jest/globals' + +import { getDOM } from '../helpers/e2etest.js' +import getRest, { getEnabledForApps } from '../../lib/rest/index.js' import { allVersions } from '../../lib/all-versions.js' describe('REST references docs', () => { diff --git a/tests/rendering/robots-txt.js b/tests/rendering/robots-txt.js index c6010bb3e8..b74a1df82e 100644 --- a/tests/rendering/robots-txt.js +++ b/tests/rendering/robots-txt.js @@ -1,6 +1,6 @@ import languages from '../../lib/languages.js' import robotsParser from 'robots-parser' -import { get } from '../helpers/supertest.js' +import { get } from '../helpers/e2etest.js' import { jest } from '@jest/globals' describe('robots.txt', () => { @@ -8,7 +8,11 @@ describe('robots.txt', () => { let res, robots beforeAll(async () => { - res = await get('/robots.txt') + res = await get('/robots.txt', { + headers: { + Host: 'docs.github.com', + }, + }) robots = robotsParser('https://docs.github.com/robots.txt', res.text) }) diff --git a/tests/rendering/server.js b/tests/rendering/server.js index a44efa0b29..c5aab37023 100644 --- a/tests/rendering/server.js +++ b/tests/rendering/server.js @@ -1,6 +1,6 @@ import lodash from 'lodash-es' import enterpriseServerReleases from '../../lib/enterprise-server-releases.js' -import { get, getDOM, head, post } from '../helpers/supertest.js' +import { get, getDOM, head, post } from '../helpers/e2etest.js' import { describeViaActionsOnly } from '../helpers/conditional-runs.js' import { loadPages } from '../../lib/page-data.js' import CspParse from 'csp-parse' @@ -30,7 +30,7 @@ describe('server', () => { const res = await head('/en') expect(res.statusCode).toBe(200) expect(res.headers).not.toHaveProperty('content-length') - expect(res.text).toBeUndefined() + expect(res.text).toBe('') }) test('renders the homepage', async () => { @@ -155,7 +155,11 @@ describe('server', () => { expect($.res.statusCode).toBe(404) }) - test('renders a 400 for invalid paths', async () => { + // When using `got()` to send full end-to-end URLs, you can't use + // URLs like in this test because got will + // throw `RequestError: URI malformed`. + // So for now, this test is skipped. + test.skip('renders a 400 for invalid paths', async () => { const $ = await getDOM('/en/%7B%') expect($.res.statusCode).toBe(400) }) @@ -184,7 +188,12 @@ describe('server', () => { }) test('returns a 400 when POST-ed invalid JSON', async () => { - const res = await post('/').send('not real JSON').set('Content-Type', 'application/json') + const res = await post('/', { + body: 'not real JSON', + headers: { + 'content-type': 'application/json', + }, + }) expect(res.statusCode).toBe(400) }) @@ -607,7 +616,11 @@ describe('server', () => { expect(hiddenPageHrefs.length).toBeGreaterThan(0) }) - test('are not listed at /early-access in production', async () => { + // Test skipped because this test file is no longer able to + // change the `NODE_ENV` between tests because it depends on + // HTTP and not raw supertest. + // Idea: Move this one test somewhere into tests/unit/ + test.skip('are not listed at /early-access in production', async () => { const oldNodeEnv = process.env.NODE_ENV process.env.NODE_ENV = 'production' const res = await get('/early-access', { followRedirects: true }) diff --git a/tests/rendering/sidebar.js b/tests/rendering/sidebar.js index a6dd54617e..d1ea7d7619 100644 --- a/tests/rendering/sidebar.js +++ b/tests/rendering/sidebar.js @@ -1,7 +1,8 @@ -import '../../lib/feature-flags.js' -import { getDOM } from '../helpers/supertest.js' import { jest } from '@jest/globals' +import '../../lib/feature-flags.js' +import { getDOM } from '../helpers/e2etest.js' + describe('sidebar', () => { jest.setTimeout(3 * 60 * 1000) diff --git a/tests/rendering/static-assets.js b/tests/rendering/static-assets.js index 285c54336a..915d9b9556 100644 --- a/tests/rendering/static-assets.js +++ b/tests/rendering/static-assets.js @@ -1,11 +1,10 @@ import fs from 'fs' import path from 'path' -import nock from 'nock' -import { expect, jest } from '@jest/globals' +import { expect } from '@jest/globals' -import { SURROGATE_ENUMS } from '../../middleware/set-fastly-surrogate-key.js' -import { get } from '../helpers/supertest.js' +import { get } from '../helpers/e2etest.js' +import { checkCachingHeaders } from '../helpers/caching-headers.js' function getNextStaticAsset(directory) { const root = path.join('.next', 'static', directory) @@ -14,19 +13,6 @@ function getNextStaticAsset(directory) { return path.join(root, files[0]) } -function checkCachingHeaders(res, defaultSurrogateKey = false, minMaxAge = 60 * 60) { - expect(res.headers['set-cookie']).toBeUndefined() - expect(res.headers['cache-control']).toContain('public') - const maxAgeSeconds = parseInt(res.header['cache-control'].match(/max-age=(\d+)/)[1], 10) - // Let's not be too specific in the tests, just as long as it's testing - // that it's a reasonably large number of seconds. - expect(maxAgeSeconds).toBeGreaterThanOrEqual(minMaxAge) - // Because it doesn't have have a unique URL - expect(res.headers['surrogate-key']).toBe( - defaultSurrogateKey ? SURROGATE_ENUMS.DEFAULT : SURROGATE_ENUMS.MANUAL - ) -} - describe('static assets', () => { it('should serve /assets/cb-* with optimal headers', async () => { const res = await get('/assets/cb-1234/images/site/logo.png') @@ -70,99 +56,3 @@ describe('static assets', () => { checkCachingHeaders(res, true, 60) }) }) - -describe('archived enterprise static assets', () => { - // Sometimes static assets are proxied. The URL for the static asset - // might not indicate it's based on archived enterprise version. - - jest.setTimeout(60 * 1000) - - beforeAll(async () => { - // The first page load takes a long time so let's get it out of the way in - // advance to call out that problem specifically rather than misleadingly - // attributing it to the first test - // await get('/') - - const sampleCSS = '/* nice CSS */' - - nock('https://github.github.com') - .get('/help-docs-archived-enterprise-versions/2.21/_next/static/foo.css') - .reply(200, sampleCSS, { - 'content-type': 'text/css', - 'content-length': sampleCSS.length, - }) - nock('https://github.github.com') - .get('/help-docs-archived-enterprise-versions/2.21/_next/static/only-on-proxy.css') - .reply(200, sampleCSS, { - 'content-type': 'text/css', - 'content-length': sampleCSS.length, - }) - nock('https://github.github.com') - .get('/help-docs-archived-enterprise-versions/2.3/_next/static/only-on-2.3.css') - .reply(200, sampleCSS, { - 'content-type': 'text/css', - 'content-length': sampleCSS.length, - }) - nock('https://github.github.com') - .get('/help-docs-archived-enterprise-versions/2.3/_next/static/fourofour.css') - .reply(404, 'Not found', { - 'content-type': 'text/plain', - }) - nock('https://github.github.com') - .get('/help-docs-archived-enterprise-versions/2.3/assets/images/site/logo.png') - .reply(404, 'Not found', { - 'content-type': 'text/plain', - }) - }) - - afterAll(() => nock.cleanAll()) - - it('should proxy if the static asset is prefixed', async () => { - const res = await get('/enterprise/2.21/_next/static/foo.css', { - headers: { - Referrer: '/enterprise/2.21', - }, - }) - expect(res.statusCode).toBe(200) - checkCachingHeaders(res, true, 60) - }) - it('should proxy if the Referrer header indicates so', async () => { - const res = await get('/_next/static/only-on-proxy.css', { - headers: { - Referrer: '/enterprise/2.21', - }, - }) - expect(res.statusCode).toBe(200) - checkCachingHeaders(res, true, 60) - }) - it('should proxy if the Referrer header indicates so', async () => { - const res = await get('/_next/static/only-on-2.3.css', { - headers: { - Referrer: '/en/enterprise-server@2.3/some/page', - }, - }) - expect(res.statusCode).toBe(200) - checkCachingHeaders(res, true, 60) - }) - it('might still 404 even with the right referrer', async () => { - const res = await get('/_next/static/fourofour.css', { - headers: { - Referrer: '/en/enterprise-server@2.3/some/page', - }, - }) - expect(res.statusCode).toBe(404) - checkCachingHeaders(res, true, 60) - }) - - it('404 on the proxy but actually present here', async () => { - const res = await get('/assets/images/site/logo.png', { - headers: { - Referrer: '/en/enterprise-server@2.3/some/page', - }, - }) - // It tried to go via the proxy, but it wasn't there, but then it - // tried "our disk" and it's eventually there. - expect(res.statusCode).toBe(200) - checkCachingHeaders(res, true, 60) - }) -}) diff --git a/tests/rendering/webhooks.js b/tests/rendering/webhooks.js index af6fff4a9e..e418adbc9f 100644 --- a/tests/rendering/webhooks.js +++ b/tests/rendering/webhooks.js @@ -1,5 +1,5 @@ import { jest } from '@jest/globals' -import { getDOM } from '../helpers/supertest.js' +import { getDOM } from '../helpers/e2etest.js' import { allVersions } from '../../lib/all-versions.js' describe('webhooks events and payloads', () => { diff --git a/tests/routing/deprecated-enterprise-versions.js b/tests/routing/deprecated-enterprise-versions.js index affcd7df28..c5389e10f7 100644 --- a/tests/routing/deprecated-enterprise-versions.js +++ b/tests/routing/deprecated-enterprise-versions.js @@ -1,16 +1,12 @@ -import supertest from 'supertest' import { describe, jest, test } from '@jest/globals' -import createApp from '../../lib/app.js' import enterpriseServerReleases from '../../lib/enterprise-server-releases.js' -import { get, getDOM } from '../helpers/supertest.js' +import { get, getDOM } from '../helpers/e2etest.js' import { SURROGATE_ENUMS } from '../../middleware/set-fastly-surrogate-key.js' import { PREFERRED_LOCALE_COOKIE_NAME } from '../../middleware/detect-language.js' jest.useFakeTimers('legacy') -const app = createApp() - describe('enterprise deprecation', () => { jest.setTimeout(60 * 1000) @@ -60,9 +56,9 @@ describe('enterprise deprecation', () => { test('sets the expected headers for deprecated Enterprise pages', async () => { const res = await get('/en/enterprise/2.13/user/articles/about-branches') expect(res.statusCode).toBe(200) - expect(res.get('x-robots-tag')).toBe('noindex') - expect(res.get('surrogate-key')).toBe(SURROGATE_ENUMS.MANUAL) - expect(res.get('set-cookie')).toBeUndefined() + expect(res.headers['x-robots-tag']).toBe('noindex') + expect(res.headers['surrogate-key']).toBe(SURROGATE_ENUMS.MANUAL) + expect(res.headers['set-cookie']).toBeUndefined() }) test('handles requests for deprecated Enterprise pages ( <2.13 )', async () => { @@ -209,91 +205,103 @@ describe('does not render survey prompt or contribution button', () => { describe('JS and CSS assets', () => { it('returns the expected CSS file > 2.18', async () => { - const result = await supertest(app) - .get('/enterprise/2.18/dist/index.css') - .set('Referrer', '/en/enterprise/2.18') - + const result = await get('/enterprise/2.18/dist/index.css', { + headers: { + Referrer: '/en/enterprise/2.18', + }, + }) expect(result.statusCode).toBe(200) - expect(result.get('x-is-archived')).toBe('true') - expect(result.get('Content-Type')).toBe('text/css; charset=utf-8') + expect(result.headers['x-is-archived']).toBe('true') + expect(result.headers['content-type']).toBe('text/css; charset=utf-8') }) it('returns the expected CSS file', async () => { - const result = await supertest(app) - .get('/stylesheets/index.css') - .set('Referrer', '/en/enterprise/2.13') - + const result = await get('/stylesheets/index.css', { + headers: { + Referrer: '/en/enterprise/2.13', + }, + }) expect(result.statusCode).toBe(200) - expect(result.get('x-is-archived')).toBe('true') - expect(result.get('Content-Type')).toBe('text/css; charset=utf-8') + expect(result.headers['x-is-archived']).toBe('true') + expect(result.headers['content-type']).toBe('text/css; charset=utf-8') }) it('returns the expected JS file > 2.18', async () => { - const result = await supertest(app) - .get('/enterprise/2.18/dist/index.js') - .set('Referrer', '/en/enterprise/2.18') - + const result = await get('/enterprise/2.18/dist/index.js', { + headers: { + Referrer: '/en/enterprise/2.18', + }, + }) expect(result.statusCode).toBe(200) - expect(result.get('x-is-archived')).toBe('true') - expect(result.get('Content-Type')).toBe('application/javascript; charset=utf-8') + expect(result.headers['x-is-archived']).toBe('true') + expect(result.headers['content-type']).toBe('application/javascript; charset=utf-8') }) it('returns the expected JS file', async () => { - const result = await supertest(app) - .get('/javascripts/index.js') - .set('Referrer', '/en/enterprise/2.13') - + const result = await get('/javascripts/index.js', { + headers: { + Referrer: '/en/enterprise/2.13', + }, + }) expect(result.statusCode).toBe(200) - expect(result.get('x-is-archived')).toBe('true') - expect(result.get('Content-Type')).toBe('application/javascript; charset=utf-8') + expect(result.headers['x-is-archived']).toBe('true') + expect(result.headers['content-type']).toBe('application/javascript; charset=utf-8') }) it('returns the expected image', async () => { - const result = await supertest(app) - .get('/assets/images/octicons/hamburger.svg') - .set('Referrer', '/en/enterprise/2.17') - + const result = await get('/assets/images/octicons/hamburger.svg', { + headers: { + Referrer: '/en/enterprise/2.17', + }, + }) expect(result.statusCode).toBe(200) - expect(result.get('x-is-archived')).toBe('true') - expect(result.get('Content-Type')).toBe('image/svg+xml; charset=utf-8') + expect(result.headers['x-is-archived']).toBe('true') + expect(result.headers['content-type']).toBe('image/svg+xml; charset=utf-8') }) it('returns the expected node_modules', async () => { - const result = await supertest(app) - .get('/node_modules/instantsearch.js/dist/instantsearch.production.min.js') - .set('Referrer', '/en/enterprise/2.17') - + const result = await get( + '/node_modules/instantsearch.js/dist/instantsearch.production.min.js', + { + headers: { + Referrer: '/en/enterprise/2.17', + }, + } + ) expect(result.statusCode).toBe(200) - expect(result.get('x-is-archived')).toBe('true') - expect(result.get('Content-Type')).toBe('application/javascript; charset=utf-8') + expect(result.headers['x-is-archived']).toBe('true') + expect(result.headers['content-type']).toBe('application/javascript; charset=utf-8') }) it('returns the expected favicon', async () => { - const result = await supertest(app) - .get('/assets/images/site/favicon.svg') - .set('Referrer', '/en/enterprise/2.18') - + const result = await get('/assets/images/site/favicon.svg', { + headers: { + Referrer: '/en/enterprise/2.18', + }, + }) expect(result.statusCode).toBe(200) - expect(result.get('x-is-archived')).toBe('true') - expect(result.get('Content-Type')).toBe('image/svg+xml; charset=utf-8') + expect(result.headers['x-is-archived']).toBe('true') + expect(result.headers['content-type']).toBe('image/svg+xml; charset=utf-8') }) it('returns the expected CSS file ( <2.13 )', async () => { - const result = await supertest(app) - .get('/assets/stylesheets/application.css') - .set('Referrer', '/en/enterprise/2.12') - + const result = await get('/assets/stylesheets/application.css', { + headers: { + Referrer: '/en/enterprise/2.12', + }, + }) expect(result.statusCode).toBe(200) - expect(result.get('x-is-archived')).toBe('true') - expect(result.get('Content-Type')).toBe('text/css; charset=utf-8') + expect(result.headers['x-is-archived']).toBe('true') + expect(result.headers['content-type']).toBe('text/css; charset=utf-8') }) it('ignores invalid paths', async () => { - const result = await supertest(app) - .get('/pizza/index.css') - .set('Referrer', '/en/enterprise/2.13') - + const result = await get('/pizza/index.css', { + headers: { + Referrer: '/en/enterprise/2.13', + }, + }) expect(result.statusCode).toBe(404) - expect(result.get('x-is-archived')).toBeUndefined() + expect(result.headers['x-is-archived']).toBeUndefined() }) }) diff --git a/tests/routing/developer-site-redirects.js b/tests/routing/developer-site-redirects.js index ecb97dbe23..1deca75652 100644 --- a/tests/routing/developer-site-redirects.js +++ b/tests/routing/developer-site-redirects.js @@ -1,7 +1,7 @@ import { jest } from '@jest/globals' import path from 'path' import enterpriseServerReleases from '../../lib/enterprise-server-releases.js' -import { get } from '../helpers/supertest.js' +import { get } from '../helpers/e2etest.js' import readJsonFile from '../../lib/read-json-file.js' jest.useFakeTimers('legacy') @@ -27,7 +27,7 @@ describe('developer redirects', () => { test('graphql enterprise homepage', async () => { const res = await get('/enterprise/v4', { followAllRedirects: true }) expect(res.statusCode).toBe(200) - const finalPath = new URL(res.request.url).pathname + const finalPath = new URL(res.url).pathname const expectedFinalPath = `/en/enterprise-server@${enterpriseServerReleases.latest}/graphql` expect(finalPath).toBe(expectedFinalPath) }) @@ -41,7 +41,7 @@ describe('developer redirects', () => { const enterpriseRes = await get(`/enterprise${oldPath}`, { followAllRedirects: true }) expect(enterpriseRes.statusCode).toBe(200) - const finalPath = new URL(enterpriseRes.request.url).pathname + const finalPath = new URL(enterpriseRes.url).pathname const expectedFinalPath = path.join( '/', `enterprise-server@${enterpriseServerReleases.latest}`, diff --git a/tests/routing/language-code-redirects.js b/tests/routing/language-code-redirects.js index 492bb61370..585d2f3701 100644 --- a/tests/routing/language-code-redirects.js +++ b/tests/routing/language-code-redirects.js @@ -1,28 +1,27 @@ -import { get } from '../helpers/supertest.js' import { jest } from '@jest/globals' +import { get } from '../helpers/e2etest.js' + describe('language code redirects', () => { jest.setTimeout(5 * 60 * 1000) test('redirects accidental /jp* requests to /ja*', async () => { - let $ - $ = await get('/jp', { dom: false }) - expect($.res.statusCode).toBe(301) - expect($.res.headers.location).toBe('/ja') + let res = await get('/jp') + expect(res.statusCode).toBe(301) + expect(res.headers.location).toBe('/ja') - $ = await get('/jp/articles/about-your-personal-dashboard', { dom: false }) - expect($.res.statusCode).toBe(301) - expect($.res.headers.location).toBe('/ja/articles/about-your-personal-dashboard') + res = await get('/jp/articles/about-your-personal-dashboard') + expect(res.statusCode).toBe(301) + expect(res.headers.location).toBe('/ja/articles/about-your-personal-dashboard') }) test('redirects accidental /zh-CN* requests to /cn*', async () => { - let $ - $ = await get('/zh-CN', { dom: false }) - expect($.res.statusCode).toBe(301) - expect($.res.headers.location).toBe('/cn') + let res = await get('/zh-CN') + expect(res.statusCode).toBe(301) + expect(res.headers.location).toBe('/cn') - $ = await get('/zh-TW/articles/about-your-personal-dashboard', { dom: false }) - expect($.res.statusCode).toBe(301) - expect($.res.headers.location).toBe('/cn/articles/about-your-personal-dashboard') + res = await get('/zh-TW/articles/about-your-personal-dashboard') + expect(res.statusCode).toBe(301) + expect(res.headers.location).toBe('/cn/articles/about-your-personal-dashboard') }) }) diff --git a/tests/routing/redirects.js b/tests/routing/redirects.js index 46ecd5c671..23f4ed7661 100644 --- a/tests/routing/redirects.js +++ b/tests/routing/redirects.js @@ -1,13 +1,11 @@ import { fileURLToPath } from 'url' import path from 'path' import { isPlainObject } from 'lodash-es' -import supertest from 'supertest' import { jest } from '@jest/globals' -import createApp from '../../lib/app.js' import enterpriseServerReleases from '../../lib/enterprise-server-releases.js' import Page from '../../lib/page.js' -import { get } from '../helpers/supertest.js' +import { get, head } from '../helpers/e2etest.js' import versionSatisfiesRange from '../../lib/version-satisfies-range.js' import { PREFERRED_LOCALE_COOKIE_NAME } from '../../middleware/detect-language.js' @@ -114,7 +112,7 @@ describe('redirects', () => { }) test('are redirected for HEAD requests (not just GET requests)', async () => { - const res = await supertest(createApp()).head('/articles/closing-issues-via-commit-messages/') + const res = await head('/articles/closing-issues-via-commit-messages/') expect(res.statusCode).toBe(301) expect(res.headers.location).toBe('/articles/closing-issues-via-commit-messages') }) @@ -179,14 +177,14 @@ describe('redirects', () => { '/desktop/contributing-and-collaborating-using-github-desktop/working-with-your-remote-repository-on-github-or-github-enterprise/changing-a-remotes-url-from-github-desktop' test('redirect_from for renamed pages', async () => { - const { res } = await get(`/ja${redirectFrom}`) + const res = await get(`/ja${redirectFrom}`) expect(res.statusCode).toBe(301) const expected = `/ja${redirectTo}` expect(res.headers.location).toBe(expected) }) test('redirect_from for renamed pages by Accept-Language header', async () => { - const { res } = await get(redirectFrom, { + const res = await get(redirectFrom, { headers: { 'Accept-Language': 'ja', }, @@ -198,7 +196,7 @@ describe('redirects', () => { }) test('redirect_from for renamed pages but ignore Accept-Language header if not recognized', async () => { - const { res } = await get(redirectFrom, { + const res = await get(redirectFrom, { headers: { // None of these are recognized 'Accept-Language': 'sv,fr,gr', @@ -211,7 +209,7 @@ describe('redirects', () => { }) test('redirect_from for renamed pages but ignore unrecognized Accept-Language header values', async () => { - const { res } = await get(redirectFrom, { + const res = await get(redirectFrom, { headers: { // Only the last one is recognized 'Accept-Language': 'sv,ja', @@ -224,7 +222,7 @@ describe('redirects', () => { }) test('will inject the preferred language from cookie', async () => { - const { res } = await get(redirectFrom, { + const res = await get(redirectFrom, { headers: { Cookie: `${PREFERRED_LOCALE_COOKIE_NAME}=ja`, 'Accept-Language': 'es', // note how this is going to be ignored diff --git a/tests/routing/release-notes.js b/tests/routing/release-notes.js index 39e26b9dda..18598d81e8 100644 --- a/tests/routing/release-notes.js +++ b/tests/routing/release-notes.js @@ -1,7 +1,7 @@ import { jest } from '@jest/globals' import nock from 'nock' -import { get, getDOM } from '../helpers/supertest.js' +import { get, getDOM } from '../helpers/e2etest.js' import enterpriseServerReleases from '../../lib/enterprise-server-releases.js' jest.useFakeTimers('legacy') diff --git a/tests/routing/remote-ip.js b/tests/routing/remote-ip.js index 2a2878e3f0..79a964ba3a 100644 --- a/tests/routing/remote-ip.js +++ b/tests/routing/remote-ip.js @@ -1,4 +1,4 @@ -import { get } from '../helpers/supertest.js' +import { get } from '../helpers/e2etest.js' import { expect, jest } from '@jest/globals' describe('remote ip debugging', () => { diff --git a/tests/routing/top-developer-site-path-redirects.js b/tests/routing/top-developer-site-path-redirects.js index 2f971acf1b..8a09d15f94 100644 --- a/tests/routing/top-developer-site-path-redirects.js +++ b/tests/routing/top-developer-site-path-redirects.js @@ -1,6 +1,7 @@ -import { head } from '../helpers/supertest.js' import { jest } from '@jest/globals' +import { head } from '../helpers/e2etest.js' + jest.useFakeTimers('legacy') describe('developer.github.com redirects', () => { diff --git a/tests/rendering/events.js b/tests/unit/events.js similarity index 100% rename from tests/rendering/events.js rename to tests/unit/events.js diff --git a/tests/rendering/octicon.js b/tests/unit/octicon.js similarity index 100% rename from tests/rendering/octicon.js rename to tests/unit/octicon.js diff --git a/tests/unit/static-assets.js b/tests/unit/static-assets.js new file mode 100644 index 0000000000..a138d0429f --- /dev/null +++ b/tests/unit/static-assets.js @@ -0,0 +1,101 @@ +import nock from 'nock' +import { expect, jest } from '@jest/globals' + +import { get } from '../helpers/supertest.js' +import { checkCachingHeaders } from '../helpers/caching-headers.js' + +describe('archived enterprise static assets', () => { + // Sometimes static assets are proxied. The URL for the static asset + // might not indicate it's based on archived enterprise version. + + jest.setTimeout(60 * 1000) + + beforeAll(async () => { + // The first page load takes a long time so let's get it out of the way in + // advance to call out that problem specifically rather than misleadingly + // attributing it to the first test + // await get('/') + + const sampleCSS = '/* nice CSS */' + + nock('https://github.github.com') + .get('/help-docs-archived-enterprise-versions/2.21/_next/static/foo.css') + .reply(200, sampleCSS, { + 'content-type': 'text/css', + 'content-length': sampleCSS.length, + }) + nock('https://github.github.com') + .get('/help-docs-archived-enterprise-versions/2.21/_next/static/only-on-proxy.css') + .reply(200, sampleCSS, { + 'content-type': 'text/css', + 'content-length': sampleCSS.length, + }) + nock('https://github.github.com') + .get('/help-docs-archived-enterprise-versions/2.3/_next/static/only-on-2.3.css') + .reply(200, sampleCSS, { + 'content-type': 'text/css', + 'content-length': sampleCSS.length, + }) + nock('https://github.github.com') + .get('/help-docs-archived-enterprise-versions/2.3/_next/static/fourofour.css') + .reply(404, 'Not found', { + 'content-type': 'text/plain', + }) + nock('https://github.github.com') + .get('/help-docs-archived-enterprise-versions/2.3/assets/images/site/logo.png') + .reply(404, 'Not found', { + 'content-type': 'text/plain', + }) + }) + + afterAll(() => nock.cleanAll()) + + it('should proxy if the static asset is prefixed', async () => { + const res = await get('/enterprise/2.21/_next/static/foo.css', { + headers: { + Referrer: '/enterprise/2.21', + }, + }) + expect(res.statusCode).toBe(200) + checkCachingHeaders(res, true, 60) + }) + it('should proxy if the Referrer header indicates so', async () => { + const res = await get('/_next/static/only-on-proxy.css', { + headers: { + Referrer: '/enterprise/2.21', + }, + }) + expect(res.statusCode).toBe(200) + checkCachingHeaders(res, true, 60) + }) + it('should proxy if the Referrer header indicates so', async () => { + const res = await get('/_next/static/only-on-2.3.css', { + headers: { + Referrer: '/en/enterprise-server@2.3/some/page', + }, + }) + expect(res.statusCode).toBe(200) + checkCachingHeaders(res, true, 60) + }) + it('might still 404 even with the right referrer', async () => { + const res = await get('/_next/static/fourofour.css', { + headers: { + Referrer: '/en/enterprise-server@2.3/some/page', + }, + }) + expect(res.statusCode).toBe(404) + checkCachingHeaders(res, true, 60) + }) + + it('404 on the proxy but actually present here', async () => { + const res = await get('/assets/images/site/logo.png', { + headers: { + Referrer: '/en/enterprise-server@2.3/some/page', + }, + }) + // It tried to go via the proxy, but it wasn't there, but then it + // tried "our disk" and it's eventually there. + expect(res.statusCode).toBe(200) + checkCachingHeaders(res, true, 60) + }) +}) From 3f8ba081027f6c50196bbe994c820ef3a9947386 Mon Sep 17 00:00:00 2001 From: docubot <67483024+docubot@users.noreply.github.com> Date: Fri, 18 Mar 2022 14:36:16 -0700 Subject: [PATCH 30/52] New translation batch for cn (#26327) * Add crowdin translations * Run script/i18n/homogenize-frontmatter.js * Run script/i18n/lint-translation-files.js --check parsing * run script/i18n/reset-files-with-broken-liquid-tags.js --language=cn * run script/i18n/reset-known-broken-translation-files.js * Check in cn CSV report Co-authored-by: Robert Sese --- translations/log/cn-resets.csv | 20 +-- .../configuring-notifications.md | 2 +- .../managing-notifications-from-your-inbox.md | 4 +- ...analysis-settings-for-your-user-account.md | 2 +- ...on-levels-for-a-user-account-repository.md | 2 +- .../security-guides/encrypted-secrets.md | 4 + .../workflow-syntax-for-github-actions.md | 25 +++ ...ub-advanced-security-in-your-enterprise.md | 2 +- ...enabling-dependabot-for-your-enterprise.md | 4 +- ...orcing-team-policies-in-your-enterprise.md | 14 +- ...-a-users-saml-access-to-your-enterprise.md | 2 +- .../viewing-people-in-your-enterprise.md | 8 +- .../managing-global-webhooks.md | 20 +-- .../about-code-scanning-alerts.md | 8 + ...ode-scanning-alerts-for-your-repository.md | 26 ++- ...nning-alerts-in-issues-using-task-lists.md | 11 +- ...g-code-scanning-alerts-in-pull-requests.md | 9 +- .../about-dependabot-alerts.md} | 7 +- ...ilities-in-the-github-advisory-database.md | 5 +- ...ng-notifications-for-dependabot-alerts.md} | 7 +- ...isories-in-the-github-advisory-database.md | 1 + .../dependabot/dependabot-alerts/index.md | 24 +++ ...viewing-and-updating-dependabot-alerts.md} | 9 +- .../about-dependabot-security-updates.md | 3 +- ...configuring-dependabot-security-updates.md | 3 +- .../dependabot-security-updates/index.md | 20 +++ .../about-dependabot-version-updates.md | 5 +- ...on-options-for-the-dependabot.yml-file.md} | 12 +- ...configuring-dependabot-version-updates.md} | 9 +- .../customizing-dependency-updates.md | 5 +- .../dependabot-version-updates/index.md | 26 +++ ...ndencies-configured-for-version-updates.md | 3 +- .../content/code-security/dependabot/index.md | 23 +++ ...tomating-dependabot-with-github-actions.md | 2 + .../working-with-dependabot/index.md | 24 +++ ...your-actions-up-to-date-with-dependabot.md | 5 +- ...naging-encrypted-secrets-for-dependabot.md | 3 +- ...ng-pull-requests-for-dependency-updates.md | 5 +- .../troubleshooting-dependabot-errors.md | 129 +++++++++++++++ ...he-detection-of-vulnerable-dependencies.md | 67 ++------ .../github-security-features.md | 4 +- .../securing-your-organization.md | 6 +- .../securing-your-repository.md | 6 +- .../zh-CN/content/code-security/guides.md | 1 - .../zh-CN/content/code-security/index.md | 1 + .../about-the-security-overview.md | 16 +- .../supply-chain-security/index.md | 2 - .../index.md | 29 ---- .../about-managing-vulnerable-dependencies.md | 46 ------ .../index.md | 36 ---- .../troubleshooting-dependabot-errors.md | 127 -------------- .../about-dependency-review.md | 2 +- .../about-supply-chain-security.md | 156 ++++++++++++++++++ .../about-the-dependency-graph.md | 4 +- ...loring-the-dependencies-of-a-repository.md | 9 +- .../index.md | 10 +- .../troubleshooting-the-dependency-graph.md | 62 +++++++ ...ating-a-github-app-using-url-parameters.md | 38 ++--- .../creating-a-github-app.md | 2 +- ...g-and-authorizing-users-for-github-apps.md | 2 +- .../authorizing-oauth-apps.md | 6 +- .../creating-an-oauth-app.md | 2 +- .../modifying-a-github-app.md | 2 +- .../webhooks/webhook-events-and-payloads.md | 2 +- .../about-githubs-use-of-your-data.md | 4 +- ...se-settings-for-your-private-repository.md | 4 +- .../get-started/quickstart/hello-world.md | 38 ++--- ...-up-a-trial-of-github-enterprise-server.md | 2 +- .../creating-and-highlighting-code-blocks.md | 3 +- .../creating-diagrams.md | 127 +++++++++++++- ...analysis-settings-for-your-organization.md | 7 +- ...ing-the-audit-log-for-your-organization.md | 64 +++---- .../working-with-the-rubygems-registry.md | 2 +- .../zh-CN/content/pages/quickstart.md | 30 ++-- ...r-github-pages-site-locally-with-jekyll.md | 6 + .../searching-a-repositorys-releases.md | 30 ++-- ...anding-connections-between-repositories.md | 2 +- .../working-with-non-code-files.md | 57 ++++++- .../content/rest/reference/deploy_keys.md | 17 ++ .../content/rest/reference/deployments.md | 2 +- .../zh-CN/content/rest/reference/index.md | 1 + translations/zh-CN/data/features/mermaid.yml | 6 +- .../data/learning-tracks/code-security.yml | 38 ++--- .../code-security/code-examples.yml | 2 +- .../code-scanning/alert-default-branch.md | 1 + .../filter-non-default-branches.md | 1 + .../dependabot/private-dependencies-note.md | 2 +- .../dependabot/result-discrepancy.md | 1 + .../github-reviews-security-advisories.md | 2 +- .../security-alert-delivery-options.md | 2 +- .../keys.md => deploy_keys/deploy_keys.md} | 2 - ...pository_vulnerability_alert_short_desc.md | 2 +- 92 files changed, 1035 insertions(+), 551 deletions(-) rename translations/zh-CN/content/code-security/{supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-alerts-for-vulnerable-dependencies.md => dependabot/dependabot-alerts/about-dependabot-alerts.md} (94%) rename translations/zh-CN/content/code-security/{supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies => dependabot/dependabot-alerts}/browsing-security-vulnerabilities-in-the-github-advisory-database.md (95%) rename translations/zh-CN/content/code-security/{supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/configuring-notifications-for-vulnerable-dependencies.md => dependabot/dependabot-alerts/configuring-notifications-for-dependabot-alerts.md} (90%) rename translations/zh-CN/content/code-security/{supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies => dependabot/dependabot-alerts}/editing-security-advisories-in-the-github-advisory-database.md (94%) create mode 100644 translations/zh-CN/content/code-security/dependabot/dependabot-alerts/index.md rename translations/zh-CN/content/code-security/{supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/viewing-and-updating-vulnerable-dependencies-in-your-repository.md => dependabot/dependabot-alerts/viewing-and-updating-dependabot-alerts.md} (94%) rename translations/zh-CN/content/code-security/{supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies => dependabot/dependabot-security-updates}/about-dependabot-security-updates.md (92%) rename translations/zh-CN/content/code-security/{supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies => dependabot/dependabot-security-updates}/configuring-dependabot-security-updates.md (95%) create mode 100644 translations/zh-CN/content/code-security/dependabot/dependabot-security-updates/index.md rename translations/zh-CN/content/code-security/{supply-chain-security/keeping-your-dependencies-updated-automatically => dependabot/dependabot-version-updates}/about-dependabot-version-updates.md (87%) rename translations/zh-CN/content/code-security/{supply-chain-security/keeping-your-dependencies-updated-automatically/configuration-options-for-dependency-updates.md => dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file.md} (96%) rename translations/zh-CN/content/code-security/{supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-dependabot-version-updates.md => dependabot/dependabot-version-updates/configuring-dependabot-version-updates.md} (91%) rename translations/zh-CN/content/code-security/{supply-chain-security/keeping-your-dependencies-updated-automatically => dependabot/dependabot-version-updates}/customizing-dependency-updates.md (91%) create mode 100644 translations/zh-CN/content/code-security/dependabot/dependabot-version-updates/index.md rename translations/zh-CN/content/code-security/{supply-chain-security/keeping-your-dependencies-updated-automatically => dependabot/dependabot-version-updates}/listing-dependencies-configured-for-version-updates.md (83%) create mode 100644 translations/zh-CN/content/code-security/dependabot/index.md rename translations/zh-CN/content/code-security/{supply-chain-security/keeping-your-dependencies-updated-automatically => dependabot/working-with-dependabot}/automating-dependabot-with-github-actions.md (99%) create mode 100644 translations/zh-CN/content/code-security/dependabot/working-with-dependabot/index.md rename translations/zh-CN/content/code-security/{supply-chain-security/keeping-your-dependencies-updated-automatically => dependabot/working-with-dependabot}/keeping-your-actions-up-to-date-with-dependabot.md (88%) rename translations/zh-CN/content/code-security/{supply-chain-security/keeping-your-dependencies-updated-automatically => dependabot/working-with-dependabot}/managing-encrypted-secrets-for-dependabot.md (93%) rename translations/zh-CN/content/code-security/{supply-chain-security/keeping-your-dependencies-updated-automatically => dependabot/working-with-dependabot}/managing-pull-requests-for-dependency-updates.md (91%) create mode 100644 translations/zh-CN/content/code-security/dependabot/working-with-dependabot/troubleshooting-dependabot-errors.md rename translations/zh-CN/content/code-security/{supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies => dependabot/working-with-dependabot}/troubleshooting-the-detection-of-vulnerable-dependencies.md (70%) delete mode 100644 translations/zh-CN/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/index.md delete mode 100644 translations/zh-CN/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-managing-vulnerable-dependencies.md delete mode 100644 translations/zh-CN/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/index.md delete mode 100644 translations/zh-CN/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/troubleshooting-dependabot-errors.md create mode 100644 translations/zh-CN/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-supply-chain-security.md create mode 100644 translations/zh-CN/content/code-security/supply-chain-security/understanding-your-software-supply-chain/troubleshooting-the-dependency-graph.md create mode 100644 translations/zh-CN/content/rest/reference/deploy_keys.md create mode 100644 translations/zh-CN/data/reusables/code-scanning/alert-default-branch.md create mode 100644 translations/zh-CN/data/reusables/code-scanning/filter-non-default-branches.md create mode 100644 translations/zh-CN/data/reusables/dependabot/result-discrepancy.md rename translations/zh-CN/data/reusables/rest-reference/{deployments/keys.md => deploy_keys/deploy_keys.md} (94%) diff --git a/translations/log/cn-resets.csv b/translations/log/cn-resets.csv index f00f9341da..1e79aca6e7 100644 --- a/translations/log/cn-resets.csv +++ b/translations/log/cn-resets.csv @@ -118,22 +118,20 @@ translations/zh-CN/content/code-security/code-scanning/using-codeql-code-scannin translations/zh-CN/content/code-security/code-scanning/using-codeql-code-scanning-with-your-existing-ci-system/configuring-codeql-cli-in-your-ci-system.md,broken liquid tags translations/zh-CN/content/code-security/code-scanning/using-codeql-code-scanning-with-your-existing-ci-system/installing-codeql-cli-in-your-ci-system.md,broken liquid tags translations/zh-CN/content/code-security/code-scanning/using-codeql-code-scanning-with-your-existing-ci-system/running-codeql-runner-in-your-ci-system.md,broken liquid tags +translations/zh-CN/content/code-security/dependabot/dependabot-alerts/about-dependabot-alerts.md,parsing error +translations/zh-CN/content/code-security/dependabot/dependabot-alerts/browsing-security-vulnerabilities-in-the-github-advisory-database.md,broken liquid tags +translations/zh-CN/content/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates.md,broken liquid tags +translations/zh-CN/content/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates.md,broken liquid tags +translations/zh-CN/content/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions.md,broken liquid tags +translations/zh-CN/content/code-security/dependabot/working-with-dependabot/keeping-your-actions-up-to-date-with-dependabot.md,broken liquid tags +translations/zh-CN/content/code-security/dependabot/working-with-dependabot/troubleshooting-the-detection-of-vulnerable-dependencies.md,broken liquid tags translations/zh-CN/content/code-security/getting-started/github-security-features.md,broken liquid tags translations/zh-CN/content/code-security/getting-started/securing-your-organization.md,broken liquid tags translations/zh-CN/content/code-security/getting-started/securing-your-repository.md,broken liquid tags translations/zh-CN/content/code-security/secret-scanning/about-secret-scanning.md,broken liquid tags -translations/zh-CN/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/automating-dependabot-with-github-actions.md,broken liquid tags -translations/zh-CN/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/keeping-your-actions-up-to-date-with-dependabot.md,broken liquid tags -translations/zh-CN/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-alerts-for-vulnerable-dependencies.md,Listed in localization-support#489 -translations/zh-CN/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-alerts-for-vulnerable-dependencies.md,parsing error -translations/zh-CN/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-dependabot-security-updates.md,broken liquid tags -translations/zh-CN/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/browsing-security-vulnerabilities-in-the-github-advisory-database.md,broken liquid tags -translations/zh-CN/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/configuring-dependabot-security-updates.md,broken liquid tags -translations/zh-CN/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/index.md,broken liquid tags -translations/zh-CN/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/troubleshooting-dependabot-errors.md,Listed in localization-support#489 -translations/zh-CN/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/troubleshooting-dependabot-errors.md,rendering error -translations/zh-CN/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/troubleshooting-the-detection-of-vulnerable-dependencies.md,broken liquid tags +translations/zh-CN/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-supply-chain-security.md,broken liquid tags translations/zh-CN/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph.md,Listed in localization-support#489 +translations/zh-CN/content/code-security/supply-chain-security/understanding-your-software-supply-chain/troubleshooting-the-dependency-graph.md,broken liquid tags translations/zh-CN/content/codespaces/customizing-your-codespace/personalizing-codespaces-for-your-account.md,broken liquid tags translations/zh-CN/content/codespaces/developing-in-codespaces/developing-in-a-codespace.md,broken liquid tags translations/zh-CN/content/codespaces/developing-in-codespaces/forwarding-ports-in-your-codespace.md,broken liquid tags diff --git a/translations/zh-CN/content/account-and-profile/managing-subscriptions-and-notifications-on-github/setting-up-notifications/configuring-notifications.md b/translations/zh-CN/content/account-and-profile/managing-subscriptions-and-notifications-on-github/setting-up-notifications/configuring-notifications.md index 286b7b089f..066ef4eb97 100644 --- a/translations/zh-CN/content/account-and-profile/managing-subscriptions-and-notifications-on-github/setting-up-notifications/configuring-notifications.md +++ b/translations/zh-CN/content/account-and-profile/managing-subscriptions-and-notifications-on-github/setting-up-notifications/configuring-notifications.md @@ -134,7 +134,7 @@ Email notifications from {% data variables.product.product_location %} contain t | `To` field | This field connects directly to the thread.{% ifversion not ghae %} If you reply to the email, you'll add a new comment to the conversation.{% endif %} | | `Cc` address | {% data variables.product.product_name %} will `Cc` you if you're subscribed to a conversation. The second `Cc` email address matches the notification reason. The suffix for these notification reasons is {% data variables.notifications.cc_address %}. The possible notification reasons are:
  • `assign`: You were assigned to an issue or pull request.
  • `author`: You created an issue or pull request.
  • `ci_activity`: A {% data variables.product.prodname_actions %} workflow run that you triggered was completed.
  • `comment`: You commented on an issue or pull request.
  • `manual`: There was an update to an issue or pull request you manually subscribed to.
  • `mention`: You were mentioned on an issue or pull request.
  • `push`: Someone committed to a pull request you're subscribed to.
  • `review_requested`: You or a team you're a member of was requested to review a pull request.
    • {% ifversion fpt or ghes or ghae-issue-4864 or ghec %}
  • `security_alert`: {% data variables.product.prodname_dotcom %} detected a vulnerability in a repository you receive alerts for.
    • {% endif %}
  • `state_change`: An issue or pull request you're subscribed to was either closed or opened.
  • `subscribed`: There was an update in a repository you're watching.
  • `team_mention`: A team you belong to was mentioned on an issue or pull request.
  • `your_activity`: You opened, commented on, or closed an issue or pull request.
| | `mailing list` field | This field identifies the name of the repository and its owner. The format of this address is always `..{% data variables.command_line.backticks %}`. |{% ifversion fpt or ghes or ghae-issue-4864 or ghec %} -| `X-GitHub-Severity` field | {% data reusables.repositories.security-alerts-x-github-severity %} The possible severity levels are:
  • `low`
  • `moderate`
  • `high`
  • `critical`
For more information, see "[About alerts for vulnerable dependencies](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)." |{% endif %} +| `X-GitHub-Severity` field | {% data reusables.repositories.security-alerts-x-github-severity %} The possible severity levels are:
  • `low`
  • `moderate`
  • `high`
  • `critical`
For more information, see "[About {% data variables.product.prodname_dependabot_alerts %}](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)." |{% endif %} ## Choosing your notification settings diff --git a/translations/zh-CN/content/account-and-profile/managing-subscriptions-and-notifications-on-github/viewing-and-triaging-notifications/managing-notifications-from-your-inbox.md b/translations/zh-CN/content/account-and-profile/managing-subscriptions-and-notifications-on-github/viewing-and-triaging-notifications/managing-notifications-from-your-inbox.md index f3324c4381..0ed1b08711 100644 --- a/translations/zh-CN/content/account-and-profile/managing-subscriptions-and-notifications-on-github/viewing-and-triaging-notifications/managing-notifications-from-your-inbox.md +++ b/translations/zh-CN/content/account-and-profile/managing-subscriptions-and-notifications-on-github/viewing-and-triaging-notifications/managing-notifications-from-your-inbox.md @@ -174,7 +174,7 @@ shortTitle: 从收件箱管理 - `reason:security_alert`,显示 {% data variables.product.prodname_dependabot_alerts %} 的通知和安全更新拉取请求。 - `author:app/dependabot`,显示 {% data variables.product.prodname_dependabot %} 生成的通知。 这包括 {% data variables.product.prodname_dependabot_alerts %}、安全更新拉取请求和版本更新拉取请求。 -有关 {% data variables.product.prodname_dependabot %} 的更多信息,请参阅“[关于管理有漏洞的依赖项](/github/managing-security-vulnerabilities/about-managing-vulnerable-dependencies)”。 +有关 {% data variables.product.prodname_dependabot %} 的更多信息,请参阅“[关于 {% data variables.product.prodname_dependabot_alerts %}](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)”。 {% endif %} {% ifversion ghes < 3.3 or ghae-issue-4864 %} @@ -183,7 +183,7 @@ shortTitle: 从收件箱管理 - `is:repository_vulnerability_alert` - `reason:security_alert` -有关 {% data variables.product.prodname_dependabot %} 的更多信息,请参阅“[关于有漏洞依赖项的警报](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)”。 +有关 {% data variables.product.prodname_dependabot %} 的更多信息,请参阅“[关于 {% data variables.product.prodname_dependabot_alerts %}](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)”。 {% endif %} {% endif %} diff --git a/translations/zh-CN/content/account-and-profile/setting-up-and-managing-your-github-user-account/managing-user-account-settings/managing-security-and-analysis-settings-for-your-user-account.md b/translations/zh-CN/content/account-and-profile/setting-up-and-managing-your-github-user-account/managing-user-account-settings/managing-security-and-analysis-settings-for-your-user-account.md index 5d837f51da..19419b8e5c 100644 --- a/translations/zh-CN/content/account-and-profile/setting-up-and-managing-your-github-user-account/managing-user-account-settings/managing-security-and-analysis-settings-for-your-user-account.md +++ b/translations/zh-CN/content/account-and-profile/setting-up-and-managing-your-github-user-account/managing-user-account-settings/managing-security-and-analysis-settings-for-your-user-account.md @@ -50,5 +50,5 @@ shortTitle: 管理安全和分析 ## 延伸阅读 - “[关于依赖关系图](/github/visualizing-repository-data-with-graphs/about-the-dependency-graph)” -- "[管理项目依赖项中的漏洞](/github/managing-security-vulnerabilities/managing-vulnerabilities-in-your-projects-dependencies)" +- "[About {% data variables.product.prodname_dependabot_alerts %}](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)" - "[自动更新依赖项](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically)" diff --git a/translations/zh-CN/content/account-and-profile/setting-up-and-managing-your-github-user-account/managing-user-account-settings/permission-levels-for-a-user-account-repository.md b/translations/zh-CN/content/account-and-profile/setting-up-and-managing-your-github-user-account/managing-user-account-settings/permission-levels-for-a-user-account-repository.md index 2aab6abb35..d6b0243b88 100644 --- a/translations/zh-CN/content/account-and-profile/setting-up-and-managing-your-github-user-account/managing-user-account-settings/permission-levels-for-a-user-account-repository.md +++ b/translations/zh-CN/content/account-and-profile/setting-up-and-managing-your-github-user-account/managing-user-account-settings/permission-levels-for-a-user-account-repository.md @@ -49,7 +49,7 @@ shortTitle: 权限用户仓库 | 自定义仓库的社交媒体预览 | "[自定义仓库的社交媒体预览](/github/administering-a-repository/customizing-your-repositorys-social-media-preview)" | | 从仓库创建模板 | "[创建模板仓库](/github/creating-cloning-and-archiving-repositories/creating-a-template-repository)" |{% ifversion fpt or ghes or ghae-issue-4864 or ghec %} | 控制对易受攻击依赖项的 {% data variables.product.prodname_dependabot_alerts %} 访问 | "[管理仓库的安全和分析设置](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#granting-access-to-security-alerts)" |{% endif %}{% ifversion fpt or ghec %} -| 忽略仓库中的 {% data variables.product.prodname_dependabot_alerts %} | "[查看和更新仓库中的漏洞依赖项](/github/managing-security-vulnerabilities/viewing-and-updating-vulnerable-dependencies-in-your-repository)" | +| 忽略仓库中的 {% data variables.product.prodname_dependabot_alerts %} | "[Viewing {% data variables.product.prodname_dependabot_alerts %} for vulnerable dependencies](/github/managing-security-vulnerabilities/viewing-and-updating-vulnerable-dependencies-in-your-repository)" | | 管理私有仓库的数据使用 | “[管理私有仓库的数据使用设置](/get-started/privacy-on-github/managing-data-use-settings-for-your-private-repository)” {% endif %} | 定义仓库的代码所有者 | "[关于代码所有者](/github/creating-cloning-and-archiving-repositories/about-code-owners)" | diff --git a/translations/zh-CN/content/actions/security-guides/encrypted-secrets.md b/translations/zh-CN/content/actions/security-guides/encrypted-secrets.md index 0af52dae70..68eaff9bfe 100644 --- a/translations/zh-CN/content/actions/security-guides/encrypted-secrets.md +++ b/translations/zh-CN/content/actions/security-guides/encrypted-secrets.md @@ -226,6 +226,10 @@ steps: ``` {% endraw %} +Secrets cannot be directly referenced in `if:` conditionals. Instead, consider setting secrets as job-level environment variables, then referencing the environment variables to conditionally run steps in the job. For more information, see "[Context availability](/actions/learn-github-actions/contexts#context-availability)" and [`jobs..steps[*].if`](/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsif). + +If a secret has not been set, the return value of an expression referencing the secret (such as {% raw %}`${{ secrets.SuperSecret }}`{% endraw %} in the example) will be an empty string. + 尽可能避免使用命令行在进程之间传递密码。 命令行进程可能对其他用户可见(使用 `ps` 命令)或通过[安全审计事件](https://docs.microsoft.com/windows-server/identity/ad-ds/manage/component-updates/command-line-process-auditing)获取。 为帮助保护密码,请考虑使用环境变量 `STDIN` 或目标进程支持的其他机制。 如果必须在命令行中传递密码,则将它们包含在适当的引用规则中。 密码通常包含可能意外影响 shell 的特殊字符。 要转义这些特殊字符,请引用环境变量。 例如: diff --git a/translations/zh-CN/content/actions/using-workflows/workflow-syntax-for-github-actions.md b/translations/zh-CN/content/actions/using-workflows/workflow-syntax-for-github-actions.md index 7289ed76ec..95e8f4ccc6 100644 --- a/translations/zh-CN/content/actions/using-workflows/workflow-syntax-for-github-actions.md +++ b/translations/zh-CN/content/actions/using-workflows/workflow-syntax-for-github-actions.md @@ -342,6 +342,31 @@ steps: uses: actions/heroku@1.0.0 ``` +#### Example: Using secrets + +Secrets cannot be directly referenced in `if:` conditionals. Instead, consider setting secrets as job-level environment variables, then referencing the environment variables to conditionally run steps in the job. + +If a secret has not been set, the return value of an expression referencing the secret (such as {% raw %}`${{ secrets.SuperSecret }}`{% endraw %} in the example) will be an empty string. + +{% raw %} +```yaml +name: Run a step if a secret has been set +on: push +jobs: + my-jobname: + runs-on: ubuntu-latest + env: + super_secret: ${{ secrets.SuperSecret }} + steps: + - if: ${{ env.super_secret != '' }} + run: echo 'This step will only run if the secret has a value set.' + - if: ${{ env.super_secret == '' }} + run: echo 'This step will only run if the secret does not have a value set.' +``` +{% endraw %} + +For more information, see "[Context availability](/actions/learn-github-actions/contexts#context-availability)" and "[Encrypted secrets](/actions/security-guides/encrypted-secrets)." + ### `jobs..steps[*].name` 步骤显示在 {% data variables.product.prodname_dotcom %} 上的名称。 diff --git a/translations/zh-CN/content/admin/code-security/managing-github-advanced-security-for-your-enterprise/deploying-github-advanced-security-in-your-enterprise.md b/translations/zh-CN/content/admin/code-security/managing-github-advanced-security-for-your-enterprise/deploying-github-advanced-security-in-your-enterprise.md index 107b9086cf..8443e15311 100644 --- a/translations/zh-CN/content/admin/code-security/managing-github-advanced-security-for-your-enterprise/deploying-github-advanced-security-in-your-enterprise.md +++ b/translations/zh-CN/content/admin/code-security/managing-github-advanced-security-for-your-enterprise/deploying-github-advanced-security-in-your-enterprise.md @@ -271,7 +271,7 @@ GitHub helps you avoid using third-party software that contains known vulnerabil | Dependency Management Tool | 描述 | | ---------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Dependabot Alerts | You can track your repository's dependencies and receive Dependabot alerts when your enterprise detects vulnerable dependencies. 更多信息请参阅“[关于易受攻击的依赖项的警报](/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-alerts-for-vulnerable-dependencies)”。 | +| Dependabot Alerts | You can track your repository's dependencies and receive Dependabot alerts when your enterprise detects vulnerable dependencies. For more information, see "[About {% data variables.product.prodname_dependabot_alerts %}](/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-alerts-for-vulnerable-dependencies)." | | Dependency Graph | 依赖项图是存储在仓库中的清单和锁定文件的摘要。 它显示您的代码库所依赖的生态系统和软件包(其依赖项)以及依赖于您的项目的仓库和包(其从属项)。 更多信息请参阅“[关于依赖关系图](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph)”。 |{% ifversion ghes > 3.1 or ghec %} | Dependency Review | 如果拉取请求包含对依赖项的更改,您可以查看已更改内容摘要以及任何依赖项中是否存在已知漏洞。 For more information, see "[About dependency review](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review)" or "[Reviewing Dependency Changes in a Pull Request](/github/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/reviewing-dependency-changes-in-a-pull-request)." |{% endif %} {% ifversion ghec or ghes > 3.2 %} | Dependabot Security Updates | Dependabot can fix vulnerable dependencies for you by raising pull requests with security updates. For more information, see "[About Dependabot security updates](/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-dependabot-security-updates)." | diff --git a/translations/zh-CN/content/admin/configuration/configuring-github-connect/enabling-dependabot-for-your-enterprise.md b/translations/zh-CN/content/admin/configuration/configuring-github-connect/enabling-dependabot-for-your-enterprise.md index 3bf9dfcfc6..d52c8ea9b5 100644 --- a/translations/zh-CN/content/admin/configuration/configuring-github-connect/enabling-dependabot-for-your-enterprise.md +++ b/translations/zh-CN/content/admin/configuration/configuring-github-connect/enabling-dependabot-for-your-enterprise.md @@ -49,7 +49,7 @@ After you enable {% data variables.product.prodname_dependabot_alerts %} for you When {% data variables.product.product_location %} receives information about a vulnerability, it identifies repositories in {% data variables.product.product_location %} that use the affected version of the dependency and generates {% data variables.product.prodname_dependabot_alerts %}. You can choose whether or not to notify users automatically about new {% data variables.product.prodname_dependabot_alerts %}. -For repositories with {% data variables.product.prodname_dependabot_alerts %} enabled, scanning is triggered on any push to the default branch that contains a manifest file or lock file. Additionally, when a new vulnerability record is added to {% data variables.product.product_location %}, {% data variables.product.product_name %} scans all existing repositories on {% data variables.product.product_location %} and generates alerts for any repository that is vulnerable. 更多信息请参阅“[关于易受攻击的依赖项的警报](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)”。 +For repositories with {% data variables.product.prodname_dependabot_alerts %} enabled, scanning is triggered on any push to the default branch that contains a manifest file or lock file. Additionally, when a new vulnerability record is added to {% data variables.product.product_location %}, {% data variables.product.product_name %} scans all existing repositories on {% data variables.product.product_location %} and generates alerts for any repository that is vulnerable. 更多信息请参阅“[关于 {% data variables.product.prodname_dependabot_alerts %}](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)”。 {% ifversion ghes > 3.2 %} ### 关于 {% data variables.product.prodname_dependabot_updates %} @@ -67,7 +67,7 @@ After you enable {% data variables.product.prodname_dependabot_alerts %}, you ca With {% data variables.product.prodname_dependabot_updates %}, {% data variables.product.company_short %} automatically creates pull requests to update dependencies in two ways. - **{% data variables.product.prodname_dependabot_version_updates %}**: Users add a {% data variables.product.prodname_dependabot %} configuration file to the repository to enable {% data variables.product.prodname_dependabot %} to create pull requests when a new version of a tracked dependency is released. 更多信息请参阅“[关于 {% data variables.product.prodname_dependabot_version_updates %}](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/about-dependabot-version-updates)“。 -- **{% data variables.product.prodname_dependabot_security_updates %}**: Users toggle a repository setting to enable {% data variables.product.prodname_dependabot %} to create pull requests when {% data variables.product.prodname_dotcom %} detects a vulnerability in one of the dependencies of the dependency graph for the repository. For more information, see "[About alerts for vulnerable dependencies](/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-alerts-for-vulnerable-dependencies)" and "[About {% data variables.product.prodname_dependabot_security_updates %}](/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-dependabot-security-updates)." +- **{% data variables.product.prodname_dependabot_security_updates %}**: Users toggle a repository setting to enable {% data variables.product.prodname_dependabot %} to create pull requests when {% data variables.product.prodname_dotcom %} detects a vulnerability in one of the dependencies of the dependency graph for the repository. For more information, see "[About {% data variables.product.prodname_dependabot_alerts %}](/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-alerts-for-vulnerable-dependencies)" and "[About {% data variables.product.prodname_dependabot_security_updates %}](/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-dependabot-security-updates)." {% endif %} ## 启用 {% data variables.product.prodname_dependabot_alerts %} diff --git a/translations/zh-CN/content/admin/policies/enforcing-policies-for-your-enterprise/enforcing-team-policies-in-your-enterprise.md b/translations/zh-CN/content/admin/policies/enforcing-policies-for-your-enterprise/enforcing-team-policies-in-your-enterprise.md index 02a4cf4700..03a1dea3dd 100644 --- a/translations/zh-CN/content/admin/policies/enforcing-policies-for-your-enterprise/enforcing-team-policies-in-your-enterprise.md +++ b/translations/zh-CN/content/admin/policies/enforcing-policies-for-your-enterprise/enforcing-team-policies-in-your-enterprise.md @@ -1,6 +1,6 @@ --- -title: Enforcing team policies in your enterprise -intro: 'You can enforce policies for teams in your enterprise''s organizations, or allow policies to be set in each organization.' +title: 在企业中实施团队策略 +intro: 您可以在企业组织中实施团队策略,或者允许在每个组织中设置策略。 permissions: Enterprise owners can enforce policies for teams in an enterprise. redirect_from: - /articles/enforcing-team-settings-for-organizations-in-your-business-account @@ -18,19 +18,19 @@ topics: - Enterprise - Policies - Teams -shortTitle: Team policies +shortTitle: 团队策略 --- -## About policies for teams in your enterprise +## 关于企业中团队的策略 -You can enforce policies to control how members of your enterprise on {% data variables.product.product_name %} manage teams. You can also allow organization owners to manage policies for teams. 更多信息请参阅“[关于团队](/organizations/organizing-members-into-teams/about-teams)”。 +您可以执行策略来控制企业在 {% data variables.product.product_name %} 上的企业成员如何管理团队。 您也可以允许组织所有者管理团队策略。 更多信息请参阅“[关于团队](/organizations/organizing-members-into-teams/about-teams)”。 ## 执行团队讨论策略 -Across all organizations owned by your enterprise, you can enable or disable team discussions, or allow owners to administer the setting on the organization level. 更多信息请参阅“[关于团队讨论](/organizations/collaborating-with-your-team/about-team-discussions/)”。 +在企业拥有的所有组织中,可以启用或禁用团队讨论,或允许所有者在组织级别管理设置。 更多信息请参阅“[关于团队讨论](/organizations/collaborating-with-your-team/about-team-discussions/)”。 {% data reusables.enterprise-accounts.access-enterprise %} {% data reusables.enterprise-accounts.policies-tab %} -3. 在左侧边栏中,单击 **Teams(团队)**。 ![Teams tab in the enterprise sidebar](/assets/images/help/business-accounts/settings-teams-tab.png) +3. 在左侧边栏中,单击 **Teams(团队)**。 ![企业边栏中的 Teams(团队)选项卡](/assets/images/help/business-accounts/settings-teams-tab.png) 4. 在“Team discussions”(团队讨论)下,审查有关更改设置的信息。 {% data reusables.enterprise-accounts.view-current-policy-config-orgs %} 5. 在“Team discussions”(团队讨论)下,使用下拉菜单并选择策略。 ![带有团队讨论策略按钮的下拉菜单](/assets/images/help/business-accounts/team-discussion-policy-drop-down.png) diff --git a/translations/zh-CN/content/admin/user-management/managing-users-in-your-enterprise/viewing-and-managing-a-users-saml-access-to-your-enterprise.md b/translations/zh-CN/content/admin/user-management/managing-users-in-your-enterprise/viewing-and-managing-a-users-saml-access-to-your-enterprise.md index cca3c9668b..a2e7b4f999 100644 --- a/translations/zh-CN/content/admin/user-management/managing-users-in-your-enterprise/viewing-and-managing-a-users-saml-access-to-your-enterprise.md +++ b/translations/zh-CN/content/admin/user-management/managing-users-in-your-enterprise/viewing-and-managing-a-users-saml-access-to-your-enterprise.md @@ -16,7 +16,7 @@ shortTitle: 查看和管理 SAML 访问 ## 关于对企业帐户的 SAML 访问 -When you enable SAML single sign-on for your enterprise account, each enterprise member can link their external identity on your identity provider (IdP) to their existing account on {% data variables.product.product_location %}. {% data reusables.saml.about-saml-access-enterprise-account %} +当您为企业帐户启用 SAML 单点登录时,每个企业成员都可以将其身份提供商 (IdP) 上的外部身份链接到 {% data variables.product.product_location %} 上的现有帐户。 {% data reusables.saml.about-saml-access-enterprise-account %} 如果您的企业使用 {% data variables.product.prodname_emus %},成员将使用通过您的 IdP 预配的帐户。 {% data variables.product.prodname_managed_users_caps %} 将不会在 {% data variables.product.product_name %} 上使用他们现有的用户帐户。 更多信息请参阅“[关于 {% data variables.product.prodname_emus %}](/enterprise-cloud@latest/admin/authentication/managing-your-enterprise-users-with-your-identity-provider/about-enterprise-managed-users)”。 diff --git a/translations/zh-CN/content/admin/user-management/managing-users-in-your-enterprise/viewing-people-in-your-enterprise.md b/translations/zh-CN/content/admin/user-management/managing-users-in-your-enterprise/viewing-people-in-your-enterprise.md index 98bc1850e6..b8de2a9bd1 100644 --- a/translations/zh-CN/content/admin/user-management/managing-users-in-your-enterprise/viewing-people-in-your-enterprise.md +++ b/translations/zh-CN/content/admin/user-management/managing-users-in-your-enterprise/viewing-people-in-your-enterprise.md @@ -39,19 +39,19 @@ shortTitle: 查看企业中的人员 {% ifversion ghec %} -## Viewing suspended members in an {% data variables.product.prodname_emu_enterprise %} +## 在 {% data variables.product.prodname_emu_enterprise %} 中查看暂停的成员 -If your enterprise uses {% data variables.product.prodname_emus %}, you can also view suspended users. Suspended users are members who have been deprovisioned after being unassigned from the {% data variables.product.prodname_emu_idp_application %} application or deleted from the identity provider. 更多信息请参阅“[关于企业管理用户](/admin/identity-and-access-management/managing-iam-with-enterprise-managed-users/about-enterprise-managed-users)”。 +如果您的企业使用 {% data variables.product.prodname_emus %},您还可以查看已暂停的用户。 暂停的用户是在从 {% data variables.product.prodname_emu_idp_application %} 应用程序取消分配或从身份提供商中删除后已取消预配的成员。 更多信息请参阅“[关于企业管理用户](/admin/identity-and-access-management/managing-iam-with-enterprise-managed-users/about-enterprise-managed-users)”。 {% data reusables.enterprise-accounts.access-enterprise %} {% data reusables.enterprise-accounts.people-tab %} -1. To view a list of suspended members, above the list of active members, click **Suspended**. ![Screenshot showing "Suspended" option](/assets/images/help/enterprises/view-suspended-members.png) +1. 要查看已暂停成员的列表,请在活动成员列表上方单击 **Suspended(已暂停)**。 ![显示"已暂停"选项的屏幕截图](/assets/images/help/enterprises/view-suspended-members.png) {% endif %} ## 查看休眠用户 -You can view a list of all dormant users {% ifversion ghes or ghae %} who have not been suspended and {% endif %}who are not site administrators. {% data reusables.enterprise-accounts.dormant-user-activity-threshold %} 更多信息请参阅“[管理休眠用户](/admin/user-management/managing-users-in-your-enterprise/managing-dormant-users)”。 +您可以查看{% ifversion ghes or ghae %}尚未暂停以及{% endif %}不是站点管理员的所有休眠用户列表。 {% data reusables.enterprise-accounts.dormant-user-activity-threshold %} 更多信息请参阅“[管理休眠用户](/admin/user-management/managing-users-in-your-enterprise/managing-dormant-users)”。 ## 延伸阅读 diff --git a/translations/zh-CN/content/admin/user-management/monitoring-activity-in-your-enterprise/managing-global-webhooks.md b/translations/zh-CN/content/admin/user-management/monitoring-activity-in-your-enterprise/managing-global-webhooks.md index 5b1ac3ed64..831cc5fd54 100644 --- a/translations/zh-CN/content/admin/user-management/monitoring-activity-in-your-enterprise/managing-global-webhooks.md +++ b/translations/zh-CN/content/admin/user-management/monitoring-activity-in-your-enterprise/managing-global-webhooks.md @@ -1,7 +1,7 @@ --- title: 管理全局 web 挂钩 -shortTitle: Manage global webhooks -intro: You can configure global webhooks to notify external web servers when events occur within your enterprise. +shortTitle: 管理全局 web 挂钩 +intro: 您可以配置全局 web 挂钩,以便在企业内部发生事件时通知外部 Web 服务器。 permissions: Enterprise owners can manage global webhooks for an enterprise account. redirect_from: - /enterprise/admin/user-management/about-global-webhooks @@ -25,9 +25,9 @@ topics: ## 关于全局 web 挂钩 -You can use global webhooks to notify an external web server when events occur within your enterprise. You can configure the server to receive the webhook's payload, then run an application or code that monitors, responds to, or enforces rules for user and organization management for your enterprise. 更多信息请参阅“[web 挂钩](/developers/webhooks-and-events/webhooks)”。 +当企业内部发生事件时,您可以使用全局 web 挂钩通知外部 Web 服务器。 您可以将服务器配置为接收 web 挂钩的有效负载,然后运行监控、响应或实施企业用户和组织管理规则的应用程序或代码。 更多信息请参阅“[web 挂钩](/developers/webhooks-and-events/webhooks)”。 -For example, you can configure {% data variables.product.product_location %} to send a webhook when someone creates, deletes, or modifies a repository or organization within your enterprise. You can configure the server to automatically perform a task after receiving the webhook. +例如,您可以将 {% data variables.product.product_location %} 配置为在有人创建、删除或修改企业内的存储库或组织时发送 web 挂钩。 您可以将服务器配置为在收到 web 挂钩后自动执行任务。 ![全局 web 挂钩列表](/assets/images/enterprise/site-admin-settings/list-of-global-webhooks.png) @@ -42,23 +42,23 @@ For example, you can configure {% data variables.product.product_location %} to 6. 输入您想要接收有效负载的 URL。![用于输入有效负载 URL 的字段](/assets/images/enterprise/site-admin-settings/add-global-webhook-payload-url.png) 7. 或者,使用 **Content type** 下拉菜单,并单击有效负载格式。 ![列出内容类型选项的下拉菜单](/assets/images/enterprise/site-admin-settings/add-global-webhook-content-type-dropdown.png) 8. 或者,在 **Secret** 字段中,输入用作 `secret` 密钥的字符串。 ![用于输入用作密钥的字符串的字段](/assets/images/enterprise/site-admin-settings/add-global-webhook-secret.png) -9. Optionally, if your payload URL is HTTPS and you would not like {% data variables.product.prodname_ghe_server %} to verify SSL certificates when delivering payloads, select **Disable SSL verification**. 阅读 SSL 验证的信息,然后单击 **I understand my webhooks may not be secure**。 ![Checkbox for disabling SSL verification](/assets/images/enterprise/site-admin-settings/add-global-webhook-disable-ssl-button.png) +9. (可选)如果有效负载 URL 为 HTTPS,并且您不希望 {% data variables.product.prodname_ghe_server %} 在交付有效负载时验证 SSL 证书,请选择 **Disable SSL verification(禁用 SSL 验证)**。 阅读 SSL 验证的信息,然后单击 **I understand my webhooks may not be secure**。 ![用于禁用 SSL 验证的复选框](/assets/images/enterprise/site-admin-settings/add-global-webhook-disable-ssl-button.png) {% warning %} **警告**:SSL 验证有助于确保安全投递挂钩有效负载。 我们不建议禁用 SSL 验证。 {% endwarning %} -10. Decide if you'd like this webhook to trigger for every event or for selected events. ![包含用于为每个事件或选定事件接收有效负载的选项的单选按钮](/assets/images/enterprise/site-admin-settings/add-global-webhook-select-events.png) +10. 确定您希望此 web 挂钩对每个事件还是选定事件触发。 ![包含用于为每个事件或选定事件接收有效负载的选项的单选按钮](/assets/images/enterprise/site-admin-settings/add-global-webhook-select-events.png) - 对于每个事件,请选择 **Send me everything**。 - 要选择特定事件,请选择 **Let me select individual events**。 -11. If you chose to select individual events, select the events that will trigger the webhook. +11. 如果选择单个事件,请选择将触发 web 挂钩的事件。 {% ifversion ghec %} - ![Checkboxes for individual global webhook events](/assets/images/enterprise/site-admin-settings/add-global-webhook-select-individual-events.png) + ![单个全局 web 挂钩事件的复选框](/assets/images/enterprise/site-admin-settings/add-global-webhook-select-individual-events.png) {% elsif ghes or ghae %} - ![Checkboxes for individual global webhook events](/assets/images/enterprise/site-admin-settings/add-global-webhook-select-individual-events-ghes-and-ae.png) + ![单个全局 web 挂钩事件的复选框](/assets/images/enterprise/site-admin-settings/add-global-webhook-select-individual-events-ghes-and-ae.png) {% endif %} -12. Confirm that the **Active** checkbox is selected. ![已选择 Active 复选框](/assets/images/help/business-accounts/webhook-active.png) +12. 确认选中了 **Active(活动)**复选框。 ![已选择 Active 复选框](/assets/images/help/business-accounts/webhook-active.png) 13. 单击 **Add webhook(添加 web 挂钩)**。 ## 编辑全局 web 挂钩 diff --git a/translations/zh-CN/content/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning-alerts.md b/translations/zh-CN/content/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning-alerts.md index 9d6c9f02dc..a493254a83 100644 --- a/translations/zh-CN/content/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning-alerts.md +++ b/translations/zh-CN/content/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning-alerts.md @@ -27,7 +27,15 @@ topics: 每个警报都会高亮显示代码的问题以及识别该问题的工具名称。 You can see the line of code that triggered the alert, as well as properties of the alert, such as the alert severity{% ifversion fpt or ghes > 3.1 or ghae or ghec %}, security severity,{% endif %} and the nature of the problem. 警报还会告知该问题第一次被引入的时间。 对于由 {% data variables.product.prodname_codeql %} 分析确定的警报,您还会看到如何解决问题的信息。 +{% ifversion fpt or ghec or ghes > 3.4 or ghae-issue-6249 %} +{% data reusables.code-scanning.alert-default-branch %} +{% endif %} + +{% ifversion fpt or ghec or ghes > 3.4 or ghae-issue-6249 %} ![来自 {% data variables.product.prodname_code_scanning %} 的警报示例](/assets/images/help/repository/code-scanning-alert.png) +{% else %} +![来自 {% data variables.product.prodname_code_scanning %} 的警报示例](/assets/images/enterprise/3.4/repository/code-scanning-alert.png) +{% endif %} If you set up {% data variables.product.prodname_code_scanning %} using {% data variables.product.prodname_codeql %}, you can also find data-flow problems in your code. 数据流分析将查找代码中的潜在安全问题,例如:不安全地使用数据、将危险参数传递给函数以及泄漏敏感信息。 diff --git a/translations/zh-CN/content/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/managing-code-scanning-alerts-for-your-repository.md b/translations/zh-CN/content/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/managing-code-scanning-alerts-for-your-repository.md index d6ae1c8097..c8f214deae 100644 --- a/translations/zh-CN/content/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/managing-code-scanning-alerts-for-your-repository.md +++ b/translations/zh-CN/content/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/managing-code-scanning-alerts-for-your-repository.md @@ -46,9 +46,16 @@ By default, the code scanning alerts page is filtered to show alerts for the def {% else %} ![List of alerts from {% data variables.product.prodname_code_scanning %}](/assets/images/enterprise/3.1/help/repository/code-scanning-click-alert.png) {% endif %} +{% ifversion fpt or ghec or ghes > 3.4 or ghae-issue-6249 %} + {% data reusables.code-scanning.alert-default-branch %} + ![The "Affected branches" section in an alert](/assets/images/help/repository/code-scanning-affected-branches.png){% endif %} 1. Optionally, if the alert highlights a problem with data flow, click **Show paths** to display the path from the data source to the sink where it's used. + {% ifversion fpt or ghec or ghes > 3.4 or ghae-issue-6249 %} ![The "Show paths" link on an alert](/assets/images/help/repository/code-scanning-show-paths.png) -1. Alerts from {% data variables.product.prodname_codeql %} analysis include a description of the problem. Click **Show more** for guidance on how to fix your code. + {% else %} + ![The "Show paths" link on an alert](/assets/images/enterprise/3.4/repository/code-scanning-show-paths.png) + {% endif %} +2. Alerts from {% data variables.product.prodname_codeql %} analysis include a description of the problem. Click **Show more** for guidance on how to fix your code. ![Details for an alert](/assets/images/help/repository/code-scanning-alert-details.png) For more information, see "[About {% data variables.product.prodname_code_scanning %} alerts](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning-alerts)." @@ -80,6 +87,10 @@ The benefit of using keyword filters is that only values with results are shown If you enter multiple filters, the view will show alerts matching _all_ these filters. For example, `is:closed severity:high branch:main` will only display closed high-severity alerts that are present on the `main` branch. The exception is filters relating to refs (`ref`, `branch` and `pr`): `is:open branch:main branch:next` will show you open alerts from both the `main` branch and the `next` branch. +{% ifversion fpt or ghec or ghes > 3.4 or ghae-issue-6249 %} +{% data reusables.code-scanning.filter-non-default-branches %} +{% endif %} + {% ifversion fpt or ghes > 3.3 or ghec %} You can prefix the `tag` filter with `-` to exclude results with that tag. For example, `-tag:style` only shows alerts that do not have the `style` tag{% if codeql-ml-queries %} and `-tag:experimental` will omit all experimental alerts. For more information, see "[About {% data variables.product.prodname_code_scanning %} alerts](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning-alerts#about-experimental-alerts)."{% else %}.{% endif %} @@ -96,10 +107,12 @@ You can use the "Only alerts in application code" filter or `autofilter:true` ke You can search the list of alerts. This is useful if there is a large number of alerts in your repository, or if you don't know the exact name for an alert for example. {% data variables.product.product_name %} performs the free text search across: - The name of the alert -- The alert description - The alert details (this also includes the information hidden from view by default in the **Show more** collapsible section) - + {% ifversion fpt or ghec or ghes > 3.4 or ghae-issue-6249 %} ![The alert information used in searches](/assets/images/help/repository/code-scanning-free-text-search-areas.png) + {% else %} + ![The alert information used in searches](/assets/images/enterprise/3.4/repository/code-scanning-free-text-search-areas.png) + {% endif %} | Supported search | Syntax example | Results | | ---- | ---- | ---- | @@ -113,7 +126,7 @@ You can search the list of alerts. This is useful if there is a large number of **Tips:** - The multiple word search is equivalent to an OR search. -- The AND search will return results where the search terms are found _anywhere_, in any order in the alert name, description, or details. +- The AND search will return results where the search terms are found _anywhere_, in any order in the alert name or details. {% endtip %} @@ -143,7 +156,7 @@ If you have write permission for a repository, you can view fixed alerts by view You can use{% ifversion fpt or ghes > 3.1 or ghae or ghec %} the free text search or{% endif %} the filters to display a subset of alerts and then in turn mark all matching alerts as closed. -Alerts may be fixed in one branch but not in another. You can use the "Branch" drop-down menu, on the summary of alerts, to check whether an alert is fixed in a particular branch. +Alerts may be fixed in one branch but not in another. You can use the "Branch" filter, on the summary of alerts, to check whether an alert is fixed in a particular branch. {% ifversion fpt or ghes > 3.1 or ghae or ghec %} ![Filtering alerts by branch](/assets/images/help/repository/code-scanning-branch-filter.png) @@ -151,6 +164,9 @@ Alerts may be fixed in one branch but not in another. You can use the "Branch" d ![Filtering alerts by branch](/assets/images/enterprise/3.1/help/repository/code-scanning-branch-filter.png) {% endif %} +{% ifversion fpt or ghec or ghes > 3.4 or ghae-issue-6249 %} +{% data reusables.code-scanning.filter-non-default-branches %} +{% endif %} ## Dismissing or deleting alerts There are two ways of closing an alert. You can fix the problem in the code, or you can dismiss the alert. Alternatively, if you have admin permissions for the repository, you can delete alerts. Deleting alerts is useful in situations where you have set up a {% data variables.product.prodname_code_scanning %} tool and then decided to remove it, or where you have configured {% data variables.product.prodname_codeql %} analysis with a larger set of queries than you want to continue using, and you've then removed some queries from the tool. In both cases, deleting alerts allows you to clean up your {% data variables.product.prodname_code_scanning %} results. You can delete alerts from the summary list within the **Security** tab. diff --git a/translations/zh-CN/content/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/tracking-code-scanning-alerts-in-issues-using-task-lists.md b/translations/zh-CN/content/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/tracking-code-scanning-alerts-in-issues-using-task-lists.md index 5923e8163b..14334f73bd 100644 --- a/translations/zh-CN/content/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/tracking-code-scanning-alerts-in-issues-using-task-lists.md +++ b/translations/zh-CN/content/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/tracking-code-scanning-alerts-in-issues-using-task-lists.md @@ -39,7 +39,11 @@ You can use more than one issue to track the same {% data variables.product.prod - A "tracked in" section will also show in the corresponding alert page. + {% ifversion fpt or ghec or ghes > 3.4 or ghae-issue-6249 %} ![Tracked in section on code scanning alert page](/assets/images/help/repository/code-scanning-alert-tracked-in-pill.png) + {% else %} + ![Tracked in section on code scanning alert page](/assets/images/enterprise/3.4/repository/code-scanning-alert-tracked-in-pill.png) + {% endif %} - On the tracking issue, {% data variables.product.prodname_dotcom %} displays a security badge icon in the task list and on the hovercard. @@ -64,7 +68,12 @@ The status of the tracked alert won't change if you change the checkbox state of {% data reusables.code-scanning.explore-alert %} 1. Optionally, to find the alert to track, you can use the free-text search or the drop-down menus to filter and locate the alert. 更多信息请参阅“[管理仓库的代码扫描警报](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/managing-code-scanning-alerts-for-your-repository#filtering-code-scanning-alerts)”。 {% endif %} -1. Towards the top of the page, on the right side, click **Create issue**. ![Create a tracking issue for the code scanning alert](/assets/images/help/repository/code-scanning-create-issue-for-alert.png) +1. Towards the top of the page, on the right side, click **Create issue**. + {% ifversion fpt or ghec or ghes > 3.4 or ghae-issue-6249 %} + ![Create a tracking issue for the code scanning alert](/assets/images/help/repository/code-scanning-create-issue-for-alert.png) + {% else %} + ![Create a tracking issue for the code scanning alert](/assets/images/enterprise/3.4/repository/code-scanning-create-issue-for-alert.png) + {% endif %} {% data variables.product.prodname_dotcom %} automatically creates an issue to track the alert and adds the alert as a task list item. {% data variables.product.prodname_dotcom %} prepopulates the issue: - The title contains the name of the {% data variables.product.prodname_code_scanning %} alert. diff --git a/translations/zh-CN/content/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/triaging-code-scanning-alerts-in-pull-requests.md b/translations/zh-CN/content/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/triaging-code-scanning-alerts-in-pull-requests.md index 4ad7244942..1177c8d437 100644 --- a/translations/zh-CN/content/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/triaging-code-scanning-alerts-in-pull-requests.md +++ b/translations/zh-CN/content/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/triaging-code-scanning-alerts-in-pull-requests.md @@ -74,10 +74,17 @@ topics: 要查看有关警报的更多信息,拥有写入权限的用户可单击注释中所示的 **Show more details(显示更多详情)**链接。 这允许您在警报视图中查看工具提供的所有上下文和元数据。 在下例中,您可以查看显示问题的严重性、类型和相关通用缺陷枚举 (CWE) 的标记。 该视图还显示哪个提交引入了问题。 +{% ifversion fpt or ghec or ghes > 3.4 or ghae-issue-6249 %} +{% data reusables.code-scanning.alert-default-branch %} +{% endif %} + 在警报的详细视图中,有些 {% data variables.product.prodname_code_scanning %} 工具,例如 {% data variables.product.prodname_codeql %} 分析,还包括问题描述和 **Show more(显示更多)**链接以指导您如何修复代码。 +{% ifversion fpt or ghec or ghes > 3.4 or ghae-issue-6249 %} ![显示更多信息的警报说明和链接](/assets/images/help/repository/code-scanning-pr-alert.png) - +{% else %} +![显示更多信息的警报说明和链接](/assets/images/enterprise/3.4/repository/code-scanning-pr-alert.png) +{% endif %} ## 修复拉取请求上的警报 任何对拉取请求具有推送权限的人都可以修复在该拉取请求上已识别的 {% data variables.product.prodname_code_scanning %} 警报。 如果将更改提交到拉取请求,这将触发拉取请求检查的新运行。 如果您的更改修复了问题,则警报将被关闭,注释将被删除。 diff --git a/translations/zh-CN/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-alerts-for-vulnerable-dependencies.md b/translations/zh-CN/content/code-security/dependabot/dependabot-alerts/about-dependabot-alerts.md similarity index 94% rename from translations/zh-CN/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-alerts-for-vulnerable-dependencies.md rename to translations/zh-CN/content/code-security/dependabot/dependabot-alerts/about-dependabot-alerts.md index 52b0aa9c64..da996b60cc 100644 --- a/translations/zh-CN/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-alerts-for-vulnerable-dependencies.md +++ b/translations/zh-CN/content/code-security/dependabot/dependabot-alerts/about-dependabot-alerts.md @@ -1,11 +1,12 @@ --- -title: About alerts for vulnerable dependencies +title: About Dependabot alerts intro: '{% data variables.product.product_name %} sends {% data variables.product.prodname_dependabot_alerts %} when we detect vulnerabilities affecting your repository.' redirect_from: - /articles/about-security-alerts-for-vulnerable-dependencies - /github/managing-security-vulnerabilities/about-security-alerts-for-vulnerable-dependencies - /github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies - /code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies + - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-alerts-for-vulnerable-dependencies versions: fpt: '*' ghes: '*' @@ -81,7 +82,7 @@ For repositories where {% data variables.product.prodname_dependabot_security_up ## Access to {% data variables.product.prodname_dependabot_alerts %} -You can see all of the alerts that affect a particular project{% ifversion fpt or ghec %} on the repository's Security tab or{% endif %} in the repository's dependency graph. For more information, see "[Viewing and updating vulnerable dependencies in your repository](/github/managing-security-vulnerabilities/viewing-and-updating-vulnerable-dependencies-in-your-repository)." +You can see all of the alerts that affect a particular project{% ifversion fpt or ghec %} on the repository's Security tab or{% endif %} in the repository's dependency graph. For more information, see "[Viewing {% data variables.product.prodname_dependabot_alerts %} for vulnerable dependencies](/github/managing-security-vulnerabilities/viewing-and-updating-vulnerable-dependencies-in-your-repository)." By default, we notify people with admin permissions in the affected repositories about new {% data variables.product.prodname_dependabot_alerts %}. {% ifversion fpt or ghec %}{% data variables.product.product_name %} never publicly discloses identified vulnerabilities for any repository. You can also make {% data variables.product.prodname_dependabot_alerts %} visible to additional people or teams working repositories that you own or have admin permissions for. For more information, see "[Managing security and analysis settings for your repository](/github/administering-a-repository/managing-security-and-analysis-settings-for-your-repository#granting-access-to-security-alerts)." {% endif %} @@ -95,5 +96,5 @@ You can also see all the {% data variables.product.prodname_dependabot_alerts %} ## Further reading - "[About {% data variables.product.prodname_dependabot_security_updates %}](/github/managing-security-vulnerabilities/about-dependabot-security-updates)" -- "[Viewing and updating vulnerable dependencies in your repository](/articles/viewing-and-updating-vulnerable-dependencies-in-your-repository)"{% endif %} +- "[Viewing {% data variables.product.prodname_dependabot_alerts %} for vulnerable dependencies](/articles/viewing-and-updating-vulnerable-dependencies-in-your-repository)"{% endif %} {% ifversion fpt or ghec %}- "[Privacy on {% data variables.product.prodname_dotcom %}](/get-started/privacy-on-github)"{% endif %} diff --git a/translations/zh-CN/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/browsing-security-vulnerabilities-in-the-github-advisory-database.md b/translations/zh-CN/content/code-security/dependabot/dependabot-alerts/browsing-security-vulnerabilities-in-the-github-advisory-database.md similarity index 95% rename from translations/zh-CN/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/browsing-security-vulnerabilities-in-the-github-advisory-database.md rename to translations/zh-CN/content/code-security/dependabot/dependabot-alerts/browsing-security-vulnerabilities-in-the-github-advisory-database.md index 635a4f5cce..98741cedb4 100644 --- a/translations/zh-CN/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/browsing-security-vulnerabilities-in-the-github-advisory-database.md +++ b/translations/zh-CN/content/code-security/dependabot/dependabot-alerts/browsing-security-vulnerabilities-in-the-github-advisory-database.md @@ -6,6 +6,7 @@ miniTocMaxHeadingLevel: 3 redirect_from: - /github/managing-security-vulnerabilities/browsing-security-vulnerabilities-in-the-github-advisory-database - /code-security/supply-chain-security/browsing-security-vulnerabilities-in-the-github-advisory-database + - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/browsing-security-vulnerabilities-in-the-github-advisory-database versions: fpt: '*' ghec: '*' @@ -35,7 +36,7 @@ The {% data variables.product.prodname_advisory_database %} contains a list of k We carefully review each advisory for validity. Each {% data variables.product.company_short %}-reviewed advisory has a full description, and contains both ecosystem and package information. -If you enable {% data variables.product.prodname_dependabot_alerts %} for your repositories, you are automatically notified when a new {% data variables.product.company_short %}-reviewed advisory affects packages you depend on. For more information, see "[About alerts for vulnerable dependencies](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)." +If you enable {% data variables.product.prodname_dependabot_alerts %} for your repositories, you are automatically notified when a new {% data variables.product.company_short %}-reviewed advisory affects packages you depend on. For more information, see "[About {% data variables.product.prodname_dependabot_alerts %}](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)." ### About unreviewed advisories @@ -107,7 +108,7 @@ You can search the database, and use qualifiers to narrow your search. For examp ## Viewing your vulnerable repositories -For any {% data variables.product.company_short %}-reviewed advisory in the {% data variables.product.prodname_advisory_database %}, you can see which of your repositories are affected by that security vulnerability. To see a vulnerable repository, you must have access to {% data variables.product.prodname_dependabot_alerts %} for that repository. For more information, see "[About alerts for vulnerable dependencies](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies#access-to-dependabot-alerts)." +For any {% data variables.product.company_short %}-reviewed advisory in the {% data variables.product.prodname_advisory_database %}, you can see which of your repositories are affected by that security vulnerability. To see a vulnerable repository, you must have access to {% data variables.product.prodname_dependabot_alerts %} for that repository. For more information, see "[About {% data variables.product.prodname_dependabot_alerts %}](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies#access-to-dependabot-alerts)." 1. Navigate to https://github.com/advisories. 2. Click an advisory. diff --git a/translations/zh-CN/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/configuring-notifications-for-vulnerable-dependencies.md b/translations/zh-CN/content/code-security/dependabot/dependabot-alerts/configuring-notifications-for-dependabot-alerts.md similarity index 90% rename from translations/zh-CN/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/configuring-notifications-for-vulnerable-dependencies.md rename to translations/zh-CN/content/code-security/dependabot/dependabot-alerts/configuring-notifications-for-dependabot-alerts.md index 3fe7596f1a..a270357bdd 100644 --- a/translations/zh-CN/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/configuring-notifications-for-vulnerable-dependencies.md +++ b/translations/zh-CN/content/code-security/dependabot/dependabot-alerts/configuring-notifications-for-dependabot-alerts.md @@ -1,10 +1,11 @@ --- -title: 配置有漏洞依赖项的通知 -shortTitle: 配置通知 +title: Configuring notifications for Dependabot alerts +shortTitle: Configure notifications intro: '优化接收 {% data variables.product.prodname_dependabot_alerts %} 相关通知的方式。' redirect_from: - /github/managing-security-vulnerabilities/configuring-notifications-for-vulnerable-dependencies - /code-security/supply-chain-security/configuring-notifications-for-vulnerable-dependencies + - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/configuring-notifications-for-vulnerable-dependencies versions: fpt: '*' ghes: '*' @@ -59,7 +60,7 @@ topics: ## 如何减少有漏洞依赖项通知的干扰 -如果您想要收到太多 {% data variables.product.prodname_dependabot_alerts %} 的通知,我们建议您选择加入每周的电子邮件摘要,或者在保持 {% data variables.product.prodname_dependabot_alerts %} 启用时关闭通知。 您仍可导航到仓库的 Security(安全性)选项卡查看 {% data variables.product.prodname_dependabot_alerts %}。 更多信息请参阅“[查看和更新仓库中的漏洞依赖项](/github/managing-security-vulnerabilities/viewing-and-updating-vulnerable-dependencies-in-your-repository)”。 +如果您想要收到太多 {% data variables.product.prodname_dependabot_alerts %} 的通知,我们建议您选择加入每周的电子邮件摘要,或者在保持 {% data variables.product.prodname_dependabot_alerts %} 启用时关闭通知。 您仍可导航到仓库的 Security(安全性)选项卡查看 {% data variables.product.prodname_dependabot_alerts %}。 For more information, see "[Viewing {% data variables.product.prodname_dependabot_alerts %} for vulnerable dependencies](/github/managing-security-vulnerabilities/viewing-and-updating-vulnerable-dependencies-in-your-repository)." ## 延伸阅读 diff --git a/translations/zh-CN/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/editing-security-advisories-in-the-github-advisory-database.md b/translations/zh-CN/content/code-security/dependabot/dependabot-alerts/editing-security-advisories-in-the-github-advisory-database.md similarity index 94% rename from translations/zh-CN/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/editing-security-advisories-in-the-github-advisory-database.md rename to translations/zh-CN/content/code-security/dependabot/dependabot-alerts/editing-security-advisories-in-the-github-advisory-database.md index 09844722d3..4de0302510 100644 --- a/translations/zh-CN/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/editing-security-advisories-in-the-github-advisory-database.md +++ b/translations/zh-CN/content/code-security/dependabot/dependabot-alerts/editing-security-advisories-in-the-github-advisory-database.md @@ -3,6 +3,7 @@ title: Editing security advisories in the GitHub Advisory Database intro: 'You can submit improvements to any advisory published in the {% data variables.product.prodname_advisory_database %}.' redirect_from: - /code-security/security-advisories/editing-security-advisories-in-the-github-advisory-database + - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/editing-security-advisories-in-the-github-advisory-database versions: fpt: '*' ghec: '*' diff --git a/translations/zh-CN/content/code-security/dependabot/dependabot-alerts/index.md b/translations/zh-CN/content/code-security/dependabot/dependabot-alerts/index.md new file mode 100644 index 0000000000..e35a7af049 --- /dev/null +++ b/translations/zh-CN/content/code-security/dependabot/dependabot-alerts/index.md @@ -0,0 +1,24 @@ +--- +title: Identifying vulnerabilities in your project's dependencies with Dependabot alerts +shortTitle: Dependabot 警报 +intro: '{% data variables.product.prodname_dependabot %} generates {% data variables.product.prodname_dependabot_alerts %} when known vulnerabilites are detected in dependencies that your project uses.' +allowTitleToDifferFromFilename: true +versions: + fpt: '*' + ghes: '*' + ghae: issue-4864 + ghec: '*' +topics: + - Dependabot + - Alerts + - Vulnerabilities + - Repositories + - Dependencies +children: + - /browsing-security-vulnerabilities-in-the-github-advisory-database + - /editing-security-advisories-in-the-github-advisory-database + - /about-dependabot-alerts + - /viewing-and-updating-dependabot-alerts + - /configuring-notifications-for-dependabot-alerts +--- + diff --git a/translations/zh-CN/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/viewing-and-updating-vulnerable-dependencies-in-your-repository.md b/translations/zh-CN/content/code-security/dependabot/dependabot-alerts/viewing-and-updating-dependabot-alerts.md similarity index 94% rename from translations/zh-CN/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/viewing-and-updating-vulnerable-dependencies-in-your-repository.md rename to translations/zh-CN/content/code-security/dependabot/dependabot-alerts/viewing-and-updating-dependabot-alerts.md index ee55d28884..376d857cde 100644 --- a/translations/zh-CN/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/viewing-and-updating-vulnerable-dependencies-in-your-repository.md +++ b/translations/zh-CN/content/code-security/dependabot/dependabot-alerts/viewing-and-updating-dependabot-alerts.md @@ -1,12 +1,13 @@ --- -title: 查看和更新仓库中有漏洞的依赖项 +title: Viewing and updating Dependabot alerts intro: '如果 {% data variables.product.product_name %} 发现项目中存在有漏洞的依赖项,您可以在仓库的 Dependabot 警报选项卡中查看它们。 然后,您可以更新项目以解决或忽略漏洞。' redirect_from: - /articles/viewing-and-updating-vulnerable-dependencies-in-your-repository - /github/managing-security-vulnerabilities/viewing-and-updating-vulnerable-dependencies-in-your-repository - /code-security/supply-chain-security/viewing-and-updating-vulnerable-dependencies-in-your-repository + - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/viewing-and-updating-vulnerable-dependencies-in-your-repository permissions: Repository administrators and organization owners can view and update dependencies. -shortTitle: 查看有漏洞的依赖项 +shortTitle: View Dependabot alerts versions: fpt: '*' ghes: '*' @@ -25,7 +26,7 @@ topics: {% data reusables.dependabot.beta-security-and-version-updates %} {% data reusables.dependabot.enterprise-enable-dependabot %} -仓库的 {% data variables.product.prodname_dependabot_alerts %} 选项卡列出所有打开和关闭的 {% data variables.product.prodname_dependabot_alerts %}{% ifversion fpt or ghec or ghes > 3.2 %} 以及对应的 {% data variables.product.prodname_dependabot_security_updates %}{% endif %}。 可以{% ifversion fpt or ghec or ghes > 3.4 or ghae-issue-5638 %} 按程序包、生态系统或清单筛选警报。 您还可以{% endif %} 对警报列表进行排序,单击特定警报以获取更多详细信息。 更多信息请参阅“[关于易受攻击的依赖项的警报](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)”。 +仓库的 {% data variables.product.prodname_dependabot_alerts %} 选项卡列出所有打开和关闭的 {% data variables.product.prodname_dependabot_alerts %}{% ifversion fpt or ghec or ghes > 3.2 %} 以及对应的 {% data variables.product.prodname_dependabot_security_updates %}{% endif %}。 可以{% ifversion fpt or ghec or ghes > 3.4 or ghae-issue-5638 %} 按程序包、生态系统或清单筛选警报。 您还可以{% endif %} 对警报列表进行排序,单击特定警报以获取更多详细信息。 For more information, see "[About {% data variables.product.prodname_dependabot_alerts %}](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)." {% ifversion fpt or ghec or ghes > 3.2 %} 您可以为使用 {% data variables.product.prodname_dependabot_alerts %} 和依赖关系图的任何仓库启用自动安全更新。 更多信息请参阅“[关于 {% data variables.product.prodname_dependabot_security_updates %}](/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-dependabot-security-updates)“。 @@ -98,7 +99,7 @@ topics: ## 延伸阅读 -- "[关于有漏洞依赖项的警报](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)" {% ifversion fpt or ghec or ghes > 3.2 %} +- "[About {% data variables.product.prodname_dependabot_alerts %}](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)"{% ifversion fpt or ghec or ghes > 3.2 %} - "[配置 {% data variables.product.prodname_dependabot_security_updates %}](/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/configuring-dependabot-security-updates)"{% endif %} - "[管理仓库的安全和分析设置](/github/administering-a-repository/managing-security-and-analysis-settings-for-your-repository)" - "[漏洞依赖项检测疑难解答](/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/troubleshooting-the-detection-of-vulnerable-dependencies)"{% ifversion fpt or ghec or ghes > 3.2 %} diff --git a/translations/zh-CN/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-dependabot-security-updates.md b/translations/zh-CN/content/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates.md similarity index 92% rename from translations/zh-CN/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-dependabot-security-updates.md rename to translations/zh-CN/content/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates.md index b283a4b5e0..278efb2684 100644 --- a/translations/zh-CN/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-dependabot-security-updates.md +++ b/translations/zh-CN/content/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates.md @@ -6,6 +6,7 @@ redirect_from: - /github/managing-security-vulnerabilities/about-github-dependabot-security-updates - /github/managing-security-vulnerabilities/about-dependabot-security-updates - /code-security/supply-chain-security/about-dependabot-security-updates + - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-dependabot-security-updates versions: fpt: '*' ghec: '*' @@ -27,7 +28,7 @@ topics: ## About {% data variables.product.prodname_dependabot_security_updates %} -{% data variables.product.prodname_dependabot_security_updates %} make it easier for you to fix vulnerable dependencies in your repository. If you enable this feature, when a {% data variables.product.prodname_dependabot %} alert is raised for a vulnerable dependency in the dependency graph of your repository, {% data variables.product.prodname_dependabot %} automatically tries to fix it. For more information, see "[About alerts for vulnerable dependencies](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)" and "[Configuring {% data variables.product.prodname_dependabot_security_updates %}](/github/managing-security-vulnerabilities/configuring-dependabot-security-updates)." +{% data variables.product.prodname_dependabot_security_updates %} make it easier for you to fix vulnerable dependencies in your repository. If you enable this feature, when a {% data variables.product.prodname_dependabot %} alert is raised for a vulnerable dependency in the dependency graph of your repository, {% data variables.product.prodname_dependabot %} automatically tries to fix it. For more information, see "[About {% data variables.product.prodname_dependabot_alerts %}](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)" and "[Configuring {% data variables.product.prodname_dependabot_security_updates %}](/github/managing-security-vulnerabilities/configuring-dependabot-security-updates)." {% data variables.product.prodname_dotcom %} may send {% data variables.product.prodname_dependabot_alerts %} to repositories affected by a vulnerability disclosed by a recently published {% data variables.product.prodname_dotcom %} security advisory. {% data reusables.security-advisory.link-browsing-advisory-db %} diff --git a/translations/zh-CN/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/configuring-dependabot-security-updates.md b/translations/zh-CN/content/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates.md similarity index 95% rename from translations/zh-CN/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/configuring-dependabot-security-updates.md rename to translations/zh-CN/content/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates.md index 4b5d03893f..6cc5ca642c 100644 --- a/translations/zh-CN/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/configuring-dependabot-security-updates.md +++ b/translations/zh-CN/content/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates.md @@ -9,6 +9,7 @@ redirect_from: - /github/managing-security-vulnerabilities/configuring-github-dependabot-security-updates - /github/managing-security-vulnerabilities/configuring-dependabot-security-updates - /code-security/supply-chain-security/configuring-dependabot-security-updates + - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/configuring-dependabot-security-updates versions: fpt: '*' ghec: '*' @@ -74,6 +75,6 @@ You can also enable or disable {% data variables.product.prodname_dependabot_sec ## Further reading -- "[About alerts for vulnerable dependencies](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)"{% ifversion fpt or ghec %} +- "[About {% data variables.product.prodname_dependabot_alerts %}](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)"{% ifversion fpt or ghec %} - "[Managing data use settings for your private repository](/get-started/privacy-on-github/managing-data-use-settings-for-your-private-repository)"{% endif %} - "[Supported package ecosystems](/github/visualizing-repository-data-with-graphs/about-the-dependency-graph#supported-package-ecosystems)" diff --git a/translations/zh-CN/content/code-security/dependabot/dependabot-security-updates/index.md b/translations/zh-CN/content/code-security/dependabot/dependabot-security-updates/index.md new file mode 100644 index 0000000000..13456e36d9 --- /dev/null +++ b/translations/zh-CN/content/code-security/dependabot/dependabot-security-updates/index.md @@ -0,0 +1,20 @@ +--- +title: Automatically updating dependencies with known vulnerabilities with Dependabot security updates +intro: '{% data variables.product.prodname_dependabot %} can help you fix vulnerable dependencies by automatically raising pull requests to update dependencies to secure versions.' +allowTitleToDifferFromFilename: true +versions: + fpt: '*' + ghec: '*' + ghes: '>3.2' +topics: + - Repositories + - Dependabot + - Security updates + - Dependencies + - Pull requests +shortTitle: Dependabot 安全更新 +children: + - /about-dependabot-security-updates + - /configuring-dependabot-security-updates +--- + diff --git a/translations/zh-CN/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/about-dependabot-version-updates.md b/translations/zh-CN/content/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates.md similarity index 87% rename from translations/zh-CN/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/about-dependabot-version-updates.md rename to translations/zh-CN/content/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates.md index 91c9ecf6da..f00db06940 100644 --- a/translations/zh-CN/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/about-dependabot-version-updates.md +++ b/translations/zh-CN/content/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates.md @@ -8,6 +8,7 @@ redirect_from: - /github/administering-a-repository/about-dependabot-version-updates - /code-security/supply-chain-security/about-dependabot-version-updates - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/upgrading-from-dependabotcom-to-github-native-dependabot + - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/about-dependabot-version-updates versions: fpt: '*' ghec: '*' @@ -31,7 +32,7 @@ shortTitle: Dependabot 版本更新 通过将配置文件检入仓库,可启用 {% data variables.product.prodname_dependabot_version_updates %}。 配置文件指定存储在仓库中的清单或其他包定义文件的位置。 {% data variables.product.prodname_dependabot %} 使用此信息来检查过时的软件包和应用程序。 {% data variables.product.prodname_dependabot %} 确定依赖项是否有新版本,它通过查看依赖的语义版本 ([semver](https://semver.org/)) 来决定是否应更新该版本。 对于某些软件包管理器,{% data variables.product.prodname_dependabot_version_updates %} 也支持供应。 供应(或缓存)的依赖项是检入仓库中特定目录的依赖项,而不是在清单中引用的依赖项。 即使包服务器不可用,供应的依赖项在生成时也可用。 {% data variables.product.prodname_dependabot_version_updates %} 可以配置为检查为新版本供应的依赖项,并在必要时更新它们。 -当 {% data variables.product.prodname_dependabot %} 发现过时的依赖项时,它会发起拉取请求以将清单更新到依赖项的最新版本。 对于供应和依赖项,{% data variables.product.prodname_dependabot %} 提出拉取请求以直接将过时的依赖项替换为新版本。 检查测试是否通过,查看拉取请求摘要中包含的更改日志和发行说明,然后合并它。 更多信息请参阅“[启用和禁用 {% data variables.product.prodname_dependabot %} 版本更新](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-dependabot-version-updates)”。 +当 {% data variables.product.prodname_dependabot %} 发现过时的依赖项时,它会发起拉取请求以将清单更新到依赖项的最新版本。 对于供应和依赖项,{% data variables.product.prodname_dependabot %} 提出拉取请求以直接将过时的依赖项替换为新版本。 检查测试是否通过,查看拉取请求摘要中包含的更改日志和发行说明,然后合并它。 For more information, see "[Configuring {% data variables.product.prodname_dependabot %} version updates](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-dependabot-version-updates)." 如果启用_安全更新_,{% data variables.product.prodname_dependabot %} 还会发起拉取请求以更新易受攻击依赖项。 更多信息请参阅“[关于 {% data variables.product.prodname_dependabot_security_updates %}](/github/managing-security-vulnerabilities/about-dependabot-security-updates)”。 @@ -50,7 +51,7 @@ shortTitle: Dependabot 版本更新 ## 支持的仓库和生态系统 -您可以为包含其中一个受支持包管理器的依赖项清单或锁定文件的仓库配置版本更新。 对于某些软件包管理器,您也可以配置依赖项的供应。 更多信息请参阅“[依赖项更新的配置选项](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/configuration-options-for-dependency-updates#vendor)。” +您可以为包含其中一个受支持包管理器的依赖项清单或锁定文件的仓库配置版本更新。 对于某些软件包管理器,您也可以配置依赖项的供应。 For more information, see "[Configuration options for the dependabot.yml file](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/configuration-options-for-dependency-updates#vendor)." {% note %} {% data reusables.dependabot.private-dependencies-note %} diff --git a/translations/zh-CN/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/configuration-options-for-dependency-updates.md b/translations/zh-CN/content/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file.md similarity index 96% rename from translations/zh-CN/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/configuration-options-for-dependency-updates.md rename to translations/zh-CN/content/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file.md index 3d87ddd386..3d8268b8f5 100644 --- a/translations/zh-CN/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/configuration-options-for-dependency-updates.md +++ b/translations/zh-CN/content/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file.md @@ -1,10 +1,12 @@ --- -title: 依赖项更新的配置选项 +title: Configuration options for the dependabot.yml file intro: '可用于自定义 {% data variables.product.prodname_dependabot %} 如何维护仓库的所有选项的详细信息。' permissions: 'People with write permissions to a repository can configure {% data variables.product.prodname_dependabot %} for the repository.' +allowTitleToDifferFromFilename: true redirect_from: - /github/administering-a-repository/configuration-options-for-dependency-updates - /code-security/supply-chain-security/configuration-options-for-dependency-updates + - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/configuration-options-for-dependency-updates miniTocMaxHeadingLevel: 3 versions: fpt: '*' @@ -17,7 +19,7 @@ topics: - Repositories - Dependencies - Pull requests -shortTitle: 配置选项 +shortTitle: Configure dependabot.yml --- {% data reusables.dependabot.beta-security-and-version-updates %} @@ -27,7 +29,7 @@ shortTitle: 配置选项 {% data variables.product.prodname_dependabot %} 配置文件 *dependabot.yml* 使用 YAML 语法。 如果您是 YAML 的新用户并想要了解更多信息,请参阅“[五分钟了解 YAML](https://www.codeproject.com/Articles/1214409/Learn-YAML-in-five-minutes)”。 -必须将此文件存储在仓库的 `.github` 目录中。 添加或更新 *dependabot.yml* 文件时,这将触发对版本更新的立即检查。 有关详细信息和示例,请参阅“[启用和禁用 {% data variables.product.prodname_dependabot %} 版本更新](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-dependabot-version-updates#enabling-dependabot-version-updates)”。 +必须将此文件存储在仓库的 `.github` 目录中。 添加或更新 *dependabot.yml* 文件时,这将触发对版本更新的立即检查。 For more information and an example, see "[Configuring {% data variables.product.prodname_dependabot %} version updates](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-dependabot-version-updates#enabling-dependabot-version-updates)." 下次安全警报触发安全更新的拉取请求时将使用所有同时影响安全更新的选项。 更多信息请参阅“[配置 {% data variables.product.prodname_dependabot_security_updates %}](/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/configuring-dependabot-security-updates)。” @@ -170,7 +172,7 @@ updates: {% note %} -**注意**:`时间表` 定义 {% data variables.product.prodname_dependabot %} 尝试更新的时间。 但是,这不是您可收到拉取请求的唯一时间。 更新可基于 `dependabot.yml` 文件的更改、更新失败后清单文件的更改或 {% data variables.product.prodname_dependabot_security_updates %} 触发。 更多信息请参阅“[{% data variables.product.prodname_dependabot %} 拉取请求的频率](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/about-dependabot-version-updates#frequency-of-dependabot-pull-requests)”和“[关于 {% data variables.product.prodname_dependabot_security_updates %}](/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-dependabot-security-updates)”。 +**注意**:`时间表` 定义 {% data variables.product.prodname_dependabot %} 尝试更新的时间。 但是,这不是您可收到拉取请求的唯一时间。 更新可基于 `dependabot.yml` 文件的更改、更新失败后清单文件的更改或 {% data variables.product.prodname_dependabot_security_updates %} 触发。 For more information, see "[Frequency of {% data variables.product.prodname_dependabot %} pull requests](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/about-dependabot-version-updates#frequency-of-dependabot-pull-requests)" and "[About {% data variables.product.prodname_dependabot_security_updates %}](/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-dependabot-security-updates)." {% endnote %} @@ -307,7 +309,7 @@ updates: 您可以搜索仓库中是否有 `"@dependabot ignore" in:comments`,以检查仓库是否存储了 `ignore` 首选项。 如果您希望取消忽略以这种方式忽略的依赖项,请重新打开拉取请求。 -有关 `@dependabot ignore` 命令的更多信息,请参阅“[管理依赖关系更新的拉取请求](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/managing-pull-requests-for-dependency-updates#managing-dependabot-pull-requests-with-comment-commands)”。 +For more information about the `@dependabot ignore` commands, see "[Managing pull requests for dependency updates](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/managing-pull-requests-for-dependency-updates#managing-dependabot-pull-requests-with-comment-commands)." #### 指定要忽略的依赖项和版本 diff --git a/translations/zh-CN/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-dependabot-version-updates.md b/translations/zh-CN/content/code-security/dependabot/dependabot-version-updates/configuring-dependabot-version-updates.md similarity index 91% rename from translations/zh-CN/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-dependabot-version-updates.md rename to translations/zh-CN/content/code-security/dependabot/dependabot-version-updates/configuring-dependabot-version-updates.md index 0377f112cf..6ab566601b 100644 --- a/translations/zh-CN/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-dependabot-version-updates.md +++ b/translations/zh-CN/content/code-security/dependabot/dependabot-version-updates/configuring-dependabot-version-updates.md @@ -1,11 +1,12 @@ --- -title: Enabling and disabling Dependabot version updates +title: Configuring Dependabot version updates intro: '您可以配置仓库,以便 {% data variables.product.prodname_dependabot %} 自动更新您使用的包。' permissions: 'People with write permissions to a repository can enable or disable {% data variables.product.prodname_dependabot_version_updates %} for the repository.' redirect_from: - /github/administering-a-repository/enabling-and-disabling-version-updates - /code-security/supply-chain-security/enabling-and-disabling-version-updates - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-version-updates + - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-dependabot-version-updates versions: fpt: '*' ghec: '*' @@ -17,7 +18,7 @@ topics: - Repositories - Dependencies - Pull requests -shortTitle: 启用和禁用更新 +shortTitle: Configure version updates --- @@ -34,7 +35,7 @@ shortTitle: 启用和禁用更新 ## 启用 {% data variables.product.prodname_dependabot_version_updates %} -{% data reusables.dependabot.create-dependabot-yml %}有关信息,请参阅“[依赖项更新的配置选项](/github/administering-a-repository/configuration-options-for-dependency-updates)”。 +{% data reusables.dependabot.create-dependabot-yml %} For information, see "[Configuration options for the dependabot.yml file](/github/administering-a-repository/configuration-options-for-dependency-updates)." 1. 添加 `version`。 1. (可选)如果您在私人注册表中包含依赖项,请添加包含身份验证详细信息的 `registries` 部分。 1. 添加 `updates` 部分,并输入您希望 {% data variables.product.prodname_dependabot %} 监控的每个包管理器的条目。 @@ -138,4 +139,4 @@ updates: update-types: ["version-update:semver-patch"] ``` -有关检查现有忽略首选项的更多信息,请参阅“[依赖项更新的配置选项](/github/administering-a-repository/configuration-options-for-dependency-updates#ignore)。” +For more information about checking for existing ignore preferences, see "[Configuration options for the dependabot.yml file](/github/administering-a-repository/configuration-options-for-dependency-updates#ignore)." diff --git a/translations/zh-CN/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/customizing-dependency-updates.md b/translations/zh-CN/content/code-security/dependabot/dependabot-version-updates/customizing-dependency-updates.md similarity index 91% rename from translations/zh-CN/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/customizing-dependency-updates.md rename to translations/zh-CN/content/code-security/dependabot/dependabot-version-updates/customizing-dependency-updates.md index 2fc3408d85..6bff12e745 100644 --- a/translations/zh-CN/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/customizing-dependency-updates.md +++ b/translations/zh-CN/content/code-security/dependabot/dependabot-version-updates/customizing-dependency-updates.md @@ -5,6 +5,7 @@ permissions: 'People with write permissions to a repository can configure {% dat redirect_from: - /github/administering-a-repository/customizing-dependency-updates - /code-security/supply-chain-security/customizing-dependency-updates + - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/customizing-dependency-updates versions: fpt: '*' ghec: '*' @@ -34,7 +35,7 @@ shortTitle: 自定义更新 - 更改为版本更新打开的拉取请求默认最大数 5:`open-pull-requests-limit` - 打开版本更新的拉取请求以定位特定分支,而不是默认分支:`target-branch` -有关配置选项的详细信息,请参阅“[依赖项更新的配置选项](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/configuration-options-for-dependency-updates)”。 +For more information about the configuration options, see "[Configuration options for the dependabot.yml file](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/configuration-options-for-dependency-updates)." 更新仓库中的 *dependabot.yml* 文件时,{% data variables.product.prodname_dependabot %} 使用新配置即刻进行检查。 几分钟内,您将在 **{% data variables.product.prodname_dependabot %}** 选项卡上看到更新的依赖项列表,如果仓库有很多依赖项,可能需要更长时间。 您可能还会看到针对版本更新的新拉取请求。 更多信息请参阅“[列出为版本更新配置的依赖项](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/listing-dependencies-configured-for-version-updates)”。 @@ -140,4 +141,4 @@ updates: ## 更多示例 -更多示例请参阅“[依赖项更新的配置选项](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/configuration-options-for-dependency-updates)。” +For more examples, see "[Configuration options for the dependabot.yml file](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/configuration-options-for-dependency-updates)." diff --git a/translations/zh-CN/content/code-security/dependabot/dependabot-version-updates/index.md b/translations/zh-CN/content/code-security/dependabot/dependabot-version-updates/index.md new file mode 100644 index 0000000000..84e6ced50b --- /dev/null +++ b/translations/zh-CN/content/code-security/dependabot/dependabot-version-updates/index.md @@ -0,0 +1,26 @@ +--- +title: Keeping your dependencies updated automatically with Dependabot version updates +intro: 'You can use {% data variables.product.prodname_dependabot %} to automatically keep the dependencies and packages used in your repository updated to the latest version, even when they don’t have any known vulnerabilities.' +allowTitleToDifferFromFilename: true +redirect_from: + - /github/administering-a-repository/keeping-your-dependencies-updated-automatically + - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically +versions: + fpt: '*' + ghec: '*' + ghes: '>3.2' +topics: + - Repositories + - Dependabot + - Version updates + - Dependencies + - Pull requests +children: + - /about-dependabot-version-updates + - /configuring-dependabot-version-updates + - /listing-dependencies-configured-for-version-updates + - /customizing-dependency-updates + - /configuration-options-for-the-dependabot.yml-file +shortTitle: Dependabot 版本更新 +--- + diff --git a/translations/zh-CN/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/listing-dependencies-configured-for-version-updates.md b/translations/zh-CN/content/code-security/dependabot/dependabot-version-updates/listing-dependencies-configured-for-version-updates.md similarity index 83% rename from translations/zh-CN/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/listing-dependencies-configured-for-version-updates.md rename to translations/zh-CN/content/code-security/dependabot/dependabot-version-updates/listing-dependencies-configured-for-version-updates.md index 566aaa88d8..c1705785c9 100644 --- a/translations/zh-CN/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/listing-dependencies-configured-for-version-updates.md +++ b/translations/zh-CN/content/code-security/dependabot/dependabot-version-updates/listing-dependencies-configured-for-version-updates.md @@ -4,6 +4,7 @@ intro: '您可以查看由 {% data variables.product.prodname_dependabot %} 监 redirect_from: - /github/administering-a-repository/listing-dependencies-configured-for-version-updates - /code-security/supply-chain-security/listing-dependencies-configured-for-version-updates + - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/listing-dependencies-configured-for-version-updates versions: fpt: '*' ghec: '*' @@ -22,7 +23,7 @@ shortTitle: 列出已配置的依赖项 ## 查看由 {% data variables.product.prodname_dependabot %} 监视的依赖项 -启用版本更新后,可以使用仓库依赖关系图中的 **{% data variables.product.prodname_dependabot %}** 选项卡确认配置是否正确。 更多信息请参阅“[启用和禁用 {% data variables.product.prodname_dependabot %} 版本更新](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-dependabot-version-updates)”。 +启用版本更新后,可以使用仓库依赖关系图中的 **{% data variables.product.prodname_dependabot %}** 选项卡确认配置是否正确。 For more information, see "[Configuring {% data variables.product.prodname_dependabot %} version updates](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-dependabot-version-updates)." {% data reusables.repositories.navigate-to-repo %} {% data reusables.repositories.accessing-repository-graphs %} diff --git a/translations/zh-CN/content/code-security/dependabot/index.md b/translations/zh-CN/content/code-security/dependabot/index.md new file mode 100644 index 0000000000..cb1f4984f9 --- /dev/null +++ b/translations/zh-CN/content/code-security/dependabot/index.md @@ -0,0 +1,23 @@ +--- +title: Keeping your supply chain secure with Dependabot +shortTitle: Dependabot +intro: 'Monitor vulnerabilities in dependencies used in your project{% ifversion fpt or ghec or ghes > 3.2 %} and keep your dependencies up-to-date{% endif %} with {% data variables.product.prodname_dependabot %}.' +allowTitleToDifferFromFilename: true +versions: + fpt: '*' + ghes: '*' + ghae: issue-4864 + ghec: '*' +topics: + - Dependabot + - Alerts + - Vulnerabilities + - Repositories + - Dependencies +children: + - /dependabot-alerts + - /dependabot-security-updates + - /dependabot-version-updates + - /working-with-dependabot +--- + diff --git a/translations/zh-CN/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/automating-dependabot-with-github-actions.md b/translations/zh-CN/content/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions.md similarity index 99% rename from translations/zh-CN/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/automating-dependabot-with-github-actions.md rename to translations/zh-CN/content/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions.md index 9b97e577a9..d819a42fad 100644 --- a/translations/zh-CN/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/automating-dependabot-with-github-actions.md +++ b/translations/zh-CN/content/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions.md @@ -17,6 +17,8 @@ topics: - Dependencies - Pull requests shortTitle: Use Dependabot with Actions +redirect_from: + - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/automating-dependabot-with-github-actions --- {% data reusables.dependabot.beta-security-and-version-updates %} diff --git a/translations/zh-CN/content/code-security/dependabot/working-with-dependabot/index.md b/translations/zh-CN/content/code-security/dependabot/working-with-dependabot/index.md new file mode 100644 index 0000000000..2ff0dbc0da --- /dev/null +++ b/translations/zh-CN/content/code-security/dependabot/working-with-dependabot/index.md @@ -0,0 +1,24 @@ +--- +title: Working with Dependabot +shortTitle: Work with Dependabot +intro: 'Guidance and recommendations for working with {% data variables.product.prodname_dependabot %}, such as managing pull requests raised by {% data variables.product.prodname_dependabot %}, using {% data variables.product.prodname_actions %} with {% data variables.product.prodname_dependabot %}, and troubleshooting {% data variables.product.prodname_dependabot %} errors.' +versions: + fpt: '*' + ghec: '*' + ghes: '>3.2' +topics: + - Repositories + - Dependabot + - Version updates + - Security updates + - Dependencies + - Pull requests +children: + - /managing-pull-requests-for-dependency-updates + - /automating-dependabot-with-github-actions + - /keeping-your-actions-up-to-date-with-dependabot + - /managing-encrypted-secrets-for-dependabot + - /troubleshooting-the-detection-of-vulnerable-dependencies + - /troubleshooting-dependabot-errors +--- + diff --git a/translations/zh-CN/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/keeping-your-actions-up-to-date-with-dependabot.md b/translations/zh-CN/content/code-security/dependabot/working-with-dependabot/keeping-your-actions-up-to-date-with-dependabot.md similarity index 88% rename from translations/zh-CN/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/keeping-your-actions-up-to-date-with-dependabot.md rename to translations/zh-CN/content/code-security/dependabot/working-with-dependabot/keeping-your-actions-up-to-date-with-dependabot.md index 7261cc6b3b..e373bef51a 100644 --- a/translations/zh-CN/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/keeping-your-actions-up-to-date-with-dependabot.md +++ b/translations/zh-CN/content/code-security/dependabot/working-with-dependabot/keeping-your-actions-up-to-date-with-dependabot.md @@ -5,6 +5,7 @@ redirect_from: - /github/administering-a-repository/keeping-your-actions-up-to-date-with-github-dependabot - /github/administering-a-repository/keeping-your-actions-up-to-date-with-dependabot - /code-security/supply-chain-security/keeping-your-actions-up-to-date-with-dependabot + - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/keeping-your-actions-up-to-date-with-dependabot versions: fpt: '*' ghec: '*' @@ -36,7 +37,7 @@ Actions are often updated with bug fixes and new features to make automated proc 1. Set a `schedule.interval` to specify how often to check for new versions. {% data reusables.dependabot.check-in-dependabot-yml %} If you have edited an existing file, save your changes. -You can also enable {% data variables.product.prodname_dependabot_version_updates %} on forks. For more information, see "[Enabling and disabling {% data variables.product.prodname_dependabot %} version updates](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-dependabot-version-updates#enabling-version-updates-on-forks)." +You can also enable {% data variables.product.prodname_dependabot_version_updates %} on forks. For more information, see "[Configuring {% data variables.product.prodname_dependabot %} version updates](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-dependabot-version-updates#enabling-version-updates-on-forks)." ### Example *dependabot.yml* file for {% data variables.product.prodname_actions %} @@ -57,7 +58,7 @@ updates: ## Configuring {% data variables.product.prodname_dependabot_version_updates %} for actions -When enabling {% data variables.product.prodname_dependabot_version_updates %} for actions, you must specify values for `package-ecosystem`, `directory`, and `schedule.interval`. There are many more optional properties that you can set to further customize your version updates. For more information, see "[Configuration options for dependency updates](/github/administering-a-repository/configuration-options-for-dependency-updates)." +When enabling {% data variables.product.prodname_dependabot_version_updates %} for actions, you must specify values for `package-ecosystem`, `directory`, and `schedule.interval`. There are many more optional properties that you can set to further customize your version updates. For more information, see "[Configuration options for the dependabot.yml file](/github/administering-a-repository/configuration-options-for-dependency-updates)." ## Further reading diff --git a/translations/zh-CN/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/managing-encrypted-secrets-for-dependabot.md b/translations/zh-CN/content/code-security/dependabot/working-with-dependabot/managing-encrypted-secrets-for-dependabot.md similarity index 93% rename from translations/zh-CN/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/managing-encrypted-secrets-for-dependabot.md rename to translations/zh-CN/content/code-security/dependabot/working-with-dependabot/managing-encrypted-secrets-for-dependabot.md index 93db3c20f5..f55ca00d33 100644 --- a/translations/zh-CN/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/managing-encrypted-secrets-for-dependabot.md +++ b/translations/zh-CN/content/code-security/dependabot/working-with-dependabot/managing-encrypted-secrets-for-dependabot.md @@ -4,6 +4,7 @@ intro: '您可以将敏感信息(如密码和访问令牌)存储为加密密 redirect_from: - /github/administering-a-repository/managing-encrypted-secrets-for-dependabot - /code-security/supply-chain-security/managing-encrypted-secrets-for-dependabot + - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/managing-encrypted-secrets-for-dependabot versions: fpt: '*' ghec: '*' @@ -33,7 +34,7 @@ password: ${{secrets.MY_ARTIFACTORY_PASSWORD}} ``` {% endraw %} -更多信息请参阅“[依赖项更新的配置选项](/github/administering-a-repository/configuration-options-for-dependency-updates#configuration-options-for-private-registries)。” +For more information, see "[Configuration options for the dependabot.yml file](/github/administering-a-repository/configuration-options-for-dependency-updates#configuration-options-for-private-registries)." ### 命名您的密码 diff --git a/translations/zh-CN/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/managing-pull-requests-for-dependency-updates.md b/translations/zh-CN/content/code-security/dependabot/working-with-dependabot/managing-pull-requests-for-dependency-updates.md similarity index 91% rename from translations/zh-CN/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/managing-pull-requests-for-dependency-updates.md rename to translations/zh-CN/content/code-security/dependabot/working-with-dependabot/managing-pull-requests-for-dependency-updates.md index 6c94f6c371..87103c4b1f 100644 --- a/translations/zh-CN/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/managing-pull-requests-for-dependency-updates.md +++ b/translations/zh-CN/content/code-security/dependabot/working-with-dependabot/managing-pull-requests-for-dependency-updates.md @@ -4,6 +4,7 @@ intro: '您可以按和其他拉取请求大致相同的方式管理 {% data var redirect_from: - /github/administering-a-repository/managing-pull-requests-for-dependency-updates - /code-security/supply-chain-security/managing-pull-requests-for-dependency-updates + - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/managing-pull-requests-for-dependency-updates versions: fpt: '*' ghec: '*' @@ -41,7 +42,7 @@ shortTitle: 管理 Dependabot PR ## 更改 {% data variables.product.prodname_dependabot %} 拉取请求的变基策略 -默认情况下,{% data variables.product.prodname_dependabot %} 会自动为拉取请求变基,以解决各种冲突。 如果您喜欢手动处理合并冲突,可以使用 `rebase-strategy` 选项禁用此功能。 详情请参阅“[依赖项更新的配置选项](/github/administering-a-repository/configuration-options-for-dependency-updates#rebase-strategy)。” +默认情况下,{% data variables.product.prodname_dependabot %} 会自动为拉取请求变基,以解决各种冲突。 如果您喜欢手动处理合并冲突,可以使用 `rebase-strategy` 选项禁用此功能。 For details, see "[Configuration options for the dependabot.yml file](/github/administering-a-repository/configuration-options-for-dependency-updates#rebase-strategy)." ## 管理带注释命令的 {% data variables.product.prodname_dependabot %} 拉取请求 @@ -62,4 +63,4 @@ shortTitle: 管理 Dependabot PR {% data variables.product.prodname_dependabot %} 将用“竖起大拇指”表情符号来确认命令,并可能对拉取请求发表评论。 {% data variables.product.prodname_dependabot %} 通常快速响应,但如果 {% data variables.product.prodname_dependabot %} 正在忙于处理其他更新或命令,一些命令可能需要几分钟才能完成。 -如果您通过运行任何命令来忽略依赖项或版本,{% data variables.product.prodname_dependabot %} 将集中存储仓库的首选项。 虽然这是一种快速解决方案,但对于拥有多个参与者的仓库而言,最好是显式定义要在配置文件中忽略的依赖项和版本。 这样可以让所有参与者都能轻松了解某个特定依赖项为什么无法自动更新。 更多信息请参阅“[依赖项更新的配置选项](/github/administering-a-repository/configuration-options-for-dependency-updates#ignore)。” +如果您通过运行任何命令来忽略依赖项或版本,{% data variables.product.prodname_dependabot %} 将集中存储仓库的首选项。 虽然这是一种快速解决方案,但对于拥有多个参与者的仓库而言,最好是显式定义要在配置文件中忽略的依赖项和版本。 这样可以让所有参与者都能轻松了解某个特定依赖项为什么无法自动更新。 For more information, see "[Configuration options for the dependabot.yml file](/github/administering-a-repository/configuration-options-for-dependency-updates#ignore)." diff --git a/translations/zh-CN/content/code-security/dependabot/working-with-dependabot/troubleshooting-dependabot-errors.md b/translations/zh-CN/content/code-security/dependabot/working-with-dependabot/troubleshooting-dependabot-errors.md new file mode 100644 index 0000000000..b59867579c --- /dev/null +++ b/translations/zh-CN/content/code-security/dependabot/working-with-dependabot/troubleshooting-dependabot-errors.md @@ -0,0 +1,129 @@ +--- +title: 排查 Dependabot 错误 +intro: '有时,{% data variables.product.prodname_dependabot %} 无法提出拉取请求以更新依赖项。 您可以查看错误并取消阻止 {% data variables.product.prodname_dependabot %}。' +shortTitle: 排查错误 +redirect_from: + - /github/managing-security-vulnerabilities/troubleshooting-github-dependabot-errors + - /github/managing-security-vulnerabilities/troubleshooting-dependabot-errors + - /code-security/supply-chain-security/troubleshooting-dependabot-errors + - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/troubleshooting-dependabot-errors +versions: + fpt: '*' + ghec: '*' + ghes: '>3.2' +type: how_to +topics: + - Dependabot + - Security updates + - Version updates + - Repositories + - Pull requests + - Troubleshooting + - Errors + - Dependencies +--- + +{% data reusables.dependabot.beta-security-and-version-updates %} + +{% data reusables.dependabot.enterprise-enable-dependabot %} + +## 关于 {% data variables.product.prodname_dependabot %} 错误 + +{% data reusables.dependabot.pull-request-introduction %} + +如果有任何因素阻止 {% data variables.product.prodname_dependabot %} 提出拉取请求,则报告为错误。 + +## 使用 {% data variables.product.prodname_dependabot_security_updates %} 调查错误 + +当 {% data variables.product.prodname_dependabot %} 被阻止创建拉取请求以修复 {% data variables.product.prodname_dependabot %} 警报时,它会在警报上发布错误消息。 {% data variables.product.prodname_dependabot_alerts %} 视图显示尚未解决的所有警报列表。 要访问警报视图,请单击仓库 **Security(安全)**选项卡上的 **{% data variables.product.prodname_dependabot_alerts %}**。 如果旨在修复有漏洞依赖项的拉取请求已生成,则警报将包括指向该拉取请求的链接。 + +![{% data variables.product.prodname_dependabot_alerts %} 视图显示拉取请求链接](/assets/images/help/dependabot/dependabot-alert-pr-link.png) + +有三个原因可能导致警报中没有拉取请求链接: + +1. {% data variables.product.prodname_dependabot_security_updates %} 未对仓库启用。 +1. 警报针对未在锁文件中显式定义的间接或过渡依赖项。 +1. 某个错误阻止了 {% data variables.product.prodname_dependabot %} 创建拉取请求。 + +如果某个错误阻止了 {% data variables.product.prodname_dependabot %} 创建拉取请求,您可以通过单击警报来显示错误详情。 + +## 使用 {% data variables.product.prodname_dependabot_version_updates %} 调查错误 + +当 {% data variables.product.prodname_dependabot %} 被阻止创建拉取请求以更新生态系统中的依赖项时,它将在清单文件中发布错误图标。 由 {% data variables.product.prodname_dependabot %} 管理的清单文件列于 {% data variables.product.prodname_dependabot %} 选项卡上。 要访问此选项卡,请在仓库的 **Insights(洞察)**选项卡上单击 **Dependency graph(依赖项图)**,然后单击 **{% data variables.product.prodname_dependabot %}** 选项卡。 + +![{% data variables.product.prodname_dependabot %} 视图显示错误](/assets/images/help/dependabot/dependabot-tab-view-error.png) + +{% ifversion fpt or ghec %} + +要查看任何清单文件的日志文件,请单击 **Last checked TIME ago(上次检查时间以前)**链接。 当您显示一个带有错误符号的清单(例如上面截图中的 Maven)的日志文件时,也会显示任何错误。 + +![{% data variables.product.prodname_dependabot %} 版本更新错误和日志 ](/assets/images/help/dependabot/dependabot-version-update-error.png) + +{% else %} + +若要查看任何清单文件的日志,请单击**上次检查时间前**链接,然后单击 **View logs(查看日志)**。 + +![{% data variables.product.prodname_dependabot %} 版本更新错误和日志 ](/assets/images/enterprise/3.3/dependabot/dependabot-version-update-error.png) + +{% endif %} + +## 了解 {% data variables.product.prodname_dependabot %} 错误 + +安全更新拉取请求用于将有漏洞依赖项升级到包含漏洞修复的最低版本。 而版本更新拉取请求用于将依赖项升级到包清单文件和 {% data variables.product.prodname_dependabot %} 配置文件允许的最新版本。 因此,某些错误特定于一种类型的更新。 + +### {% data variables.product.prodname_dependabot %} 无法将依赖项更新到无漏洞版本 + +**仅限安全更新。** {% data variables.product.prodname_dependabot %} 无法创建拉取请求以将有漏洞依赖项更新到安全版本,而又不破坏此仓库依赖项图中的其他依赖项。 + +每个具有依赖项的应用程序都有一个依赖关系图,即应用程序直接或间接依赖的每个包版本的定向非循环图。 每次更新依赖项时,必须解决此图,否则将无法构建应用程序。 当生态系统具有深刻而复杂的依赖关系图(例如 npm 和 RubyGems)时,如果不升级整个生态系统,往往难以升级单个依赖项。 + +避免这个问题的最佳办法是跟上最新发布的版本,例如启用版本更新。 这增加了通过不破坏依赖关系图的简单升级解决一个依赖项中的漏洞的可能性。 For more information, see "[Configuring {% data variables.product.prodname_dependabot %} version updates](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-dependabot-version-updates)." + +### {% data variables.product.prodname_dependabot %} 无法更新到所需的版本,因为已经为最新版本打开了拉取请求 + +**仅限安全更新。** {% data variables.product.prodname_dependabot %} 不会创建拉取请求以将有漏洞依赖项更新到安全版本,因为已存在更新此依赖项的打开拉取请求。 如果在一个依赖项中检测到漏洞,但已经存在将该依赖项更新到最新版本的打开拉取请求时,您将会看到此错误。 + +有两个选项:您可以查看打开的拉取请求,确认更改安全后合并它,或者关闭该拉取请求并触发新的安全更新拉取请求。 更多信息请参阅“[手动触发 {% data variables.product.prodname_dependabot %} 拉取请求](#triggering-a-dependabot-pull-request-manually)”。 + +### {% data variables.product.prodname_dependabot %} 在更新过程中超时 + +{% data variables.product.prodname_dependabot %} 评估所需更新和准备拉取请求所用的时间超过了允许的最大时间。 此错误一般只出现在具有许多清单文件的大型仓库,例如具有数百个 *package.json* 文件的 npm 或 yarn 单仓库项目。 对 Composer 生态系统的更新也需要较长的时间来评估,可能会超时。 + +此错误难以解决。 如果版本更新超时,您可以使用 `allow` 参数来指定更新最重要的依赖项,或者使用 `ignore` 参数从更新中排除某些依赖项。 更新配置可能使 {% data variables.product.prodname_dependabot %} 能够在规定时间内检查版本更新并生成请求。 + +如果安全更新超时,您可以通过保持依赖项更新(例如,启用版本更新)来减少更新需要。 For more information, see "[Configuring {% data variables.product.prodname_dependabot %} version updates](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-dependabot-version-updates)." + +### {% data variables.product.prodname_dependabot %} 无法再打开拉取请求 + +{% data variables.product.prodname_dependabot %} 生成的打开拉取请求数量存在限制。 如果达到此限制,将无法打开新的拉取请求,并报告此错误。 解决此错误的最佳方法是审查并合并一些打开的拉取请求。 + +安全性和版本更新拉取请求有各自的限制,因此打开版本更新拉取请求不会阻止安全更新拉取请求的创建。 安全更新拉取请求的限制是 10。 默认情况下,版本更新的限制是 5,但您可以使用配置文件中的 `open-pull-requests-limit` 参数来更改它。 For more information, see "[Configuration options for the dependabot.yml file](/github/administering-a-repository/configuration-options-for-dependency-updates#open-pull-requests-limit)." + +解决此错误的最佳方法是合并或关闭一些现有拉取请求,然后手动触发新的拉取请求。 更多信息请参阅“[手动触发 {% data variables.product.prodname_dependabot %} 拉取请求](#triggering-a-dependabot-pull-request-manually)”。 + +### {% data variables.product.prodname_dependabot %} 无法解析或访问您的依赖项 + +如果 {% data variables.product.prodname_dependabot %} 尝试检查是否需要更新仓库中的依赖项引用,但无法访问一个或多个依赖项文件,则操作将失败,并返回错误消息“{% data variables.product.prodname_dependabot %} can't resolve your LANGUAGE dependency files(无法解析语言依赖项文件)”。 API 错误类型为 `git_dependencies_not_reachable`。 + +同样,如果 {% data variables.product.prodname_dependabot %} 不能访问依赖项所在的私有包注册表,则会产生以下错误之一: + +* "Dependabot can't reach a dependency in a private package registry"
(Dependabot 无法连接私有包注册表中的依赖项) (API 错误类型:`private_source_not_reachable`) +* "Dependabot can't authenticate to a private package registry"
(Dependabot 无法向私有包注册表验证) (API 错误类型:`private_source_authentication_failure`) +* "Dependabot timed out while waiting for a private package registry"
(Dependabot 在等待私有包注册表时超时) (API 错误类型:`private_source_timed_out`) +* "Dependabot couldn't validate the certificate for a private package registry"
(Dependabot 无法验证私有包注册表的证书) (API 错误类型:`private_source_certificate_failure`) + +要让 {% data variables.product.prodname_dependabot %} 成功更新依赖项引用,请确保所有引用依赖项都托管在可访问的位置。 + +**仅限版本更新。**{% data reusables.dependabot.private-dependencies-note %} 此外,{% data variables.product.prodname_dependabot %} 不支持所有包管理器的 {% data variables.product.prodname_dotcom %} 私有依赖项。 更多信息请参阅“[关于 Dependabot 版本更新](/github/administering-a-repository/about-dependabot-version-updates#supported-repositories-and-ecosystems)”。 + +## 手动触发 {% data variables.product.prodname_dependabot %} 拉取请求 + +如果取消阻止了 {% data variables.product.prodname_dependabot %},您可以手动触发新的尝试来创建拉取请求。 + +- **Security updates**—display the {% data variables.product.prodname_dependabot %} alert that shows the error you have fixed and click **Create {% data variables.product.prodname_dependabot %} security update**. +- **版本更新**—在仓库的 **Insights(洞察)**选项卡上单击 **Dependency graph(依赖项图)**,然后单击 **Dependabot** 选项卡。 单击 **Last checked *TIME* ago**(上次检查时间以前),查看 {% data variables.product.prodname_dependabot %} 在上次检查版本更新时生成的日志文件。 单击 **Check for Updates(检查更新)**。 + +## 延伸阅读 + +- "[Troubleshooting the dependency graph](/code-security/supply-chain-security/understanding-your-software-supply-chain/troubleshooting-the-dependency-graph)" +- "[漏洞依赖项检测疑难解答](/code-security/dependabot/working-with-dependabot/troubleshooting-the-detection-of-vulnerable-dependencies)" diff --git a/translations/zh-CN/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/troubleshooting-the-detection-of-vulnerable-dependencies.md b/translations/zh-CN/content/code-security/dependabot/working-with-dependabot/troubleshooting-the-detection-of-vulnerable-dependencies.md similarity index 70% rename from translations/zh-CN/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/troubleshooting-the-detection-of-vulnerable-dependencies.md rename to translations/zh-CN/content/code-security/dependabot/working-with-dependabot/troubleshooting-the-detection-of-vulnerable-dependencies.md index 4a967cf2fb..722d2e48bd 100644 --- a/translations/zh-CN/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/troubleshooting-the-detection-of-vulnerable-dependencies.md +++ b/translations/zh-CN/content/code-security/dependabot/working-with-dependabot/troubleshooting-the-detection-of-vulnerable-dependencies.md @@ -1,10 +1,11 @@ --- title: Troubleshooting the detection of vulnerable dependencies intro: 'If the dependency information reported by {% data variables.product.product_name %} is not what you expected, there are a number of points to consider, and various things you can check.' -shortTitle: Troubleshoot detection +shortTitle: Troubleshoot vulnerability detection redirect_from: - /github/managing-security-vulnerabilities/troubleshooting-the-detection-of-vulnerable-dependencies - /code-security/supply-chain-security/troubleshooting-the-detection-of-vulnerable-dependencies + - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/troubleshooting-the-detection-of-vulnerable-dependencies versions: fpt: '*' ghes: '*' @@ -19,26 +20,31 @@ topics: - Security updates - Dependencies - Vulnerabilities - - Dependency graph - - Alerts - CVEs - Repositories --- {% data reusables.dependabot.beta-security-and-version-updates %} - -The results of dependency detection reported by {% data variables.product.product_name %} may be different from the results returned by other tools. There are good reasons for this and it's helpful to understand how {% data variables.product.prodname_dotcom %} determines dependencies for your project. +{% data reusables.dependabot.result-discrepancy %} ## Why do some dependencies seem to be missing? {% data variables.product.prodname_dotcom %} generates and displays dependency data differently than other tools. Consequently, if you've been using another tool to identify dependencies you will almost certainly see different results. Consider the following: * {% data variables.product.prodname_advisory_database %} is one of the data sources that {% data variables.product.prodname_dotcom %} uses to identify vulnerable dependencies. It's a free, curated database of vulnerability information for common package ecosystems on {% data variables.product.prodname_dotcom %}. It includes both data reported directly to {% data variables.product.prodname_dotcom %} from {% data variables.product.prodname_security_advisories %}, as well as official feeds and community sources. This data is reviewed and curated by {% data variables.product.prodname_dotcom %} to ensure that false or unactionable information is not shared with the development community. {% data reusables.security-advisory.link-browsing-advisory-db %} -* The dependency graph parses all known package manifest files in a user’s repository. For example, for npm it will parse the _package-lock.json_ file. It constructs a graph of all of the repository’s dependencies and public dependents. This happens when you enable the dependency graph and when anyone pushes to the default branch, and it includes commits that makes changes to a supported manifest format. For more information, see "[About the dependency graph](/github/visualizing-repository-data-with-graphs/about-the-dependency-graph)." -* {% data variables.product.prodname_dependabot %} scans any push, to the default branch, that contains a manifest file. When a new vulnerability record is added, it scans all existing repositories and generates an alert for each vulnerable repository. {% data variables.product.prodname_dependabot_alerts %} are aggregated at the repository level, rather than creating one alert per vulnerability. For more information, see "[About alerts for vulnerable dependencies](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)." +* The dependency graph parses all known package manifest files in a user’s repository. For example, for npm it will parse the _package-lock.json_ file. It constructs a graph of all of the repository’s dependencies and public dependents. This happens when you enable the dependency graph and when anyone pushes to the default branch, and it includes commits that makes changes to a supported manifest format. For more information, see "[About the dependency graph](/github/visualizing-repository-data-with-graphs/about-the-dependency-graph)" and "[Troubleshooting the dependency graph](/code-security/supply-chain-security/understanding-your-software-supply-chain/troubleshooting-the-dependency-graph)." +* {% data variables.product.prodname_dependabot %} scans any push, to the default branch, that contains a manifest file. When a new vulnerability record is added, it scans all existing repositories and generates an alert for each vulnerable repository. {% data variables.product.prodname_dependabot_alerts %} are aggregated at the repository level, rather than creating one alert per vulnerability. For more information, see "[About {% data variables.product.prodname_dependabot_alerts %}](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)." * {% ifversion fpt or ghec or ghes > 3.2 %}{% data variables.product.prodname_dependabot_security_updates %} are triggered when you receive an alert about a vulnerable dependency in your repository. Where possible, {% data variables.product.prodname_dependabot %} creates a pull request in your repository to upgrade the vulnerable dependency to the minimum possible secure version needed to avoid the vulnerability. For more information, see "[About {% data variables.product.prodname_dependabot_security_updates %}](/github/managing-security-vulnerabilities/about-dependabot-security-updates)" and "[Troubleshooting {% data variables.product.prodname_dependabot %} errors](/github/managing-security-vulnerabilities/troubleshooting-dependabot-errors)." - {% endif %}{% data variables.product.prodname_dependabot %} doesn't scan repositories for vulnerable dependencies on a schedule, but rather when something changes. For example, a scan is triggered when a new dependency is added ({% data variables.product.prodname_dotcom %} checks for this on every push), or when a new vulnerability is added to the advisory database{% ifversion ghes or ghae-issue-4864 %} and synchronized to {% data variables.product.product_location %}{% endif %}. For more information, see "[About alerts for vulnerable dependencies](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies#detection-of-vulnerable-dependencies)." + {% endif %}{% data variables.product.prodname_dependabot %} doesn't scan repositories for vulnerable dependencies on a schedule, but rather when something changes. For example, a scan is triggered when a new dependency is added ({% data variables.product.prodname_dotcom %} checks for this on every push), or when a new vulnerability is added to the advisory database{% ifversion ghes or ghae-issue-4864 %} and synchronized to {% data variables.product.product_location %}{% endif %}. For more information, see "[About {% data variables.product.prodname_dependabot_alerts %}](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies#detection-of-vulnerable-dependencies)." + +## Do {% data variables.product.prodname_dependabot_alerts %} only relate to vulnerable dependencies in manifests and lockfiles? + +{% data variables.product.prodname_dependabot_alerts %} advise you about dependencies you should update, including transitive dependencies, where the version can be determined from a manifest or a lockfile. {% ifversion fpt or ghec or ghes > 3.2 %}{% data variables.product.prodname_dependabot_security_updates %} only suggest a change where {% data variables.product.prodname_dependabot %} can directly "fix" the dependency, that is, when these are: +* Direct dependencies explicitly declared in a manifest or lockfile +* Transitive dependencies declared in a lockfile{% endif %} + +**Check**: Is the uncaught vulnerability for a component that's not specified in the repository's manifest or lockfile? ## Why don't I get vulnerability alerts for some ecosystems? @@ -48,44 +54,6 @@ It's worth noting that {% data variables.product.prodname_dotcom %} Security Adv **Check**: Does the uncaught vulnerability apply to an unsupported ecosystem? -## Does the dependency graph only find dependencies in manifests and lockfiles? - -The dependency graph includes information on dependencies that are explicitly declared in your environment. That is, dependencies that are specified in a manifest or a lockfile. The dependency graph generally also includes transitive dependencies, even when they aren't specified in a lockfile, by looking at the dependencies of the dependencies in a manifest file. - -{% data variables.product.prodname_dependabot_alerts %} advise you about dependencies you should update, including transitive dependencies, where the version can be determined from a manifest or a lockfile. {% ifversion fpt or ghec or ghes > 3.2 %}{% data variables.product.prodname_dependabot_security_updates %} only suggest a change where {% data variables.product.prodname_dependabot %} can directly "fix" the dependency, that is, when these are: -* Direct dependencies explicitly declared in a manifest or lockfile -* Transitive dependencies declared in a lockfile{% endif %} - -The dependency graph doesn't include "loose" dependencies. "Loose" dependencies are individual files that are copied from another source and checked into the repository directly or within an archive (such as a ZIP or JAR file), rather than being referenced by in a package manager’s manifest or lockfile. - -**Check**: Is the uncaught vulnerability for a component that's not specified in the repository's manifest or lockfile? - -## Does the dependency graph detect dependencies specified using variables? - -The dependency graph analyzes manifests as they’re pushed to {% data variables.product.prodname_dotcom %}. The dependency graph doesn't, therefore, have access to the build environment of the project, so it can't resolve variables used within manifests. If you use variables within a manifest to specify the name, or more commonly the version of a dependency, then that dependency will not be included in the dependency graph. - -**Check**: Is the missing dependency declared in the manifest by using a variable for its name or version? - -## Are there limits which affect the dependency graph data? - -Yes, the dependency graph has two categories of limits: - -1. **Processing limits** - - These affect the dependency graph displayed within {% data variables.product.prodname_dotcom %} and also prevent {% data variables.product.prodname_dependabot_alerts %} being created. - - Manifests over 0.5 MB in size are only processed for enterprise accounts. For other accounts, manifests over 0.5 MB are ignored and will not create {% data variables.product.prodname_dependabot_alerts %}. - - By default, {% data variables.product.prodname_dotcom %} will not process more than 20 manifests per repository. {% data variables.product.prodname_dependabot_alerts %} are not created for manifests beyond this limit. If you need to increase the limit, contact {% data variables.contact.contact_support %}. - -2. **Visualization limits** - - These affect what's displayed in the dependency graph within {% data variables.product.prodname_dotcom %}. However, they don't affect the {% data variables.product.prodname_dependabot_alerts %} that are created. - - The Dependencies view of the dependency graph for a repository only displays 100 manifests. Typically this is adequate as it is significantly higher than the processing limit described above. In situations where the processing limit is over 100, {% data variables.product.prodname_dependabot_alerts %} are still created for any manifests that are not shown within {% data variables.product.prodname_dotcom %}. - -**Check**: Is the missing dependency in a manifest file that's over 0.5 MB, or in a repository with a large number of manifests? - ## Does {% data variables.product.prodname_dependabot %} generate alerts for vulnerabilities that have been known for many years? The {% data variables.product.prodname_advisory_database %} was launched in November 2019, and initially back-filled to include vulnerability information for the supported ecosystems, starting from 2017. When adding CVEs to the database, we prioritize curating newer CVEs, and CVEs affecting newer versions of software. @@ -118,7 +86,8 @@ The {% data variables.product.prodname_dependabot_alerts %} count in {% data var ## Further reading -- "[About alerts for vulnerable dependencies](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)" -- "[Viewing and updating vulnerable dependencies in your repository](/github/managing-security-vulnerabilities/viewing-and-updating-vulnerable-dependencies-in-your-repository)" -- "[Managing security and analysis settings for your repository](/github/administering-a-repository/managing-security-and-analysis-settings-for-your-repository)"{% ifversion fpt or ghec or ghes > 3.2 %} +- "[About {% data variables.product.prodname_dependabot_alerts %}](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)" +- "[Viewing {% data variables.product.prodname_dependabot_alerts %} for vulnerable dependencies](/github/managing-security-vulnerabilities/viewing-and-updating-vulnerable-dependencies-in-your-repository)" +- "[Managing security and analysis settings for your repository](/github/administering-a-repository/managing-security-and-analysis-settings-for-your-repository)" +- "[Troubleshooting the dependency graph](/code-security/supply-chain-security/understanding-your-software-supply-chain/troubleshooting-the-dependency-graph)"{% ifversion fpt or ghec or ghes > 3.2 %} - "[Troubleshooting {% data variables.product.prodname_dependabot %} errors](/github/managing-security-vulnerabilities/troubleshooting-dependabot-errors)"{% endif %} diff --git a/translations/zh-CN/content/code-security/getting-started/github-security-features.md b/translations/zh-CN/content/code-security/getting-started/github-security-features.md index 19655b0a18..21c6e0e3f7 100644 --- a/translations/zh-CN/content/code-security/getting-started/github-security-features.md +++ b/translations/zh-CN/content/code-security/getting-started/github-security-features.md @@ -37,7 +37,7 @@ Privately discuss and fix security vulnerabilities in your repository's code. Yo ### {% data variables.product.prodname_dependabot_alerts %} and security updates -View alerts about dependencies that are known to contain security vulnerabilities, and choose whether to have pull requests generated automatically to update these dependencies. For more information, see "[About alerts for vulnerable dependencies](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)" +View alerts about dependencies that are known to contain security vulnerabilities, and choose whether to have pull requests generated automatically to update these dependencies. For more information, see "[About {% data variables.product.prodname_dependabot_alerts %}](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)" and "[About {% data variables.product.prodname_dependabot_security_updates %}](/github/managing-security-vulnerabilities/about-dependabot-security-updates)." {% endif %} @@ -46,7 +46,7 @@ and "[About {% data variables.product.prodname_dependabot_security_updates %}](/ {% data reusables.dependabot.dependabot-alerts-beta %} -View alerts about dependencies that are known to contain security vulnerabilities, and manage these alerts. For more information, see "[About alerts for vulnerable dependencies](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)." +View alerts about dependencies that are known to contain security vulnerabilities, and manage these alerts. For more information, see "[About {% data variables.product.prodname_dependabot_alerts %}](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)." {% endif %} {% ifversion fpt or ghec or ghes > 3.2 %} diff --git a/translations/zh-CN/content/code-security/getting-started/securing-your-organization.md b/translations/zh-CN/content/code-security/getting-started/securing-your-organization.md index bd40761fce..667abbef44 100644 --- a/translations/zh-CN/content/code-security/getting-started/securing-your-organization.md +++ b/translations/zh-CN/content/code-security/getting-started/securing-your-organization.md @@ -48,7 +48,7 @@ You can create a default security policy that will display in any of your organi {% data reusables.dependabot.dependabot-alerts-beta %} {% data reusables.dependabot.dependabot-alerts-dependency-graph-enterprise %} -For more information, see "[About alerts for vulnerable dependencies](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)," "[Exploring the dependencies of a repository](/code-security/supply-chain-security/exploring-the-dependencies-of-a-repository#enabling-and-disabling-the-dependency-graph-for-a-private-repository)," and "[Managing security and analysis settings for your organization](/organizations/keeping-your-organization-secure/managing-security-and-analysis-settings-for-your-organization)." +For more information, see "[About {% data variables.product.prodname_dependabot_alerts %}](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)," "[Exploring the dependencies of a repository](/code-security/supply-chain-security/exploring-the-dependencies-of-a-repository#enabling-and-disabling-the-dependency-graph-for-a-private-repository)," and "[Managing security and analysis settings for your organization](/organizations/keeping-your-organization-secure/managing-security-and-analysis-settings-for-your-organization)." {% endif %} {% ifversion fpt or ghes > 3.1 or ghae-issue-4864 or ghec %} @@ -79,7 +79,7 @@ For more information, see "[About {% data variables.product.prodname_dependabot_ You can enable {% data variables.product.prodname_dependabot %} to automatically raise pull requests to keep your dependencies up-to-date. For more information, see "[About {% data variables.product.prodname_dependabot_version_updates %}](/code-security/supply-chain-security/about-dependabot-version-updates)." -To enable {% data variables.product.prodname_dependabot_version_updates %}, you must create a *dependabot.yml* configuration file. For more information, see "[Enabling and disabling {% data variables.product.prodname_dependabot %} version updates](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-dependabot-version-updates)." +To enable {% data variables.product.prodname_dependabot_version_updates %}, you must create a *dependabot.yml* configuration file. For more information, see "[Configuring {% data variables.product.prodname_dependabot %} version updates](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-dependabot-version-updates)." {% endif %} @@ -135,7 +135,7 @@ For more information, see "[Managing security and analysis settings for your org ## Next steps {% ifversion fpt or ghes > 3.1 or ghec %}You can view, filter, and sort security alerts for repositories owned by your organization in the security overview. For more information, see "[About the security overview](/code-security/security-overview/about-the-security-overview)."{% endif %} -You can view and manage alerts from security features to address dependencies and vulnerabilities in your code. For more information, see {% ifversion fpt or ghes or ghec %} "[Viewing and updating vulnerable dependencies in your repository](/code-security/supply-chain-security/viewing-and-updating-vulnerable-dependencies-in-your-repository),"{% endif %} {% ifversion fpt or ghec or ghes > 3.2 %}"[Managing pull requests for dependency updates](/code-security/supply-chain-security/managing-pull-requests-for-dependency-updates)," {% endif %}"[Managing {% data variables.product.prodname_code_scanning %} for your repository](/code-security/secure-coding/managing-code-scanning-alerts-for-your-repository)," and "[Managing alerts from {% data variables.product.prodname_secret_scanning %}](/code-security/secret-security/managing-alerts-from-secret-scanning)." +You can view and manage alerts from security features to address dependencies and vulnerabilities in your code. For more information, see {% ifversion fpt or ghes or ghec %} "[Viewing {% data variables.product.prodname_dependabot_alerts %} for vulnerable dependencies](/code-security/supply-chain-security/viewing-and-updating-vulnerable-dependencies-in-your-repository),"{% endif %} {% ifversion fpt or ghec or ghes > 3.2 %}"[Managing pull requests for dependency updates](/code-security/supply-chain-security/managing-pull-requests-for-dependency-updates)," {% endif %}"[Managing {% data variables.product.prodname_code_scanning %} for your repository](/code-security/secure-coding/managing-code-scanning-alerts-for-your-repository)," and "[Managing alerts from {% data variables.product.prodname_secret_scanning %}](/code-security/secret-security/managing-alerts-from-secret-scanning)." {% ifversion fpt or ghec %}If you have a security vulnerability, you can create a security advisory to privately discuss and fix the vulnerability. For more information, see "[About {% data variables.product.prodname_security_advisories %}](/code-security/security-advisories/about-github-security-advisories)" and "[Creating a security advisory](/code-security/security-advisories/creating-a-security-advisory)." {% endif %} diff --git a/translations/zh-CN/content/code-security/getting-started/securing-your-repository.md b/translations/zh-CN/content/code-security/getting-started/securing-your-repository.md index 293eb3185b..1073b342f8 100644 --- a/translations/zh-CN/content/code-security/getting-started/securing-your-repository.md +++ b/translations/zh-CN/content/code-security/getting-started/securing-your-repository.md @@ -75,7 +75,7 @@ For more information, see "[Exploring the dependencies of a repository](/code-se {% data reusables.dependabot.dependabot-alerts-beta %} {% data reusables.dependabot.dependabot-alerts-dependency-graph-enterprise %} -For more information, see "[About alerts for vulnerable dependencies](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies){% ifversion fpt or ghec %}" and "[Managing security and analysis settings for your user account](/github/setting-up-and-managing-your-github-user-account/managing-security-and-analysis-settings-for-your-user-account){% endif %}." +For more information, see "[About {% data variables.product.prodname_dependabot_alerts %}](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies){% ifversion fpt or ghec %}" and "[Managing security and analysis settings for your user account](/github/setting-up-and-managing-your-github-user-account/managing-security-and-analysis-settings-for-your-user-account){% endif %}." {% endif %} @@ -111,7 +111,7 @@ For more information, see "[About {% data variables.product.prodname_dependabot_ You can enable {% data variables.product.prodname_dependabot %} to automatically raise pull requests to keep your dependencies up-to-date. For more information, see "[About {% data variables.product.prodname_dependabot_version_updates %}](/code-security/supply-chain-security/about-dependabot-version-updates)." -To enable {% data variables.product.prodname_dependabot_version_updates %}, you must create a *dependabot.yml* configuration file. For more information, see "[Enabling and disabling {% data variables.product.prodname_dependabot %} version updates](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-dependabot-version-updates)." +To enable {% data variables.product.prodname_dependabot_version_updates %}, you must create a *dependabot.yml* configuration file. For more information, see "[Configuring {% data variables.product.prodname_dependabot %} version updates](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-dependabot-version-updates)." {% endif %} @@ -132,7 +132,7 @@ You can set up {% data variables.product.prodname_code_scanning %} to automatica {% endif %} ## Next steps -You can view and manage alerts from security features to address dependencies and vulnerabilities in your code. For more information, see {% ifversion fpt or ghes or ghec %} "[Viewing and updating vulnerable dependencies in your repository](/code-security/supply-chain-security/viewing-and-updating-vulnerable-dependencies-in-your-repository),"{% endif %} {% ifversion fpt or ghec or ghes > 3.2 %}"[Managing pull requests for dependency updates](/code-security/supply-chain-security/managing-pull-requests-for-dependency-updates)," {% endif %}"[Managing {% data variables.product.prodname_code_scanning %} for your repository](/code-security/secure-coding/managing-code-scanning-alerts-for-your-repository)," and "[Managing alerts from {% data variables.product.prodname_secret_scanning %}](/code-security/secret-security/managing-alerts-from-secret-scanning)." +You can view and manage alerts from security features to address dependencies and vulnerabilities in your code. For more information, see {% ifversion fpt or ghes or ghec %} "[Viewing {% data variables.product.prodname_dependabot_alerts %} for vulnerable dependencies](/code-security/supply-chain-security/viewing-and-updating-vulnerable-dependencies-in-your-repository),"{% endif %} {% ifversion fpt or ghec or ghes > 3.2 %}"[Managing pull requests for dependency updates](/code-security/supply-chain-security/managing-pull-requests-for-dependency-updates)," {% endif %}"[Managing {% data variables.product.prodname_code_scanning %} for your repository](/code-security/secure-coding/managing-code-scanning-alerts-for-your-repository)," and "[Managing alerts from {% data variables.product.prodname_secret_scanning %}](/code-security/secret-security/managing-alerts-from-secret-scanning)." {% ifversion fpt or ghec %}If you have a security vulnerability, you can create a security advisory to privately discuss and fix the vulnerability. For more information, see "[About {% data variables.product.prodname_security_advisories %}](/code-security/security-advisories/about-github-security-advisories)" and "[Creating a security advisory](/code-security/security-advisories/creating-a-security-advisory)." {% endif %} diff --git a/translations/zh-CN/content/code-security/guides.md b/translations/zh-CN/content/code-security/guides.md index 93f0b20ade..de54cf01eb 100644 --- a/translations/zh-CN/content/code-security/guides.md +++ b/translations/zh-CN/content/code-security/guides.md @@ -75,7 +75,6 @@ includeGuides: - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/managing-pull-requests-for-dependency-updates - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-alerts-for-vulnerable-dependencies - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-dependabot-security-updates - - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-managing-vulnerable-dependencies - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/browsing-security-vulnerabilities-in-the-github-advisory-database - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/editing-security-advisories-in-the-github-advisory-database - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/configuring-dependabot-security-updates diff --git a/translations/zh-CN/content/code-security/index.md b/translations/zh-CN/content/code-security/index.md index 48ae629624..06f49ecadb 100644 --- a/translations/zh-CN/content/code-security/index.md +++ b/translations/zh-CN/content/code-security/index.md @@ -54,6 +54,7 @@ children: - /code-scanning - /repository-security-advisories - /supply-chain-security + - /dependabot - /security-overview - /guides --- diff --git a/translations/zh-CN/content/code-security/security-overview/about-the-security-overview.md b/translations/zh-CN/content/code-security/security-overview/about-the-security-overview.md index 2fbe1a5db3..2e5433afbc 100644 --- a/translations/zh-CN/content/code-security/security-overview/about-the-security-overview.md +++ b/translations/zh-CN/content/code-security/security-overview/about-the-security-overview.md @@ -28,7 +28,7 @@ shortTitle: 关于安全概述 您可以使用安全概述来简要了解组织的安全状态,或识别需要干预的问题仓库。 您可以在安全概述中查看综合或存储库特定的安全信息。 您还可以使用安全概述来查看为存储库启用了哪些安全功能,并配置当前未使用的任何可用安全功能。 -安全概述指示是否为组织拥有的存储库启用了 {% ifversion fpt or ghes > 3.1 or ghec %}安全{% endif %}{% ifversion ghae %}{% data variables.product.prodname_GH_advanced_security %}{% endif %} 功能,并合并每个功能的警报。{% ifversion fpt or ghes > 3.1 or ghec %} 安全功能包括 {% data variables.product.prodname_GH_advanced_security %} 功能,例如 {% data variables.product.prodname_code_scanning %} 和 {% data variables.product.prodname_secret_scanning %}以及 {% data variables.product.prodname_dependabot_alerts %}。{% endif %} 有关 {% data variables.product.prodname_GH_advanced_security %} 功能的详细信息,请参阅“[关于 {% data variables.product.prodname_GH_advanced_security %}](/get-started/learning-about-github/about-github-advanced-security)”。{% ifversion fpt or ghes > 3.1 or ghec %} 有关 {% data variables.product.prodname_dependabot_alerts %} 的详细信息,请参阅“[关于易受攻击的依赖项的警报](/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-alerts-for-vulnerable-dependencies#dependabot-alerts-for-vulnerable-dependencies)”。{% endif %} +The security overview indicates whether {% ifversion fpt or ghes > 3.1 or ghec %}security{% endif %}{% ifversion ghae %}{% data variables.product.prodname_GH_advanced_security %}{% endif %} features are enabled for repositories owned by your organization and consolidates alerts for each feature.{% ifversion fpt or ghes > 3.1 or ghec %} Security features include {% data variables.product.prodname_GH_advanced_security %} features, such as {% data variables.product.prodname_code_scanning %} and {% data variables.product.prodname_secret_scanning %}, as well as {% data variables.product.prodname_dependabot_alerts %}.{% endif %} For more information about {% data variables.product.prodname_GH_advanced_security %} features, see "[About {% data variables.product.prodname_GH_advanced_security %}](/get-started/learning-about-github/about-github-advanced-security)."{% ifversion fpt or ghes > 3.1 or ghec %} For more information about {% data variables.product.prodname_dependabot_alerts %}, see "[About {% data variables.product.prodname_dependabot_alerts %}](/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-alerts-for-vulnerable-dependencies#dependabot-alerts-for-vulnerable-dependencies)."{% endif %} 有关在存储库和组织级别保护代码的详细信息,请参阅“[保护存储库](/code-security/getting-started/securing-your-repository)”和“[保护组织](/code-security/getting-started/securing-your-organization)”。 @@ -50,13 +50,13 @@ shortTitle: 关于安全概述 ![安全概述中的图标](/assets/images/help/organizations/security-overview-icons.png) -| 图标 | 含义 | -| ------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| {% octicon "code-square" aria-label="Code scanning alerts" %} | {% data variables.product.prodname_code_scanning_capc %} 警报. 更多信息请参阅“[关于 {% data variables.product.prodname_code_scanning %}](/code-security/secure-coding/about-code-scanning)”。 | -| {% octicon "key" aria-label="Secret scanning alerts" %} | {% data variables.product.prodname_secret_scanning_caps %} 警报. 更多信息请参阅“[关于 {% data variables.product.prodname_secret_scanning %}](/code-security/secret-security/about-secret-scanning)”。 | -| {% octicon "hubot" aria-label="Dependabot alerts" %} | {% data variables.product.prodname_dependabot_alerts %} 的通知。 更多信息请参阅“[关于易受攻击的依赖项的警报](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)”。 | -| {% octicon "check" aria-label="Check" %} | 安全功能已启用,但不会在此存储库中引发警报。 | -| {% octicon "x" aria-label="x" %} | 此存储库不支持该安全功能。 | +| 图标 | 含义 | +| ------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| {% octicon "code-square" aria-label="Code scanning alerts" %} | {% data variables.product.prodname_code_scanning_capc %} 警报. 更多信息请参阅“[关于 {% data variables.product.prodname_code_scanning %}](/code-security/secure-coding/about-code-scanning)”。 | +| {% octicon "key" aria-label="Secret scanning alerts" %} | {% data variables.product.prodname_secret_scanning_caps %} 警报. 更多信息请参阅“[关于 {% data variables.product.prodname_secret_scanning %}](/code-security/secret-security/about-secret-scanning)”。 | +| {% octicon "hubot" aria-label="Dependabot alerts" %} | {% data variables.product.prodname_dependabot_alerts %} 的通知。 For more information, see "[About {% data variables.product.prodname_dependabot_alerts %}](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)." | +| {% octicon "check" aria-label="Check" %} | 安全功能已启用,但不会在此存储库中引发警报。 | +| {% octicon "x" aria-label="x" %} | 此存储库不支持该安全功能。 | 安全概述显示由安全功能引发的活动警报。 如果仓库的安全概述中没有警报,则可能仍然存在未检测到的安全漏洞或代码错误。 diff --git a/translations/zh-CN/content/code-security/supply-chain-security/index.md b/translations/zh-CN/content/code-security/supply-chain-security/index.md index 826b69f825..eaeba9aeb4 100644 --- a/translations/zh-CN/content/code-security/supply-chain-security/index.md +++ b/translations/zh-CN/content/code-security/supply-chain-security/index.md @@ -16,8 +16,6 @@ topics: - Repositories children: - /understanding-your-software-supply-chain - - /keeping-your-dependencies-updated-automatically - - /managing-vulnerabilities-in-your-projects-dependencies - /end-to-end-supply-chain --- diff --git a/translations/zh-CN/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/index.md b/translations/zh-CN/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/index.md deleted file mode 100644 index 78b4febd91..0000000000 --- a/translations/zh-CN/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/index.md +++ /dev/null @@ -1,29 +0,0 @@ ---- -title: 自动更新依赖项 -intro: '{% data variables.product.prodname_dependabot %} 可以自动维护您的仓库的依赖项。' -redirect_from: - - /github/administering-a-repository/keeping-your-dependencies-updated-automatically -versions: - fpt: '*' - ghec: '*' - ghes: '>3.2' -topics: - - Repositories - - Dependabot - - Version updates - - Dependencies - - Pull requests -children: - - /about-dependabot-version-updates - - /enabling-and-disabling-dependabot-version-updates - - /listing-dependencies-configured-for-version-updates - - /managing-pull-requests-for-dependency-updates - - /automating-dependabot-with-github-actions - - /managing-encrypted-secrets-for-dependabot - - /customizing-dependency-updates - - /configuration-options-for-dependency-updates - - /keeping-your-actions-up-to-date-with-dependabot -shortTitle: 自动更新依赖项 ---- - -{% data reusables.dependabot.beta-security-and-version-updates %} diff --git a/translations/zh-CN/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-managing-vulnerable-dependencies.md b/translations/zh-CN/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-managing-vulnerable-dependencies.md deleted file mode 100644 index b7f30cc7b5..0000000000 --- a/translations/zh-CN/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-managing-vulnerable-dependencies.md +++ /dev/null @@ -1,46 +0,0 @@ ---- -title: 关于管理有漏洞依赖项 -intro: '{% data variables.product.product_name %} 有助于避免使用包含已知漏洞的第三方软件。' -redirect_from: - - /github/managing-security-vulnerabilities/about-managing-vulnerable-dependencies - - /code-security/supply-chain-security/about-managing-vulnerable-dependencies -versions: - fpt: '*' - ghes: '>=3.2' - ghae: issue-4864 - ghec: '*' -type: overview -topics: - - Dependabot - - Dependency graph - - Dependency review - - Vulnerabilities - - Repositories - - Dependencies - - Pull requests -shortTitle: 有漏洞的依赖项 ---- - - - -{% data variables.product.product_name %} 提供以下工具来删除和避免有漏洞依赖项。 - -## 依赖关系图 -依赖项图是存储在仓库中的清单和锁定文件的摘要。 它显示您的代码库所依赖的生态系统和软件包(其依赖项)以及依赖于您的项目的仓库和包(其从属项)。 依赖关系图中的信息用于依赖项审查和 {% data variables.product.prodname_dependabot %}。 更多信息请参阅“[关于依赖关系图](/github/visualizing-repository-data-with-graphs/about-the-dependency-graph)”。 - -## 依赖项审查 - -{% data reusables.dependency-review.beta %} - -通过检查拉取请求的依赖项审查,可以避免将依赖项的漏洞引入到代码库中。 如果拉取请求添加了有漏洞依赖项,或者将依赖项更改为有漏洞的版本,这将在依赖项审查中高亮显示。 您可以在合并拉取请求之前将依赖项更改为修补版本。 更多信息请参阅“[关于依赖项审查](/code-security/supply-chain-security/about-dependency-review)”。 - -## {% data variables.product.prodname_dependabot_alerts %} -检测到仓库中存在有漏洞依赖项时,{% data variables.product.product_name %} 可创建 {% data variables.product.prodname_dependabot_alerts %}。 警报显示在仓库的 Security(安全)选项卡上。 该警报包括指向项目中受影响的文件的链接,以及有关修复的版本的信息。 {% data variables.product.product_name %} 还根据仓库维护员的通知首选项通知他们。 更多信息请参阅“[关于易受攻击的依赖项的警报](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)”。 - -{% ifversion fpt or ghec or ghes > 3.2 %} -## {% data variables.product.prodname_dependabot_security_updates %} -当 {% data variables.product.product_name %} 针对仓库中的有漏洞依赖项生成 {% data variables.product.prodname_dependabot %} 警报时,{% data variables.product.prodname_dependabot %} 可以自动尝试为您修复它。 {% data variables.product.prodname_dependabot_security_updates %} 是自动生成的拉取请求,用于将有漏洞依赖项更新到修复版本。 更多信息请参阅“[关于 {% data variables.product.prodname_dependabot_security_updates %}](/github/managing-security-vulnerabilities/about-dependabot-security-updates)”。 - -## {% data variables.product.prodname_dependabot_version_updates %} -启用 {% data variables.product.prodname_dependabot_version_updates %} 帮助您维护依赖项。 有了 {% data variables.product.prodname_dependabot_version_updates %},每当 {% data variables.product.prodname_dotcom %} 发现过时的依赖项,它就会提出拉取请求,以将清单更新到依赖项的最新版本。 而 {% data variables.product.prodname_dependabot_security_updates %} 只是提出拉取请求以修复有漏洞依赖项。 更多信息请参阅“[关于 Dependabot 版本更新](/github/administering-a-repository/about-dependabot-version-updates)”。 -{% endif %} diff --git a/translations/zh-CN/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/index.md b/translations/zh-CN/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/index.md deleted file mode 100644 index a86e842f2d..0000000000 --- a/translations/zh-CN/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/index.md +++ /dev/null @@ -1,36 +0,0 @@ ---- -title: Managing vulnerabilities in your project's dependencies -intro: 'You can track your repository''s dependencies and receive {% data variables.product.prodname_dependabot_alerts %} when {% data variables.product.product_name %} detects vulnerable dependencies.' -redirect_from: - - /articles/updating-your-project-s-dependencies - - /articles/updating-your-projects-dependencies - - /articles/managing-security-vulnerabilities-in-your-projects-dependencies - - /articles/managing-vulnerabilities-in-your-projects-dependencies - - /github/managing-security-vulnerabilities/managing-vulnerabilities-in-your-projects-dependencies -versions: - fpt: '*' - ghes: '*' - ghae: issue-4864 - ghec: '*' -topics: - - Repositories - - Dependabot - - Version updates - - Dependencies - - Pull requests - - Vulnerabilities - - Alerts -children: - - /about-managing-vulnerable-dependencies - - /browsing-security-vulnerabilities-in-the-github-advisory-database - - /editing-security-advisories-in-the-github-advisory-database - - /about-alerts-for-vulnerable-dependencies - - /configuring-notifications-for-vulnerable-dependencies - - /about-dependabot-security-updates - - /configuring-dependabot-security-updates - - /viewing-and-updating-vulnerable-dependencies-in-your-repository - - /troubleshooting-the-detection-of-vulnerable-dependencies - - /troubleshooting-dependabot-errors -shortTitle: Fix vulnerable dependencies ---- - diff --git a/translations/zh-CN/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/troubleshooting-dependabot-errors.md b/translations/zh-CN/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/troubleshooting-dependabot-errors.md deleted file mode 100644 index f0e5dc57aa..0000000000 --- a/translations/zh-CN/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/troubleshooting-dependabot-errors.md +++ /dev/null @@ -1,127 +0,0 @@ ---- -title: Troubleshooting Dependabot errors -intro: 'Sometimes {% data variables.product.prodname_dependabot %} is unable to raise a pull request to update your dependencies. You can review the error and unblock {% data variables.product.prodname_dependabot %}.' -shortTitle: Troubleshoot errors -redirect_from: - - /github/managing-security-vulnerabilities/troubleshooting-github-dependabot-errors - - /github/managing-security-vulnerabilities/troubleshooting-dependabot-errors - - /code-security/supply-chain-security/troubleshooting-dependabot-errors -versions: - fpt: '*' - ghec: '*' - ghes: '>3.2' -type: how_to -topics: - - Dependabot - - Security updates - - Version updates - - Repositories - - Pull requests - - Troubleshooting - - Errors - - Dependencies ---- - -{% data reusables.dependabot.beta-security-and-version-updates %} - -{% data reusables.dependabot.enterprise-enable-dependabot %} - -## About {% data variables.product.prodname_dependabot %} errors - -{% data reusables.dependabot.pull-request-introduction %} - -If anything prevents {% data variables.product.prodname_dependabot %} from raising a pull request, this is reported as an error. - -## Investigating errors with {% data variables.product.prodname_dependabot_security_updates %} - -When {% data variables.product.prodname_dependabot %} is blocked from creating a pull request to fix a {% data variables.product.prodname_dependabot %} alert, it posts the error message on the alert. The {% data variables.product.prodname_dependabot_alerts %} view shows a list of any alerts that have not been resolved yet. To access the alerts view, click **{% data variables.product.prodname_dependabot_alerts %}** on the **Security** tab for the repository. Where a pull request that will fix the vulnerable dependency has been generated, the alert includes a link to that pull request. - -![{% data variables.product.prodname_dependabot_alerts %} view showing a pull request link](/assets/images/help/dependabot/dependabot-alert-pr-link.png) - -There are three reasons why an alert may have no pull request link: - -1. {% data variables.product.prodname_dependabot_security_updates %} are not enabled for the repository. -1. The alert is for an indirect or transitive dependency that is not explicitly defined in a lock file. -1. An error blocked {% data variables.product.prodname_dependabot %} from creating a pull request. - -If an error blocked {% data variables.product.prodname_dependabot %} from creating a pull request, you can display details of the error by clicking the alert. - -## Investigating errors with {% data variables.product.prodname_dependabot_version_updates %} - -When {% data variables.product.prodname_dependabot %} is blocked from creating a pull request to update a dependency in an ecosystem, it posts the error icon on the manifest file. The manifest files that are managed by {% data variables.product.prodname_dependabot %} are listed on the {% data variables.product.prodname_dependabot %} tab. To access this tab, on the **Insights** tab for the repository click **Dependency graph**, and then click the **{% data variables.product.prodname_dependabot %}** tab. - -![{% data variables.product.prodname_dependabot %} view showing an error](/assets/images/help/dependabot/dependabot-tab-view-error.png) - -{% ifversion fpt or ghec %} - -To see the log file for any manifest file, click the **Last checked TIME ago** link. When you display the log file for a manifest that's shown with an error symbol (for example, Maven in the screenshot above), any errors are also displayed. - -![{% data variables.product.prodname_dependabot %} version update error and log ](/assets/images/help/dependabot/dependabot-version-update-error.png) - -{% else %} - -To see the logs for any manifest file, click the **Last checked TIME ago** link, and then click **View logs**. - -![{% data variables.product.prodname_dependabot %} version update error and log ](/assets/images/enterprise/3.3/dependabot/dependabot-version-update-error.png) - -{% endif %} - -## Understanding {% data variables.product.prodname_dependabot %} errors - -Pull requests for security updates act to upgrade a vulnerable dependency to the minimum version that includes a fix for the vulnerability. In contrast, pull requests for version updates act to upgrade a dependency to the latest version allowed by the package manifest and {% data variables.product.prodname_dependabot %} configuration files. Consequently, some errors are specific to one type of update. - -### {% data variables.product.prodname_dependabot %} cannot update DEPENDENCY to a non-vulnerable version - -**Security updates only.** {% data variables.product.prodname_dependabot %} cannot create a pull request to update the vulnerable dependency to a secure version without breaking other dependencies in the dependency graph for this repository. - -Every application that has dependencies has a dependency graph, that is, a directed acyclic graph of every package version that the application directly or indirectly depends on. Every time a dependency is updated, this graph must resolve otherwise the application won't build. When an ecosystem has a deep and complex dependency graph, for example, npm and RubyGems, it is often impossible to upgrade a single dependency without upgrading the whole ecosystem. - -The best way to avoid this problem is to stay up to date with the most recently released versions, for example, by enabling version updates. This increases the likelihood that a vulnerability in one dependency can be resolved by a simple upgrade that doesn't break the dependency graph. For more information, see "[Enabling and disabling {% data variables.product.prodname_dependabot %} version updates](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-dependabot-version-updates)." - -### {% data variables.product.prodname_dependabot %} cannot update to the required version as there is already an open pull request for the latest version - -**Security updates only.** {% data variables.product.prodname_dependabot %} will not create a pull request to update the vulnerable dependency to a secure version because there is already an open pull request to update this dependency. You will see this error when a vulnerability is detected in a single dependency and there's already an open pull request to update the dependency to the latest version. - -There are two options: you can review the open pull request and merge it as soon as you are confident that the change is safe, or close that pull request and trigger a new security update pull request. For more information, see "[Triggering a {% data variables.product.prodname_dependabot %} pull request manually](#triggering-a-dependabot-pull-request-manually)." - -### {% data variables.product.prodname_dependabot %} timed out during its update - -{% data variables.product.prodname_dependabot %} took longer than the maximum time allowed to assess the update required and prepare a pull request. This error is usually seen only for large repositories with many manifest files, for example, npm or yarn monorepo projects with hundreds of *package.json* files. Updates to the Composer ecosystem also take longer to assess and may time out. - -This error is difficult to address. If a version update times out, you could specify the most important dependencies to update using the `allow` parameter or, alternatively, use the `ignore` parameter to exclude some dependencies from updates. Updating your configuration might allow {% data variables.product.prodname_dependabot %} to review the version update and generate the pull request in the time available. - -If a security update times out, you can reduce the chances of this happening by keeping the dependencies updated, for example, by enabling version updates. For more information, see "[Enabling and disabling {% data variables.product.prodname_dependabot %} version updates](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-dependabot-version-updates)." - -### {% data variables.product.prodname_dependabot %} cannot open any more pull requests - -There's a limit on the number of open pull requests {% data variables.product.prodname_dependabot %} will generate. When this limit is reached, no new pull requests are opened and this error is reported. The best way to resolve this error is to review and merge some of the open pull requests. - -There are separate limits for security and version update pull requests, so that open version update pull requests cannot block the creation of a security update pull request. The limit for security update pull requests is 10. By default, the limit for version updates is 5 but you can change this using the `open-pull-requests-limit` parameter in the configuration file. For more information, see "[Configuration options for dependency updates](/github/administering-a-repository/configuration-options-for-dependency-updates#open-pull-requests-limit)." - -The best way to resolve this error is to merge or close some of the existing pull requests and trigger a new pull request manually. For more information, see "[Triggering a {% data variables.product.prodname_dependabot %} pull request manually](#triggering-a-dependabot-pull-request-manually)." - -### {% data variables.product.prodname_dependabot %} can't resolve or access your dependencies - -If {% data variables.product.prodname_dependabot %} attempts to check whether dependency references need to be updated in a repository, but can't access one or more of the referenced files, the operation will fail with the error message "{% data variables.product.prodname_dependabot %} can't resolve your LANGUAGE dependency files." The API error type is `git_dependencies_not_reachable`. - -Similarly, if {% data variables.product.prodname_dependabot %} can't access a private package registry in which a dependency is located, one of the following errors is generated: - -* "Dependabot can't reach a dependency in a private package registry"
- (API error type: `private_source_not_reachable`) -* "Dependabot can't authenticate to a private package registry"
- (API error type:`private_source_authentication_failure`) -* "Dependabot timed out while waiting for a private package registry"
- (API error type:`private_source_timed_out`) -* "Dependabot couldn't validate the certificate for a private package registry"
- (API error type:`private_source_certificate_failure`) - -To allow {% data variables.product.prodname_dependabot %} to update the dependency references successfully, make sure that all of the referenced dependencies are hosted at accessible locations. - -**Version updates only.** {% data reusables.dependabot.private-dependencies-note %} Additionally, {% data variables.product.prodname_dependabot %} doesn't support private {% data variables.product.prodname_dotcom %} dependencies for all package managers. For more information, see "[About Dependabot version updates](/github/administering-a-repository/about-dependabot-version-updates#supported-repositories-and-ecosystems)." - -## Triggering a {% data variables.product.prodname_dependabot %} pull request manually - -If you unblock {% data variables.product.prodname_dependabot %}, you can manually trigger a fresh attempt to create a pull request. - -- **Security updates**—display the {% data variables.product.prodname_dependabot %} alert that shows the error you have fixed and click **Create {% data variables.product.prodname_dependabot %} security update**. -- **Version updates**—on the **Insights** tab for the repository click **Dependency graph**, and then click the **Dependabot** tab. Click **Last checked *TIME* ago** to see the log file that {% data variables.product.prodname_dependabot %} generated during the last check for version updates. Click **Check for updates**. diff --git a/translations/zh-CN/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review.md b/translations/zh-CN/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review.md index 85377a49ac..5c49728aa8 100644 --- a/translations/zh-CN/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review.md +++ b/translations/zh-CN/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review.md @@ -41,7 +41,7 @@ redirect_from: 通过检查拉取请求中的依赖项审查并更改被标记为有漏洞的任何依赖项,可以避免将漏洞添加到项目中。 有关依赖项审查工作的更多信息,请参阅“[审查拉取请求中的依赖项更改](/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/reviewing-dependency-changes-in-a-pull-request)”。 -{% data variables.product.prodname_dependabot_alerts %} 将会查找依赖项中存在的漏洞,但避免引入潜在问题比在以后修复它们要好得多。 有关 {% data variables.product.prodname_dependabot_alerts %} 的更多信息,请参阅“[关于有漏洞依赖项的警报](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies#dependabot-alerts-for-vulnerable-dependencies)”。 +{% data variables.product.prodname_dependabot_alerts %} 将会查找依赖项中存在的漏洞,但避免引入潜在问题比在以后修复它们要好得多。 有关 {% data variables.product.prodname_dependabot_alerts %} 的更多信息,请参阅“[关于 {% data variables.product.prodname_dependabot_alerts %}](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies#dependabot-alerts-for-vulnerable-dependencies)”。 依赖项审查支持与依赖关系图相同的语言和包管理生态系统。 更多信息请参阅“[关于依赖关系图](/github/visualizing-repository-data-with-graphs/about-the-dependency-graph#supported-package-ecosystems)”。 diff --git a/translations/zh-CN/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-supply-chain-security.md b/translations/zh-CN/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-supply-chain-security.md new file mode 100644 index 0000000000..6ff3e6e9ed --- /dev/null +++ b/translations/zh-CN/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-supply-chain-security.md @@ -0,0 +1,156 @@ +--- +title: About supply chain security +intro: '{% data variables.product.product_name %} helps you secure your supply chain, from understanding the dependencies in your environment, to knowing about vulnerabilities in those dependencies{% ifversion fpt or ghec or ghes > 3.2 %}, and patching them{% endif %}.' +miniTocMaxHeadingLevel: 3 +shortTitle: Supply chain security +redirect_from: + - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies +versions: + fpt: '*' + ghes: '*' + ghae: issue-4864 + ghec: '*' +type: overview +topics: + - Advanced Security + - Dependency review + - Dependency graph + - Vulnerabilities + - Dependencies + - Pull requests + - Repositories +--- + +## About supply chain security at GitHub + +With the accelerated use of open source, most projects depend on hundreds of open-source dependencies. This poses a security problem: what if the dependencies you're using are vulnerable? You could be putting your users at risk of a supply chain attack. One of the most important things you can do to protect your supply chain is to patch your vulnerabilities. + +You add dependencies directly to your supply chain when you specify them in a manifest file or a lockfile. Dependencies can also be included transitively, that is, even if you don’t specify a particular dependency, but a dependency of yours uses it, then you’re also dependent on that dependency. + +{% data variables.product.product_name %} offers a range of features to help you understand the dependencies in your environment{% ifversion ghes < 3.3 or ghae %} and know about vulnerabilities in those dependencies{% endif %}{% ifversion fpt or ghec or ghes > 3.2 %}, know about vulnerabilities in those dependencies, and patch them{% endif %}. + +The supply chain features on {% data variables.product.product_name %} are: +- **Dependency graph** +{% ifversion fpt or ghec or ghes > 3.1 or ghae %}- **Dependency review**{% endif %} +- **{% data variables.product.prodname_dependabot_alerts %} ** +{% ifversion fpt or ghec or ghes > 3.2 %}- **{% data variables.product.prodname_dependabot_updates %}** + - **{% data variables.product.prodname_dependabot_security_updates %}** + - **{% data variables.product.prodname_dependabot_version_updates %}**{% endif %} + +The dependency graph is central to supply chain security. The dependency graph identifies all upstream dependencies and public downstream dependents of a repository or package. You can see your repository’s dependencies and some of their properties, like vulnerability information, on the dependency graph for the repository. + +{% ifversion fpt or ghec or ghes > 3.1 or ghae %} +Other supply chain features on {% data variables.product.prodname_dotcom %} rely on the information provided by the dependency graph. + +- Dependency review uses the dependency graph to identify dependency changes and help you understand the security impact of these changes when you review pull requests. +- {% data variables.product.prodname_dependabot %} cross-references dependency data provided by the dependency graph with the list of known vulnerabilities published in the {% data variables.product.prodname_advisory_database %}, scans your dependecies and generates {% data variables.product.prodname_dependabot_alerts %} when a potential vulnerability is detected. +{% ifversion fpt or ghec or ghes > 3.2 %}- {% data variables.product.prodname_dependabot_security_updates %} use the dependency graph and {% data variables.product.prodname_dependabot_alerts %} to help you update dependencies with known vulnerabilities in your repository. + +{% data variables.product.prodname_dependabot_version_updates %} don't use the dependency graph and rely on the semantic versioning of dependencies instead. {% data variables.product.prodname_dependabot_version_updates %} help you keep your dependencies updated, even when they don’t have any vulnerabilities. +{% endif %} +{% endif %} + +{% ifversion ghes < 3.2 %} +{% data variables.product.prodname_dependabot %} cross-references dependency data provided by the dependency graph with the list of known vulnerabilities published in the {% data variables.product.prodname_advisory_database %}, scans your dependencies and generates {% data variables.product.prodname_dependabot_alerts %} when a potential vulnerability is detected. + {% endif %} + +## Feature overview + +### What is the dependency graph + +To generate the dependency graph, {% data variables.product.company_short %} looks at a repository’s explicit dependencies declared in the manifest and lockfiles. When enabled, the dependency graph automatically parses all known package manifest files in the repository, and uses this to construct a graph with known dependency names and versions. + +- The dependency graph includes information on your _direct_ dependencies and _transitive_ dependencies. +- The dependency graph is automatically updated when you push a commit to {% data variables.product.company_short %} that changes or adds a supported manifest or lock file to the default branch, and when anyone pushes a change to the repository of one of your dependencies. +- You can see the dependency graph by opening the repository's main page on {% data variables.product.product_name %}, and navigating to the **Insights** tab. + +For more information about the dependency graph, see "[About the dependency graph](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph)." + +{% ifversion fpt or ghec or ghes > 3.1 or ghae %} +### What is dependency review + +Dependency review helps reviewers and contributors understand dependency changes and their security impact in every pull request. + +- Dependency review tells you which dependencies were added, removed, or updated, in a pull request. You can use the release dates, popularity of dependencies, and vulnerability information to help you decide whether to accept the change. +- You can see the dependency review for a pull request by showing the rich diff on the **Files Changed** tab. + +For more information about dependency review, see "[About dependency review](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review)." + +{% endif %} + +### What is Dependabot + +{% data variables.product.prodname_dependabot %} keeps your dependencies up to date by informing you of any security vulnerabilities in your dependencies{% ifversion fpt or ghec or ghes > 3.2 or ghae %}, and automatically opens pull requests to upgrade your dependencies to the next available secure version when a {% data variables.product.prodname_dependabot %} alert is triggered, or to the latest version when a release is published{% else %} so that you can update that dependency{% endif %}. + +{% ifversion fpt or ghec or ghes > 3.2 %} +The term "{% data variables.product.prodname_dependabot %}" encompasses the following features: +- {% data variables.product.prodname_dependabot_alerts %}—Displayed notification on the **Security** tab for the repository, and in the repository's dependency graph. The alert includes a link to the affected file in the project, and information about a fixed version. +- {% data variables.product.prodname_dependabot_updates %}: + - {% data variables.product.prodname_dependabot_security_updates %}—Triggered updates to upgrade your dependencies to a secure version when an alert is triggered. + - {% data variables.product.prodname_dependabot_version_updates %}—Scheduled updates to keep your dependencies up to date with the latest version. +{% endif %} + +#### What are Dependabot alerts + +{% data variables.product.prodname_dependabot_alerts %} highlight repositories affected by a newly discovered vulnerability based on the dependency graph and the {% data variables.product.prodname_advisory_database %}, which contains the versions on known vulnerability lists. + +- {% data variables.product.prodname_dependabot %} performs a scan to detect vulnerable dependencies and sends {% data variables.product.prodname_dependabot_alerts %} when: +{% ifversion fpt or ghec %} + - A new vulnerability is added to the {% data variables.product.prodname_advisory_database %}.{% else %} + - New advisory data is synchronized to {% data variables.product.product_location %} each hour from {% data variables.product.prodname_dotcom_the_website %}. {% data reusables.security-advisory.link-browsing-advisory-db %}{% endif %} + - The dependency graph for the repository changes. +- {% data variables.product.prodname_dependabot_alerts %} are displayed {% ifversion fpt or ghec or ghes > 3.0 %} on the **Security** tab for the repository and{% endif %} in the repository's dependency graph. The alert includes {% ifversion fpt or ghec or ghes > 3.0 %}a link to the affected file in the project, and {% endif %}information about a fixed version. + +For more information about {% data variables.product.prodname_dependabot_alerts %}, see "[About alerts for vulnerable dependencies](/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-alerts-for-vulnerable-dependencies)." + +{% ifversion fpt or ghec or ghes > 3.2 %} +#### What are Dependabot updates + +There are two types of {% data variables.product.prodname_dependabot_updates %}: {% data variables.product.prodname_dependabot %} _security_ updates and _version_ updates. {% data variables.product.prodname_dependabot %} generates automatic pull requests to update your dependencies in both cases, but there are several differences. + +{% data variables.product.prodname_dependabot_security_updates %}: + - Triggered by a {% data variables.product.prodname_dependabot %} alert + - Update dependencies to the minimum version that resolves a known vulnerability + - Supported for ecosystems the dependency graph supports + +{% data variables.product.prodname_dependabot_version_updates %}: + - Run on a schedule you configure + - Update dependencies to the latest version that matches the configuration + - Supported for a different group of ecosystems + +For more information about {% data variables.product.prodname_dependabot_updates %}, see "[About {% data variables.product.prodname_dependabot_security_updates %}](/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-dependabot-security-updates)" and "[About {% data variables.product.prodname_dependabot_version_updates %}](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/about-dependabot-version-updates)." +{% endif %} + +## Feature availability + +{% ifversion fpt or ghec %} + +Public repositories: +- **Dependency graph**—enabled by default and cannot be disabled. +- **Dependency review**—enabled by default and cannot be disabled. +- **{% data variables.product.prodname_dependabot_alerts %}**—not enabled by default. {% data variables.product.prodname_dotcom %} detects vulnerable dependencies and displays information in the dependency graph, but does not generate {% data variables.product.prodname_dependabot_alerts %} by default. Repository owners or people with admin access can enable {% data variables.product.prodname_dependabot_alerts %}. + You can also enable or disable Dependabot alerts for all repositories owned by your user account or organization. For more information, see "[Managing security and analysis settings for your user account](/account-and-profile/setting-up-and-managing-your-github-user-account/managing-user-account-settings/managing-security-and-analysis-settings-for-your-user-account)" or "[Managing security and analysis settings for your organization](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization)." + +Private repositories: +- **Dependency graph**—not enabled by default. The feature can be enabled by repository administrators. For more information, see "[Exploring the dependencies of a repository](/code-security/supply-chain-security/understanding-your-software-supply-chain/exploring-the-dependencies-of-a-repository#enabling-and-disabling-the-dependency-graph-for-a-private-repository)." +{% ifversion fpt %} +- **Dependency review**—available in private repositories owned by organizations that use {% data variables.product.prodname_ghe_cloud %} and have a license for {% data variables.product.prodname_GH_advanced_security %}. For more information, see the [{% data variables.product.prodname_ghe_cloud %} documentation](/enterprise-cloud@latest/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review). +{% elsif ghec %} +- **Dependency review**—available in private repositories owned by organizations provided you have a license for {% data variables.product.prodname_GH_advanced_security %} and the dependency graph enabled. For more information, see "[About {% data variables.product.prodname_GH_advanced_security %}](/get-started/learning-about-github/about-github-advanced-security)" and "[Exploring the dependencies of a repository](/code-security/supply-chain-security/understanding-your-software-supply-chain/exploring-the-dependencies-of-a-repository#enabling-and-disabling-the-dependency-graph-for-a-private-repository)." +{% endif %} +- **{% data variables.product.prodname_dependabot_alerts %}**—not enabled by default. Owners of private repositories, or people with admin access, can enable {% data variables.product.prodname_dependabot_alerts %} by enabling the dependency graph and {% data variables.product.prodname_dependabot_alerts %} for their repositories. + You can also enable or disable Dependabot alerts for all repositories owned by your user account or organization. For more information, see "[Managing security and analysis settings for your user account](/account-and-profile/setting-up-and-managing-your-github-user-account/managing-user-account-settings/managing-security-and-analysis-settings-for-your-user-account)" or "[Managing security and analysis settings for your organization](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization)." + +Any repository type: +- **{% data variables.product.prodname_dependabot_security_updates %}**—not enabled by default. You can enable {% data variables.product.prodname_dependabot_security_updates %} for any repository that uses {% data variables.product.prodname_dependabot_alerts %} and the dependency graph. For more information, see "[About {% data variables.product.prodname_dependabot_security_updates %}](/github/managing-security-vulnerabilities/about-dependabot-security-updates)." +- **{% data variables.product.prodname_dependabot_version_updates %}**—not enabled by default. People with write permissions to a repository can enable {% data variables.product.prodname_dependabot_version_updates %}. For information about enabling security updates, see "[Configuring {% data variables.product.prodname_dependabot_security_updates %}](/github/managing-security-vulnerabilities/configuring-dependabot-security-updates)." +{% endif %} + +{% ifversion ghes or ghae %} +- **Dependency graph** and **{% data variables.product.prodname_dependabot_alerts %}**—not enabled by default. Both features are configured at an enterprise level by the enterprise owner. For more information, see {% ifversion ghes %}"[Enabling the dependency graph for your enterprise](/admin/code-security/managing-supply-chain-security-for-your-enterprise/enabling-the-dependency-graph-for-your-enterprise)" and {% endif %}"[Enabling {% data variables.product.prodname_dependabot %} for your enterprise](/admin/configuration/configuring-github-connect/enabling-dependabot-for-your-enterprise)." +- **Dependency review**—available when dependency graph is enabled for {% data variables.product.product_location %} and {% data variables.product.prodname_advanced_security %} is enabled for the organization or repository. For more information, see "[About {% data variables.product.prodname_GH_advanced_security %}](/get-started/learning-about-github/about-github-advanced-security)." +{% endif %} +{% ifversion ghes > 3.2 %} +- **{% data variables.product.prodname_dependabot_security_updates %}**—not enabled by default. You can enable {% data variables.product.prodname_dependabot_security_updates %} for any repository that uses {% data variables.product.prodname_dependabot_alerts %} and the dependency graph. For more information, see "[About {% data variables.product.prodname_dependabot_security_updates %}](/github/managing-security-vulnerabilities/about-dependabot-security-updates)." +- **{% data variables.product.prodname_dependabot_version_updates %}**—not enabled by default. People with write permissions to a repository can enable {% data variables.product.prodname_dependabot_version_updates %}. For information about enabling security updates, see "[Configuring {% data variables.product.prodname_dependabot_security_updates %}](/github/managing-security-vulnerabilities/configuring-dependabot-security-updates)." +{% endif %} diff --git a/translations/zh-CN/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph.md b/translations/zh-CN/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph.md index 53c972c93f..91b871b9ef 100644 --- a/translations/zh-CN/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph.md +++ b/translations/zh-CN/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph.md @@ -55,7 +55,7 @@ You can use the dependency graph to: - Explore the repositories your code depends on{% ifversion fpt or ghec %}, and those that depend on it{% endif %}. For more information, see "[Exploring the dependencies of a repository](/github/visualizing-repository-data-with-graphs/exploring-the-dependencies-of-a-repository)." {% ifversion fpt or ghec %} - View a summary of the dependencies used in your organization's repositories in a single dashboard. For more information, see "[Viewing insights for your organization](/articles/viewing-insights-for-your-organization#viewing-organization-dependency-insights)."{% endif %} -- View and update vulnerable dependencies for your repository. For more information, see "[About alerts for vulnerable dependencies](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)."{% ifversion fpt or ghes > 3.1 or ghec %} +- View and update vulnerable dependencies for your repository. For more information, see "[About {% data variables.product.prodname_dependabot_alerts %}](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)."{% ifversion fpt or ghes > 3.1 or ghec %} - See information about vulnerable dependencies in pull requests. For more information, see "[Reviewing dependency changes in a pull request](/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/reviewing-dependency-changes-in-a-pull-request)."{% endif %} ## Enabling the dependency graph @@ -111,5 +111,5 @@ The recommended formats explicitly define which versions are used for all direct - "[Dependency graph](https://en.wikipedia.org/wiki/Dependency_graph)" on Wikipedia - "[Exploring the dependencies of a repository](/github/visualizing-repository-data-with-graphs/exploring-the-dependencies-of-a-repository)"{% ifversion fpt or ghec %} - "[Viewing insights for your organization](/organizations/collaborating-with-groups-in-organizations/viewing-insights-for-your-organization)"{% endif %} -- "[Viewing and updating vulnerable dependencies in your repository](/github/managing-security-vulnerabilities/viewing-and-updating-vulnerable-dependencies-in-your-repository)" +- "[Viewing {% data variables.product.prodname_dependabot_alerts %} for vulnerable dependencies](/github/managing-security-vulnerabilities/viewing-and-updating-vulnerable-dependencies-in-your-repository)" - "[Troubleshooting the detection of vulnerable dependencies](/github/managing-security-vulnerabilities/troubleshooting-the-detection-of-vulnerable-dependencies)" diff --git a/translations/zh-CN/content/code-security/supply-chain-security/understanding-your-software-supply-chain/exploring-the-dependencies-of-a-repository.md b/translations/zh-CN/content/code-security/supply-chain-security/understanding-your-software-supply-chain/exploring-the-dependencies-of-a-repository.md index a6a42f48d0..e054f9a13c 100644 --- a/translations/zh-CN/content/code-security/supply-chain-security/understanding-your-software-supply-chain/exploring-the-dependencies-of-a-repository.md +++ b/translations/zh-CN/content/code-security/supply-chain-security/understanding-your-software-supply-chain/exploring-the-dependencies-of-a-repository.md @@ -40,7 +40,7 @@ shortTitle: 探索依赖项 ### 依赖项视图 {% ifversion fpt or ghec %} -依赖项按生态系统分组。 您可以展开依赖项以查看其依赖项。 对于托管在 {% data variables.product.product_name %} 上公共仓库中的依赖项,您也可以单击依赖项来查看仓库。 私有仓库、私有包或无法识别文件上的依赖项以纯文本显示。 +依赖项按生态系统分组。 您可以展开依赖项以查看其依赖项。 私有仓库、私有包或无法识别文件上的依赖项以纯文本显示。 If the package manager for the dependency is in a public repository, {% data variables.product.product_name %} will display a link to that repository. 如果在仓库中检测到漏洞,这些漏洞将显示在视图顶部,供有权访问 {% data variables.product.prodname_dependabot_alerts %} 的用户查看。 @@ -83,7 +83,10 @@ shortTitle: 探索依赖项 ## 更改“Used by(使用者)”包 -如果启用了依赖项图,并且您的仓库包含已发布在受支持包生态系统上的包,则 {% data variables.product.prodname_dotcom %} 将在仓库的 **Code(代码)**选项卡的边栏中显示“Used by(使用者)”部分。 有关受支持包生态系统的更多信息,请参阅“[关于依赖项图](/github/visualizing-repository-data-with-graphs/about-the-dependency-graph#supported-package-ecosystems)”。 +You may notice some repositories have a "Used by" section in the sidebar of the **Code** tab. Your repository will have a "Used by" section if: + * The dependency graph is enabled for the repository (see the above section for more details). + * Your repository contains a package that is published on a [supported package ecosystem](/github/visualizing-repository-data-with-graphs/about-the-dependency-graph#supported-package-ecosystems). + * Within the ecosystem, your package has a link to a _public_ repository where the source is stored. “Used by(使用者)”部分显示已发现对包的公开引用数量,并显示某些依赖项所有者的头像。 @@ -112,7 +115,7 @@ shortTitle: 探索依赖项 ## 延伸阅读 - “[关于依赖关系图](/github/visualizing-repository-data-with-graphs/about-the-dependency-graph)” -- "[查看和更新仓库中的漏洞依赖项](/github/managing-security-vulnerabilities/viewing-and-updating-vulnerable-dependencies-in-your-repository)"{% ifversion fpt or ghec %} +- "[Viewing {% data variables.product.prodname_dependabot_alerts %} for vulnerable dependencies](/github/managing-security-vulnerabilities/viewing-and-updating-vulnerable-dependencies-in-your-repository)"{% ifversion fpt or ghec %} - "[查看用于组织的洞见](/organizations/collaborating-with-groups-in-organizations/viewing-insights-for-your-organization)" - "[了解 {% data variables.product.prodname_dotcom %} 如何使用和保护数据](/get-started/privacy-on-github)" {% endif %} diff --git a/translations/zh-CN/content/code-security/supply-chain-security/understanding-your-software-supply-chain/index.md b/translations/zh-CN/content/code-security/supply-chain-security/understanding-your-software-supply-chain/index.md index 43c07b3bf4..abffbfffa4 100644 --- a/translations/zh-CN/content/code-security/supply-chain-security/understanding-your-software-supply-chain/index.md +++ b/translations/zh-CN/content/code-security/supply-chain-security/understanding-your-software-supply-chain/index.md @@ -9,10 +9,12 @@ topics: - Dependency graph - Dependencies - Repositories -children: - - /about-the-dependency-graph - - /exploring-the-dependencies-of-a-repository - - /about-dependency-review shortTitle: 了解供应链 +children: + - /about-supply-chain-security + - /about-the-dependency-graph + - /about-dependency-review + - /exploring-the-dependencies-of-a-repository + - /troubleshooting-the-dependency-graph --- diff --git a/translations/zh-CN/content/code-security/supply-chain-security/understanding-your-software-supply-chain/troubleshooting-the-dependency-graph.md b/translations/zh-CN/content/code-security/supply-chain-security/understanding-your-software-supply-chain/troubleshooting-the-dependency-graph.md new file mode 100644 index 0000000000..6de1b7a25d --- /dev/null +++ b/translations/zh-CN/content/code-security/supply-chain-security/understanding-your-software-supply-chain/troubleshooting-the-dependency-graph.md @@ -0,0 +1,62 @@ +--- +title: Troubleshooting the dependency graph +intro: 'If the dependency information reported by the dependency graph is not what you expected, there are a number of points to consider, and various things you can check.' +shortTitle: Troubleshoot dependency graph +versions: + fpt: '*' + ghes: '*' + ghae: issue-4864 + ghec: '*' +type: how_to +topics: + - Troubleshooting + - Errors + - Dependencies + - Vulnerabilities + - Dependency graph + - CVEs + - Repositories +--- + +{% data reusables.dependabot.result-discrepancy %} + +## Does the dependency graph only find dependencies in manifests and lockfiles? + +The dependency graph includes information on dependencies that are explicitly declared in your environment. That is, dependencies that are specified in a manifest or a lockfile. The dependency graph generally also includes transitive dependencies, even when they aren't specified in a lockfile, by looking at the dependencies of the dependencies in a manifest file. + +The dependency graph doesn't include "loose" dependencies. "Loose" dependencies are individual files that are copied from another source and checked into the repository directly or within an archive (such as a ZIP or JAR file), rather than being referenced by in a package manager’s manifest or lockfile. + +**Check**: Is the missing dependency for a component that's not specified in the repository's manifest or lockfile? + +## Does the dependency graph detect dependencies specified using variables? + +The dependency graph analyzes manifests as they’re pushed to {% data variables.product.prodname_dotcom %}. The dependency graph doesn't, therefore, have access to the build environment of the project, so it can't resolve variables used within manifests. If you use variables within a manifest to specify the name, or more commonly the version of a dependency, then that dependency will not be included in the dependency graph. + +**Check**: Is the missing dependency declared in the manifest by using a variable for its name or version? + +## Are there limits which affect the dependency graph data? + +Yes, the dependency graph has two categories of limits: + +1. **Processing limits** + + These affect the dependency graph displayed within {% data variables.product.prodname_dotcom %} and also prevent {% data variables.product.prodname_dependabot_alerts %} being created. + + Manifests over 0.5 MB in size are only processed for enterprise accounts. For other accounts, manifests over 0.5 MB are ignored and will not create {% data variables.product.prodname_dependabot_alerts %}. + + By default, {% data variables.product.prodname_dotcom %} will not process more than 20 manifests per repository. {% data variables.product.prodname_dependabot_alerts %} are not created for manifests beyond this limit. If you need to increase the limit, contact {% data variables.contact.contact_support %}. + +2. **Visualization limits** + + These affect what's displayed in the dependency graph within {% data variables.product.prodname_dotcom %}. However, they don't affect the {% data variables.product.prodname_dependabot_alerts %} that are created. + + The Dependencies view of the dependency graph for a repository only displays 100 manifests. Typically this is adequate as it is significantly higher than the processing limit described above. In situations where the processing limit is over 100, {% data variables.product.prodname_dependabot_alerts %} are still created for any manifests that are not shown within {% data variables.product.prodname_dotcom %}. + +**Check**: Is the missing dependency in a manifest file that's over 0.5 MB, or in a repository with a large number of manifests? + +## Further reading + +- "[About the dependency graph](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph)" +- "[Managing security and analysis settings for your repository](/github/administering-a-repository/managing-security-and-analysis-settings-for-your-repository)" +- "[Troubleshooting the detection of vulnerable dependencies](/code-security/dependabot/working-with-dependabot/troubleshooting-the-detection-of-vulnerable-dependencies)"{% ifversion fpt or ghec or ghes > 3.2 %} +- "[Troubleshooting {% data variables.product.prodname_dependabot %} errors](/github/managing-security-vulnerabilities/troubleshooting-dependabot-errors)"{% endif %} \ No newline at end of file diff --git a/translations/zh-CN/content/developers/apps/building-github-apps/creating-a-github-app-using-url-parameters.md b/translations/zh-CN/content/developers/apps/building-github-apps/creating-a-github-app-using-url-parameters.md index 9ac7dd220f..68cc79642c 100644 --- a/translations/zh-CN/content/developers/apps/building-github-apps/creating-a-github-app-using-url-parameters.md +++ b/translations/zh-CN/content/developers/apps/building-github-apps/creating-a-github-app-using-url-parameters.md @@ -59,39 +59,39 @@ shortTitle: 应用程序创建查询参数 您可以在查询字符串中选择权限:使用下表中的权限名称作为查询参数名称,使用权限类型作为查询值。 例如,要在用户界面中为 `contents` 选择 `Read & write` 权限,您的查询字符串将包括 `&contents=write`。 要在用户界面中为 `blocking` 选择 `Read-only` 权限,您的查询字符串将包括 `&blocking=read`。 要在用户界面中为 `checks` 选择 `no-access` ,您的查询字符串将包括 `checks` 权限。 -| 权限 | 描述 | -| -------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| 权限 | 描述 | +| -------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | | [`管理`](/rest/reference/permissions-required-for-github-apps/#permission-on-administration) | 对用于组织和仓库管理的各种端点授予访问权限。 可以是以下项之一:`none`、`read` 或 `write`。{% ifversion fpt or ghec %} | [`blocking`](/rest/reference/permissions-required-for-github-apps/#permission-on-blocking) | 授予对[阻止用户 API](/rest/reference/users#blocking) 的访问权限。 可以是以下项之一:`none`、`read` 或 `write`。{% endif %} | [`检查`](/rest/reference/permissions-required-for-github-apps/#permission-on-checks) | 授予对[检查 API](/rest/reference/checks) 的访问权限。 可以是以下项之一:`none`、`read` 或 `write`。{% ifversion ghes < 3.4 %} | `content_references` | 授予对“[创建内容附件](/rest/reference/apps#create-a-content-attachment)”端点的访问权限。 可以是以下项之一:`none`、`read` 或 `write`。{% endif %} -| [`内容`](/rest/reference/permissions-required-for-github-apps/#permission-on-contents) | 对用于修改仓库内容的各种端点授予访问权限。 可以是以下项之一:`none`、`read` 或 `write`。 | +| [`内容`](/rest/reference/permissions-required-for-github-apps/#permission-on-contents) | 对用于修改仓库内容的各种端点授予访问权限。 可以是以下项之一:`none`、`read` 或 `write`。 | | [`部署`](/rest/reference/permissions-required-for-github-apps/#permission-on-deployments) | 授予对[部署 API](/rest/reference/repos#deployments) 的访问权限。 可以是以下项之一:`none`、`read` 或 `write`。{% ifversion fpt or ghes or ghec %} | [`emails`](/rest/reference/permissions-required-for-github-apps/#permission-on-emails) | 授予对[电子邮件 API](/rest/reference/users#emails) 的访问权限。 可以是以下项之一:`none`、`read` 或 `write`。{% endif %} -| [`关注者`](/rest/reference/permissions-required-for-github-apps/#permission-on-followers) | 授予对[关注者 API](/rest/reference/users#followers) 的访问权限。 可以是以下项之一:`none`、`read` 或 `write`。 | -| [`gpg_keys`](/rest/reference/permissions-required-for-github-apps/#permission-on-gpg-keys) | 授予对[GPG 密钥 API](/rest/reference/users#gpg-keys) 的访问权限。 可以是以下项之一:`none`、`read` 或 `write`。 | -| [`议题`](/rest/reference/permissions-required-for-github-apps/#permission-on-issues) | 授予对[议题 API](/rest/reference/issues) 的访问权限。 可以是以下项之一:`none`、`read` 或 `write`。 | -| [`键`](/rest/reference/permissions-required-for-github-apps/#permission-on-keys) | 授予对[公钥 API](/rest/reference/users#keys) 的访问权限。 可以是以下项之一:`none`、`read` 或 `write`。 | +| [`关注者`](/rest/reference/permissions-required-for-github-apps/#permission-on-followers) | 授予对[关注者 API](/rest/reference/users#followers) 的访问权限。 可以是以下项之一:`none`、`read` 或 `write`。 | +| [`gpg_keys`](/rest/reference/permissions-required-for-github-apps/#permission-on-gpg-keys) | 授予对[GPG 密钥 API](/rest/reference/users#gpg-keys) 的访问权限。 可以是以下项之一:`none`、`read` 或 `write`。 | +| [`议题`](/rest/reference/permissions-required-for-github-apps/#permission-on-issues) | 授予对[议题 API](/rest/reference/issues) 的访问权限。 可以是以下项之一:`none`、`read` 或 `write`。 | +| [`键`](/rest/reference/permissions-required-for-github-apps/#permission-on-keys) | 授予对[公钥 API](/rest/reference/users#keys) 的访问权限。 可以是以下项之一:`none`、`read` 或 `write`。 | | [`members`](/rest/reference/permissions-required-for-github-apps/#permission-on-members) | 授予管理组织成员的访问权限。 可以是以下项之一:`none`、`read` 或 `write`。{% ifversion fpt or ghec %} -| [`元数据`](/rest/reference/permissions-required-for-github-apps/#metadata-permissions) | 授予对不泄漏敏感数据的只读端点的访问权限。 可以是 `read` 或 `none`。 设置任何权限时,默认值为 `read`;没有为 {% data variables.product.prodname_github_app %} 指定任何权限时,默认值为 `none`。 | +| [`元数据`](/rest/reference/permissions-required-for-github-apps/#metadata-permissions) | 授予对不泄漏敏感数据的只读端点的访问权限。 可以是 `read` 或 `none`。 设置任何权限时,默认值为 `read`;没有为 {% data variables.product.prodname_github_app %} 指定任何权限时,默认值为 `none`。 | | [`organization_administration`](/rest/reference/permissions-required-for-github-apps/#permission-on-organization-administration) | 授予对“[更新组织](/rest/reference/orgs#update-an-organization)”端点和[组织交互限制 API](/rest/reference/interactions#set-interaction-restrictions-for-an-organization) 的访问权限。 可以是以下项之一:`none`、`read` 或 `write`。{% endif %} -| [`organization_hooks`](/rest/reference/permissions-required-for-github-apps/#permission-on-organization-hooks) | 授予对[组织 web 挂钩 API](/rest/reference/orgs#webhooks/) 的访问权限。 可以是以下项之一:`none`、`read` 或 `write`。 | -| `organization_plan` | 授予使用“[获取组织](/rest/reference/orgs#get-an-organization)”端点获取有关组织计划的信息的权限。 可以是以下项之一:`none` 或 `read`。 | +| [`organization_hooks`](/rest/reference/permissions-required-for-github-apps/#permission-on-organization-hooks) | 授予对[组织 web 挂钩 API](/rest/reference/orgs#webhooks/) 的访问权限。 可以是以下项之一:`none`、`read` 或 `write`。 | +| `organization_plan` | 授予使用“[获取组织](/rest/reference/orgs#get-an-organization)”端点获取有关组织计划的信息的权限。 可以是以下项之一:`none` 或 `read`。 | | [`organization_projects`](/rest/reference/permissions-required-for-github-apps/#permission-on-organization-projects) | 授予对[项目 API](/rest/reference/projects) 的访问权限。 可以是以下项之一:`none`、`read`、`write` 或 `admin`。{% ifversion fpt or ghec %} | [`organization_user_blocking`](/rest/reference/permissions-required-for-github-apps/#permission-on-organization-projects) | 授予对[阻止组织用户 API](/rest/reference/orgs#blocking) 的访问权限。 可以是以下项之一:`none`、`read` 或 `write`。{% endif %} -| [`页面`](/rest/reference/permissions-required-for-github-apps/#permission-on-pages) | 授予对[页面 API](/rest/reference/repos#pages) 的访问权限。 可以是以下项之一:`none`、`read` 或 `write`。 | -| `plan` | 授予使用“[获取用户](/rest/reference/users#get-a-user)”端点获取有关用户 GitHub 计划的信息的权限。 可以是以下项之一:`none` 或 `read`。 | -| [`pull_requests`](/rest/reference/permissions-required-for-github-apps/#permission-on-pull-requests) | 授予对各种拉取请求端点的访问权限。 可以是以下项之一:`none`、`read` 或 `write`。 | -| [`repository_hooks`](/rest/reference/permissions-required-for-github-apps/#permission-on-repository-hooks) | 授予对[仓库 web 挂钩 API](/rest/reference/repos#hooks) 的访问权限。 可以是以下项之一:`none`、`read` 或 `write`。 | +| [`页面`](/rest/reference/permissions-required-for-github-apps/#permission-on-pages) | 授予对[页面 API](/rest/reference/repos#pages) 的访问权限。 可以是以下项之一:`none`、`read` 或 `write`。 | +| `plan` | 授予使用“[获取用户](/rest/reference/users#get-a-user)”端点获取有关用户 GitHub 计划的信息的权限。 可以是以下项之一:`none` 或 `read`。 | +| [`pull_requests`](/rest/reference/permissions-required-for-github-apps/#permission-on-pull-requests) | 授予对各种拉取请求端点的访问权限。 可以是以下项之一:`none`、`read` 或 `write`。 | +| [`repository_hooks`](/rest/reference/permissions-required-for-github-apps/#permission-on-repository-hooks) | 授予对[仓库 web 挂钩 API](/rest/reference/repos#hooks) 的访问权限。 可以是以下项之一:`none`、`read` 或 `write`。 | | [`repository_projects`](/rest/reference/permissions-required-for-github-apps/#permission-on-repository-projects) | 授予对[项目 API](/rest/reference/projects) 的访问权限。 可以是以下项之一:`none`、`read`、`write` 或 `admin`。{% ifversion fpt or ghes or ghec %} | [`secret_scanning_alerts`](/rest/reference/permissions-required-for-github-apps/#permission-on-secret-scanning-alerts) | 授予对[密钥扫描 API](/rest/reference/secret-scanning) 的访问权限。 可以是以下项之一:`none`、`read` 或 `write`。{% endif %}{% ifversion fpt or ghes or ghec %} | [`security_events`](/rest/reference/permissions-required-for-github-apps/#permission-on-security-events) | 授予对[代码扫描 API](/rest/reference/code-scanning/) 的访问权限。 可以是以下项之一:`none`、`read` 或 `write`。{% endif %} -| [`single_file`](/rest/reference/permissions-required-for-github-apps/#permission-on-single-file) | 授予对[内容 API](/rest/reference/repos#contents) 的访问权限。 可以是以下项之一:`none`、`read` 或 `write`。 | -| [`标星`](/rest/reference/permissions-required-for-github-apps/#permission-on-starring) | 授予对[标星 API](/rest/reference/activity#starring) 的访问权限。 可以是以下项之一:`none`、`read` 或 `write`。 | -| [`状态`](/rest/reference/permissions-required-for-github-apps/#permission-on-statuses) | 授予对[状态 API](/rest/reference/commits#commit-statuses) 的访问权限。 可以是以下项之一:`none`、`read` 或 `write`。 | +| [`single_file`](/rest/reference/permissions-required-for-github-apps/#permission-on-single-file) | 授予对[内容 API](/rest/reference/repos#contents) 的访问权限。 可以是以下项之一:`none`、`read` 或 `write`。 | +| [`标星`](/rest/reference/permissions-required-for-github-apps/#permission-on-starring) | 授予对[标星 API](/rest/reference/activity#starring) 的访问权限。 可以是以下项之一:`none`、`read` 或 `write`。 | +| [`状态`](/rest/reference/permissions-required-for-github-apps/#permission-on-statuses) | 授予对[状态 API](/rest/reference/commits#commit-statuses) 的访问权限。 可以是以下项之一:`none`、`read` 或 `write`。 | | [`team_discussions`](/rest/reference/permissions-required-for-github-apps/#permission-on-team-discussions) | 授予对[团队讨论 API](/rest/reference/teams#discussions) 和[团队讨论注释 API](/rest/reference/teams#discussion-comments) 的访问权限。 可以是以下项之一:`none`、`read` 或 `write`。{% ifversion fpt or ghes or ghae-issue-4864 or ghec %} -| `vulnerability_alerts` | 授予接收仓库漏洞依赖项安全警报的权限。 更多信息请参阅“[关于漏洞依赖项的警报](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies/)”。 可以是以下项之一:`none` 或 `read`。{% endif %} -| `关注` | 授予列出和更改用户订阅的仓库的权限。 可以是以下项之一:`none`、`read` 或 `write`。 | +| `vulnerability_alerts` | Grants access to receive {% data variables.product.prodname_dependabot_alerts %} for vulnerable dependencies in a repository. See "[About {% data variables.product.prodname_dependabot_alerts %}](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies/)" to learn more. 可以是以下项之一:`none` 或 `read`。{% endif %} +| `关注` | 授予列出和更改用户订阅的仓库的权限。 可以是以下项之一:`none`、`read` 或 `write`。 | ## {% data variables.product.prodname_github_app %} web 挂钩事件 diff --git a/translations/zh-CN/content/developers/apps/building-github-apps/creating-a-github-app.md b/translations/zh-CN/content/developers/apps/building-github-apps/creating-a-github-app.md index 4e5b322513..5756f60dba 100644 --- a/translations/zh-CN/content/developers/apps/building-github-apps/creating-a-github-app.md +++ b/translations/zh-CN/content/developers/apps/building-github-apps/creating-a-github-app.md @@ -47,7 +47,7 @@ topics: {% endif %} 1. 默认情况下,为了提高应用程序的安全性,应用程序将使用过期用户授权令牌。 要选择不使用过期用户令牌,您必须取消选中“Expire user authorization tokens(过期用户授权令牌)”。 要了解有关设置刷新令牌流程和过期用户令牌的好处,请参阅“[刷新用户到服务器的访问令牌](/apps/building-github-apps/refreshing-user-to-server-access-tokens/)”。 ![在 GitHub 应用程序设置过程中选择加入过期用户令牌的选项](/assets/images/github-apps/expire-user-tokens-selection.png) 1. 如果应用程序授权用户使用 OAuth 流程,您可以选择**在安装过程中请求用户授权 (OAuth)**,以允许用户在安装应用程序时授权它,从而省去一个步骤。 如果您选择此选项,则“设置 URL”将不可用,用户在安装应用程序后将被重定向到您的“用户授权回调 URL”。 更多信息请参阅“[在安装过程中授权用户](/apps/installing-github-apps/#authorizing-users-during-installation)”。 ![Request user authorization during installation](/assets/images/github-apps/github_apps_request_auth_upon_install.png){% if device-flow-is-opt-in %} -1. If your GitHub App will use the device flow to identify and authorize users, click **Enable Device Flow**. For more information about the device flow, see "[Authorizing OAuth Apps](/developers/apps/building-oauth-apps/authorizing-oauth-apps#device-flow)." ![Screenshot showing field for enabling device flow](/assets/images/oauth-apps/enable-device-flow.png){% endif %} +1. 如果您的 GitHub 应用程序将使用设备流来识别和授权用户,请单击 **Enable Device Flow(启用设备流)**。 有关设备流的更多信息,请参阅“[授权 OAuth 应用程序](/developers/apps/building-oauth-apps/authorizing-oauth-apps#device-flow)”。 ![Screenshot showing field for enabling device flow](/assets/images/oauth-apps/enable-device-flow.png){% endif %} 1. 如果安装后需要附加设置,请添加一个“设置 URL”以便在用户安装应用程序后重定向他们。 ![GitHub 应用程序的设置 URL 字段 ](/assets/images/github-apps/github_apps_setup_url.png) {% note %} diff --git a/translations/zh-CN/content/developers/apps/building-github-apps/identifying-and-authorizing-users-for-github-apps.md b/translations/zh-CN/content/developers/apps/building-github-apps/identifying-and-authorizing-users-for-github-apps.md index 4eb9f65648..0d38a29370 100644 --- a/translations/zh-CN/content/developers/apps/building-github-apps/identifying-and-authorizing-users-for-github-apps.md +++ b/translations/zh-CN/content/developers/apps/building-github-apps/identifying-and-authorizing-users-for-github-apps.md @@ -127,7 +127,7 @@ curl -H "Authorization: token OAUTH-TOKEN" {% data variables.product.api_url_pre 设备流程允许您授权用户使用无头应用程序,例如 CLI 工具或 Git 凭据管理器。 -{% if device-flow-is-opt-in %}Before you can use the device flow to identify and authorize users, you must first enable it in your app's settings. For more information on enabling device flow, see "[Modifying a GitHub App](/developers/apps/managing-github-apps/modifying-a-github-app)." {% endif %}For more information about authorizing users using the device flow, see "[Authorizing OAuth Apps](/developers/apps/authorizing-oauth-apps#device-flow)." +{% if device-flow-is-opt-in %}在使用设备流识别和授权用户之前,必须先在应用的设置中启用它。 有关启用设备流的详细信息,请参阅“[修改 GitHub 应用程序](/developers/apps/managing-github-apps/modifying-a-github-app)”。 {% endif %}有关使用设备流程授权用户的更多信息,请参阅“[授权 OAuth 应用程序](/developers/apps/authorizing-oauth-apps#device-flow)”。 ## 检查用户可以访问哪些安装资源 diff --git a/translations/zh-CN/content/developers/apps/building-oauth-apps/authorizing-oauth-apps.md b/translations/zh-CN/content/developers/apps/building-oauth-apps/authorizing-oauth-apps.md index 0ac0b56718..e81f5f7f50 100644 --- a/translations/zh-CN/content/developers/apps/building-oauth-apps/authorizing-oauth-apps.md +++ b/translations/zh-CN/content/developers/apps/building-oauth-apps/authorizing-oauth-apps.md @@ -128,7 +128,7 @@ curl -H "Authorization: token OAUTH-TOKEN" {% data variables.product.api_url_pre {% if device-flow-is-opt-in %} -Before you can use the device flow to authorize and identify users, you must first enable it in your app's settings. For more information about enabling the device flow in your app, see "[Modifying an OAuth App](/developers/apps/managing-oauth-apps/modifying-an-oauth-app)" for OAuth Apps and "[Modifying a GitHub App](/developers/apps/managing-github-apps/modifying-a-github-app)" for GitHub Apps. +在使用设备流识别和授权用户之前,必须先在应用的设置中启用它。 有关在应用中启用设备流的详细信息,请参阅“[修改 OAuth 应用程序](/developers/apps/managing-oauth-apps/modifying-an-oauth-app)”(对于 OAuth 应用程序)和“[修改 GitHub 应用程序](/developers/apps/managing-github-apps/modifying-a-github-app)”(对于 GitHub 应用程序)。 {% endif %} @@ -261,8 +261,8 @@ Accept: application/xml | `unsupported_grant_type` | 授予类型必须为 `urn:ietf:params:oauth:grant-type:device_code`,并在您轮询 OAuth 令牌请求 `POST {% data variables.product.oauth_host_code %}/login/oauth/access_token` 时作为输入参数包括在内。 | | `incorrect_client_credentials` | 对于设备流程,您必须传递应用程序的客户端 ID,您可以在应用程序设置页面上找到该 ID。 设备流程不需要 `client_secret`。 | | `incorrect_device_code` | 提供的 device_code 无效。 | -| `access_denied` | When a user clicks cancel during the authorization process, you'll receive a `access_denied` error and the user won't be able to use the verification code again.{% if device-flow-is-opt-in %} -| `device_flow_disabled` | Device flow has not been enabled in the app's settings. For more information, see "[Device flow](#device-flow)."{% endif %} +| `access_denied` | 当用户在授权过程中单击取消时,您将收到 `access_denied` 错误,用户将无法再次使用验证码。{% if device-flow-is-opt-in %} +| `device_flow_disabled` | 尚未在应用的设置中启用设备流。 更多信息请参阅“[设备流](#device-flow)”。{% endif %} 更多信息请参阅“[OAuth 2.0 设备授权授予](https://tools.ietf.org/html/rfc8628#section-3.5)”。 diff --git a/translations/zh-CN/content/developers/apps/building-oauth-apps/creating-an-oauth-app.md b/translations/zh-CN/content/developers/apps/building-oauth-apps/creating-an-oauth-app.md index 86412e4b25..3bb9c8fba6 100644 --- a/translations/zh-CN/content/developers/apps/building-oauth-apps/creating-an-oauth-app.md +++ b/translations/zh-CN/content/developers/apps/building-oauth-apps/creating-an-oauth-app.md @@ -50,5 +50,5 @@ topics: {% endnote %} {% endif %}{% if device-flow-is-opt-in %} -1. If your OAuth App will use the device flow to identify and authorize users, click **Enable Device Flow**. For more information about the device flow, see "[Authorizing OAuth Apps](/developers/apps/building-oauth-apps/authorizing-oauth-apps#device-flow)." ![Screenshot showing field for enabling device flow](/assets/images/oauth-apps/enable-device-flow.png){% endif %} +1. 如果您的 OAuth 应用将使用设备流来识别和授权用户,请单击 **Enable Device Flow(启用设备流)**。 有关设备流的更多信息,请参阅“[授权 OAuth 应用程序](/developers/apps/building-oauth-apps/authorizing-oauth-apps#device-flow)”。 ![Screenshot showing field for enabling device flow](/assets/images/oauth-apps/enable-device-flow.png){% endif %} 2. 单击 **Register application(注册应用程序)**。 ![注册应用程序的按钮](/assets/images/oauth-apps/oauth_apps_register_application.png) diff --git a/translations/zh-CN/content/developers/apps/managing-github-apps/modifying-a-github-app.md b/translations/zh-CN/content/developers/apps/managing-github-apps/modifying-a-github-app.md index 1f909022e2..7ea7f27171 100644 --- a/translations/zh-CN/content/developers/apps/managing-github-apps/modifying-a-github-app.md +++ b/translations/zh-CN/content/developers/apps/managing-github-apps/modifying-a-github-app.md @@ -19,5 +19,5 @@ topics: {% data reusables.user-settings.github_apps %} {% data reusables.user-settings.modify_github_app %} 5. 在“Basic information(基本信息)”中,修改您要更改的 GitHub 应用程序信息。 ![Basic information section for your GitHub App](/assets/images/github-apps/github_apps_basic_information.png){% if device-flow-is-opt-in %} -1. If your GitHub App will use the device flow to identify and authorize users, click **Enable device flow**. For more information about the device flow, see "[Authorizing OAuth Apps](/developers/apps/building-oauth-apps/authorizing-oauth-apps#device-flow)." ![Screenshot showing field for enabling device flow](/assets/images/oauth-apps/enable-device-flow.png){% endif %} +1. 如果您的 GitHub 应用程序将使用设备流来识别和授权用户,请单击 **Enable device flow(启用设备流)**。 有关设备流的更多信息,请参阅“[授权 OAuth 应用程序](/developers/apps/building-oauth-apps/authorizing-oauth-apps#device-flow)”。 ![Screenshot showing field for enabling device flow](/assets/images/oauth-apps/enable-device-flow.png){% endif %} 6. 单击 **Save changes(保存更改)**。 ![保存 GitHub 应用程序更改的按钮](/assets/images/github-apps/github_apps_save_changes.png) diff --git a/translations/zh-CN/content/developers/webhooks-and-events/webhooks/webhook-events-and-payloads.md b/translations/zh-CN/content/developers/webhooks-and-events/webhooks/webhook-events-and-payloads.md index 068987fef5..f8a41f590f 100644 --- a/translations/zh-CN/content/developers/webhooks-and-events/webhooks/webhook-events-and-payloads.md +++ b/translations/zh-CN/content/developers/webhooks-and-events/webhooks/webhook-events-and-payloads.md @@ -1246,7 +1246,7 @@ Web 挂钩事件是基于您注册的域的特异性而触发的。 例如,如 与已由 {% data variables.product.company_short %} 审查的安全通告相关的活动。 经过 {% data variables.product.company_short %} 审查的安全通告提供了有关 {% data variables.product.prodname_dotcom %}上软件中安全相关漏洞的信息。 -安全通告数据集还为 GitHub {% data variables.product.prodname_dependabot_alerts %} 提供支持。 更多信息请参阅“[关于易受攻击的依赖项的警报](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies/)”。 +安全通告数据集还为 GitHub {% data variables.product.prodname_dependabot_alerts %} 提供支持。 更多信息请参阅“[关于 {% data variables.product.prodname_dependabot_alerts %}](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies/)”。 ### 可用性 diff --git a/translations/zh-CN/content/get-started/privacy-on-github/about-githubs-use-of-your-data.md b/translations/zh-CN/content/get-started/privacy-on-github/about-githubs-use-of-your-data.md index e2b73c6a07..a5681e753d 100644 --- a/translations/zh-CN/content/get-started/privacy-on-github/about-githubs-use-of-your-data.md +++ b/translations/zh-CN/content/get-started/privacy-on-github/about-githubs-use-of-your-data.md @@ -20,7 +20,7 @@ shortTitle: GitHub 对您的数据的使用 {% data reusables.repositories.about-github-archive-program %} 更多信息请参阅“[关于在 {% data variables.product.prodname_dotcom %} 上存档内容](/github/creating-cloning-and-archiving-repositories/about-archiving-content-and-data-on-github#about-the-github-archive-program)”。 -{% data reusables.user-settings.export-data %} For more information, see "[Requesting an archive of your personal account's data](/articles/requesting-an-archive-of-your-personal-account-s-data)." +{% data reusables.user-settings.export-data %} 更多信息请参阅“[请求个人帐户数据的存档](/articles/requesting-an-archive-of-your-personal-account-s-data)”。 如果您选择使用私人仓库的数据,我们将继续按照[服务条款](/free-pro-team@latest/github/site-policy/github-terms-of-service),将您的私人数据、源代码或商业秘密视为机密和私密。 我们了解的信息只来自汇总的数据。 更多信息请参阅“[管理私有仓库的数据使用设置](/get-started/privacy-on-github/managing-data-use-settings-for-your-private-repository)”。 @@ -28,7 +28,7 @@ shortTitle: GitHub 对您的数据的使用 ## 数据如何改进安全建议 -例如,在使用您的数据时,我们可能会检测您的公共仓库依赖项中的安全漏洞并提醒您。 更多信息请参阅“[关于易受攻击的依赖项的警报](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)”。 +例如,在使用您的数据时,我们可能会检测您的公共仓库依赖项中的安全漏洞并提醒您。 更多信息请参阅“[关于 {% data variables.product.prodname_dependabot_alerts %}](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)”。 为检测潜在安全漏洞,{% data variables.product.product_name %} 会扫描依赖项清单文件的内容,以列出项目的依赖项。 diff --git a/translations/zh-CN/content/get-started/privacy-on-github/managing-data-use-settings-for-your-private-repository.md b/translations/zh-CN/content/get-started/privacy-on-github/managing-data-use-settings-for-your-private-repository.md index 8229beefb9..d7b42f45ee 100644 --- a/translations/zh-CN/content/get-started/privacy-on-github/managing-data-use-settings-for-your-private-repository.md +++ b/translations/zh-CN/content/get-started/privacy-on-github/managing-data-use-settings-for-your-private-repository.md @@ -16,7 +16,7 @@ shortTitle: Manage data use for private repo ## About data use for your private repository -When you enable data use for your private repository, you'll be able to access the dependency graph, where you can track your repository's dependencies and receive {% data variables.product.prodname_dependabot_alerts %} when {% data variables.product.product_name %} detects vulnerable dependencies. For more information, see "[About alerts for vulnerable dependencies](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies#dependabot-alerts-for-vulnerable-dependencies)." +When you enable data use for your private repository, you'll be able to access the dependency graph, where you can track your repository's dependencies and receive {% data variables.product.prodname_dependabot_alerts %} when {% data variables.product.product_name %} detects vulnerable dependencies. For more information, see "[About {% data variables.product.prodname_dependabot_alerts %}](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies#dependabot-alerts-for-vulnerable-dependencies)." ## Enabling or disabling data use features @@ -32,5 +32,5 @@ When you enable data use for your private repository, you'll be able to access t ## Further reading - "[About {% data variables.product.prodname_dotcom %}'s use of your data](/articles/about-github-s-use-of-your-data)" -- "[Viewing and updating vulnerable dependencies in your repository](/github/managing-security-vulnerabilities/viewing-and-updating-vulnerable-dependencies-in-your-repository)" +- "[Viewing {% data variables.product.prodname_dependabot_alerts %} for vulnerable dependencies](/github/managing-security-vulnerabilities/viewing-and-updating-vulnerable-dependencies-in-your-repository)" - "[Managing security and analysis settings for your repository](/github/administering-a-repository/managing-security-and-analysis-settings-for-your-repository)" diff --git a/translations/zh-CN/content/get-started/quickstart/hello-world.md b/translations/zh-CN/content/get-started/quickstart/hello-world.md index a00bf2dc99..b9735dea46 100644 --- a/translations/zh-CN/content/get-started/quickstart/hello-world.md +++ b/translations/zh-CN/content/get-started/quickstart/hello-world.md @@ -1,6 +1,6 @@ --- title: Hello World -intro: 'Follow this Hello World exercise to get started with {% data variables.product.product_name %}.' +intro: '按照此 Hello World 练习开始使用 {% data variables.product.product_name %}。' versions: fpt: '*' ghes: '*' @@ -15,39 +15,39 @@ miniTocMaxHeadingLevel: 3 ## 简介 -{% data variables.product.product_name %} is a code hosting platform for version control and collaboration. It lets you and others work together on projects from anywhere. +{% data variables.product.product_name %} 是一个用于版本控制和协作的代码托管平台。 它允许您和其他人随时随地协同处理项目。 -This tutorial teaches you {% data variables.product.product_name %} essentials like repositories, branches, commits, and pull requests. You'll create your own Hello World repository and learn {% data variables.product.product_name %}'s pull request workflow, a popular way to create and review code. +本教程培训 {% data variables.product.product_name %} 的基本知识,如存储库、分支、提交和拉取请求等。 您将创建自己的 Hello World 存储库,并了解 {% data variables.product.product_name %} 的拉取请求工作流,这是创建和查看代码的常用方法。 -In this quickstart guide, you will: +在本快速入门指南中,您将: -* Create and use a repository -* Start and manage a new branch -* Make changes to a file and push them to {% data variables.product.product_name %} as commits -* Open and merge a pull request +* 创建和使用存储库 +* 启动和管理新分支 +* 对文件进行更改并将其作为提交推送到 {% data variables.product.product_name %} +* 打开与合并拉取请求 -To complete this tutorial, you need a [{% data variables.product.product_name %} account](http://github.com) and Internet access. You don't need to know how to code, use the command line, or install Git (the version control software that {% data variables.product.product_name %} is built on). If you have a question about any of the expressions used in this guide, head on over to the [glossary](/get-started/quickstart/github-glossary) to find out more about our terminology. +要完成本教程,您需要 [{% data variables.product.product_name %} 帐户](http://github.com)和连接互联网。 您不需要知道如何编码、使用命令行或安装 Git(构建 {% data variables.product.product_name %} 的版本控制软件)。 如果您对本指南中使用的任何表达方式有疑问,请转到[词汇表](/get-started/quickstart/github-glossary)了解术语的更多信息。 ## 创建仓库 -A repository is usually used to organize a single project. Repositories can contain folders and files, images, videos, spreadsheets, and data sets -- anything your project needs. Often, repositories include a _README_ file, a file with information about your project. _README_ files are written in the plain text Markdown language. You can use this [cheat sheet](https://www.markdownguide.org/cheat-sheet/) to get started with Markdown syntax. {% data variables.product.product_name %} lets you add a _README_ file at the same time you create your new repository. {% data variables.product.product_name %} also offers other common options such as a license file, but you do not have to select any of them now. +存储库通常用于组织单个项目。 存储库可以包含文件夹和文件、图像、视频、电子表格和数据集 - 项目所需的任何内容。 通常,存储库包括一个 _README_ 文件,其中含项目的相关信息。 _README_ 文件以纯文本 Markdown 语言编写。 您可以使用此[备忘单](https://www.markdownguide.org/cheat-sheet/)开始使用 Markdown 语法。 {% data variables.product.product_name %} 允许您在创建新存储库的同时添加 _README_ 文件。 {% data variables.product.product_name %} 还提供了其他常用选项,例如许可证文件,但您现在不必选择其中任何一个。 -Your `hello-world` repository can be a place where you store ideas, resources, or even share and discuss things with others. +您的 `hello-world` 存储库可以是您存储想法、资源甚至与他人共享和讨论的地方。 {% data reusables.repositories.create_new %} -1. In the **Repository name** box, enter `hello-world`. -2. In the **Description** box, write a short description. -3. Select **Add a README file**. -4. Select whether your repository will be **Public** or **Private**. +1. 在 **Repository name(存储库名称)**框中,输入 `hello-world`。 +2. 在 **Description(说明)**框中,编写简短说明。 +3. 选择 **Add a README file(添加 README 文件)**。 +4. 选择您的存储库是**公有**还是**私有**。 5. 单击 **Create repository(创建仓库)**。 - ![Create a hello world repository](/assets/images/help/repository/hello-world-repo.png) + ![创建 hello world 存储库](/assets/images/help/repository/hello-world-repo.png) ## 创建分支 -Branching lets you have different versions of a repository at one time. +通过分支,您可以同时拥有不同版本的存储库。 -By default, your repository has one branch named `main` that is considered to be the definitive branch. You can create additional branches off of `main` in your repository. You can use branches to have different versions of a project at one time. This is helpful when you want to add new features to a project without changing the main source of code. The work done on different branches will not show up on the main branch until you merge it, which we will cover later in this guide. You can use branches to experiment and make edits before committing them to `main`. +默认情况下,存储库有一个名为 `main` 的分支,被视为最终分支。 您可以在存储库中创建 `main` 以外的其他分支。 You can use branches to have different versions of a project at one time. This is helpful when you want to add new features to a project without changing the main source of code. The work done on different branches will not show up on the main branch until you merge it, which we will cover later in this guide. You can use branches to experiment and make edits before committing them to `main`. When you create a branch off the `main` branch, you're making a copy, or snapshot, of `main` as it was at that point in time. If someone else made changes to the `main` branch while you were working on your branch, you could pull in those updates. @@ -87,7 +87,7 @@ When you created a new branch in the previous step, {% data variables.product.pr You can make and save changes to the files in your repository. On {% data variables.product.product_name %}, saved changes are called commits. Each commit has an associated commit message, which is a description explaining why a particular change was made. Commit messages capture the history of your changes so that other contributors can understand what you’ve done and why. 1. Under the `readme-edits` branch you created, click the _README.md_ file. -2. Click {% octicon "pencil" aria-label="The edit icon" %} to edit the file. +2. 单击 {% octicon "pencil" aria-label="The edit icon" %} 编辑文件。 3. In the editor, write a bit about yourself. Try using different Markdown elements. 4. In the **Commit changes** box, write a commit message that describes your changes. 5. 单击 **Commit changes(提交更改)**。 diff --git a/translations/zh-CN/content/get-started/signing-up-for-github/setting-up-a-trial-of-github-enterprise-server.md b/translations/zh-CN/content/get-started/signing-up-for-github/setting-up-a-trial-of-github-enterprise-server.md index 1f9ff8ce78..0ac5b3a730 100644 --- a/translations/zh-CN/content/get-started/signing-up-for-github/setting-up-a-trial-of-github-enterprise-server.md +++ b/translations/zh-CN/content/get-started/signing-up-for-github/setting-up-a-trial-of-github-enterprise-server.md @@ -19,7 +19,7 @@ shortTitle: Enterprise Server 试用版 您可以申请 45 天试用版来试用 {% data variables.product.prodname_ghe_server %}。 您的试用版将作为虚拟设备安装,带有内部或云部署选项。 有关支持的可视化平台列表,请参阅“[设置 GitHub Enterprise Server 实例](/enterprise-server@latest/admin/installation/setting-up-a-github-enterprise-server-instance)”。 -{% ifversion ghes %}{% data variables.product.prodname_dependabot %}{% else %}安全{% endif %}警报和 {% data variables.product.prodname_github_connect %} 目前在 {% data variables.product.prodname_ghe_server %} 试用版中不可用。 要获取这些功能的演示,请联系 {% data variables.contact.contact_enterprise_sales %}。 有关这些功能的详细信息,请参阅“[关于有漏洞的依赖项警报](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)”和“[将企业帐户连接到 {% data variables.product.prodname_ghe_cloud %}](/enterprise-server@latest/admin/configuration/managing-connections-between-your-enterprise-accounts/connecting-your-enterprise-account-to-github-enterprise-cloud)”。 +{% ifversion ghes %}{% data variables.product.prodname_dependabot %}{% else %}安全{% endif %}警报和 {% data variables.product.prodname_github_connect %} 目前在 {% data variables.product.prodname_ghe_server %} 试用版中不可用。 要获取这些功能的演示,请联系 {% data variables.contact.contact_enterprise_sales %}。 For more information about these features, see "[About {% data variables.product.prodname_dependabot_alerts %}](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)" and "[Connecting your enterprise account to {% data variables.product.prodname_ghe_cloud %}](/enterprise-server@latest/admin/configuration/managing-connections-between-your-enterprise-accounts/connecting-your-enterprise-account-to-github-enterprise-cloud)." 试用版也可用于 {% data variables.product.prodname_ghe_cloud %}。 更多信息请参阅“[设置 {% data variables.product.prodname_ghe_cloud %} 的试用](/articles/setting-up-a-trial-of-github-enterprise-cloud)”。 diff --git a/translations/zh-CN/content/get-started/writing-on-github/working-with-advanced-formatting/creating-and-highlighting-code-blocks.md b/translations/zh-CN/content/get-started/writing-on-github/working-with-advanced-formatting/creating-and-highlighting-code-blocks.md index 4d2eceea1e..e5eb337af9 100644 --- a/translations/zh-CN/content/get-started/writing-on-github/working-with-advanced-formatting/creating-and-highlighting-code-blocks.md +++ b/translations/zh-CN/content/get-started/writing-on-github/working-with-advanced-formatting/creating-and-highlighting-code-blocks.md @@ -70,10 +70,9 @@ Look! You can see my backticks. {% if mermaid %} ## Creating diagrams -You can use Mermaid syntax to add diagrams. For more information, see "[Creating diagrams](/get-started/writing-on-github/working-with-advanced-formatting/creating-diagrams)." +You can also use code blocks to create diagrams in Markdown. GitHub supports Mermaid, geoJSON, topoJSON, and ASCII STL syntax. For more information, see "[Creating diagrams](/get-started/writing-on-github/working-with-advanced-formatting/creating-diagrams)." {% endif %} - ## 延伸阅读 - [{% data variables.product.prodname_dotcom %} Flavored Markdown 规格](https://github.github.com/gfm/) diff --git a/translations/zh-CN/content/get-started/writing-on-github/working-with-advanced-formatting/creating-diagrams.md b/translations/zh-CN/content/get-started/writing-on-github/working-with-advanced-formatting/creating-diagrams.md index 4f4f1a2e26..eaa9268f21 100644 --- a/translations/zh-CN/content/get-started/writing-on-github/working-with-advanced-formatting/creating-diagrams.md +++ b/translations/zh-CN/content/get-started/writing-on-github/working-with-advanced-formatting/creating-diagrams.md @@ -6,7 +6,13 @@ versions: shortTitle: Create diagrams --- -You can use Mermaid syntax to create diagrams. Mermaid is a Markdown-inspired tool that renders text into diagrams. For example, Mermaid can render flow charts, sequence diagrams, pie charts and more. For more information, see the [Mermaid documentation](https://mermaid-js.github.io/mermaid/#/). +## About creating diagrams + +You can create diagrams in Markdown using three different syntaxes: mermaid, geoJSON and topoJSON, and ASCII STL. + +## Creating Mermaid diagrams + +Mermaid is a Markdown-inspired tool that renders text into diagrams. For example, Mermaid can render flow charts, sequence diagrams, pie charts and more. For more information, see the [Mermaid documentation](https://mermaid-js.github.io/mermaid/#/). To create a Mermaid diagram, add Mermaid syntax inside a fenced code block with the `mermaid` language identifier. For more information about creating code blocks, see "[Creating and highlighting code blocks](/get-started/writing-on-github/working-with-advanced-formatting/creating-and-highlighting-code-blocks)." @@ -31,3 +37,122 @@ graph TD; **Note:** You may observe errors if you run a third-party Mermaid plugin when using Mermaid syntax on {% data variables.product.company_short %}. {% endnote %} + +## Creating geoJSON and topoJSON maps + +You can use geo/topoJSON syntax to create interactive maps. To create a map, add geoJSON or topoJSON inside a fenced code block with the `geojson` or `topojson` syntax identifier. 更多信息请参阅“[创建和突出显示代码块](/get-started/writing-on-github/working-with-advanced-formatting/creating-and-highlighting-code-blocks)”。 + +### Using geoJSON + +For example, you can create a simple map: + +
+```geojson
+{
+  "type": "Polygon",
+  "coordinates": [
+      [
+          [-90,30],
+          [-90,35],
+          [-90,35],
+          [-85,35],
+          [-85,30]
+      ]
+  ]
+}
+```
+
+ +![Rendered map](/assets/images/help/writing/fenced-geojson-rendered-map.png) + +### Using topoJSON + +For example, you can create a simple topoJSON map: + +
+```topojson
+{
+  "type": "Topology",
+  "transform": {
+    "scale": [0.0005000500050005, 0.00010001000100010001],
+    "translate": [100, 0]
+  },
+  "objects": {
+    "example": {
+      "type": "GeometryCollection",
+      "geometries": [
+        {
+          "type": "Point",
+          "properties": {"prop0": "value0"},
+          "coordinates": [4000, 5000]
+        },
+        {
+          "type": "LineString",
+          "properties": {"prop0": "value0", "prop1": 0},
+          "arcs": [0]
+        },
+        {
+          "type": "Polygon",
+          "properties": {"prop0": "value0",
+            "prop1": {"this": "that"}
+          },
+          "arcs": [[1]]
+        }
+      ]
+    }
+  },
+  "arcs": [[[4000, 0], [1999, 9999], [2000, -9999], [2000, 9999]],[[0, 0], [0, 9999], [2000, 0], [0, -9999], [-2000, 0]]]
+}
+```
+
+ +![Rendered topojson map](/assets/images/help/writing/fenced-topojson-rendered-map.png) + +For more information on working with `.geojson` and `.topojson` files, see "[Working with non-code files](/repositories/working-with-files/using-files/working-with-non-code-files#mapping-geojson-files-on-github)." + + +## Creating STL 3D models + +You can use ASCII STL syntax directly in markdown to create interactive 3D models. To display a model, add ASCII STL syntax inside a fenced code block with the `stl` syntax identifier. 更多信息请参阅“[创建和突出显示代码块](/get-started/writing-on-github/working-with-advanced-formatting/creating-and-highlighting-code-blocks)”。 + +For example, you can create a simple 3D model: + +
+```stl
+solid cube_corner
+  facet normal 0.0 -1.0 0.0
+    outer loop
+      vertex 0.0 0.0 0.0
+      vertex 1.0 0.0 0.0
+      vertex 0.0 0.0 1.0
+    endloop
+  endfacet
+  facet normal 0.0 0.0 -1.0
+    outer loop
+      vertex 0.0 0.0 0.0
+      vertex 0.0 1.0 0.0
+      vertex 1.0 0.0 0.0
+    endloop
+  endfacet
+  facet normal -1.0 0.0 0.0
+    outer loop
+      vertex 0.0 0.0 0.0
+      vertex 0.0 0.0 1.0
+      vertex 0.0 1.0 0.0
+    endloop
+  endfacet
+  facet normal 0.577 0.577 0.577
+    outer loop
+      vertex 1.0 0.0 0.0
+      vertex 0.0 1.0 0.0
+      vertex 0.0 0.0 1.0
+    endloop
+  endfacet
+endsolid
+```
+
+ +![Rendered 3D model](/assets/images/help/writing/fenced-stl-rendered-object.png) + +For more information on working with `.stl` files, see "[Working with non-code files](/repositories/working-with-files/using-files/working-with-non-code-files#3d-file-viewer)." + diff --git a/translations/zh-CN/content/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization.md b/translations/zh-CN/content/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization.md index d59c1e32ec..ceaa325d9a 100644 --- a/translations/zh-CN/content/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization.md +++ b/translations/zh-CN/content/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization.md @@ -122,7 +122,7 @@ shortTitle: 管理安全和分析 默认情况下,{% data variables.product.prodname_dependabot %} 无法更新位于私有仓库或私有仓库注册表中的依赖项。 但是,如果依赖项位于与使用该依赖项之项目相同的组织内的私有 {% data variables.product.prodname_dotcom %} 仓库中,则可以通过授予对主机仓库的访问权限来允许 {% data variables.product.prodname_dependabot %} 成功更新版本。 -如果您的代码依赖于私有注册表中的软件包,您可以在仓库级别进行配置,允许 {% data variables.product.prodname_dependabot %} 更新这些依赖项的版本。 可通过将身份验证详细信息添加到仓库的 _dependabot.yml_ 文件来做到这一点。 更多信息请参阅“[依赖项更新的配置选项](/github/administering-a-repository/configuration-options-for-dependency-updates#configuration-options-for-private-registries)。” +如果您的代码依赖于私有注册表中的软件包,您可以在仓库级别进行配置,允许 {% data variables.product.prodname_dependabot %} 更新这些依赖项的版本。 可通过将身份验证详细信息添加到仓库的 _dependabot.yml_ 文件来做到这一点。 For more information, see "[Configuration options for the dependabot.yml file](/github/administering-a-repository/configuration-options-for-dependency-updates#configuration-options-for-private-registries)." 要允许 {% data variables.product.prodname_dependabot %} 访问私有 {% data variables.product.prodname_dotcom %} 仓库: @@ -157,6 +157,5 @@ shortTitle: 管理安全和分析 - "[保护您的仓库](/code-security/getting-started/securing-your-repository)"{% ifversion not fpt %} - "[About secret scanning](/github/administering-a-repository/about-secret-scanning)"{% endif %}{% ifversion not ghae %} -- “[关于依赖关系图](/github/visualizing-repository-data-with-graphs/about-the-dependency-graph)” -- "[Managing vulnerabilities in your project's dependencies](/github/managing-security-vulnerabilities/managing-vulnerabilities-in-your-projects-dependencies)"{% endif %}{% ifversion fpt or ghec or ghes > 3.2 %} -- "[自动更新依赖项](/github/administering-a-repository/keeping-your-dependencies-updated-automatically)"{% endif %} +- "[About the dependency graph](/github/visualizing-repository-data-with-graphs/about-the-dependency-graph)"{% endif %}{% ifversion fpt or ghec or ghes or ghae-issue-4864 %} +- "[About supply chain security](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-supply-chain-security)"{% endif %} diff --git a/translations/zh-CN/content/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization.md b/translations/zh-CN/content/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization.md index 440cc0203d..88ed019509 100644 --- a/translations/zh-CN/content/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization.md +++ b/translations/zh-CN/content/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization.md @@ -35,52 +35,52 @@ The audit log lists events triggered by activities that affect your organization 要搜索特定事件,请在查询中使用 `action` 限定符。 审核日志中列出的操作分为以下类别: -| 类别名称 | 描述 | -| ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |{% ifversion fpt or ghec %} -| [`帐户`](#account-category-actions) | 包含与组织帐户相关的所有活动。 | -| [`advisory_credit`](#advisory_credit-category-actions) | 包含与 {% data variables.product.prodname_advisory_database %} 中安全通告的贡献者积分相关的所有活动。 更多信息请参阅“[关于 {% data variables.product.prodname_dotcom %} 安全通告](/github/managing-security-vulnerabilities/about-github-security-advisories)”。 | -| [`计费,帐单`](#billing-category-actions) | 包含与组织帐单相关的所有活动。 | -| [`business`](#business-category-actions) | 包含与企业业务设置相关的活动。 | +| 类别名称 | 描述 | +| ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |{% ifversion fpt or ghec %} +| [`帐户`](#account-category-actions) | 包含与组织帐户相关的所有活动。 | +| [`advisory_credit`](#advisory_credit-category-actions) | 包含与 {% data variables.product.prodname_advisory_database %} 中安全通告的贡献者积分相关的所有活动。 更多信息请参阅“[关于 {% data variables.product.prodname_dotcom %} 安全通告](/github/managing-security-vulnerabilities/about-github-security-advisories)”。 | +| [`计费,帐单`](#billing-category-actions) | 包含与组织帐单相关的所有活动。 | +| [`business`](#business-category-actions) | 包含与企业业务设置相关的活动。 | | [`codespaces`](#codespaces-category-actions) | Contains all activities related to your organization's codespaces. |{% endif %}{% ifversion fpt or ghec or ghes > 3.2 %} -| [`dependabot_alerts`](#dependabot_alerts-category-actions) | Contains organization-level configuration activities for {% data variables.product.prodname_dependabot_alerts %} in existing repositories. 更多信息请参阅“[关于易受攻击的依赖项的警报](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)”。 | -| [`dependabot_alerts_new_repos`](#dependabot_alerts_new_repos-category-actions) | Contains organization-level configuration activities for {% data variables.product.prodname_dependabot_alerts %} in new repositories created in the organization. | -| [`dependabot_security_updates`](#dependabot_security_updates-category-actions) | 包含现有仓库中 {% data variables.product.prodname_dependabot_security_updates %} 的组织级配置活动。 更多信息请参阅“[配置 {% data variables.product.prodname_dependabot_security_updates %}](/github/managing-security-vulnerabilities/configuring-dependabot-security-updates)。” | +| [`dependabot_alerts`](#dependabot_alerts-category-actions) | Contains organization-level configuration activities for {% data variables.product.prodname_dependabot_alerts %} in existing repositories. 更多信息请参阅“[关于 {% data variables.product.prodname_dependabot_alerts %}](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)”。 | +| [`dependabot_alerts_new_repos`](#dependabot_alerts_new_repos-category-actions) | Contains organization-level configuration activities for {% data variables.product.prodname_dependabot_alerts %} in new repositories created in the organization. | +| [`dependabot_security_updates`](#dependabot_security_updates-category-actions) | 包含现有仓库中 {% data variables.product.prodname_dependabot_security_updates %} 的组织级配置活动。 更多信息请参阅“[配置 {% data variables.product.prodname_dependabot_security_updates %}](/github/managing-security-vulnerabilities/configuring-dependabot-security-updates)。” | | [`dependabot_security_updates_new_repos`](#dependabot_security_updates_new_repos-category-actions) | Contains organization-level configuration activities for {% data variables.product.prodname_dependabot_security_updates %} for new repositories created in the organization.{% endif %}{% ifversion fpt or ghec %} -| [`dependency_graph`](#dependency_graph-category-actions) | 包含仓库依赖项图的组织级配置活动。 更多信息请参阅“[关于依赖关系图](/github/visualizing-repository-data-with-graphs/about-the-dependency-graph)”。 | +| [`dependency_graph`](#dependency_graph-category-actions) | 包含仓库依赖项图的组织级配置活动。 更多信息请参阅“[关于依赖关系图](/github/visualizing-repository-data-with-graphs/about-the-dependency-graph)”。 | | [`dependency_graph_new_repos`](#dependency_graph_new_repos-category-actions) | 包含组织新建仓库的组织级配置活动。{% endif %} -| [`discussion_post`](#discussion_post-category-actions) | 包含与发布到团队页面的讨论相关的所有活动。 | +| [`discussion_post`](#discussion_post-category-actions) | 包含与发布到团队页面的讨论相关的所有活动。 | | [`discussion_post_reply`](#discussion_post_reply-category-actions) | 包含与发布到团队页面的讨论回复相关的所有活动。{% ifversion fpt or ghes or ghec %} -| [`企业`](#enterprise-category-actions) | 包含与企业设置相关的活动。 |{% endif %} -| [`挂钩`](#hook-category-actions) | 包含与 web 挂钩相关的所有活动。 | +| [`企业`](#enterprise-category-actions) | 包含与企业设置相关的活动。 |{% endif %} +| [`挂钩`](#hook-category-actions) | 包含与 web 挂钩相关的所有活动。 | | [`integration_installation_request`](#integration_installation_request-category-actions) | 包含与组织成员请求所有者批准用于组织的集成相关的所有活动。 |{% ifversion ghec or ghae %} -| [`ip_allow_list`](#ip_allow_list-category-actions) | Contains activities related to enabling or disabling the IP allow list for an organization. | +| [`ip_allow_list`](#ip_allow_list-category-actions) | Contains activities related to enabling or disabling the IP allow list for an organization. | | [`ip_allow_list_entry`](#ip_allow_list_entry-category-actions) | Contains activities related to the creation, deletion, and editing of an IP allow list entry for an organization.{% endif %} -| [`议题`](#issue-category-actions) | 包含与删除议题相关的活动。 |{% ifversion fpt or ghec %} -| [`marketplace_agreement_signature`](#marketplace_agreement_signature-category-actions) | 包含与签署 {% data variables.product.prodname_marketplace %} 开发者协议相关的所有活动。 | +| [`议题`](#issue-category-actions) | 包含与删除议题相关的活动。 |{% ifversion fpt or ghec %} +| [`marketplace_agreement_signature`](#marketplace_agreement_signature-category-actions) | 包含与签署 {% data variables.product.prodname_marketplace %} 开发者协议相关的所有活动。 | | [`marketplace_listing`](#marketplace_listing-category-actions) | 包含与在 {% data variables.product.prodname_marketplace %} 中上架应用程序相关的所有活动。{% endif %}{% ifversion fpt or ghes or ghec %} -| [`members_can_create_pages`](#members_can_create_pages-category-actions) | 包含与管理组织仓库的 {% data variables.product.prodname_pages %} 站点发布相关的所有活动。 更多信息请参阅“[管理组织的 {% data variables.product.prodname_pages %} 站点发布](/organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization)”。 |{% endif %} +| [`members_can_create_pages`](#members_can_create_pages-category-actions) | 包含与管理组织仓库的 {% data variables.product.prodname_pages %} 站点发布相关的所有活动。 更多信息请参阅“[管理组织的 {% data variables.product.prodname_pages %} 站点发布](/organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization)”。 |{% endif %} | [`org`](#org-category-actions) | 包含与组织成员身份相关的活动。{% ifversion ghec %} | [`org_credential_authorization`](#org_credential_authorization-category-actions) | 包含与授权凭据以用于 SAML 单点登录相关的所有活动。{% endif %}{% ifversion fpt or ghes or ghae or ghec %} | [`organization_label`](#organization_label-category-actions) | 包含与组织中仓库的默认标签相关的所有活动。{% endif %} | [`oauth_application`](#oauth_application-category-actions) | 包含与 OAuth 应用程序相关的所有活动。{% ifversion fpt or ghes or ghec %} | [`包`](#packages-category-actions) | 包含与 {% data variables.product.prodname_registry %} 相关的所有活动。{% endif %}{% ifversion fpt or ghec %} | [`payment_method`](#payment_method-category-actions) | 包含与组织如何支付 GitHub 相关的所有活动。{% endif %} -| [`profile_picture`](#profile_picture-category-actions) | 包含与组织的头像相关的所有活动。 | -| [`project`](#project-category-actions) | 包含与项目板相关的所有活动。 | -| [`protected_branch`](#protected_branch-category-actions) | 包含与受保护分支相关的所有活动。 | +| [`profile_picture`](#profile_picture-category-actions) | 包含与组织的头像相关的所有活动。 | +| [`project`](#project-category-actions) | 包含与项目板相关的所有活动。 | +| [`protected_branch`](#protected_branch-category-actions) | 包含与受保护分支相关的所有活动。 | | [`repo`](#repo-category-actions) | 包含与组织拥有的仓库相关的所有活动。{% ifversion fpt or ghec %} -| [`repository_advisory`](#repository_advisory-category-actions) | 包含与 {% data variables.product.prodname_advisory_database %} 中的安全通告相关的仓库级活动。 更多信息请参阅“[关于 {% data variables.product.prodname_dotcom %} 安全通告](/github/managing-security-vulnerabilities/about-github-security-advisories)”。 | +| [`repository_advisory`](#repository_advisory-category-actions) | 包含与 {% data variables.product.prodname_advisory_database %} 中的安全通告相关的仓库级活动。 更多信息请参阅“[关于 {% data variables.product.prodname_dotcom %} 安全通告](/github/managing-security-vulnerabilities/about-github-security-advisories)”。 | | [`repository_content_analysis`](#repository_content_analysis-category-actions) | 包含与[启用或禁用私有仓库的数据使用](/articles/about-github-s-use-of-your-data)相关的所有活动。{% endif %}{% ifversion fpt or ghec %} -| [`repository_dependency_graph`](#repository_dependency_graph-category-actions) | 包含与启用或禁用依赖项图相关的仓库级活动 | -| {% ifversion fpt or ghec %}私有{% endif %}仓库。 更多信息请参阅“[关于依赖项图](/github/visualizing-repository-data-with-graphs/about-the-dependency-graph)”。{% endif %}{% ifversion ghes or ghae or ghec %} | | -| [`repository_secret_scanning`](#repository_secret_scanning-category-actions) | 包含与密码扫描相关的仓库级活动。 更多信息请参阅“[关于密钥扫描](/github/administering-a-repository/about-secret-scanning)”。 |{% endif %}{% ifversion fpt or ghes or ghae-issue-4864 or ghec %} +| [`repository_dependency_graph`](#repository_dependency_graph-category-actions) | 包含与启用或禁用依赖项图相关的仓库级活动 | +| {% ifversion fpt or ghec %}私有{% endif %}仓库。 更多信息请参阅“[关于依赖项图](/github/visualizing-repository-data-with-graphs/about-the-dependency-graph)”。{% endif %}{% ifversion ghes or ghae or ghec %} | | +| [`repository_secret_scanning`](#repository_secret_scanning-category-actions) | 包含与密码扫描相关的仓库级活动。 更多信息请参阅“[关于密钥扫描](/github/administering-a-repository/about-secret-scanning)”。 |{% endif %}{% ifversion fpt or ghes or ghae-issue-4864 or ghec %} | [`repository_vulnerability_alert`](#repository_vulnerability_alert-category-actions) | 包含与[有漏洞依赖项的 {% data variables.product.prodname_dependabot_alerts %}](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)相关的所有活动。{% endif %}{% ifversion fpt or ghec %} | [`repository_vulnerability_alerts`](#repository_vulnerability_alerts-category-actions) | Contains repository-level configuration activities for {% data variables.product.prodname_dependabot_alerts %}.{% endif %}{% ifversion ghec %} | [`角色`](#role-category-actions) | Contains all activities related to [custom repository roles](/organizations/managing-peoples-access-to-your-organization-with-roles/managing-custom-repository-roles-for-an-organization).{% endif %}{% ifversion ghes or ghae or ghec %} -| [`secret_scanning`](#secret_scanning-category-actions) | 包含现有仓库中密码扫描的组织级配置活动。 更多信息请参阅“[关于密钥扫描](/github/administering-a-repository/about-secret-scanning)”。 | -| [`secret_scanning_new_repos`](#secret_scanning_new_repos-category-actions) | 包含组织新建仓库中密码扫描的组织级配置活动。 |{% endif %}{% ifversion fpt or ghec %} +| [`secret_scanning`](#secret_scanning-category-actions) | 包含现有仓库中密码扫描的组织级配置活动。 更多信息请参阅“[关于密钥扫描](/github/administering-a-repository/about-secret-scanning)”。 | +| [`secret_scanning_new_repos`](#secret_scanning_new_repos-category-actions) | 包含组织新建仓库中密码扫描的组织级配置活动。 |{% endif %}{% ifversion fpt or ghec %} | [`sponsors`](#sponsors-category-actions) | 包含与与赞助者按钮相关的所有事件(请参阅“[在仓库中显示赞助者按钮](/articles/displaying-a-sponsor-button-in-your-repository)”){% endif %} -| [`团队`](#team-category-actions) | 包含与您的组织中的团队相关的所有活动。 | +| [`团队`](#team-category-actions) | 包含与您的组织中的团队相关的所有活动。 | | [`team_discussions`](#team_discussions-category-actions) | Contains activities related to managing team discussions for an organization.{% ifversion fpt or ghec or ghes > 3.1 or ghae %} | [`工作流程`](#workflows-category-actions) | Contains activities related to {% data variables.product.prodname_actions %} workflows.{% endif %} @@ -680,11 +680,11 @@ By default, only events from the past three months are returned. To include olde {% endif %}{% ifversion fpt or ghes or ghae-issue-4864 or ghec %} ### `repository_vulnerability_alert` 类操作 -| 操作 | 描述 | -| -------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| `create` | Triggered when {% data variables.product.product_name %} creates a {% data variables.product.prodname_dependabot %} alert for a repository that uses a vulnerable dependency. 更多信息请参阅“[关于易受攻击的依赖项的警报](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)”。 | -| `忽略` | Triggered when an organization owner or person with admin access to the repository dismisses a {% data variables.product.prodname_dependabot %} alert about a vulnerable dependency. | -| `解决` | 当对仓库具有写入权限的人推送更改以更新和解决项目依赖项中的漏洞时触发。 | +| 操作 | 描述 | +| -------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| `create` | Triggered when {% data variables.product.product_name %} creates a {% data variables.product.prodname_dependabot %} alert for a repository that uses a vulnerable dependency. 更多信息请参阅“[关于 {% data variables.product.prodname_dependabot_alerts %}](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)”。 | +| `忽略` | Triggered when an organization owner or person with admin access to the repository dismisses a {% data variables.product.prodname_dependabot %} alert about a vulnerable dependency. | +| `解决` | 当对仓库具有写入权限的人推送更改以更新和解决项目依赖项中的漏洞时触发。 | {% endif %}{% ifversion fpt or ghec %} ### `repository_vulnerability_alerts` 类操作 diff --git a/translations/zh-CN/content/packages/working-with-a-github-packages-registry/working-with-the-rubygems-registry.md b/translations/zh-CN/content/packages/working-with-a-github-packages-registry/working-with-the-rubygems-registry.md index b3a5b600b9..01a56b4478 100644 --- a/translations/zh-CN/content/packages/working-with-a-github-packages-registry/working-with-the-rubygems-registry.md +++ b/translations/zh-CN/content/packages/working-with-a-github-packages-registry/working-with-the-rubygems-registry.md @@ -136,7 +136,7 @@ You can use gems from {% data variables.product.prodname_registry %} much like y end ``` -3. For Bundler versions earlier than 1.7.0, you need to add a new global `source`. For more information on using Bundler, see the [bundler.io documentation](http://bundler.io/v1.5/gemfile.html). +3. For Bundler versions earlier than 1.7.0, you need to add a new global `source`. For more information on using Bundler, see the [bundler.io documentation](https://bundler.io/gemfile.html). ```ruby source "https://{% ifversion fpt or ghec %}rubygems.pkg.github.com{% else %}REGISTRY-URL{% endif %}/OWNER" diff --git a/translations/zh-CN/content/pages/quickstart.md b/translations/zh-CN/content/pages/quickstart.md index 12d738d1bb..07e08e7130 100644 --- a/translations/zh-CN/content/pages/quickstart.md +++ b/translations/zh-CN/content/pages/quickstart.md @@ -1,6 +1,6 @@ --- -title: Quickstart for GitHub Pages -intro: 'You can use {% data variables.product.prodname_pages %} to showcase some open source projects, host a blog, or even share your résumé. This guide will help get you started on creating your next website.' +title: GitHub Pages 快速入门 +intro: '您可以使用 {% data variables.product.prodname_pages %} 来展示一些开源项目、主持博客甚或分享您的简历。 本指南将帮助您开始创建下一个网站。' allowTitleToDifferFromFilename: true versions: fpt: '*' @@ -16,30 +16,30 @@ product: '{% data reusables.gated-features.pages %}' ## 简介 -{% data variables.product.prodname_pages %} are public webpages hosted and published through {% data variables.product.product_name %}. The quickest way to get up and running is by using the Jekyll Theme Chooser to load a pre-made theme. You can then modify your {% data variables.product.prodname_pages %}' content and style. +{% data variables.product.prodname_pages %} 是通过 {% data variables.product.product_name %} 托管和发布的公共网页。 启动和运行的最快方法是使用 Jekyll 主题选择器加载预置主题。 然后,您可以修改 {% data variables.product.prodname_pages %} 的内容和样式。 -This guide will lead you through creating a user site at `username.github.io`. +本指南将引导您完成在 `username.github.io` 创建用户站点的过程。 -## Creating your website +## 创建网站 {% data reusables.repositories.create_new %} -1. Enter `username.github.io` as the repository name. Replace `username` with your {% data variables.product.prodname_dotcom %} username. For example, if your username is `octocat`, the repository name should be `octocat.github.io`. ![Repository name field](/assets/images/help/pages/create-repository-name-pages.png) +1. 输入 `username.github.io` 作为存储库名称。 Replace `username` with your {% data variables.product.prodname_dotcom %} username. For example, if your username is `octocat`, the repository name should be `octocat.github.io`. ![存储库名称字段](/assets/images/help/pages/create-repository-name-pages.png) {% data reusables.repositories.sidebar-settings %} {% data reusables.pages.sidebar-pages %} 1. Click **Choose a theme**. ![选择主题按钮](/assets/images/help/pages/choose-theme.png) 2. The Theme Chooser will open. Browse the available themes, then click **Select theme** to select a theme. It's easy to change your theme later, so if you're not sure, just choose one for now. ![主题选项和选择主题按钮](/assets/images/help/pages/select-theme.png) 3. After you select a theme, your repository's `README.md` file will open in the file editor. The `README.md` file is where you will write the content for your site. You can edit the file or keep the default content for now. -4. When you are done editing the file, click **Commit changes**. +4. 编辑完文件后,单击 **Commit changes(提交更改)**。 5. Visit `username.github.io` to view your new website. **注:**对站点的更改在推送到 {% data variables.product.product_name %} 后,最长可能需要 20 分钟才会发布。 ## Changing the title and description -By default, the title of your site is `username.github.io`. You can change the title by editing the `_config.yml` file in your repository. You can also add a description for your site. +默认情况下,网站的标题为 `username.github.io`。 您可以通过编辑存储库中的 `_config.yml` 文件来更改标题。 您还可以为您的网站添加说明。 -1. Click the **Code** tab of your repository. -1. In the file list, click `_config.yml` to open the file. -1. Click {% octicon "pencil" aria-label="The edit icon" %} to edit the file. -1. The `_config.yml` file already contains a line that specifies the theme for your site. Add a new line with `title:` followed by the title you want. Add a new line with `description:` followed by the description you want. 例如: +1. 单击存储库的 **Code(代码)**选项卡。 +1. 在文件列表中,单击 `_config.yml` 打开该文件。 +1. 单击 {% octicon "pencil" aria-label="The edit icon" %} 编辑文件。 +1. `_config.yml` 文件已包含指定网站主题的行。 添加一个新行,其中包含 `title:`,后跟所需的标题。 添加一个新行,其中包含 `description:`,后跟所需的说明。 例如: ```yaml theme: jekyll-theme-minimal @@ -47,10 +47,10 @@ By default, the title of your site is `username.github.io`. You can change the t description: Bookmark this to keep an eye on my project updates! ``` -1. When you are done editing the file, click **Commit changes**. +1. 编辑完文件后,单击 **Commit changes(提交更改)**。 ## 后续步骤 -For more information about how to add additional pages to your site, see "[Adding content to your GitHub Pages site using Jekyll](/pages/setting-up-a-github-pages-site-with-jekyll/adding-content-to-your-github-pages-site-using-jekyll#about-content-in-jekyll-sites)." +有关如何向站点添加其他页面的详细信息,请参阅“[使用 Jekyll 向 GitHub Pages 站点添加内容](/pages/setting-up-a-github-pages-site-with-jekyll/adding-content-to-your-github-pages-site-using-jekyll#about-content-in-jekyll-sites)”。 -For more information about setting up a {% data variables.product.prodname_pages %} site with Jekyll, see "[About GitHub Pages and Jekyll](/pages/setting-up-a-github-pages-site-with-jekyll/about-github-pages-and-jekyll)." +有关使用 Jekyll 设置 {% data variables.product.prodname_pages %} 站点的更多信息,请参阅“[关于 GitHub Pages 和 Jekyll](/pages/setting-up-a-github-pages-site-with-jekyll/about-github-pages-and-jekyll)”。 diff --git a/translations/zh-CN/content/pages/setting-up-a-github-pages-site-with-jekyll/testing-your-github-pages-site-locally-with-jekyll.md b/translations/zh-CN/content/pages/setting-up-a-github-pages-site-with-jekyll/testing-your-github-pages-site-locally-with-jekyll.md index 9b047c5a41..c89a26f9c9 100644 --- a/translations/zh-CN/content/pages/setting-up-a-github-pages-site-with-jekyll/testing-your-github-pages-site-locally-with-jekyll.md +++ b/translations/zh-CN/content/pages/setting-up-a-github-pages-site-with-jekyll/testing-your-github-pages-site-locally-with-jekyll.md @@ -50,6 +50,12 @@ shortTitle: 使用 Jekyll 本地测试站点 ``` 3. 要预览站点,请在 web 浏览器中导航到 `http://localhost:4000`。 +{% note %} + +**Note:** If you are using Ruby 3.0 and Jekyll 4.2.x or older, you will need to add the `webrick` gem to your project's Gemfile prior to running `bundle install`. + +{% endnote %} + ## 更新 {% data variables.product.prodname_pages %} gem Jekyll 是一个活跃的开源项目,经常更新。 如果您计算机上的 `github-pages` gem 版本落后于 {% data variables.product.prodname_pages %} 服务器上的 `github-pages` gem 版本,则您的站点在本地构建时的外观与在 {% data variables.product.product_name %} 上发布时的外观可能不同。 为避免这种情况,请定期更新计算机上的 `github-pages` gem。 diff --git a/translations/zh-CN/content/repositories/releasing-projects-on-github/searching-a-repositorys-releases.md b/translations/zh-CN/content/repositories/releasing-projects-on-github/searching-a-repositorys-releases.md index 00e10a4bc1..c81c08a9de 100644 --- a/translations/zh-CN/content/repositories/releasing-projects-on-github/searching-a-repositorys-releases.md +++ b/translations/zh-CN/content/repositories/releasing-projects-on-github/searching-a-repositorys-releases.md @@ -1,8 +1,8 @@ --- -title: Searching a repository's releases -intro: 'You can use keywords, tags, and other qualifiers to search for particular releases in a repository.' +title: 搜索存储库的版本 +intro: 您可以使用关键字、标记和其他限定符来搜索存储库中的特定版本。 permissions: Anyone with read access to a repository can search that repository's releases. -shortTitle: Searching releases +shortTitle: 搜索版本 versions: fpt: '*' ghec: '*' @@ -12,21 +12,21 @@ topics: - Repositories --- -## Searching for releases in a repository +## 在存储库中搜索版本 {% data reusables.repositories.navigate-to-repo %} {% data reusables.repositories.releases %} -1. To search the repository's releases, in the search field at the top of the Releases page, type your query and press **Enter**. ![Releases search field](/assets/images/help/releases/search-releases.png) +1. 要搜索存储库的版本,请在 Releases(发行版)页面顶部的搜索字段中,键入您的查询,然后按 **Enter**。 ![版本搜索字段](/assets/images/help/releases/search-releases.png) -## Search syntax for searching releases in a repository +## 用于在存储库中搜索版本的搜索语法 -You can provide text in your search query which will be matched against the title, body, and tag of the repository's releases. You can also combine the following qualifiers to target specific releases. +您可以在搜索查询中提供文本,这些文本将与存储库版本的标题、正文和标记进行匹配。 您还可以组合以下限定符以面向特定版本。 -| 限定符 | 示例 | -| ------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| `draft:true` | **draft:true** will only match draft releases. | -| `draft:false` | **draft:false** will only match published releases. | -| `prerelease:true` | **prerelease:true** will only match pre-releases. | -| `prerelease:false` | **prerelease:false** will only match releases that are not pre-releases. | -| tag:TAG | **tag:v1** matches a release with the v1 tag and any minor or patch versions within v1, such as v1.0, v1.2, and v1.2.5. | -| created:DATE | **created:2021** will match releases created during 2021. You can also provide date ranges. 更多信息请参阅“[了解搜索语法](/search-github/getting-started-with-searching-on-github/understanding-the-search-syntax#query-for-dates)”。 | +| 限定符 | 示例 | +| ------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| `draft:true` | **draft:true** 将仅匹配草稿版本。 | +| `draft:false` | **draft:false** 仅匹配已发布的版本。 | +| `prerelease:true` | **prerelease:true** 仅匹配预发行版本。 | +| `prerelease:false` | **prerelease:false** 仅匹配非预发行版的版本。 | +| tag:TAG | **tag:v1** 匹配具有 v1 标记的版本以及 v1 中的任何次要版本或修补程序版本,例如 v1.0、v1.2 和 v1.2.5。 | +| created:DATE | **created:2021** 将匹配 2021 年期间创建的版本。 您还可以提供日期范围。 更多信息请参阅“[了解搜索语法](/search-github/getting-started-with-searching-on-github/understanding-the-search-syntax#query-for-dates)”。 | diff --git a/translations/zh-CN/content/repositories/viewing-activity-and-data-for-your-repository/understanding-connections-between-repositories.md b/translations/zh-CN/content/repositories/viewing-activity-and-data-for-your-repository/understanding-connections-between-repositories.md index 1180043ae5..86db4cefb8 100644 --- a/translations/zh-CN/content/repositories/viewing-activity-and-data-for-your-repository/understanding-connections-between-repositories.md +++ b/translations/zh-CN/content/repositories/viewing-activity-and-data-for-your-repository/understanding-connections-between-repositories.md @@ -73,5 +73,5 @@ shortTitle: 存储库之间的连接 依赖关系图提供了可视化和探索仓库依赖关系的好方法。 更多信息请参阅“[关于依赖关系图](/code-security/supply-chain-security/about-the-dependency-graph)”和“[探索仓库的依赖关系](/code-security/supply-chain-security/exploring-the-dependencies-of-a-repository)”。 -您也可以设置仓库,以便在您的一个依赖项中发现安全漏洞时,{% data variables.product.company_short %} 会自动提醒您。 更多信息请参阅“[关于易受攻击的依赖项的警报](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)”。 +您也可以设置仓库,以便在您的一个依赖项中发现安全漏洞时,{% data variables.product.company_short %} 会自动提醒您。 更多信息请参阅“[关于 {% data variables.product.prodname_dependabot_alerts %}](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)”。 {% endif %} diff --git a/translations/zh-CN/content/repositories/working-with-files/using-files/working-with-non-code-files.md b/translations/zh-CN/content/repositories/working-with-files/using-files/working-with-non-code-files.md index 6948d6df36..bc03bf6a91 100644 --- a/translations/zh-CN/content/repositories/working-with-files/using-files/working-with-non-code-files.md +++ b/translations/zh-CN/content/repositories/working-with-files/using-files/working-with-non-code-files.md @@ -130,6 +130,12 @@ SVG 目前不支持内联脚本或动画。 {% endtip %} +{% if mermaid %} +### Rendering in Markdown + +You can embed ASCII STL syntax directly in Markdown. For more information, see "[Creating diagrams](/get-started/writing-on-github/working-with-advanced-formatting/creating-diagrams#creating-stl-3d-models)." +{% endif %} + ## 呈现 CSV 和 TSV 数据 GitHub 支持以 *.csv*(逗号分隔)和 .*tsv*(制表符分隔)文件的形式呈现表格数据。 @@ -233,7 +239,7 @@ GitHub 支持呈现 PDF 文档。 ![源渲染切换屏幕截图](/assets/images/help/repository/source-render-toggle-geojson.png) -### 几何类型 +### Geometry types {% data variables.product.product_name %} 上的地图使用 [Leaflet.js](http://leafletjs.com),并且支持 [geoJSON 规格](http://www.geojson.org/geojson-spec.html)中列出的所有几何类型(Point、LineString、Polygon、MultiPoint、MultiLineString、MultiPolygon 和 GeometryCollection)。 TopoJSON 文件类型应为 "Topology"(拓扑),并且遵守 [topoJSON 规格](https://github.com/mbostock/topojson/wiki/Specification)。 @@ -274,6 +280,12 @@ GitHub 支持呈现 PDF 文档。 {% endtip %} +{% if mermaid %} +### Mapping in Markdown + +You can embed geoJSON and topoJSON directly in Markdown. For more information, see "[Creating diagrams](/get-started/writing-on-github/working-with-advanced-formatting/creating-diagrams#creating-geojson-and-topojson-maps)." +{% endif %} + ### 集群 如果地图包含大量标记(大约超过 750 个),GitHub 将自动以较高的缩放比例集群附近的标记。 只需单击群集或放大便可查看个别标记。 @@ -292,7 +304,7 @@ GitHub 支持呈现 PDF 文档。 如果将 `.geojson` 文件转换为 [TopoJSON](https://github.com/mbostock/topojson),可能还是能够渲染数据,TopoJSON 是一种压缩格式,有时能将文件减小 80%。 当然,您始终可以将文件分解为更小的数据块(例如按州或年分解),并将数据在仓库中存储为多个文件。 -### 其他资源 +### 延伸阅读 * [Leaflet.js geojson 文档](http://leafletjs.com/examples/geojson.html) * [MapBox marker-styling 文档](http://www.mapbox.com/developers/simplestyle/) @@ -320,3 +332,44 @@ $ jupyter nbconvert --to html NOTEBOOK-NAME.ipynb - [Jupyter Notebook 的 GitHub 仓库](https://github.com/jupyter/jupyter_notebook) - [Jupyter Notebook 的图片库](https://github.com/jupyter/jupyter/wiki/A-gallery-of-interesting-Jupyter-Notebooks) + +{% if mermaid %} +## Displaying Mermaid files on {% data variables.product.prodname_dotcom %} + +{% data variables.product.product_name %} supports rendering Mermaid files within repositories. Commit the file as you would normally using a `.mermaid` or `.mmd` extension. Then, navigate to the path of the Mermaid file on {% data variables.product.prodname_dotcom %}. + +For example, if you add a `.mmd` file with the following content to your repository: + +``` +graph TD + A[Friend's Birthday] -->|Get money| B(Go shopping) + B --> C{Let me think} + C -->|One| D["Cool
Laptop"] + C -->|Two| E[iPhone] + C -->|Three| F[fa:fa-car Car] +``` + +When you view the file in the repository, it is rendered as a flow chart. ![Rendered mermaid file diagram](/assets/images/help/repository/mermaid-file-diagram.png) + +### 疑难解答 + +If your chart does not render at all, verify that it contains valid Mermaid Markdown syntax by checking your chart with the [Mermaid live editor](https://mermaid.live/edit). + +If the chart displays, but does not appear as you'd expect, you can create a new [feedback discussion](https://github.com/github/feedback/discussions/categories/general-feedback), and add the `mermaid` tag. + +#### 已知问题 + +* Sequence diagram charts frequently render with additional padding below the chart, with more padding added as the chart size increases. This is a known issue with the Mermaid library. +* Actor nodes with popover menus do not work as expected within sequence diagram charts. This is due to a discrepancy in how JavaScript events are added to a chart when the Mermaid library's API is used to render a chart. +* Not all charts are a11y compliant. This may affect users who rely on a screen reader. + +### Mermaid in Markdown + +You can embed Mermaid syntax directly in Markdown. For more information, see "[Creating diagrams](/get-started/writing-on-github/working-with-advanced-formatting/creating-diagrams#creating-mermaid-diagrams)." + +### 延伸阅读 + +* [Mermaid.js documentation](https://mermaid-js.github.io/mermaid/#/) +* [Mermaid.js live editor](https://mermaid.live/edit) +{% endif %} + diff --git a/translations/zh-CN/content/rest/reference/deploy_keys.md b/translations/zh-CN/content/rest/reference/deploy_keys.md new file mode 100644 index 0000000000..2a49dbdf47 --- /dev/null +++ b/translations/zh-CN/content/rest/reference/deploy_keys.md @@ -0,0 +1,17 @@ +--- +title: Deploy Keys +intro: 'The Deploy Keys API allows to create an SSH key that is stored on your server and grants access to a GitHub repository.' +allowTitleToDifferFromFilename: true +versions: + fpt: '*' + ghes: '*' + ghae: '*' + ghec: '*' +topics: + - API +miniTocMaxHeadingLevel: 3 +--- + + \ No newline at end of file diff --git a/translations/zh-CN/content/rest/reference/deployments.md b/translations/zh-CN/content/rest/reference/deployments.md index 0b4daf9c5e..b9b2dfc6fe 100644 --- a/translations/zh-CN/content/rest/reference/deployments.md +++ b/translations/zh-CN/content/rest/reference/deployments.md @@ -1,6 +1,6 @@ --- title: 部署 -intro: 'The deployments API allows you to create and delete deploy keys, deployments, and deployment environments.' +intro: The deployments API allows you to create and delete deployments and deployment environments. allowTitleToDifferFromFilename: true versions: fpt: '*' diff --git a/translations/zh-CN/content/rest/reference/index.md b/translations/zh-CN/content/rest/reference/index.md index ffd7a7674d..d1620d78bb 100644 --- a/translations/zh-CN/content/rest/reference/index.md +++ b/translations/zh-CN/content/rest/reference/index.md @@ -22,6 +22,7 @@ children: - /collaborators - /commits - /dependabot + - /deploy_keys - /deployments - /emojis - /enterprise-admin diff --git a/translations/zh-CN/data/features/mermaid.yml b/translations/zh-CN/data/features/mermaid.yml index 09870e35f9..db633f907d 100644 --- a/translations/zh-CN/data/features/mermaid.yml +++ b/translations/zh-CN/data/features/mermaid.yml @@ -1,8 +1,8 @@ --- -#Issue 5812 and 6172 -#Mermaid syntax support +#Issues 5812 and 6172, also 6411 +#Mermaid syntax support, also ASCII STL and geoJSON/topoJSON syntax support versions: fpt: '*' ghec: '*' - ghes: '>=3.5' + ghes: '>=3.6' ghae: 'issue-6172' diff --git a/translations/zh-CN/data/learning-tracks/code-security.yml b/translations/zh-CN/data/learning-tracks/code-security.yml index 3b9db87e4a..f8abf8dc63 100644 --- a/translations/zh-CN/data/learning-tracks/code-security.yml +++ b/translations/zh-CN/data/learning-tracks/code-security.yml @@ -18,39 +18,39 @@ dependabot_alerts: title: '获取漏洞依赖项的通知' description: '设置 Dependabot 提醒您的依赖项中有新漏洞。' guides: - - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-alerts-for-vulnerable-dependencies + - /code-security/dependabot/dependabot-alerts/about-dependabot-alerts - '{% ifversion fpt or ghec or ghes > 3.2 %}/github/administering-a-repository/managing-repository-settings/managing-security-and-analysis-settings-for-your-repository{% endif %}' - - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/viewing-and-updating-vulnerable-dependencies-in-your-repository - - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/configuring-notifications-for-vulnerable-dependencies - - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/managing-pull-requests-for-dependency-updates - - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/troubleshooting-the-detection-of-vulnerable-dependencies - - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/troubleshooting-dependabot-errors + - /code-security/dependabot/dependabot-alerts/viewing-and-updating-dependabot-alerts + - /code-security/dependabot/dependabot-alerts/configuring-notifications-for-dependabot-alerts + - /code-security/dependabot/working-with-dependabot/managing-pull-requests-for-dependency-updates + - /code-security/dependabot/working-with-dependabot/troubleshooting-the-detection-of-vulnerable-dependencies + - /code-security/dependabot/working-with-dependabot/troubleshooting-dependabot-errors #Feature available on dotcom and GHES 3.3+, so articles available on GHAE and earlier GHES hidden to hide the learning track dependabot_security_updates: title: '获取拉取请求以更新您的漏洞依赖项' description: '设置 Dependabot 以在报告新漏洞时创建拉取请求。' guides: - - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-dependabot-security-updates - - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/configuring-dependabot-security-updates + - /code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates + - /code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates - '{% ifversion fpt or ghec or ghes > 3.2 %}/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/configuring-notifications-for-vulnerable-dependencies{% endif %}' - '{% ifversion fpt or ghec or ghes > 3.2 %}/github/administering-a-repository/managing-repository-settings/managing-security-and-analysis-settings-for-your-repository{% endif %}' - - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/managing-pull-requests-for-dependency-updates + - /code-security/dependabot/working-with-dependabot/managing-pull-requests-for-dependency-updates - '{% ifversion fpt or ghec or ghes > 3.2 %}/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/troubleshooting-the-detection-of-vulnerable-dependencies{% endif %}' #Feature available only on dotcom and GHES 3.3+ dependency_version_updates: title: '保持更新依赖项' description: '使用 Dependabot 检查新版本并创建拉取请求来更新您的依赖关系。' guides: - - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/about-dependabot-version-updates - - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-dependabot-version-updates - - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/customizing-dependency-updates - - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/configuration-options-for-dependency-updates - - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/keeping-your-actions-up-to-date-with-dependabot - - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/automating-dependabot-with-github-actions - - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/listing-dependencies-configured-for-version-updates - - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/managing-encrypted-secrets-for-dependabot - - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/managing-pull-requests-for-dependency-updates - - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/troubleshooting-dependabot-errors + - /code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates + - /code-security/dependabot/dependabot-version-updates/configuring-dependabot-version-updates + - /code-security/dependabot/dependabot-version-updates/customizing-dependency-updates + - /code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file + - /code-security/dependabot/working-with-dependabot/keeping-your-actions-up-to-date-with-dependabot + - /code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions + - /code-security/dependabot/dependabot-version-updates/listing-dependencies-configured-for-version-updates + - /code-security/dependabot/working-with-dependabot/managing-encrypted-secrets-for-dependabot + - /code-security/dependabot/working-with-dependabot/managing-pull-requests-for-dependency-updates + - /code-security/dependabot/working-with-dependabot/troubleshooting-dependabot-errors #Feature available in GHEC, GHES 3.0 up, and GHAE. Feature limited on FPT so hidden there. secret_scanning: title: '扫描密码' diff --git a/translations/zh-CN/data/product-examples/code-security/code-examples.yml b/translations/zh-CN/data/product-examples/code-security/code-examples.yml index 3d3471e168..cd1da9f0ad 100644 --- a/translations/zh-CN/data/product-examples/code-security/code-examples.yml +++ b/translations/zh-CN/data/product-examples/code-security/code-examples.yml @@ -24,7 +24,7 @@ #Security policies title: Microsoft security policy template description: 示例安全策略 - href: https://github.com/microsoft/repo-templates/blob/main/shared/SECURITY.md + href: /microsoft/repo-templates/blob/main/shared/SECURITY.md tags: - 安全策略 - diff --git a/translations/zh-CN/data/reusables/code-scanning/alert-default-branch.md b/translations/zh-CN/data/reusables/code-scanning/alert-default-branch.md new file mode 100644 index 0000000000..c6a6029e70 --- /dev/null +++ b/translations/zh-CN/data/reusables/code-scanning/alert-default-branch.md @@ -0,0 +1 @@ +The status and details on the alert page only reflect the state of the alert on the default branch of the repository, even if the alert exists in other branches. You can see the status of the alert on non-default branches in the **Affected branches** section on the right-hand side of the alert page. If an alert doesn't exist in the default branch, the status of the alert will display as "in pull request" or "in branch" and will be colored grey. \ No newline at end of file diff --git a/translations/zh-CN/data/reusables/code-scanning/filter-non-default-branches.md b/translations/zh-CN/data/reusables/code-scanning/filter-non-default-branches.md new file mode 100644 index 0000000000..4df28a76d5 --- /dev/null +++ b/translations/zh-CN/data/reusables/code-scanning/filter-non-default-branches.md @@ -0,0 +1 @@ +Please note that if you have filtered for alerts on a non-default branch, but the same alerts exist on the default branch, the alert page for any given alert will still only reflect the alert's status on the default branch, even if that status conflicts with the status on a non-default branch. For example, an alert that appears in the "Open" list in the summary of alerts for `branch-x` could show a status of "Fixed" on the alert page, if the alert is already fixed on the default branch. You can view the status of the alert for the branch you filtered on in the **Affected branches** section on the right side of the alert page. \ No newline at end of file diff --git a/translations/zh-CN/data/reusables/dependabot/private-dependencies-note.md b/translations/zh-CN/data/reusables/dependabot/private-dependencies-note.md index 555ed25950..8a9fd456d6 100644 --- a/translations/zh-CN/data/reusables/dependabot/private-dependencies-note.md +++ b/translations/zh-CN/data/reusables/dependabot/private-dependencies-note.md @@ -1 +1 @@ -在运行安全性或版本更新时,有些生态系统必须能够解决来自其来源的所有依赖项,以验证版本更新是否成功。 如果清单或锁定文件包含任何私有依赖项,{% data variables.product.prodname_dependabot %} 必须能够访问这些依赖项所在的位置。 组织所有者可以授予 {% data variables.product.prodname_dependabot %} 访问包含同一个组织内项目依赖项的私有仓库. 更多信息请参阅“[管理组织的安全和分析设置](/organizations/keeping-your-organization-secure/managing-security-and-analysis-settings-for-your-organization#allowing-dependabot-to-access-private-dependencies)”。 您可以在仓库的 _dependabot.yml_ 配置文件中配置对私有注册表的访问。 更多信息请参阅“[依赖项更新的配置选项](/github/administering-a-repository/configuration-options-for-dependency-updates#configuration-options-for-private-registries)。” +在运行安全性或版本更新时,有些生态系统必须能够解决来自其来源的所有依赖项,以验证版本更新是否成功。 如果清单或锁定文件包含任何私有依赖项,{% data variables.product.prodname_dependabot %} 必须能够访问这些依赖项所在的位置。 组织所有者可以授予 {% data variables.product.prodname_dependabot %} 访问包含同一个组织内项目依赖项的私有仓库. 更多信息请参阅“[管理组织的安全和分析设置](/organizations/keeping-your-organization-secure/managing-security-and-analysis-settings-for-your-organization#allowing-dependabot-to-access-private-dependencies)”。 您可以在仓库的 _dependabot.yml_ 配置文件中配置对私有注册表的访问。 For more information, see "[Configuration options for the dependabot.yml file](/github/administering-a-repository/configuration-options-for-dependency-updates#configuration-options-for-private-registries)." diff --git a/translations/zh-CN/data/reusables/dependabot/result-discrepancy.md b/translations/zh-CN/data/reusables/dependabot/result-discrepancy.md new file mode 100644 index 0000000000..c3a50a1bc9 --- /dev/null +++ b/translations/zh-CN/data/reusables/dependabot/result-discrepancy.md @@ -0,0 +1 @@ +{% data variables.product.product_name %} 报告的依赖项检测结果可能不同于其他工具返回的结果。 这是有原因的,它有助于了解 {% data variables.product.prodname_dotcom %} 如何确定项目的依赖项。 diff --git a/translations/zh-CN/data/reusables/repositories/github-reviews-security-advisories.md b/translations/zh-CN/data/reusables/repositories/github-reviews-security-advisories.md index cf870a9e65..23dfa68dc7 100644 --- a/translations/zh-CN/data/reusables/repositories/github-reviews-security-advisories.md +++ b/translations/zh-CN/data/reusables/repositories/github-reviews-security-advisories.md @@ -1,3 +1,3 @@ {% data variables.product.prodname_dotcom %} will review each published security advisory, add it to the {% data variables.product.prodname_advisory_database %}, and may use the security advisory to send {% data variables.product.prodname_dependabot_alerts %} to affected repositories. If the security advisory comes from a fork, we'll only send an alert if the fork owns a package, published under a unique name, on a public package registry. This process can take up to 72 hours and {% data variables.product.prodname_dotcom %} may contact you for more information. -For more information about {% data variables.product.prodname_dependabot_alerts %}, see "[About alerts for vulnerable dependencies](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies#dependabot-alerts-for-vulnerable-dependencies)" and "[About {% data variables.product.prodname_dependabot_security_updates %}](/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-dependabot-security-updates)." For more information about {% data variables.product.prodname_advisory_database %}, see "[Browsing security vulnerabilities in the {% data variables.product.prodname_advisory_database %}](/github/managing-security-vulnerabilities/browsing-security-vulnerabilities-in-the-github-advisory-database)." +For more information about {% data variables.product.prodname_dependabot_alerts %}, see "[About {% data variables.product.prodname_dependabot_alerts %}](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies#dependabot-alerts-for-vulnerable-dependencies)" and "[About {% data variables.product.prodname_dependabot_security_updates %}](/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-dependabot-security-updates)." For more information about {% data variables.product.prodname_advisory_database %}, see "[Browsing security vulnerabilities in the {% data variables.product.prodname_advisory_database %}](/github/managing-security-vulnerabilities/browsing-security-vulnerabilities-in-the-github-advisory-database)." diff --git a/translations/zh-CN/data/reusables/repositories/security-alert-delivery-options.md b/translations/zh-CN/data/reusables/repositories/security-alert-delivery-options.md index 4b1b8c82a2..8172cc2c16 100644 --- a/translations/zh-CN/data/reusables/repositories/security-alert-delivery-options.md +++ b/translations/zh-CN/data/reusables/repositories/security-alert-delivery-options.md @@ -1,4 +1,4 @@ {% ifversion not ghae %} 如果您的仓库具有受支持的依赖项清单 -{% ifversion fpt or ghec %}(并且对私有仓库设置了依赖图){% endif %},则只要 {% data variables.product.product_name %} 检测到仓库中易受攻击的依赖项,您就会收到每周摘要电子邮件。 您也可以在 {% data variables.product.product_name %} 界面中将安全警报配置为 web 通知、单个电子邮件通知、每日电子邮件摘要或警报。 更多信息请参阅“[关于易受攻击的依赖项的警报](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)”。 +{% ifversion fpt or ghec %}(并且对私有仓库设置了依赖图){% endif %},则只要 {% data variables.product.product_name %} 检测到仓库中易受攻击的依赖项,您就会收到每周摘要电子邮件。 您也可以在 {% data variables.product.product_name %} 界面中将安全警报配置为 web 通知、单个电子邮件通知、每日电子邮件摘要或警报。 更多信息请参阅“[关于 {% data variables.product.prodname_dependabot_alerts %}](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)”。 {% endif %} diff --git a/translations/zh-CN/data/reusables/rest-reference/deployments/keys.md b/translations/zh-CN/data/reusables/rest-reference/deploy_keys/deploy_keys.md similarity index 94% rename from translations/zh-CN/data/reusables/rest-reference/deployments/keys.md rename to translations/zh-CN/data/reusables/rest-reference/deploy_keys/deploy_keys.md index 7ae7efa109..7a0ca8693d 100644 --- a/translations/zh-CN/data/reusables/rest-reference/deployments/keys.md +++ b/translations/zh-CN/data/reusables/rest-reference/deploy_keys/deploy_keys.md @@ -1,5 +1,3 @@ -## 部署密钥 - {% data reusables.repositories.deploy-keys %} 部署密钥可以使用以下 API 端点进行设置,也可以使用 GitHub 进行设置。 要了解如何在 GitHub 中设置部署密钥,请参阅“[管理部署密钥](/developers/overview/managing-deploy-keys)”。 \ No newline at end of file diff --git a/translations/zh-CN/data/reusables/webhooks/repository_vulnerability_alert_short_desc.md b/translations/zh-CN/data/reusables/webhooks/repository_vulnerability_alert_short_desc.md index ad2466a83e..77b05afdbd 100644 --- a/translations/zh-CN/data/reusables/webhooks/repository_vulnerability_alert_short_desc.md +++ b/translations/zh-CN/data/reusables/webhooks/repository_vulnerability_alert_short_desc.md @@ -1 +1 @@ -与仓库中的安全漏洞警报相关的活动。 {% data reusables.webhooks.action_type_desc %} 更多信息请参阅“[关于易受攻击的依赖项的警报](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies/)”。 +与仓库中的安全漏洞警报相关的活动。 {% data reusables.webhooks.action_type_desc %} For more information, see the "[About {% data variables.product.prodname_dependabot_alerts %}](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies/)". From c050d0f0d16c2bcaa255417eff19e4e84d33c636 Mon Sep 17 00:00:00 2001 From: docubot <67483024+docubot@users.noreply.github.com> Date: Fri, 18 Mar 2022 14:40:23 -0700 Subject: [PATCH 31/52] New translation batch for ja (#26329) * Add crowdin translations * Run script/i18n/homogenize-frontmatter.js * Run script/i18n/lint-translation-files.js --check parsing * Run script/i18n/lint-translation-files.js --check rendering * run script/i18n/reset-files-with-broken-liquid-tags.js --language=ja * run script/i18n/reset-known-broken-translation-files.js * Check in ja CSV report --- .../configuring-notifications.md | 2 +- .../managing-notifications-from-your-inbox.md | 4 +- ...analysis-settings-for-your-user-account.md | 4 +- ...on-levels-for-a-user-account-repository.md | 2 +- .../security-guides/encrypted-secrets.md | 4 + .../workflow-syntax-for-github-actions.md | 27 ++- ...ub-advanced-security-in-your-enterprise.md | 2 +- ...enabling-dependabot-for-your-enterprise.md | 4 +- .../about-code-scanning-alerts.md | 8 + ...ode-scanning-alerts-for-your-repository.md | 26 ++- ...nning-alerts-in-issues-using-task-lists.md | 11 +- ...g-code-scanning-alerts-in-pull-requests.md | 9 +- .../about-dependabot-alerts.md} | 7 +- ...ilities-in-the-github-advisory-database.md | 5 +- ...ng-notifications-for-dependabot-alerts.md} | 9 +- ...isories-in-the-github-advisory-database.md | 1 + .../dependabot/dependabot-alerts/index.md | 24 +++ ...viewing-and-updating-dependabot-alerts.md} | 11 +- .../about-dependabot-security-updates.md | 7 +- ...configuring-dependabot-security-updates.md | 3 +- .../dependabot-security-updates/index.md | 20 +++ .../about-dependabot-version-updates.md | 7 +- ...on-options-for-the-dependabot.yml-file.md} | 26 +-- ...configuring-dependabot-version-updates.md} | 9 +- .../customizing-dependency-updates.md | 5 +- .../dependabot-version-updates/index.md | 26 +++ ...ndencies-configured-for-version-updates.md | 3 +- .../content/code-security/dependabot/index.md | 23 +++ ...tomating-dependabot-with-github-actions.md | 4 +- .../working-with-dependabot/index.md | 24 +++ ...your-actions-up-to-date-with-dependabot.md | 5 +- ...naging-encrypted-secrets-for-dependabot.md | 3 +- ...ng-pull-requests-for-dependency-updates.md | 5 +- .../troubleshooting-dependabot-errors.md | 12 +- ...he-detection-of-vulnerable-dependencies.md | 67 ++------ .../github-security-features.md | 4 +- .../securing-your-organization.md | 6 +- .../securing-your-repository.md | 6 +- .../ja-JP/content/code-security/guides.md | 1 - .../ja-JP/content/code-security/index.md | 1 + .../about-the-security-overview.md | 16 +- .../supply-chain-security/index.md | 2 - .../index.md | 29 ---- .../about-managing-vulnerable-dependencies.md | 46 ------ .../index.md | 36 ---- .../about-dependency-review.md | 2 +- .../about-supply-chain-security.md | 156 ++++++++++++++++++ .../about-the-dependency-graph.md | 4 +- ...loring-the-dependencies-of-a-repository.md | 9 +- .../index.md | 10 +- .../troubleshooting-the-dependency-graph.md | 62 +++++++ ...ating-a-github-app-using-url-parameters.md | 38 ++--- .../webhooks/webhook-events-and-payloads.md | 2 +- .../about-githubs-use-of-your-data.md | 4 +- ...se-settings-for-your-private-repository.md | 4 +- ...-up-a-trial-of-github-enterprise-server.md | 2 +- .../creating-and-highlighting-code-blocks.md | 3 +- .../creating-diagrams.md | 127 +++++++++++++- ...analysis-settings-for-your-organization.md | 7 +- ...ing-the-audit-log-for-your-organization.md | 4 +- .../about-permissions-for-github-packages.md | 2 +- .../working-with-the-rubygems-registry.md | 2 +- ...r-github-pages-site-locally-with-jekyll.md | 6 + ...anding-connections-between-repositories.md | 2 +- .../working-with-non-code-files.md | 57 ++++++- .../content/rest/reference/deploy_keys.md | 17 ++ .../content/rest/reference/deployments.md | 2 +- .../ja-JP/content/rest/reference/index.md | 1 + translations/ja-JP/data/features/mermaid.yml | 6 +- .../data/learning-tracks/code-security.yml | 38 ++--- .../code-security/code-examples.yml | 2 +- .../code-scanning/alert-default-branch.md | 1 + .../filter-non-default-branches.md | 1 + .../dependabot/private-dependencies-note.md | 2 +- .../dependabot/result-discrepancy.md | 1 + .../github-reviews-security-advisories.md | 2 +- .../security-alert-delivery-options.md | 2 +- .../keys.md => deploy_keys/deploy_keys.md} | 2 - ...pository_vulnerability_alert_short_desc.md | 2 +- translations/log/ja-resets.csv | 10 +- 80 files changed, 820 insertions(+), 328 deletions(-) rename translations/ja-JP/content/code-security/{supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-alerts-for-vulnerable-dependencies.md => dependabot/dependabot-alerts/about-dependabot-alerts.md} (94%) rename translations/ja-JP/content/code-security/{supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies => dependabot/dependabot-alerts}/browsing-security-vulnerabilities-in-the-github-advisory-database.md (94%) rename translations/ja-JP/content/code-security/{supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/configuring-notifications-for-vulnerable-dependencies.md => dependabot/dependabot-alerts/configuring-notifications-for-dependabot-alerts.md} (88%) rename translations/ja-JP/content/code-security/{supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies => dependabot/dependabot-alerts}/editing-security-advisories-in-the-github-advisory-database.md (94%) create mode 100644 translations/ja-JP/content/code-security/dependabot/dependabot-alerts/index.md rename translations/ja-JP/content/code-security/{supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/viewing-and-updating-vulnerable-dependencies-in-your-repository.md => dependabot/dependabot-alerts/viewing-and-updating-dependabot-alerts.md} (94%) rename translations/ja-JP/content/code-security/{supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies => dependabot/dependabot-security-updates}/about-dependabot-security-updates.md (89%) rename translations/ja-JP/content/code-security/{supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies => dependabot/dependabot-security-updates}/configuring-dependabot-security-updates.md (95%) create mode 100644 translations/ja-JP/content/code-security/dependabot/dependabot-security-updates/index.md rename translations/ja-JP/content/code-security/{supply-chain-security/keeping-your-dependencies-updated-automatically => dependabot/dependabot-version-updates}/about-dependabot-version-updates.md (91%) rename translations/ja-JP/content/code-security/{supply-chain-security/keeping-your-dependencies-updated-automatically/configuration-options-for-dependency-updates.md => dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file.md} (95%) rename translations/ja-JP/content/code-security/{supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-dependabot-version-updates.md => dependabot/dependabot-version-updates/configuring-dependabot-version-updates.md} (93%) rename translations/ja-JP/content/code-security/{supply-chain-security/keeping-your-dependencies-updated-automatically => dependabot/dependabot-version-updates}/customizing-dependency-updates.md (93%) create mode 100644 translations/ja-JP/content/code-security/dependabot/dependabot-version-updates/index.md rename translations/ja-JP/content/code-security/{supply-chain-security/keeping-your-dependencies-updated-automatically => dependabot/dependabot-version-updates}/listing-dependencies-configured-for-version-updates.md (85%) create mode 100644 translations/ja-JP/content/code-security/dependabot/index.md rename translations/ja-JP/content/code-security/{supply-chain-security/keeping-your-dependencies-updated-automatically => dependabot/working-with-dependabot}/automating-dependabot-with-github-actions.md (98%) create mode 100644 translations/ja-JP/content/code-security/dependabot/working-with-dependabot/index.md rename translations/ja-JP/content/code-security/{supply-chain-security/keeping-your-dependencies-updated-automatically => dependabot/working-with-dependabot}/keeping-your-actions-up-to-date-with-dependabot.md (88%) rename translations/ja-JP/content/code-security/{supply-chain-security/keeping-your-dependencies-updated-automatically => dependabot/working-with-dependabot}/managing-encrypted-secrets-for-dependabot.md (95%) rename translations/ja-JP/content/code-security/{supply-chain-security/keeping-your-dependencies-updated-automatically => dependabot/working-with-dependabot}/managing-pull-requests-for-dependency-updates.md (93%) rename translations/ja-JP/content/code-security/{supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies => dependabot/working-with-dependabot}/troubleshooting-dependabot-errors.md (92%) rename translations/ja-JP/content/code-security/{supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies => dependabot/working-with-dependabot}/troubleshooting-the-detection-of-vulnerable-dependencies.md (70%) delete mode 100644 translations/ja-JP/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/index.md delete mode 100644 translations/ja-JP/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-managing-vulnerable-dependencies.md delete mode 100644 translations/ja-JP/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/index.md create mode 100644 translations/ja-JP/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-supply-chain-security.md create mode 100644 translations/ja-JP/content/code-security/supply-chain-security/understanding-your-software-supply-chain/troubleshooting-the-dependency-graph.md create mode 100644 translations/ja-JP/content/rest/reference/deploy_keys.md create mode 100644 translations/ja-JP/data/reusables/code-scanning/alert-default-branch.md create mode 100644 translations/ja-JP/data/reusables/code-scanning/filter-non-default-branches.md create mode 100644 translations/ja-JP/data/reusables/dependabot/result-discrepancy.md rename translations/ja-JP/data/reusables/rest-reference/{deployments/keys.md => deploy_keys/deploy_keys.md} (94%) diff --git a/translations/ja-JP/content/account-and-profile/managing-subscriptions-and-notifications-on-github/setting-up-notifications/configuring-notifications.md b/translations/ja-JP/content/account-and-profile/managing-subscriptions-and-notifications-on-github/setting-up-notifications/configuring-notifications.md index 286b7b089f..066ef4eb97 100644 --- a/translations/ja-JP/content/account-and-profile/managing-subscriptions-and-notifications-on-github/setting-up-notifications/configuring-notifications.md +++ b/translations/ja-JP/content/account-and-profile/managing-subscriptions-and-notifications-on-github/setting-up-notifications/configuring-notifications.md @@ -134,7 +134,7 @@ Email notifications from {% data variables.product.product_location %} contain t | `To` field | This field connects directly to the thread.{% ifversion not ghae %} If you reply to the email, you'll add a new comment to the conversation.{% endif %} | | `Cc` address | {% data variables.product.product_name %} will `Cc` you if you're subscribed to a conversation. The second `Cc` email address matches the notification reason. The suffix for these notification reasons is {% data variables.notifications.cc_address %}. The possible notification reasons are:
  • `assign`: You were assigned to an issue or pull request.
  • `author`: You created an issue or pull request.
  • `ci_activity`: A {% data variables.product.prodname_actions %} workflow run that you triggered was completed.
  • `comment`: You commented on an issue or pull request.
  • `manual`: There was an update to an issue or pull request you manually subscribed to.
  • `mention`: You were mentioned on an issue or pull request.
  • `push`: Someone committed to a pull request you're subscribed to.
  • `review_requested`: You or a team you're a member of was requested to review a pull request.
    • {% ifversion fpt or ghes or ghae-issue-4864 or ghec %}
  • `security_alert`: {% data variables.product.prodname_dotcom %} detected a vulnerability in a repository you receive alerts for.
    • {% endif %}
  • `state_change`: An issue or pull request you're subscribed to was either closed or opened.
  • `subscribed`: There was an update in a repository you're watching.
  • `team_mention`: A team you belong to was mentioned on an issue or pull request.
  • `your_activity`: You opened, commented on, or closed an issue or pull request.
| | `mailing list` field | This field identifies the name of the repository and its owner. The format of this address is always `..{% data variables.command_line.backticks %}`. |{% ifversion fpt or ghes or ghae-issue-4864 or ghec %} -| `X-GitHub-Severity` field | {% data reusables.repositories.security-alerts-x-github-severity %} The possible severity levels are:
  • `low`
  • `moderate`
  • `high`
  • `critical`
For more information, see "[About alerts for vulnerable dependencies](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)." |{% endif %} +| `X-GitHub-Severity` field | {% data reusables.repositories.security-alerts-x-github-severity %} The possible severity levels are:
  • `low`
  • `moderate`
  • `high`
  • `critical`
For more information, see "[About {% data variables.product.prodname_dependabot_alerts %}](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)." |{% endif %} ## Choosing your notification settings diff --git a/translations/ja-JP/content/account-and-profile/managing-subscriptions-and-notifications-on-github/viewing-and-triaging-notifications/managing-notifications-from-your-inbox.md b/translations/ja-JP/content/account-and-profile/managing-subscriptions-and-notifications-on-github/viewing-and-triaging-notifications/managing-notifications-from-your-inbox.md index 19a4dad761..aacbf1d864 100644 --- a/translations/ja-JP/content/account-and-profile/managing-subscriptions-and-notifications-on-github/viewing-and-triaging-notifications/managing-notifications-from-your-inbox.md +++ b/translations/ja-JP/content/account-and-profile/managing-subscriptions-and-notifications-on-github/viewing-and-triaging-notifications/managing-notifications-from-your-inbox.md @@ -174,7 +174,7 @@ If you use {% data variables.product.prodname_dependabot %} to keep your depende - `reason:security_alert` は {% data variables.product.prodname_dependabot_alerts %} とセキュリティアップデートのプルリクエストの通知を表示します。 - `author:app/dependabot` は {% data variables.product.prodname_dependabot %} によって生成された通知を表示します。 これには、{% data variables.product.prodname_dependabot_alerts %}、セキュリティアップデートのプルリクエスト、およびバージョン更新のプルリクエストが含まれます。 -For more information about {% data variables.product.prodname_dependabot %}, see "[About managing vulnerable dependencies](/github/managing-security-vulnerabilities/about-managing-vulnerable-dependencies)." +{% data variables.product.prodname_dependabot %} の詳細については、「[{% data variables.product.prodname_dependabot_alerts %} について](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)」を参照してください。 {% endif %} {% ifversion ghes < 3.3 or ghae-issue-4864 %} @@ -183,7 +183,7 @@ If you use {% data variables.product.prodname_dependabot %} to tell you about vu - `is:repository_vulnerability_alert` - `reason:security_alert` -{% data variables.product.prodname_dependabot %} に関する詳しい情報については、「[脆弱性のある依存関係に対するアラートについて](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)」を参照してください。 +{% data variables.product.prodname_dependabot %} の詳細については、「[{% data variables.product.prodname_dependabot_alerts %} について](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)」を参照してください。 {% endif %} {% endif %} diff --git a/translations/ja-JP/content/account-and-profile/setting-up-and-managing-your-github-user-account/managing-user-account-settings/managing-security-and-analysis-settings-for-your-user-account.md b/translations/ja-JP/content/account-and-profile/setting-up-and-managing-your-github-user-account/managing-user-account-settings/managing-security-and-analysis-settings-for-your-user-account.md index ae9fcfa48b..805abb17d1 100644 --- a/translations/ja-JP/content/account-and-profile/setting-up-and-managing-your-github-user-account/managing-user-account-settings/managing-security-and-analysis-settings-for-your-user-account.md +++ b/translations/ja-JP/content/account-and-profile/setting-up-and-managing-your-github-user-account/managing-user-account-settings/managing-security-and-analysis-settings-for-your-user-account.md @@ -31,7 +31,7 @@ For an overview of repository-level security, see "[Securing your repository](/c {% data reusables.user-settings.access_settings %} {% data reusables.user-settings.security-analysis %} -3. Under "Code security and analysis", to the right of the feature, click **Disable all** or **Enable all**. +3. "Code security and analysis(コードのセキュリティ及び分析)"の下で、機能の右にある**Disable all(すべて無効化)**もしくは**Enable all(すべて有効化)**をクリックしてください。 {% ifversion ghes > 3.2 %}!["Enable all" or "Disable all" button for "Configure security and analysis" features](/assets/images/enterprise/3.3/settings/security-and-analysis-disable-or-enable-all.png){% else %}!["Enable all" or "Disable all" button for "Configure security and analysis" features](/assets/images/help/settings/security-and-analysis-disable-or-enable-all.png){% endif %} 6. Optionally, enable the feature by default for new repositories that you own. {% ifversion ghes > 3.2 %}!["Enable by default" option for new repositories](/assets/images/enterprise/3.3/settings/security-and-analysis-enable-by-default-in-modal.png){% else %}!["Enable by default" option for new repositories](/assets/images/help/settings/security-and-analysis-enable-by-default-in-modal.png){% endif %} @@ -50,5 +50,5 @@ For an overview of repository-level security, see "[Securing your repository](/c ## 参考リンク - [依存関係グラフについて](/github/visualizing-repository-data-with-graphs/about-the-dependency-graph) -- [プロジェクトの依存関係にある脆弱性を管理する](/github/managing-security-vulnerabilities/managing-vulnerabilities-in-your-projects-dependencies) +- 「[{% data variables.product.prodname_dependabot_alerts %} について](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)」 - [依存関係を自動的に更新する](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically) diff --git a/translations/ja-JP/content/account-and-profile/setting-up-and-managing-your-github-user-account/managing-user-account-settings/permission-levels-for-a-user-account-repository.md b/translations/ja-JP/content/account-and-profile/setting-up-and-managing-your-github-user-account/managing-user-account-settings/permission-levels-for-a-user-account-repository.md index fadc98773a..e9b90a2b10 100644 --- a/translations/ja-JP/content/account-and-profile/setting-up-and-managing-your-github-user-account/managing-user-account-settings/permission-levels-for-a-user-account-repository.md +++ b/translations/ja-JP/content/account-and-profile/setting-up-and-managing-your-github-user-account/managing-user-account-settings/permission-levels-for-a-user-account-repository.md @@ -45,7 +45,7 @@ The repository owner has full control of the repository. In addition to the acti | Customize the repository's social media preview | "[Customizing your repository's social media preview](/github/administering-a-repository/customizing-your-repositorys-social-media-preview)" | | Create a template from the repository | "[Creating a template repository](/github/creating-cloning-and-archiving-repositories/creating-a-template-repository)" |{% ifversion fpt or ghes or ghae-issue-4864 or ghec %} | Control access to {% data variables.product.prodname_dependabot_alerts %} for vulnerable dependencies | "[Managing security and analysis settings for your repository](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#granting-access-to-security-alerts)" |{% endif %}{% ifversion fpt or ghec %} -| Dismiss {% data variables.product.prodname_dependabot_alerts %} in the repository | "[Viewing and updating vulnerable dependencies in your repository](/github/managing-security-vulnerabilities/viewing-and-updating-vulnerable-dependencies-in-your-repository)" | +| Dismiss {% data variables.product.prodname_dependabot_alerts %} in the repository | "[Viewing {% data variables.product.prodname_dependabot_alerts %} for vulnerable dependencies](/github/managing-security-vulnerabilities/viewing-and-updating-vulnerable-dependencies-in-your-repository)" | | Manage data use for a private repository | "[Managing data use settings for your private repository](/get-started/privacy-on-github/managing-data-use-settings-for-your-private-repository)"|{% endif %} | Define code owners for the repository | "[About code owners](/github/creating-cloning-and-archiving-repositories/about-code-owners)" | | Archive the repository | "[Archiving repositories](/repositories/archiving-a-github-repository/archiving-repositories)" |{% ifversion fpt or ghec %} diff --git a/translations/ja-JP/content/actions/security-guides/encrypted-secrets.md b/translations/ja-JP/content/actions/security-guides/encrypted-secrets.md index 6694de7134..6682ef4fb2 100644 --- a/translations/ja-JP/content/actions/security-guides/encrypted-secrets.md +++ b/translations/ja-JP/content/actions/security-guides/encrypted-secrets.md @@ -226,6 +226,10 @@ steps: ``` {% endraw %} +Secrets cannot be directly referenced in `if:` conditionals. Instead, consider setting secrets as job-level environment variables, then referencing the environment variables to conditionally run steps in the job. For more information, see "[Context availability](/actions/learn-github-actions/contexts#context-availability)" and [`jobs..steps[*].if`](/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsif). + +If a secret has not been set, the return value of an expression referencing the secret (such as {% raw %}`${{ secrets.SuperSecret }}`{% endraw %} in the example) will be an empty string. + 可能であれば、コマンドラインからプロセス間でシークレットを渡すのは避けてください。 Command-line processes may be visible to other users (using the `ps` command) or captured by [security audit events](https://docs.microsoft.com/windows-server/identity/ad-ds/manage/component-updates/command-line-process-auditing). シークレットの保護のために、環境変数、`STDIN`、あるいはターゲットのプロセスがサポートしている他の仕組みの利用を考慮してください。 コマンドラインからシークレットを渡さなければならない場合は、それらを適切なルールでクオート内に収めてください。 シークレットは、意図せずシェルに影響するかもしれない特殊なキャラクターをしばしば含みます。 それらの特殊なキャラクターをエスケープするには、環境変数をクオートで囲ってください。 例: diff --git a/translations/ja-JP/content/actions/using-workflows/workflow-syntax-for-github-actions.md b/translations/ja-JP/content/actions/using-workflows/workflow-syntax-for-github-actions.md index e2e93444af..beb0751474 100644 --- a/translations/ja-JP/content/actions/using-workflows/workflow-syntax-for-github-actions.md +++ b/translations/ja-JP/content/actions/using-workflows/workflow-syntax-for-github-actions.md @@ -342,6 +342,31 @@ steps: uses: actions/heroku@1.0.0 ``` +#### Example: Using secrets + +Secrets cannot be directly referenced in `if:` conditionals. Instead, consider setting secrets as job-level environment variables, then referencing the environment variables to conditionally run steps in the job. + +If a secret has not been set, the return value of an expression referencing the secret (such as {% raw %}`${{ secrets.SuperSecret }}`{% endraw %} in the example) will be an empty string. + +{% raw %} +```yaml +name: Run a step if a secret has been set +on: push +jobs: + my-jobname: + runs-on: ubuntu-latest + env: + super_secret: ${{ secrets.SuperSecret }} + steps: + - if: ${{ env.super_secret != '' }} + run: echo 'This step will only run if the secret has a value set.' + - if: ${{ env.super_secret == '' }} + run: echo 'This step will only run if the secret does not have a value set.' +``` +{% endraw %} + +For more information, see "[Context availability](/actions/learn-github-actions/contexts#context-availability)" and "[Encrypted secrets](/actions/security-guides/encrypted-secrets)." + ### `jobs..steps[*].name` {% data variables.product.prodname_dotcom %}で表示されるステップの名前。 @@ -521,7 +546,7 @@ jobs: ### `jobs..steps[*].shell` -`shell`キーワードを使用して、ランナーのオペレーティングシステムのデフォルトシェルを上書きできます。 組み込みの`shell`キーワードを使用するか、カスタムセットのシェルオプションを定義することができます。 The shell command that is run internally executes a temporary file that contains the commands specified in the `run` keyword. +`shell`キーワードを使用して、ランナーのオペレーティングシステムのデフォルトシェルの設定を上書きできます。 組み込みの`shell`キーワードを使用するか、カスタムセットのシェルオプションを定義することができます。 The shell command that is run internally executes a temporary file that contains the commands specified in the `run` keyword. | サポートされているプラットフォーム | `shell` パラメータ | 説明 | 内部で実行されるコマンド | | ----------------- | ------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------- | diff --git a/translations/ja-JP/content/admin/code-security/managing-github-advanced-security-for-your-enterprise/deploying-github-advanced-security-in-your-enterprise.md b/translations/ja-JP/content/admin/code-security/managing-github-advanced-security-for-your-enterprise/deploying-github-advanced-security-in-your-enterprise.md index 8c12c9efca..e5b1644670 100644 --- a/translations/ja-JP/content/admin/code-security/managing-github-advanced-security-for-your-enterprise/deploying-github-advanced-security-in-your-enterprise.md +++ b/translations/ja-JP/content/admin/code-security/managing-github-advanced-security-for-your-enterprise/deploying-github-advanced-security-in-your-enterprise.md @@ -271,7 +271,7 @@ GitHub helps you avoid using third-party software that contains known vulnerabil | Dependency Management Tool | 説明 | | ---------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Dependabot Alerts | You can track your repository's dependencies and receive Dependabot alerts when your enterprise detects vulnerable dependencies. 詳しい情報については、「[脆弱性のある依存関係に対するアラートについて](/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-alerts-for-vulnerable-dependencies)」を参照してください。 | +| Dependabot Alerts | You can track your repository's dependencies and receive Dependabot alerts when your enterprise detects vulnerable dependencies. 詳しい情報については、「[{% data variables.product.prodname_dependabot_alerts %} について](/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-alerts-for-vulnerable-dependencies)」を参照してください。 | | Dependency Graph | 依存関係グラフは、リポジトリに保存されているマニフェストファイルおよびロックファイルのサマリーです。 コードベースが依存するエコシステムとパッケージ(依存関係)、およびプロジェクトに依存するリポジトリとパッケージ(依存関係)が表示されます。 詳しい情報については、「[依存関係グラフについて](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph)」を参照してください。 |{% ifversion ghes > 3.1 or ghec %} | Dependency Review | プルリクエストに依存関係への変更が含まれている場合は、変更内容の概要と、依存関係に既知の脆弱性があるかどうかを確認できます。 For more information, see "[About dependency review](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review)" or "[Reviewing Dependency Changes in a Pull Request](/github/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/reviewing-dependency-changes-in-a-pull-request)." |{% endif %} {% ifversion ghec or ghes > 3.2 %} | Dependabot Security Updates | Dependabot can fix vulnerable dependencies for you by raising pull requests with security updates. For more information, see "[About Dependabot security updates](/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-dependabot-security-updates)." | diff --git a/translations/ja-JP/content/admin/configuration/configuring-github-connect/enabling-dependabot-for-your-enterprise.md b/translations/ja-JP/content/admin/configuration/configuring-github-connect/enabling-dependabot-for-your-enterprise.md index c6d2a08abe..d5d9c480a8 100644 --- a/translations/ja-JP/content/admin/configuration/configuring-github-connect/enabling-dependabot-for-your-enterprise.md +++ b/translations/ja-JP/content/admin/configuration/configuring-github-connect/enabling-dependabot-for-your-enterprise.md @@ -49,7 +49,7 @@ After you enable {% data variables.product.prodname_dependabot_alerts %} for you When {% data variables.product.product_location %} receives information about a vulnerability, it identifies repositories in {% data variables.product.product_location %} that use the affected version of the dependency and generates {% data variables.product.prodname_dependabot_alerts %}. You can choose whether or not to notify users automatically about new {% data variables.product.prodname_dependabot_alerts %}. -For repositories with {% data variables.product.prodname_dependabot_alerts %} enabled, scanning is triggered on any push to the default branch that contains a manifest file or lock file. Additionally, when a new vulnerability record is added to {% data variables.product.product_location %}, {% data variables.product.product_name %} scans all existing repositories on {% data variables.product.product_location %} and generates alerts for any repository that is vulnerable. 詳しい情報については、「[脆弱性のある依存関係に対するアラートについて](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)」を参照してください。 +For repositories with {% data variables.product.prodname_dependabot_alerts %} enabled, scanning is triggered on any push to the default branch that contains a manifest file or lock file. Additionally, when a new vulnerability record is added to {% data variables.product.product_location %}, {% data variables.product.product_name %} scans all existing repositories on {% data variables.product.product_location %} and generates alerts for any repository that is vulnerable. 詳しい情報については、「[{% data variables.product.prodname_dependabot_alerts %} について](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)」を参照してください。 {% ifversion ghes > 3.2 %} ### {% data variables.product.prodname_dependabot_updates %}について @@ -67,7 +67,7 @@ After you enable {% data variables.product.prodname_dependabot_alerts %}, you ca With {% data variables.product.prodname_dependabot_updates %}, {% data variables.product.company_short %} automatically creates pull requests to update dependencies in two ways. - **{% data variables.product.prodname_dependabot_version_updates %}**: Users add a {% data variables.product.prodname_dependabot %} configuration file to the repository to enable {% data variables.product.prodname_dependabot %} to create pull requests when a new version of a tracked dependency is released. 詳しい情報については「[{% data variables.product.prodname_dependabot_version_updates %}について](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/about-dependabot-version-updates)」を参照してください。 -- **{% data variables.product.prodname_dependabot_security_updates %}**: Users toggle a repository setting to enable {% data variables.product.prodname_dependabot %} to create pull requests when {% data variables.product.prodname_dotcom %} detects a vulnerability in one of the dependencies of the dependency graph for the repository. For more information, see "[About alerts for vulnerable dependencies](/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-alerts-for-vulnerable-dependencies)" and "[About {% data variables.product.prodname_dependabot_security_updates %}](/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-dependabot-security-updates)." +- **{% data variables.product.prodname_dependabot_security_updates %}**: Users toggle a repository setting to enable {% data variables.product.prodname_dependabot %} to create pull requests when {% data variables.product.prodname_dotcom %} detects a vulnerability in one of the dependencies of the dependency graph for the repository. For more information, see "[About {% data variables.product.prodname_dependabot_alerts %}](/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-alerts-for-vulnerable-dependencies)" and "[About {% data variables.product.prodname_dependabot_security_updates %}](/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-dependabot-security-updates)." {% endif %} ## {% data variables.product.prodname_dependabot_alerts %} の有効化 diff --git a/translations/ja-JP/content/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning-alerts.md b/translations/ja-JP/content/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning-alerts.md index 3d628cfa43..60fc384867 100644 --- a/translations/ja-JP/content/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning-alerts.md +++ b/translations/ja-JP/content/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning-alerts.md @@ -27,7 +27,15 @@ By default, {% data variables.product.prodname_code_scanning %} analyzes your co Each alert highlights a problem with the code and the name of the tool that identified it. You can see the line of code that triggered the alert, as well as properties of the alert, such as the alert severity{% ifversion fpt or ghes > 3.1 or ghae or ghec %}, security severity,{% endif %} and the nature of the problem. Alerts also tell you when the issue was first introduced. For alerts identified by {% data variables.product.prodname_codeql %} analysis, you will also see information on how to fix the problem. +{% ifversion fpt or ghec or ghes > 3.4 or ghae-issue-6249 %} +{% data reusables.code-scanning.alert-default-branch %} +{% endif %} + +{% ifversion fpt or ghec or ghes > 3.4 or ghae-issue-6249 %} ![Example alert from {% data variables.product.prodname_code_scanning %}](/assets/images/help/repository/code-scanning-alert.png) +{% else %} +![Example alert from {% data variables.product.prodname_code_scanning %}](/assets/images/enterprise/3.4/repository/code-scanning-alert.png) +{% endif %} If you set up {% data variables.product.prodname_code_scanning %} using {% data variables.product.prodname_codeql %}, you can also find data-flow problems in your code. Data-flow analysis finds potential security issues in code, such as: using data insecurely, passing dangerous arguments to functions, and leaking sensitive information. diff --git a/translations/ja-JP/content/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/managing-code-scanning-alerts-for-your-repository.md b/translations/ja-JP/content/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/managing-code-scanning-alerts-for-your-repository.md index d6ae1c8097..c8f214deae 100644 --- a/translations/ja-JP/content/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/managing-code-scanning-alerts-for-your-repository.md +++ b/translations/ja-JP/content/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/managing-code-scanning-alerts-for-your-repository.md @@ -46,9 +46,16 @@ By default, the code scanning alerts page is filtered to show alerts for the def {% else %} ![List of alerts from {% data variables.product.prodname_code_scanning %}](/assets/images/enterprise/3.1/help/repository/code-scanning-click-alert.png) {% endif %} +{% ifversion fpt or ghec or ghes > 3.4 or ghae-issue-6249 %} + {% data reusables.code-scanning.alert-default-branch %} + ![The "Affected branches" section in an alert](/assets/images/help/repository/code-scanning-affected-branches.png){% endif %} 1. Optionally, if the alert highlights a problem with data flow, click **Show paths** to display the path from the data source to the sink where it's used. + {% ifversion fpt or ghec or ghes > 3.4 or ghae-issue-6249 %} ![The "Show paths" link on an alert](/assets/images/help/repository/code-scanning-show-paths.png) -1. Alerts from {% data variables.product.prodname_codeql %} analysis include a description of the problem. Click **Show more** for guidance on how to fix your code. + {% else %} + ![The "Show paths" link on an alert](/assets/images/enterprise/3.4/repository/code-scanning-show-paths.png) + {% endif %} +2. Alerts from {% data variables.product.prodname_codeql %} analysis include a description of the problem. Click **Show more** for guidance on how to fix your code. ![Details for an alert](/assets/images/help/repository/code-scanning-alert-details.png) For more information, see "[About {% data variables.product.prodname_code_scanning %} alerts](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning-alerts)." @@ -80,6 +87,10 @@ The benefit of using keyword filters is that only values with results are shown If you enter multiple filters, the view will show alerts matching _all_ these filters. For example, `is:closed severity:high branch:main` will only display closed high-severity alerts that are present on the `main` branch. The exception is filters relating to refs (`ref`, `branch` and `pr`): `is:open branch:main branch:next` will show you open alerts from both the `main` branch and the `next` branch. +{% ifversion fpt or ghec or ghes > 3.4 or ghae-issue-6249 %} +{% data reusables.code-scanning.filter-non-default-branches %} +{% endif %} + {% ifversion fpt or ghes > 3.3 or ghec %} You can prefix the `tag` filter with `-` to exclude results with that tag. For example, `-tag:style` only shows alerts that do not have the `style` tag{% if codeql-ml-queries %} and `-tag:experimental` will omit all experimental alerts. For more information, see "[About {% data variables.product.prodname_code_scanning %} alerts](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning-alerts#about-experimental-alerts)."{% else %}.{% endif %} @@ -96,10 +107,12 @@ You can use the "Only alerts in application code" filter or `autofilter:true` ke You can search the list of alerts. This is useful if there is a large number of alerts in your repository, or if you don't know the exact name for an alert for example. {% data variables.product.product_name %} performs the free text search across: - The name of the alert -- The alert description - The alert details (this also includes the information hidden from view by default in the **Show more** collapsible section) - + {% ifversion fpt or ghec or ghes > 3.4 or ghae-issue-6249 %} ![The alert information used in searches](/assets/images/help/repository/code-scanning-free-text-search-areas.png) + {% else %} + ![The alert information used in searches](/assets/images/enterprise/3.4/repository/code-scanning-free-text-search-areas.png) + {% endif %} | Supported search | Syntax example | Results | | ---- | ---- | ---- | @@ -113,7 +126,7 @@ You can search the list of alerts. This is useful if there is a large number of **Tips:** - The multiple word search is equivalent to an OR search. -- The AND search will return results where the search terms are found _anywhere_, in any order in the alert name, description, or details. +- The AND search will return results where the search terms are found _anywhere_, in any order in the alert name or details. {% endtip %} @@ -143,7 +156,7 @@ If you have write permission for a repository, you can view fixed alerts by view You can use{% ifversion fpt or ghes > 3.1 or ghae or ghec %} the free text search or{% endif %} the filters to display a subset of alerts and then in turn mark all matching alerts as closed. -Alerts may be fixed in one branch but not in another. You can use the "Branch" drop-down menu, on the summary of alerts, to check whether an alert is fixed in a particular branch. +Alerts may be fixed in one branch but not in another. You can use the "Branch" filter, on the summary of alerts, to check whether an alert is fixed in a particular branch. {% ifversion fpt or ghes > 3.1 or ghae or ghec %} ![Filtering alerts by branch](/assets/images/help/repository/code-scanning-branch-filter.png) @@ -151,6 +164,9 @@ Alerts may be fixed in one branch but not in another. You can use the "Branch" d ![Filtering alerts by branch](/assets/images/enterprise/3.1/help/repository/code-scanning-branch-filter.png) {% endif %} +{% ifversion fpt or ghec or ghes > 3.4 or ghae-issue-6249 %} +{% data reusables.code-scanning.filter-non-default-branches %} +{% endif %} ## Dismissing or deleting alerts There are two ways of closing an alert. You can fix the problem in the code, or you can dismiss the alert. Alternatively, if you have admin permissions for the repository, you can delete alerts. Deleting alerts is useful in situations where you have set up a {% data variables.product.prodname_code_scanning %} tool and then decided to remove it, or where you have configured {% data variables.product.prodname_codeql %} analysis with a larger set of queries than you want to continue using, and you've then removed some queries from the tool. In both cases, deleting alerts allows you to clean up your {% data variables.product.prodname_code_scanning %} results. You can delete alerts from the summary list within the **Security** tab. diff --git a/translations/ja-JP/content/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/tracking-code-scanning-alerts-in-issues-using-task-lists.md b/translations/ja-JP/content/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/tracking-code-scanning-alerts-in-issues-using-task-lists.md index ef4ffcfa65..4c4bcf7cd9 100644 --- a/translations/ja-JP/content/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/tracking-code-scanning-alerts-in-issues-using-task-lists.md +++ b/translations/ja-JP/content/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/tracking-code-scanning-alerts-in-issues-using-task-lists.md @@ -39,7 +39,11 @@ You can use more than one issue to track the same {% data variables.product.prod - A "tracked in" section will also show in the corresponding alert page. + {% ifversion fpt or ghec or ghes > 3.4 or ghae-issue-6249 %} ![Tracked in section on code scanning alert page](/assets/images/help/repository/code-scanning-alert-tracked-in-pill.png) + {% else %} + ![Tracked in section on code scanning alert page](/assets/images/enterprise/3.4/repository/code-scanning-alert-tracked-in-pill.png) + {% endif %} - On the tracking issue, {% data variables.product.prodname_dotcom %} displays a security badge icon in the task list and on the hovercard. @@ -64,7 +68,12 @@ The status of the tracked alert won't change if you change the checkbox state of {% data reusables.code-scanning.explore-alert %} 1. Optionally, to find the alert to track, you can use the free-text search or the drop-down menus to filter and locate the alert. 詳しい情報については、「[リポジトリの Code scanningアラートを管理する](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/managing-code-scanning-alerts-for-your-repository#filtering-code-scanning-alerts)」を参照してください。 {% endif %} -1. Towards the top of the page, on the right side, click **Create issue**. ![Create a tracking issue for the code scanning alert](/assets/images/help/repository/code-scanning-create-issue-for-alert.png) +1. Towards the top of the page, on the right side, click **Create issue**. + {% ifversion fpt or ghec or ghes > 3.4 or ghae-issue-6249 %} + ![Create a tracking issue for the code scanning alert](/assets/images/help/repository/code-scanning-create-issue-for-alert.png) + {% else %} + ![Create a tracking issue for the code scanning alert](/assets/images/enterprise/3.4/repository/code-scanning-create-issue-for-alert.png) + {% endif %} {% data variables.product.prodname_dotcom %} automatically creates an issue to track the alert and adds the alert as a task list item. {% data variables.product.prodname_dotcom %} prepopulates the issue: - The title contains the name of the {% data variables.product.prodname_code_scanning %} alert. diff --git a/translations/ja-JP/content/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/triaging-code-scanning-alerts-in-pull-requests.md b/translations/ja-JP/content/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/triaging-code-scanning-alerts-in-pull-requests.md index 66ae7d484f..29eaaa3ea7 100644 --- a/translations/ja-JP/content/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/triaging-code-scanning-alerts-in-pull-requests.md +++ b/translations/ja-JP/content/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/triaging-code-scanning-alerts-in-pull-requests.md @@ -74,10 +74,17 @@ If you have write permission for the repository, some annotations contain links To see more information about an alert, users with write permission can click the **Show more details** link shown in the annotation. This allows you to see all of the context and metadata provided by the tool in an alert view. In the example below, you can see tags showing the severity, type, and relevant common weakness enumerations (CWEs) for the problem. The view also shows which commit introduced the problem. +{% ifversion fpt or ghec or ghes > 3.4 or ghae-issue-6249 %} +{% data reusables.code-scanning.alert-default-branch %} +{% endif %} + In the detailed view for an alert, some {% data variables.product.prodname_code_scanning %} tools, like {% data variables.product.prodname_codeql %} analysis, also include a description of the problem and a **Show more** link for guidance on how to fix your code. +{% ifversion fpt or ghec or ghes > 3.4 or ghae-issue-6249 %} ![Alert description and link to show more information](/assets/images/help/repository/code-scanning-pr-alert.png) - +{% else %} +![Alert description and link to show more information](/assets/images/enterprise/3.4/repository/code-scanning-pr-alert.png) +{% endif %} ## Fixing an alert on your pull request Anyone with push access to a pull request can fix a {% data variables.product.prodname_code_scanning %} alert that's identified on that pull request. If you commit changes to the pull request this triggers a new run of the pull request checks. If your changes fix the problem, the alert is closed and the annotation removed. diff --git a/translations/ja-JP/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-alerts-for-vulnerable-dependencies.md b/translations/ja-JP/content/code-security/dependabot/dependabot-alerts/about-dependabot-alerts.md similarity index 94% rename from translations/ja-JP/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-alerts-for-vulnerable-dependencies.md rename to translations/ja-JP/content/code-security/dependabot/dependabot-alerts/about-dependabot-alerts.md index 52b0aa9c64..da996b60cc 100644 --- a/translations/ja-JP/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-alerts-for-vulnerable-dependencies.md +++ b/translations/ja-JP/content/code-security/dependabot/dependabot-alerts/about-dependabot-alerts.md @@ -1,11 +1,12 @@ --- -title: About alerts for vulnerable dependencies +title: About Dependabot alerts intro: '{% data variables.product.product_name %} sends {% data variables.product.prodname_dependabot_alerts %} when we detect vulnerabilities affecting your repository.' redirect_from: - /articles/about-security-alerts-for-vulnerable-dependencies - /github/managing-security-vulnerabilities/about-security-alerts-for-vulnerable-dependencies - /github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies - /code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies + - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-alerts-for-vulnerable-dependencies versions: fpt: '*' ghes: '*' @@ -81,7 +82,7 @@ For repositories where {% data variables.product.prodname_dependabot_security_up ## Access to {% data variables.product.prodname_dependabot_alerts %} -You can see all of the alerts that affect a particular project{% ifversion fpt or ghec %} on the repository's Security tab or{% endif %} in the repository's dependency graph. For more information, see "[Viewing and updating vulnerable dependencies in your repository](/github/managing-security-vulnerabilities/viewing-and-updating-vulnerable-dependencies-in-your-repository)." +You can see all of the alerts that affect a particular project{% ifversion fpt or ghec %} on the repository's Security tab or{% endif %} in the repository's dependency graph. For more information, see "[Viewing {% data variables.product.prodname_dependabot_alerts %} for vulnerable dependencies](/github/managing-security-vulnerabilities/viewing-and-updating-vulnerable-dependencies-in-your-repository)." By default, we notify people with admin permissions in the affected repositories about new {% data variables.product.prodname_dependabot_alerts %}. {% ifversion fpt or ghec %}{% data variables.product.product_name %} never publicly discloses identified vulnerabilities for any repository. You can also make {% data variables.product.prodname_dependabot_alerts %} visible to additional people or teams working repositories that you own or have admin permissions for. For more information, see "[Managing security and analysis settings for your repository](/github/administering-a-repository/managing-security-and-analysis-settings-for-your-repository#granting-access-to-security-alerts)." {% endif %} @@ -95,5 +96,5 @@ You can also see all the {% data variables.product.prodname_dependabot_alerts %} ## Further reading - "[About {% data variables.product.prodname_dependabot_security_updates %}](/github/managing-security-vulnerabilities/about-dependabot-security-updates)" -- "[Viewing and updating vulnerable dependencies in your repository](/articles/viewing-and-updating-vulnerable-dependencies-in-your-repository)"{% endif %} +- "[Viewing {% data variables.product.prodname_dependabot_alerts %} for vulnerable dependencies](/articles/viewing-and-updating-vulnerable-dependencies-in-your-repository)"{% endif %} {% ifversion fpt or ghec %}- "[Privacy on {% data variables.product.prodname_dotcom %}](/get-started/privacy-on-github)"{% endif %} diff --git a/translations/ja-JP/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/browsing-security-vulnerabilities-in-the-github-advisory-database.md b/translations/ja-JP/content/code-security/dependabot/dependabot-alerts/browsing-security-vulnerabilities-in-the-github-advisory-database.md similarity index 94% rename from translations/ja-JP/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/browsing-security-vulnerabilities-in-the-github-advisory-database.md rename to translations/ja-JP/content/code-security/dependabot/dependabot-alerts/browsing-security-vulnerabilities-in-the-github-advisory-database.md index 7be2222f65..f1ef00374b 100644 --- a/translations/ja-JP/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/browsing-security-vulnerabilities-in-the-github-advisory-database.md +++ b/translations/ja-JP/content/code-security/dependabot/dependabot-alerts/browsing-security-vulnerabilities-in-the-github-advisory-database.md @@ -6,6 +6,7 @@ miniTocMaxHeadingLevel: 3 redirect_from: - /github/managing-security-vulnerabilities/browsing-security-vulnerabilities-in-the-github-advisory-database - /code-security/supply-chain-security/browsing-security-vulnerabilities-in-the-github-advisory-database + - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/browsing-security-vulnerabilities-in-the-github-advisory-database versions: fpt: '*' ghec: '*' @@ -36,7 +37,7 @@ The {% data variables.product.prodname_advisory_database %} contains a list of k We carefully review each advisory for validity. Each {% data variables.product.company_short %}-reviewed advisory has a full description, and contains both ecosystem and package information. -If you enable {% data variables.product.prodname_dependabot_alerts %} for your repositories, you are automatically notified when a new {% data variables.product.company_short %}-reviewed advisory affects packages you depend on. 詳しい情報については、「[脆弱性のある依存関係に対するアラートについて](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)」を参照してください。 +If you enable {% data variables.product.prodname_dependabot_alerts %} for your repositories, you are automatically notified when a new {% data variables.product.company_short %}-reviewed advisory affects packages you depend on. For more information, see "[About {% data variables.product.prodname_dependabot_alerts %}](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)." ### About unreviewed advisories @@ -107,7 +108,7 @@ You can suggest improvements to any advisory in the {% data variables.product.pr ## 脆弱性のあるリポジトリを表示する -For any {% data variables.product.company_short %}-reviewed advisory in the {% data variables.product.prodname_advisory_database %}, you can see which of your repositories are affected by that security vulnerability. 脆弱性のあるリポジトリを確認するには、そのリポジトリの {% data variables.product.prodname_dependabot_alerts %} にアクセスできる必要があります。 詳しい情報については、「[脆弱性のある依存関係に対するアラートについて](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies#access-to-dependabot-alerts)」を参照してください。 +For any {% data variables.product.company_short %}-reviewed advisory in the {% data variables.product.prodname_advisory_database %}, you can see which of your repositories are affected by that security vulnerability. 脆弱性のあるリポジトリを確認するには、そのリポジトリの {% data variables.product.prodname_dependabot_alerts %} にアクセスできる必要があります。 詳しい情報については「[{% data variables.product.prodname_dependabot_alerts %}について](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies#access-to-dependabot-alerts)」を参照してください。 1. Https://github.com/advisories にアクセスします。 2. アドバイザリをクリックします。 diff --git a/translations/ja-JP/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/configuring-notifications-for-vulnerable-dependencies.md b/translations/ja-JP/content/code-security/dependabot/dependabot-alerts/configuring-notifications-for-dependabot-alerts.md similarity index 88% rename from translations/ja-JP/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/configuring-notifications-for-vulnerable-dependencies.md rename to translations/ja-JP/content/code-security/dependabot/dependabot-alerts/configuring-notifications-for-dependabot-alerts.md index 38aedd5f8e..c7aa8fda69 100644 --- a/translations/ja-JP/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/configuring-notifications-for-vulnerable-dependencies.md +++ b/translations/ja-JP/content/code-security/dependabot/dependabot-alerts/configuring-notifications-for-dependabot-alerts.md @@ -1,10 +1,11 @@ --- -title: 脆弱性のある依存関係の通知を設定する -shortTitle: 通知を設定する +title: Configuring notifications for Dependabot alerts +shortTitle: Configure notifications intro: 'Optimize how you receive notifications about {% data variables.product.prodname_dependabot_alerts %}.' redirect_from: - /github/managing-security-vulnerabilities/configuring-notifications-for-vulnerable-dependencies - /code-security/supply-chain-security/configuring-notifications-for-vulnerable-dependencies + - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/configuring-notifications-for-vulnerable-dependencies versions: fpt: '*' ghes: '*' @@ -51,7 +52,7 @@ When a new {% data variables.product.prodname_dependabot %} alert is detected, { {% note %} -**Note:** You can filter your notifications on {% data variables.product.company_short %} to show {% data variables.product.prodname_dependabot_alerts %}. 詳しい情報については「[インボックスからの通知の管理](/github/managing-subscriptions-and-notifications-on-github/managing-notifications-from-your-inbox#dependabot-custom-filters)」を参照してください。 +**Note:** You can filter your notifications on {% data variables.product.company_short %} to show {% data variables.product.prodname_dependabot_alerts %}. 詳しい情報については「[インボックスからの通知を管理する](/github/managing-subscriptions-and-notifications-on-github/managing-notifications-from-your-inbox#dependabot-custom-filters)」を参照してください。 {% endnote %} @@ -59,7 +60,7 @@ When a new {% data variables.product.prodname_dependabot %} alert is detected, { ## 脆弱性のある依存関係の通知を減らす方法 -{% data variables.product.prodname_dependabot_alerts %}の通知をあまりに多く受け取ることが心配なら、週次のメールダイジェストにオプトインするか、{% data variables.product.prodname_dependabot_alerts %}を有効化したままで通知をオフにすることをおすすめします。 その場合でも、リポジトリのセキュリティタブで{% data variables.product.prodname_dependabot_alerts %}を確認することはできます。 詳細については、「[リポジトリ内の脆弱な依存関係を表示・更新する](/github/managing-security-vulnerabilities/viewing-and-updating-vulnerable-dependencies-in-your-repository)」を参照してください。 +{% data variables.product.prodname_dependabot_alerts %}の通知をあまりに多く受け取ることが心配なら、週次のメールダイジェストにオプトインするか、{% data variables.product.prodname_dependabot_alerts %}を有効化したままで通知をオフにすることをおすすめします。 その場合でも、リポジトリのセキュリティタブで{% data variables.product.prodname_dependabot_alerts %}を確認することはできます。 For more information, see "[Viewing {% data variables.product.prodname_dependabot_alerts %} for vulnerable dependencies](/github/managing-security-vulnerabilities/viewing-and-updating-vulnerable-dependencies-in-your-repository)." ## 参考リンク diff --git a/translations/ja-JP/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/editing-security-advisories-in-the-github-advisory-database.md b/translations/ja-JP/content/code-security/dependabot/dependabot-alerts/editing-security-advisories-in-the-github-advisory-database.md similarity index 94% rename from translations/ja-JP/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/editing-security-advisories-in-the-github-advisory-database.md rename to translations/ja-JP/content/code-security/dependabot/dependabot-alerts/editing-security-advisories-in-the-github-advisory-database.md index 5f75c90373..7dbfd80181 100644 --- a/translations/ja-JP/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/editing-security-advisories-in-the-github-advisory-database.md +++ b/translations/ja-JP/content/code-security/dependabot/dependabot-alerts/editing-security-advisories-in-the-github-advisory-database.md @@ -3,6 +3,7 @@ title: Editing security advisories in the GitHub Advisory Database intro: 'You can submit improvements to any advisory published in the {% data variables.product.prodname_advisory_database %}.' redirect_from: - /code-security/security-advisories/editing-security-advisories-in-the-github-advisory-database + - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/editing-security-advisories-in-the-github-advisory-database versions: fpt: '*' ghec: '*' diff --git a/translations/ja-JP/content/code-security/dependabot/dependabot-alerts/index.md b/translations/ja-JP/content/code-security/dependabot/dependabot-alerts/index.md new file mode 100644 index 0000000000..f5d51e64aa --- /dev/null +++ b/translations/ja-JP/content/code-security/dependabot/dependabot-alerts/index.md @@ -0,0 +1,24 @@ +--- +title: Identifying vulnerabilities in your project's dependencies with Dependabot alerts +shortTitle: Dependabotアラート +intro: '{% data variables.product.prodname_dependabot %} generates {% data variables.product.prodname_dependabot_alerts %} when known vulnerabilites are detected in dependencies that your project uses.' +allowTitleToDifferFromFilename: true +versions: + fpt: '*' + ghes: '*' + ghae: issue-4864 + ghec: '*' +topics: + - Dependabot + - Alerts + - Vulnerabilities + - Repositories + - Dependencies +children: + - /browsing-security-vulnerabilities-in-the-github-advisory-database + - /editing-security-advisories-in-the-github-advisory-database + - /about-dependabot-alerts + - /viewing-and-updating-dependabot-alerts + - /configuring-notifications-for-dependabot-alerts +--- + diff --git a/translations/ja-JP/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/viewing-and-updating-vulnerable-dependencies-in-your-repository.md b/translations/ja-JP/content/code-security/dependabot/dependabot-alerts/viewing-and-updating-dependabot-alerts.md similarity index 94% rename from translations/ja-JP/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/viewing-and-updating-vulnerable-dependencies-in-your-repository.md rename to translations/ja-JP/content/code-security/dependabot/dependabot-alerts/viewing-and-updating-dependabot-alerts.md index c1e0d76330..a22458eeba 100644 --- a/translations/ja-JP/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/viewing-and-updating-vulnerable-dependencies-in-your-repository.md +++ b/translations/ja-JP/content/code-security/dependabot/dependabot-alerts/viewing-and-updating-dependabot-alerts.md @@ -1,12 +1,13 @@ --- -title: リポジトリ内の脆弱な依存関係を表示・更新する +title: Viewing and updating Dependabot alerts intro: '{% data variables.product.product_name %} がプロジェクト内の脆弱性のある依存関係を発見した場合は、それらをリポジトリの [Dependabot alerts] タブで確認できます。 その後、プロジェクトを更新してこの脆弱性を解決することができます。' redirect_from: - /articles/viewing-and-updating-vulnerable-dependencies-in-your-repository - /github/managing-security-vulnerabilities/viewing-and-updating-vulnerable-dependencies-in-your-repository - /code-security/supply-chain-security/viewing-and-updating-vulnerable-dependencies-in-your-repository + - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/viewing-and-updating-vulnerable-dependencies-in-your-repository permissions: Repository administrators and organization owners can view and update dependencies. -shortTitle: View vulnerable dependencies +shortTitle: View Dependabot alerts versions: fpt: '*' ghes: '*' @@ -25,7 +26,7 @@ topics: {% data reusables.dependabot.beta-security-and-version-updates %} {% data reusables.dependabot.enterprise-enable-dependabot %} -Your repository's {% data variables.product.prodname_dependabot_alerts %} tab lists all open and closed {% data variables.product.prodname_dependabot_alerts %}{% ifversion fpt or ghec or ghes > 3.2 %} and corresponding {% data variables.product.prodname_dependabot_security_updates %}{% endif %}. You can{% ifversion fpt or ghec or ghes > 3.4 or ghae-issue-5638 %} filter alerts by package, ecosystem, or manifest. You can also{% endif %} sort the list of alerts, and you can click into specific alerts for more details. 詳しい情報については、「[脆弱性のある依存関係に対するアラートについて](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)」を参照してください。 +Your repository's {% data variables.product.prodname_dependabot_alerts %} tab lists all open and closed {% data variables.product.prodname_dependabot_alerts %}{% ifversion fpt or ghec or ghes > 3.2 %} and corresponding {% data variables.product.prodname_dependabot_security_updates %}{% endif %}. You can{% ifversion fpt or ghec or ghes > 3.4 or ghae-issue-5638 %} filter alerts by package, ecosystem, or manifest. You can also{% endif %} sort the list of alerts, and you can click into specific alerts for more details. For more information, see "[About {% data variables.product.prodname_dependabot_alerts %}](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)." {% ifversion fpt or ghec or ghes > 3.2 %} {% data variables.product.prodname_dependabot_alerts %} と依存関係グラフを使用するリポジトリの自動セキュリティ更新を有効にすることができます。 詳しい情報については、「[{% data variables.product.prodname_dependabot_security_updates %} について](/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-dependabot-security-updates)」を参照してください。 @@ -36,7 +37,7 @@ Your repository's {% data variables.product.prodname_dependabot_alerts %} tab li {% ifversion fpt or ghec or ghes > 3.2 %} ## リポジトリ内の脆弱性のある依存関係の更新について -コードベースが既知の脆弱性のある依存関係を使用していることを検出すると、{% data variables.product.product_name %} は {% data variables.product.prodname_dependabot_alerts %} を生成します。 {% data variables.product.prodname_dependabot_security_updates %} が有効になっているリポジトリの場合、{% data variables.product.product_name %} がデフォルトのブランチで脆弱性のある依存関係を検出すると、{% data variables.product.prodname_dependabot %} はそれを修正するためのプルリクエストを作成します。 Pull Requestは、脆弱性を回避するために必要最低限の安全なバージョンに依存関係をアップグレードします。 +コードベースが既知の脆弱性のある依存関係を使用していることを検出すると、{% data variables.product.product_name %} は {% data variables.product.prodname_dependabot_alerts %} を生成します。 {% data variables.product.prodname_dependabot_security_updates %} が有効になっているリポジトリの場合、{% data variables.product.product_name %} がデフォルトのブランチで脆弱性のある依存関係を検出すると、{% data variables.product.prodname_dependabot %} はそれを修正するためのプルリクエストを作成します。 プルリクエストは、脆弱性を回避するために必要最低限の安全なバージョンに依存関係をアップグレードします。 {% ifversion fpt or ghec or ghes > 3.4 or ghae-issue-5638 %}You can sort and filter {% data variables.product.prodname_dependabot_alerts %} with the dropdown menus in the {% data variables.product.prodname_dependabot_alerts %} tab or by typing filters as `key:value` pairs into the search bar. The available filters are repository (for example, `repo:my-repository`), package (for example, `package:django`), ecosystem (for example, `ecosystem:npm`), manifest (for example, `manifest:webwolf/pom.xml`), state (for example, `is:open`), and whether an advisory has a patch (for example, `has: patch`). @@ -98,7 +99,7 @@ Each {% data variables.product.prodname_dependabot %} alert has a unique numeric ## 参考リンク -- 「[脆弱性のある依存関係に対するアラートについて](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)」{% ifversion fpt or ghec or ghes > 3.2 %} +- "[About {% data variables.product.prodname_dependabot_alerts %}](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)"{% ifversion fpt or ghec or ghes > 3.2 %} - 「[{% data variables.product.prodname_dependabot_security_updates %}の設定](/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/configuring-dependabot-security-updates)」{% endif %} - 「[リポジトリのセキュリティおよび分析設定を管理する](/github/administering-a-repository/managing-security-and-analysis-settings-for-your-repository)」 - 「[脆弱性のある依存関係の検出のトラブルシューティング](/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/troubleshooting-the-detection-of-vulnerable-dependencies)」{% ifversion fpt or ghec or ghes > 3.2 %} diff --git a/translations/ja-JP/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-dependabot-security-updates.md b/translations/ja-JP/content/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates.md similarity index 89% rename from translations/ja-JP/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-dependabot-security-updates.md rename to translations/ja-JP/content/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates.md index aa02dff06e..4b9cc30b4d 100644 --- a/translations/ja-JP/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-dependabot-security-updates.md +++ b/translations/ja-JP/content/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates.md @@ -6,6 +6,7 @@ redirect_from: - /github/managing-security-vulnerabilities/about-github-dependabot-security-updates - /github/managing-security-vulnerabilities/about-dependabot-security-updates - /code-security/supply-chain-security/about-dependabot-security-updates + - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-dependabot-security-updates versions: fpt: '*' ghec: '*' @@ -25,9 +26,9 @@ topics: {% data reusables.dependabot.beta-security-and-version-updates %} {% data reusables.dependabot.enterprise-enable-dependabot %} -## {% data variables.product.prodname_dependabot_security_updates %} について +## {% data variables.product.prodname_dependabot_security_updates %}について -{% data variables.product.prodname_dependabot_security_updates %} で、リポジトリ内の脆弱性のある依存関係を簡単に修正できます。 この機能を有効にすると、リポジトリの依存関係グラフで脆弱性のある依存関係に対して {% data variables.product.prodname_dependabot %} アラートが発生すると、{% data variables.product.prodname_dependabot %} は自動的にそれを修正しようとします。 詳しい情報については、「[脆弱性のある依存関係に対するアラートについて](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)」 および「[{% data variables.product.prodname_dependabot_security_updates %} を設定する](/github/managing-security-vulnerabilities/configuring-dependabot-security-updates)」を参照してください。 +{% data variables.product.prodname_dependabot_security_updates %} で、リポジトリ内の脆弱性のある依存関係を簡単に修正できます。 この機能を有効にすると、リポジトリの依存関係グラフで脆弱性のある依存関係に対して {% data variables.product.prodname_dependabot %} アラートが発生すると、{% data variables.product.prodname_dependabot %} は自動的にそれを修正しようとします。 詳しい情報については、「[{% data variables.product.prodname_dependabot_alerts %} について](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)」および「[{% data variables.product.prodname_dependabot_security_updates %} の設定](/github/managing-security-vulnerabilities/configuring-dependabot-security-updates)」を参照してください。 {% data variables.product.prodname_dotcom %} may send {% data variables.product.prodname_dependabot_alerts %} to repositories affected by a vulnerability disclosed by a recently published {% data variables.product.prodname_dotcom %} security advisory. {% data reusables.security-advisory.link-browsing-advisory-db %} @@ -63,4 +64,4 @@ topics: ## {% data variables.product.prodname_dependabot %} セキュリティアップデートの通知について -{% data variables.product.company_short %} で通知をフィルタして、{% data variables.product.prodname_dependabot %} セキュリティアップデートを表示できます。 詳しい情報については「[インボックスからの通知の管理](/github/managing-subscriptions-and-notifications-on-github/managing-notifications-from-your-inbox#dependabot-custom-filters)」を参照してください。 +{% data variables.product.company_short %} で通知をフィルタして、{% data variables.product.prodname_dependabot %} セキュリティアップデートを表示できます。 詳しい情報については「[インボックスからの通知を管理する](/github/managing-subscriptions-and-notifications-on-github/managing-notifications-from-your-inbox#dependabot-custom-filters)」を参照してください。 diff --git a/translations/ja-JP/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/configuring-dependabot-security-updates.md b/translations/ja-JP/content/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates.md similarity index 95% rename from translations/ja-JP/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/configuring-dependabot-security-updates.md rename to translations/ja-JP/content/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates.md index 4b5d03893f..6cc5ca642c 100644 --- a/translations/ja-JP/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/configuring-dependabot-security-updates.md +++ b/translations/ja-JP/content/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates.md @@ -9,6 +9,7 @@ redirect_from: - /github/managing-security-vulnerabilities/configuring-github-dependabot-security-updates - /github/managing-security-vulnerabilities/configuring-dependabot-security-updates - /code-security/supply-chain-security/configuring-dependabot-security-updates + - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/configuring-dependabot-security-updates versions: fpt: '*' ghec: '*' @@ -74,6 +75,6 @@ You can also enable or disable {% data variables.product.prodname_dependabot_sec ## Further reading -- "[About alerts for vulnerable dependencies](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)"{% ifversion fpt or ghec %} +- "[About {% data variables.product.prodname_dependabot_alerts %}](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)"{% ifversion fpt or ghec %} - "[Managing data use settings for your private repository](/get-started/privacy-on-github/managing-data-use-settings-for-your-private-repository)"{% endif %} - "[Supported package ecosystems](/github/visualizing-repository-data-with-graphs/about-the-dependency-graph#supported-package-ecosystems)" diff --git a/translations/ja-JP/content/code-security/dependabot/dependabot-security-updates/index.md b/translations/ja-JP/content/code-security/dependabot/dependabot-security-updates/index.md new file mode 100644 index 0000000000..30b0fe6070 --- /dev/null +++ b/translations/ja-JP/content/code-security/dependabot/dependabot-security-updates/index.md @@ -0,0 +1,20 @@ +--- +title: Automatically updating dependencies with known vulnerabilities with Dependabot security updates +intro: '{% data variables.product.prodname_dependabot %} can help you fix vulnerable dependencies by automatically raising pull requests to update dependencies to secure versions.' +allowTitleToDifferFromFilename: true +versions: + fpt: '*' + ghec: '*' + ghes: '>3.2' +topics: + - Repositories + - Dependabot + - Security updates + - Dependencies + - Pull requests +shortTitle: Dependabotセキュリティアップデート +children: + - /about-dependabot-security-updates + - /configuring-dependabot-security-updates +--- + diff --git a/translations/ja-JP/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/about-dependabot-version-updates.md b/translations/ja-JP/content/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates.md similarity index 91% rename from translations/ja-JP/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/about-dependabot-version-updates.md rename to translations/ja-JP/content/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates.md index e87757c4bf..40b2cdefd9 100644 --- a/translations/ja-JP/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/about-dependabot-version-updates.md +++ b/translations/ja-JP/content/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates.md @@ -8,6 +8,7 @@ redirect_from: - /github/administering-a-repository/about-dependabot-version-updates - /code-security/supply-chain-security/about-dependabot-version-updates - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/upgrading-from-dependabotcom-to-github-native-dependabot + - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/about-dependabot-version-updates versions: fpt: '*' ghec: '*' @@ -25,13 +26,13 @@ shortTitle: Dependabotバージョンアップデート {% data reusables.dependabot.beta-security-and-version-updates %} {% data reusables.dependabot.enterprise-enable-dependabot %} -## {% data variables.product.prodname_dependabot_version_updates %} について +## {% data variables.product.prodname_dependabot_version_updates %}について {% data variables.product.prodname_dependabot %} は、依存関係を維持する手間を省きます。 これを使用して、リポジトリが依存するパッケージおよびアプリケーションの最新リリースに自動的に対応できるようにすることができます。 設定ファイルをリポジトリにチェックインすることにより、{% data variables.product.prodname_dependabot_version_updates %} を有効化します。 設定ファイルは、リポジトリに保存されているマニフェストまたは他のパッケージ定義ファイルの場所を指定します。 {% data variables.product.prodname_dependabot %} はこの情報を使用して、古いパッケージとアプリケーションをチェックします。 {% data variables.product.prodname_dependabot %} は、依存関係のセマンティックバージョニング([semver](https://semver.org/))を調べて、そのバージョンへの更新の必要性を判断することにより、依存関係の新しいバージョンの有無を決定します。 特定のパッケージマネージャーでは、{% data variables.product.prodname_dependabot_version_updates %} もベンダをサポートしています。 ベンダ (またはキャッシュ) された依存関係は、マニフェストで参照されるのではなく、リポジトリ内の特定のディレクトリにチェックインされる依存関係です。 パッケージサーバーが利用できない場合でも、ビルド時にベンダ依存関係を利用できます。 {% data variables.product.prodname_dependabot_version_updates %} は、ベンダの依存関係をチェックして新しいバージョンを確認し、必要に応じて更新するように設定できます。 -{% data variables.product.prodname_dependabot %} が古い依存関係を特定すると、プルリクエストを発行して、マニフェストを依存関係の最新バージョンに更新します。 ベンダーの依存関係の場合、{% data variables.product.prodname_dependabot %} はプルリクエストを生成して、古い依存関係を新しいバージョンに直接置き換えます。 テストに合格したことを確認し、プルリクエストの概要に含まれている変更履歴とリリースノートを確認して、マージします。 For more information, see "[Enabling and disabling {% data variables.product.prodname_dependabot %} version updates](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-dependabot-version-updates)." +{% data variables.product.prodname_dependabot %} が古い依存関係を特定すると、プルリクエストを発行して、マニフェストを依存関係の最新バージョンに更新します。 ベンダーの依存関係の場合、{% data variables.product.prodname_dependabot %} はプルリクエストを生成して、古い依存関係を新しいバージョンに直接置き換えます。 テストに合格したことを確認し、プルリクエストの概要に含まれている変更履歴とリリースノートを確認して、マージします。 For more information, see "[Configuring {% data variables.product.prodname_dependabot %} version updates](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-dependabot-version-updates)." If you enable _security updates_, {% data variables.product.prodname_dependabot %} also raises pull requests to update vulnerable dependencies. 詳しい情報については、「[{% data variables.product.prodname_dependabot_security_updates %} について](/github/managing-security-vulnerabilities/about-dependabot-security-updates)」を参照してください。 @@ -50,7 +51,7 @@ If you enable _security updates_, {% data variables.product.prodname_dependabot ## サポートされているリポジトリとエコシステム -サポートされているパッケージマネージャーのいずれかの依存関係マニフェストまたはロックファイルを含むリポジトリのバージョン更新を設定できます。 一部のパッケージマネージャーでは、依存関係のベンダを設定することもできます。 詳しい情報については、「[依存関係の更新の設定オプション](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/configuration-options-for-dependency-updates#vendor) 」を参照してください。 +サポートされているパッケージマネージャーのいずれかの依存関係マニフェストまたはロックファイルを含むリポジトリのバージョン更新を設定できます。 一部のパッケージマネージャーでは、依存関係のベンダを設定することもできます。 For more information, see "[Configuration options for the dependabot.yml file](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/configuration-options-for-dependency-updates#vendor)." {% note %} {% data reusables.dependabot.private-dependencies-note %} diff --git a/translations/ja-JP/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/configuration-options-for-dependency-updates.md b/translations/ja-JP/content/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file.md similarity index 95% rename from translations/ja-JP/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/configuration-options-for-dependency-updates.md rename to translations/ja-JP/content/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file.md index 0a38bb5acc..2368b595b0 100644 --- a/translations/ja-JP/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/configuration-options-for-dependency-updates.md +++ b/translations/ja-JP/content/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file.md @@ -1,10 +1,12 @@ --- -title: 依存関係の更新の設定オプション +title: Configuration options for the dependabot.yml file intro: '{% data variables.product.prodname_dependabot %} がリポジトリを維持する方法をカスタマイズする場合に使用可能なすべてのオプションの詳細情報。' permissions: 'People with write permissions to a repository can configure {% data variables.product.prodname_dependabot %} for the repository.' +allowTitleToDifferFromFilename: true redirect_from: - /github/administering-a-repository/configuration-options-for-dependency-updates - /code-security/supply-chain-security/configuration-options-for-dependency-updates + - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/configuration-options-for-dependency-updates miniTocMaxHeadingLevel: 3 versions: fpt: '*' @@ -17,7 +19,7 @@ topics: - Repositories - Dependencies - Pull requests -shortTitle: 設定オプション +shortTitle: Configure dependabot.yml --- {% data reusables.dependabot.beta-security-and-version-updates %} @@ -27,9 +29,9 @@ shortTitle: 設定オプション {% data variables.product.prodname_dependabot %} の設定ファイルである *dependabot.yml* では YAML 構文を使用します。 YAMLについて詳しくなく、学んでいきたい場合は、「[Learn YAML in five minutes (5分で学ぶYAML)](https://www.codeproject.com/Articles/1214409/Learn-YAML-in-five-minutes)」をお読みください。 -このファイルは、リポジトリの `.github` ディレクトリに保存する必要があります。 *dependabot.yml* ファイルを追加または更新すると、即座にバージョン更新を確認します。 For more information and an example, see "[Enabling and disabling {% data variables.product.prodname_dependabot %} version updates](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-dependabot-version-updates#enabling-dependabot-version-updates)." +このファイルは、リポジトリの `.github` ディレクトリに保存する必要があります。 *dependabot.yml* ファイルを追加または更新すると、即座にバージョン更新を確認します。 For more information and an example, see "[Configuring {% data variables.product.prodname_dependabot %} version updates](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-dependabot-version-updates#enabling-dependabot-version-updates)." -セキュリティアップデートに影響するオプションは、次にセキュリティアラートがセキュリティアップデートのためのプルリクエストをトリガーするときにも使用されます。 For more information, see "[Configuring {% data variables.product.prodname_dependabot_security_updates %}](/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/configuring-dependabot-security-updates)." +セキュリティアップデートに影響するオプションは、次にセキュリティアラートがセキュリティアップデートのためのプルリクエストをトリガーするときにも使用されます。 詳しい情報については、「[{% data variables.product.prodname_dependabot_security_updates %} を設定する](/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/configuring-dependabot-security-updates)」を参照してください。 *dependabot.yml* ファイルには、必須の最上位キーに `version` と `updates` の 2 つがあります。 必要に応じて、最上位に `registries` キーを含めることができます。 ファイルは、`version: 2` で始まる必要があります。 @@ -53,7 +55,7 @@ shortTitle: 設定オプション | [`pull-request-branch-name.separator`](#pull-request-branch-nameseparator) | | プルリクエストブランチ名の区切り文字を変更する | | [`rebase-strategy`](#rebase-strategy) | | 自動リベースを無効にする | | [`registries`](#registries) | | {% data variables.product.prodname_dependabot %} がアクセスできるプライベートリポジトリ | -| [`reviewers`](#reviewers) | | プルリクエストのレビュー担当者 | +| [`レビュー担当者`](#reviewers) | | プルリクエストのレビュー担当者 | | [`schedule.day`](#scheduleday) | | 更新を確認する曜日 | | [`schedule.time`](#scheduletime) | | 更新を確認する時刻 (hh:mm) | | [`schedule.timezone`](#scheduletimezone) | | 時刻のタイムゾーン(ゾーン識別子) | @@ -170,7 +172,7 @@ updates: {% note %} -**注釈**: `schedule` は、{% data variables.product.prodname_dependabot %} が新規更新を試行するタイミングを設定します。 ただし、プルリクエストを受け取るタイミングはこれだけではありません。 更新は、 `dependabot.yml` ファイルへの変更、更新失敗後のマニフェストファイルへの変更、または {% data variables.product.prodname_dependabot_security_updates %} に基づいてトリガーされることがあります。 詳しい情報については、「[{% data variables.product.prodname_dependabot %} プルリクエストの頻度](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/about-dependabot-version-updates#frequency-of-dependabot-pull-requests)」および「[{% data variables.product.prodname_dependabot_security_updates %} について](/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-dependabot-security-updates)」を参照してください。 +**注釈**: `schedule` は、{% data variables.product.prodname_dependabot %} が新規更新を試行するタイミングを設定します。 ただし、プルリクエストを受け取るタイミングはこれだけではありません。 更新は、 `dependabot.yml` ファイルへの変更、更新失敗後のマニフェストファイルへの変更、または {% data variables.product.prodname_dependabot_security_updates %} に基づいてトリガーされることがあります。 For more information, see "[Frequency of {% data variables.product.prodname_dependabot %} pull requests](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/about-dependabot-version-updates#frequency-of-dependabot-pull-requests)" and "[About {% data variables.product.prodname_dependabot_security_updates %}](/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-dependabot-security-updates)." {% endnote %} @@ -187,7 +189,7 @@ updates: | ------------- | ----------------------------------------------- | ----------------------------------------------------------------------------- | | `direct` | すべて | 明示的に定義されたすべての依存関係。 | | `indirect` | `bundler`、`pip`、`composer`、`cargo` | 直接依存関係の依存関係 (サブ依存関係、または過渡依存関係とも呼ばれる)。 | - | `すべて` | すべて | 明示的に定義されたすべての依存関係。 `bundler`、`pip`、`composer`、`cargo` についても、直接依存関係の依存関係になります。 | + | `all` | すべて | 明示的に定義されたすべての依存関係。 `bundler`、`pip`、`composer`、`cargo` についても、直接依存関係の依存関係になります。 | | `production` | `bundler`、`composer`、`mix`, `maven`、`npm`、`pip` | Only dependencies in the "Production dependency group". | | `development` | `bundler`、`composer`、`mix`, `maven`、`npm`、`pip` | [Development dependency group] 内の依存関係のみ。 | @@ -307,7 +309,7 @@ updates: リポジトリが`ignore`の設定を保存したかは、リポジトリで`"@dependabot ignore" in:comments`を検索すれば調べられます。 この方法で無視された依存関係の無視を解除したいなら、Pull Requestを再度オープンしてください。 -`@dependabot ignore` コマンドに関する詳細については、「[依存関係の更新に関するプルリクエストを管理する](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/managing-pull-requests-for-dependency-updates#managing-dependabot-pull-requests-with-comment-commands)」をご覧ください。 +For more information about the `@dependabot ignore` commands, see "[Managing pull requests for dependency updates](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/managing-pull-requests-for-dependency-updates#managing-dependabot-pull-requests-with-comment-commands)." #### 無視する依存関係とバージョンを指定する @@ -322,7 +324,7 @@ updates: {% data reusables.dependabot.option-affects-security-updates %} ```yaml -# 更新されるべきではない依存関係を、`ignore`を使って指定する +# `ignore`を使って更新されるべきではない依存関係を指定 version: 2 updates: @@ -332,7 +334,7 @@ updates: interval: "daily" ignore: - dependency-name: "express" - # Expressではバージョン4と5に対するすべての更新を無視 + # Expressについてはバージョン4と5に対するすべての更新を無視 versions: ["4.x", "5.x"] # Lodashについてはすべての更新を無視 - dependency-name: "lodash" @@ -521,7 +523,7 @@ updates: {% endraw %} ``` -### `reviewers` +### `レビュー担当者` `reviewers` を使用して、パッケージマネージャーに対して発行されたすべてのプルリクエストの個々のレビュー担当者またはレビュー担当者の Team を指定します。 チームを@メンションしている場合と同様に、Organization を含む完全な Team 名を使用する必要があります。 @@ -725,7 +727,7 @@ updates: {% raw %} ```yaml -# 1つのプライベートリポジトリで依存関係を更新するための最低限の設定 +# 1つのプライベートリポジトリ内の依存関係の更新のための最小設定 version: 2 registries: diff --git a/translations/ja-JP/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-dependabot-version-updates.md b/translations/ja-JP/content/code-security/dependabot/dependabot-version-updates/configuring-dependabot-version-updates.md similarity index 93% rename from translations/ja-JP/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-dependabot-version-updates.md rename to translations/ja-JP/content/code-security/dependabot/dependabot-version-updates/configuring-dependabot-version-updates.md index 158e6dea9a..f039485d40 100644 --- a/translations/ja-JP/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-dependabot-version-updates.md +++ b/translations/ja-JP/content/code-security/dependabot/dependabot-version-updates/configuring-dependabot-version-updates.md @@ -1,11 +1,12 @@ --- -title: Enabling and disabling Dependabot version updates +title: Configuring Dependabot version updates intro: '{% data variables.product.prodname_dependabot %} が使用するパッケージを自動的に更新するようにリポジトリを設定できます。' permissions: 'People with write permissions to a repository can enable or disable {% data variables.product.prodname_dependabot_version_updates %} for the repository.' redirect_from: - /github/administering-a-repository/enabling-and-disabling-version-updates - /code-security/supply-chain-security/enabling-and-disabling-version-updates - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-version-updates + - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-dependabot-version-updates versions: fpt: '*' ghec: '*' @@ -17,7 +18,7 @@ topics: - Repositories - Dependencies - Pull requests -shortTitle: 更新の有効化と無効化 +shortTitle: Configure version updates --- @@ -34,7 +35,7 @@ shortTitle: 更新の有効化と無効化 ## {% data variables.product.prodname_dependabot_version_updates %} を有効化する -{% data reusables.dependabot.create-dependabot-yml %}詳しい情報については、「[依存関係の更新の設定オプション](/github/administering-a-repository/configuration-options-for-dependency-updates)」を参照してください。 +{% data reusables.dependabot.create-dependabot-yml %} For information, see "[Configuration options for the dependabot.yml file](/github/administering-a-repository/configuration-options-for-dependency-updates)." 1. `version` を追加します。 1. プライベートレジストリに依存関係がある場合、必要に応じて認証情報を含む `registries` セクションを追加します。 1. `updates` セクションを追加し、{% data variables.product.prodname_dependabot %} に監視させるパッケージマネージャーごとにエントリを追加します。 @@ -138,4 +139,4 @@ updates: update-types: ["version-update:semver-patch"] ``` -既存の無視設定の確認に関する詳細については、「[依存関係の更新の設定オプション](/github/administering-a-repository/configuration-options-for-dependency-updates#ignore)」を参照してください。 +For more information about checking for existing ignore preferences, see "[Configuration options for the dependabot.yml file](/github/administering-a-repository/configuration-options-for-dependency-updates#ignore)." diff --git a/translations/ja-JP/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/customizing-dependency-updates.md b/translations/ja-JP/content/code-security/dependabot/dependabot-version-updates/customizing-dependency-updates.md similarity index 93% rename from translations/ja-JP/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/customizing-dependency-updates.md rename to translations/ja-JP/content/code-security/dependabot/dependabot-version-updates/customizing-dependency-updates.md index 43c33fc5ea..cdaedce500 100644 --- a/translations/ja-JP/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/customizing-dependency-updates.md +++ b/translations/ja-JP/content/code-security/dependabot/dependabot-version-updates/customizing-dependency-updates.md @@ -5,6 +5,7 @@ permissions: 'People with write permissions to a repository can configure {% dat redirect_from: - /github/administering-a-repository/customizing-dependency-updates - /code-security/supply-chain-security/customizing-dependency-updates + - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/customizing-dependency-updates versions: fpt: '*' ghec: '*' @@ -34,7 +35,7 @@ shortTitle: 更新のカスタマイズ - `open-pull-requests-limit`: バージョン更新のオープンプルリクエストの最大数をデフォルトの 5 件から変更する - `target-branch`: デフォルトブランチではなく、特定のブランチを対象とするバージョン更新のプルリクエストを開く -設定オプションの詳細については、「[依存関係の更新の設定オプション](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/configuration-options-for-dependency-updates) 」を参照してください。 +For more information about the configuration options, see "[Configuration options for the dependabot.yml file](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/configuration-options-for-dependency-updates)." リポジトリ内の *dependabot.yml* ファイルを更新すると、{% data variables.product.prodname_dependabot %} は新しい設定で即座にチェックを実行します。 数分以内に、[**{% data variables.product.prodname_dependabot %}**] タブに更新された依存関係のリストが表示されます。リポジトリに多くの依存関係がある場合、表示までにさらに時間がかかることがあります。 バージョン更新に関する新しいプルリクエストが表示されることもあります。 詳しい情報については、「[バージョン更新用に設定された依存関係を一覧表示する](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/listing-dependencies-configured-for-version-updates) 」を参照してください。 @@ -139,4 +140,4 @@ updates: ## その他の例 -その他の例ついては、「[依存関係の更新の設定オプション](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/configuration-options-for-dependency-updates) 」を参照してください。 +For more examples, see "[Configuration options for the dependabot.yml file](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/configuration-options-for-dependency-updates)." diff --git a/translations/ja-JP/content/code-security/dependabot/dependabot-version-updates/index.md b/translations/ja-JP/content/code-security/dependabot/dependabot-version-updates/index.md new file mode 100644 index 0000000000..49056570ac --- /dev/null +++ b/translations/ja-JP/content/code-security/dependabot/dependabot-version-updates/index.md @@ -0,0 +1,26 @@ +--- +title: Keeping your dependencies updated automatically with Dependabot version updates +intro: 'You can use {% data variables.product.prodname_dependabot %} to automatically keep the dependencies and packages used in your repository updated to the latest version, even when they don’t have any known vulnerabilities.' +allowTitleToDifferFromFilename: true +redirect_from: + - /github/administering-a-repository/keeping-your-dependencies-updated-automatically + - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically +versions: + fpt: '*' + ghec: '*' + ghes: '>3.2' +topics: + - Repositories + - Dependabot + - Version updates + - Dependencies + - Pull requests +children: + - /about-dependabot-version-updates + - /configuring-dependabot-version-updates + - /listing-dependencies-configured-for-version-updates + - /customizing-dependency-updates + - /configuration-options-for-the-dependabot.yml-file +shortTitle: Dependabotバージョンアップデート +--- + diff --git a/translations/ja-JP/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/listing-dependencies-configured-for-version-updates.md b/translations/ja-JP/content/code-security/dependabot/dependabot-version-updates/listing-dependencies-configured-for-version-updates.md similarity index 85% rename from translations/ja-JP/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/listing-dependencies-configured-for-version-updates.md rename to translations/ja-JP/content/code-security/dependabot/dependabot-version-updates/listing-dependencies-configured-for-version-updates.md index ed581cda02..7331e568d6 100644 --- a/translations/ja-JP/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/listing-dependencies-configured-for-version-updates.md +++ b/translations/ja-JP/content/code-security/dependabot/dependabot-version-updates/listing-dependencies-configured-for-version-updates.md @@ -4,6 +4,7 @@ intro: '{% data variables.product.prodname_dependabot %} が更新を監視し redirect_from: - /github/administering-a-repository/listing-dependencies-configured-for-version-updates - /code-security/supply-chain-security/listing-dependencies-configured-for-version-updates + - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/listing-dependencies-configured-for-version-updates versions: fpt: '*' ghec: '*' @@ -22,7 +23,7 @@ shortTitle: 設定された依存関係の一覧 ## {% data variables.product.prodname_dependabot %} によって監視されている依存関係を表示する -バージョン更新を有効にした後、リポジトリの依存関係グラフの [**{% data variables.product.prodname_dependabot %}**] タブで、設定が正しいかどうかを確認できます。 For more information, see "[Enabling and disabling {% data variables.product.prodname_dependabot %} version updates](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-dependabot-version-updates)." +バージョン更新を有効にした後、リポジトリの依存関係グラフの [**{% data variables.product.prodname_dependabot %}**] タブで、設定が正しいかどうかを確認できます。 For more information, see "[Configuring {% data variables.product.prodname_dependabot %} version updates](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-dependabot-version-updates)." {% data reusables.repositories.navigate-to-repo %} {% data reusables.repositories.accessing-repository-graphs %} diff --git a/translations/ja-JP/content/code-security/dependabot/index.md b/translations/ja-JP/content/code-security/dependabot/index.md new file mode 100644 index 0000000000..cb1f4984f9 --- /dev/null +++ b/translations/ja-JP/content/code-security/dependabot/index.md @@ -0,0 +1,23 @@ +--- +title: Keeping your supply chain secure with Dependabot +shortTitle: Dependabot +intro: 'Monitor vulnerabilities in dependencies used in your project{% ifversion fpt or ghec or ghes > 3.2 %} and keep your dependencies up-to-date{% endif %} with {% data variables.product.prodname_dependabot %}.' +allowTitleToDifferFromFilename: true +versions: + fpt: '*' + ghes: '*' + ghae: issue-4864 + ghec: '*' +topics: + - Dependabot + - Alerts + - Vulnerabilities + - Repositories + - Dependencies +children: + - /dependabot-alerts + - /dependabot-security-updates + - /dependabot-version-updates + - /working-with-dependabot +--- + diff --git a/translations/ja-JP/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/automating-dependabot-with-github-actions.md b/translations/ja-JP/content/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions.md similarity index 98% rename from translations/ja-JP/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/automating-dependabot-with-github-actions.md rename to translations/ja-JP/content/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions.md index 08083383df..04794ab34a 100644 --- a/translations/ja-JP/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/automating-dependabot-with-github-actions.md +++ b/translations/ja-JP/content/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions.md @@ -17,6 +17,8 @@ topics: - Dependencies - Pull requests shortTitle: Use Dependabot with Actions +redirect_from: + - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/automating-dependabot-with-github-actions --- {% data reusables.dependabot.beta-security-and-version-updates %} @@ -72,7 +74,7 @@ For more information, see "[Modifying the permissions for the GITHUB_TOKEN](/act ### Accessing secrets -When a {% data variables.product.prodname_dependabot %} event triggers a workflow, the only secrets available to the workflow are {% data variables.product.prodname_dependabot %} secrets. {% data variables.product.prodname_actions %} secrets are not available. Consequently, you must store any secrets that are used by a workflow triggered by {% data variables.product.prodname_dependabot %} events as {% data variables.product.prodname_dependabot %} secrets. For more information, see "[Managing encrypted secrets for Dependabot](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/managing-encrypted-secrets-for-dependabot)". +When a {% data variables.product.prodname_dependabot %} event triggers a workflow, the only secrets available to the workflow are {% data variables.product.prodname_dependabot %} secrets. {% data variables.product.prodname_actions %} secrets are not available. Consequently, you must store any secrets that are used by a workflow triggered by {% data variables.product.prodname_dependabot %} events as {% data variables.product.prodname_dependabot %} secrets. 詳しい情報については「[Dependabotの暗号化されたシークレットの管理](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/managing-encrypted-secrets-for-dependabot)」を参照してください。 {% data variables.product.prodname_dependabot %} secrets are added to the `secrets` context and referenced using exactly the same syntax as secrets for {% data variables.product.prodname_actions %}. For more information, see "[Encrypted secrets](/actions/security-guides/encrypted-secrets#using-encrypted-secrets-in-a-workflow)." diff --git a/translations/ja-JP/content/code-security/dependabot/working-with-dependabot/index.md b/translations/ja-JP/content/code-security/dependabot/working-with-dependabot/index.md new file mode 100644 index 0000000000..2ff0dbc0da --- /dev/null +++ b/translations/ja-JP/content/code-security/dependabot/working-with-dependabot/index.md @@ -0,0 +1,24 @@ +--- +title: Working with Dependabot +shortTitle: Work with Dependabot +intro: 'Guidance and recommendations for working with {% data variables.product.prodname_dependabot %}, such as managing pull requests raised by {% data variables.product.prodname_dependabot %}, using {% data variables.product.prodname_actions %} with {% data variables.product.prodname_dependabot %}, and troubleshooting {% data variables.product.prodname_dependabot %} errors.' +versions: + fpt: '*' + ghec: '*' + ghes: '>3.2' +topics: + - Repositories + - Dependabot + - Version updates + - Security updates + - Dependencies + - Pull requests +children: + - /managing-pull-requests-for-dependency-updates + - /automating-dependabot-with-github-actions + - /keeping-your-actions-up-to-date-with-dependabot + - /managing-encrypted-secrets-for-dependabot + - /troubleshooting-the-detection-of-vulnerable-dependencies + - /troubleshooting-dependabot-errors +--- + diff --git a/translations/ja-JP/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/keeping-your-actions-up-to-date-with-dependabot.md b/translations/ja-JP/content/code-security/dependabot/working-with-dependabot/keeping-your-actions-up-to-date-with-dependabot.md similarity index 88% rename from translations/ja-JP/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/keeping-your-actions-up-to-date-with-dependabot.md rename to translations/ja-JP/content/code-security/dependabot/working-with-dependabot/keeping-your-actions-up-to-date-with-dependabot.md index 7261cc6b3b..e373bef51a 100644 --- a/translations/ja-JP/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/keeping-your-actions-up-to-date-with-dependabot.md +++ b/translations/ja-JP/content/code-security/dependabot/working-with-dependabot/keeping-your-actions-up-to-date-with-dependabot.md @@ -5,6 +5,7 @@ redirect_from: - /github/administering-a-repository/keeping-your-actions-up-to-date-with-github-dependabot - /github/administering-a-repository/keeping-your-actions-up-to-date-with-dependabot - /code-security/supply-chain-security/keeping-your-actions-up-to-date-with-dependabot + - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/keeping-your-actions-up-to-date-with-dependabot versions: fpt: '*' ghec: '*' @@ -36,7 +37,7 @@ Actions are often updated with bug fixes and new features to make automated proc 1. Set a `schedule.interval` to specify how often to check for new versions. {% data reusables.dependabot.check-in-dependabot-yml %} If you have edited an existing file, save your changes. -You can also enable {% data variables.product.prodname_dependabot_version_updates %} on forks. For more information, see "[Enabling and disabling {% data variables.product.prodname_dependabot %} version updates](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-dependabot-version-updates#enabling-version-updates-on-forks)." +You can also enable {% data variables.product.prodname_dependabot_version_updates %} on forks. For more information, see "[Configuring {% data variables.product.prodname_dependabot %} version updates](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-dependabot-version-updates#enabling-version-updates-on-forks)." ### Example *dependabot.yml* file for {% data variables.product.prodname_actions %} @@ -57,7 +58,7 @@ updates: ## Configuring {% data variables.product.prodname_dependabot_version_updates %} for actions -When enabling {% data variables.product.prodname_dependabot_version_updates %} for actions, you must specify values for `package-ecosystem`, `directory`, and `schedule.interval`. There are many more optional properties that you can set to further customize your version updates. For more information, see "[Configuration options for dependency updates](/github/administering-a-repository/configuration-options-for-dependency-updates)." +When enabling {% data variables.product.prodname_dependabot_version_updates %} for actions, you must specify values for `package-ecosystem`, `directory`, and `schedule.interval`. There are many more optional properties that you can set to further customize your version updates. For more information, see "[Configuration options for the dependabot.yml file](/github/administering-a-repository/configuration-options-for-dependency-updates)." ## Further reading diff --git a/translations/ja-JP/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/managing-encrypted-secrets-for-dependabot.md b/translations/ja-JP/content/code-security/dependabot/working-with-dependabot/managing-encrypted-secrets-for-dependabot.md similarity index 95% rename from translations/ja-JP/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/managing-encrypted-secrets-for-dependabot.md rename to translations/ja-JP/content/code-security/dependabot/working-with-dependabot/managing-encrypted-secrets-for-dependabot.md index 4f4bc4a4ab..942e049502 100644 --- a/translations/ja-JP/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/managing-encrypted-secrets-for-dependabot.md +++ b/translations/ja-JP/content/code-security/dependabot/working-with-dependabot/managing-encrypted-secrets-for-dependabot.md @@ -4,6 +4,7 @@ intro: 'パスワードアクセストークンなどの機密情報を、暗号 redirect_from: - /github/administering-a-repository/managing-encrypted-secrets-for-dependabot - /code-security/supply-chain-security/managing-encrypted-secrets-for-dependabot + - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/managing-encrypted-secrets-for-dependabot versions: fpt: '*' ghec: '*' @@ -33,7 +34,7 @@ password: ${{secrets.MY_ARTIFACTORY_PASSWORD}} ``` {% endraw %} -詳しい情報については、「[依存関係の更新の設定オプション](/github/administering-a-repository/configuration-options-for-dependency-updates#configuration-options-for-private-registries) 」を参照してください。 +For more information, see "[Configuration options for the dependabot.yml file](/github/administering-a-repository/configuration-options-for-dependency-updates#configuration-options-for-private-registries)." ### シークレットに名前を付ける diff --git a/translations/ja-JP/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/managing-pull-requests-for-dependency-updates.md b/translations/ja-JP/content/code-security/dependabot/working-with-dependabot/managing-pull-requests-for-dependency-updates.md similarity index 93% rename from translations/ja-JP/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/managing-pull-requests-for-dependency-updates.md rename to translations/ja-JP/content/code-security/dependabot/working-with-dependabot/managing-pull-requests-for-dependency-updates.md index de66c94282..8fd8a900e9 100644 --- a/translations/ja-JP/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/managing-pull-requests-for-dependency-updates.md +++ b/translations/ja-JP/content/code-security/dependabot/working-with-dependabot/managing-pull-requests-for-dependency-updates.md @@ -4,6 +4,7 @@ intro: '{% data variables.product.prodname_dependabot %} によって生成さ redirect_from: - /github/administering-a-repository/managing-pull-requests-for-dependency-updates - /code-security/supply-chain-security/managing-pull-requests-for-dependency-updates + - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/managing-pull-requests-for-dependency-updates versions: fpt: '*' ghec: '*' @@ -41,7 +42,7 @@ shortTitle: Dependabot PRの管理 ## {% data variables.product.prodname_dependabot %} Pull Requestのリベース戦略を変更する -デフォルトでは、{% data variables.product.prodname_dependabot %} は自動的にプルリクエストをリベースして競合を解決します。 マージの競合を手動で処理する場合は、`rebase-strategy` オプションを使用してこれを無効にできます。 詳細については、「[依存関係の更新の設定オプション](/github/administering-a-repository/configuration-options-for-dependency-updates#rebase-strategy) 」を参照してください。 +デフォルトでは、{% data variables.product.prodname_dependabot %} は自動的にプルリクエストをリベースして競合を解決します。 マージの競合を手動で処理する場合は、`rebase-strategy` オプションを使用してこれを無効にできます。 For details, see "[Configuration options for the dependabot.yml file](/github/administering-a-repository/configuration-options-for-dependency-updates#rebase-strategy)." ## {% data variables.product.prodname_dependabot %} Pull Requestをコメントコマンドで管理する @@ -62,4 +63,4 @@ shortTitle: Dependabot PRの管理 {% data variables.product.prodname_dependabot %}はコマンドを認識すると"thumbs up"の絵文字で反応し、Pull Requestのコメントで応答することがあります。 {% data variables.product.prodname_dependabot %}は通常すぐに反応しますが、コマンドによっては{% data variables.product.prodname_dependabot %}が他の更新やコマンドを処理するのに忙しい場合、完了に数分かかることがあります。 -依存関係やバージョンを無視するコマンドを実行すると、{% data variables.product.prodname_dependabot %} はリポジトリの設定を一元的に保存します。 これは簡単な解決策ですが、複数のコントリビューターがいるリポジトリの場合は、設定ファイルで無視する依存関係とバージョンを明示的に定義することをお勧めします。 これにより、特定の依存関係が自動的に更新されない理由をすべてのコントリビューターが簡単に確認できます。 詳しい情報については、「[依存関係の更新の設定オプション](/github/administering-a-repository/configuration-options-for-dependency-updates#ignore) 」を参照してください。 +依存関係やバージョンを無視するコマンドを実行すると、{% data variables.product.prodname_dependabot %} はリポジトリの設定を一元的に保存します。 これは簡単な解決策ですが、複数のコントリビューターがいるリポジトリの場合は、設定ファイルで無視する依存関係とバージョンを明示的に定義することをお勧めします。 これにより、特定の依存関係が自動的に更新されない理由をすべてのコントリビューターが簡単に確認できます。 For more information, see "[Configuration options for the dependabot.yml file](/github/administering-a-repository/configuration-options-for-dependency-updates#ignore)." diff --git a/translations/ja-JP/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/troubleshooting-dependabot-errors.md b/translations/ja-JP/content/code-security/dependabot/working-with-dependabot/troubleshooting-dependabot-errors.md similarity index 92% rename from translations/ja-JP/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/troubleshooting-dependabot-errors.md rename to translations/ja-JP/content/code-security/dependabot/working-with-dependabot/troubleshooting-dependabot-errors.md index f53f1f19ab..46de024e13 100644 --- a/translations/ja-JP/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/troubleshooting-dependabot-errors.md +++ b/translations/ja-JP/content/code-security/dependabot/working-with-dependabot/troubleshooting-dependabot-errors.md @@ -6,6 +6,7 @@ redirect_from: - /github/managing-security-vulnerabilities/troubleshooting-github-dependabot-errors - /github/managing-security-vulnerabilities/troubleshooting-dependabot-errors - /code-security/supply-chain-security/troubleshooting-dependabot-errors + - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/troubleshooting-dependabot-errors versions: fpt: '*' ghec: '*' @@ -76,7 +77,7 @@ To see the logs for any manifest file, click the **Last checked TIME ago** link, 依存関係を含むすべてのアプリケーションには、依存関係グラフ、つまり、アプリケーションが直接または間接的に依存するすべてのパッケージバージョンの有向非巡回グラフがあります。 依存関係が更新されるたびに、このグラフを解決する必要があります。解決しない場合、アプリケーションがビルドされません。 npm や RubyGems のように、エコシステムに深く複雑な依存関係グラフがある場合、エコシステム全体をアップグレードせずに単一の依存関係をアップグレードすることは不可能な場合があります。 -この問題を回避する最善策としては、たとえばバージョン更新を有効化するなどして、最新のリリースバージョンで最新の状態に保つことです。 これにより、依存関係グラフを壊さない単純なアップグレードで 1 つの依存関係の脆弱性を解決できる可能性が高くなります。 For more information, see "[Enabling and disabling {% data variables.product.prodname_dependabot %} version updates](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-dependabot-version-updates)." +この問題を回避する最善策としては、たとえばバージョン更新を有効化するなどして、最新のリリースバージョンで最新の状態に保つことです。 これにより、依存関係グラフを壊さない単純なアップグレードで 1 つの依存関係の脆弱性を解決できる可能性が高くなります。 For more information, see "[Configuring {% data variables.product.prodname_dependabot %} version updates](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-dependabot-version-updates)." ### 最新バージョンのオープンプルリクエストがすでに存在するため、{% data variables.product.prodname_dependabot %} を必要なバージョンに更新できない @@ -90,13 +91,13 @@ To see the logs for any manifest file, click the **Last checked TIME ago** link, これは対処が難しいエラーです。 バージョン更新がタイムアウトした場合は、`allow` パラメーターを使用して更新する最も重要な依存関係を指定するか、または、`ignore` パラメーターを使用して更新から一部の依存関係を除外できます。 設定を更新すると、{% data variables.product.prodname_dependabot %} がバージョンの更新を確認し、利用可能な時間内にプルリクエストを生成できます。 -セキュリティアップデートがタイムアウトする場合、たとえばバージョン更新を有効にするなどして依存関係を最新に保つことで、タイムアウトが発生する可能性を減らすことができます。 For more information, see "[Enabling and disabling {% data variables.product.prodname_dependabot %} version updates](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-dependabot-version-updates)." +セキュリティアップデートがタイムアウトする場合、たとえばバージョン更新を有効にするなどして依存関係を最新に保つことで、タイムアウトが発生する可能性を減らすことができます。 For more information, see "[Configuring {% data variables.product.prodname_dependabot %} version updates](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-dependabot-version-updates)." ### {% data variables.product.prodname_dependabot %} で追加のプルリクエストをオープンできない {% data variables.product.prodname_dependabot %} が生成するオープンプルリクエスト数には制限があります。 上限に達すると、新しいプルリクエストはオープンされず、このエラーが報告されます。 エラーを解決する最善策として、複数のオープンプルリクエストを確認してマージします。 -セキュリティアップデートとバージョン更新のプルリクエストには個別の制限があるため、オープンなバージョン更新のプルリクエストがセキュリティアップデートのプルリクエストの作成をブロックすることはできません。 セキュリティアップデートのプルリクエストの上限は 10 件です。 デフォルトではバージョン更新の上限は 5 件ですが、設定ファイルの `open-pull-requests-limit` パラメータを使用して変更できます。 詳しい情報については、「[依存関係の更新の設定オプション](/github/administering-a-repository/configuration-options-for-dependency-updates#open-pull-requests-limit) 」を参照してください。 +セキュリティアップデートとバージョン更新のプルリクエストには個別の制限があるため、オープンなバージョン更新のプルリクエストがセキュリティアップデートのプルリクエストの作成をブロックすることはできません。 セキュリティアップデートのプルリクエストの上限は 10 件です。 デフォルトではバージョン更新の上限は 5 件ですが、設定ファイルの `open-pull-requests-limit` パラメータを使用して変更できます。 For more information, see "[Configuration options for the dependabot.yml file](/github/administering-a-repository/configuration-options-for-dependency-updates#open-pull-requests-limit)." このエラーを解決する最善策として、既存のプルリクエストの一部をマージまたはクローズして、新しいプルリクエストを手動でトリガーします。 詳しい情報については、「[{% data variables.product.prodname_dependabot %} のプルリクエストを手動でトリガーする](#triggering-a-dependabot-pull-request-manually)」を参照してください。 @@ -121,3 +122,8 @@ To see the logs for any manifest file, click the **Last checked TIME ago** link, - **セキュリティアップデート** — 修正済みのエラーを示す {% data variables.product.prodname_dependabot %} アラートを表示します。[**Create {% data variables.product.prodname_dependabot %} security update**] をクリックします。 - **バージョン更新** — リポジトリの [**Insights**] タブで、[**Dependency graph**] をクリックし、[**Dependabot**] タブをクリックします。 [**Last checked *TIME* ago**] をクリックして、バージョン更新の最終チェック中に {% data variables.product.prodname_dependabot %} が生成したログファイルを表示します。 [**Check for updates**] をクリックします。 + +## 参考リンク + +- "[Troubleshooting the dependency graph](/code-security/supply-chain-security/understanding-your-software-supply-chain/troubleshooting-the-dependency-graph)" +- 「[脆弱性のある依存関係の検出のトラブルシューティング](/code-security/dependabot/working-with-dependabot/troubleshooting-the-detection-of-vulnerable-dependencies)」 diff --git a/translations/ja-JP/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/troubleshooting-the-detection-of-vulnerable-dependencies.md b/translations/ja-JP/content/code-security/dependabot/working-with-dependabot/troubleshooting-the-detection-of-vulnerable-dependencies.md similarity index 70% rename from translations/ja-JP/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/troubleshooting-the-detection-of-vulnerable-dependencies.md rename to translations/ja-JP/content/code-security/dependabot/working-with-dependabot/troubleshooting-the-detection-of-vulnerable-dependencies.md index 4a967cf2fb..722d2e48bd 100644 --- a/translations/ja-JP/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/troubleshooting-the-detection-of-vulnerable-dependencies.md +++ b/translations/ja-JP/content/code-security/dependabot/working-with-dependabot/troubleshooting-the-detection-of-vulnerable-dependencies.md @@ -1,10 +1,11 @@ --- title: Troubleshooting the detection of vulnerable dependencies intro: 'If the dependency information reported by {% data variables.product.product_name %} is not what you expected, there are a number of points to consider, and various things you can check.' -shortTitle: Troubleshoot detection +shortTitle: Troubleshoot vulnerability detection redirect_from: - /github/managing-security-vulnerabilities/troubleshooting-the-detection-of-vulnerable-dependencies - /code-security/supply-chain-security/troubleshooting-the-detection-of-vulnerable-dependencies + - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/troubleshooting-the-detection-of-vulnerable-dependencies versions: fpt: '*' ghes: '*' @@ -19,26 +20,31 @@ topics: - Security updates - Dependencies - Vulnerabilities - - Dependency graph - - Alerts - CVEs - Repositories --- {% data reusables.dependabot.beta-security-and-version-updates %} - -The results of dependency detection reported by {% data variables.product.product_name %} may be different from the results returned by other tools. There are good reasons for this and it's helpful to understand how {% data variables.product.prodname_dotcom %} determines dependencies for your project. +{% data reusables.dependabot.result-discrepancy %} ## Why do some dependencies seem to be missing? {% data variables.product.prodname_dotcom %} generates and displays dependency data differently than other tools. Consequently, if you've been using another tool to identify dependencies you will almost certainly see different results. Consider the following: * {% data variables.product.prodname_advisory_database %} is one of the data sources that {% data variables.product.prodname_dotcom %} uses to identify vulnerable dependencies. It's a free, curated database of vulnerability information for common package ecosystems on {% data variables.product.prodname_dotcom %}. It includes both data reported directly to {% data variables.product.prodname_dotcom %} from {% data variables.product.prodname_security_advisories %}, as well as official feeds and community sources. This data is reviewed and curated by {% data variables.product.prodname_dotcom %} to ensure that false or unactionable information is not shared with the development community. {% data reusables.security-advisory.link-browsing-advisory-db %} -* The dependency graph parses all known package manifest files in a user’s repository. For example, for npm it will parse the _package-lock.json_ file. It constructs a graph of all of the repository’s dependencies and public dependents. This happens when you enable the dependency graph and when anyone pushes to the default branch, and it includes commits that makes changes to a supported manifest format. For more information, see "[About the dependency graph](/github/visualizing-repository-data-with-graphs/about-the-dependency-graph)." -* {% data variables.product.prodname_dependabot %} scans any push, to the default branch, that contains a manifest file. When a new vulnerability record is added, it scans all existing repositories and generates an alert for each vulnerable repository. {% data variables.product.prodname_dependabot_alerts %} are aggregated at the repository level, rather than creating one alert per vulnerability. For more information, see "[About alerts for vulnerable dependencies](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)." +* The dependency graph parses all known package manifest files in a user’s repository. For example, for npm it will parse the _package-lock.json_ file. It constructs a graph of all of the repository’s dependencies and public dependents. This happens when you enable the dependency graph and when anyone pushes to the default branch, and it includes commits that makes changes to a supported manifest format. For more information, see "[About the dependency graph](/github/visualizing-repository-data-with-graphs/about-the-dependency-graph)" and "[Troubleshooting the dependency graph](/code-security/supply-chain-security/understanding-your-software-supply-chain/troubleshooting-the-dependency-graph)." +* {% data variables.product.prodname_dependabot %} scans any push, to the default branch, that contains a manifest file. When a new vulnerability record is added, it scans all existing repositories and generates an alert for each vulnerable repository. {% data variables.product.prodname_dependabot_alerts %} are aggregated at the repository level, rather than creating one alert per vulnerability. For more information, see "[About {% data variables.product.prodname_dependabot_alerts %}](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)." * {% ifversion fpt or ghec or ghes > 3.2 %}{% data variables.product.prodname_dependabot_security_updates %} are triggered when you receive an alert about a vulnerable dependency in your repository. Where possible, {% data variables.product.prodname_dependabot %} creates a pull request in your repository to upgrade the vulnerable dependency to the minimum possible secure version needed to avoid the vulnerability. For more information, see "[About {% data variables.product.prodname_dependabot_security_updates %}](/github/managing-security-vulnerabilities/about-dependabot-security-updates)" and "[Troubleshooting {% data variables.product.prodname_dependabot %} errors](/github/managing-security-vulnerabilities/troubleshooting-dependabot-errors)." - {% endif %}{% data variables.product.prodname_dependabot %} doesn't scan repositories for vulnerable dependencies on a schedule, but rather when something changes. For example, a scan is triggered when a new dependency is added ({% data variables.product.prodname_dotcom %} checks for this on every push), or when a new vulnerability is added to the advisory database{% ifversion ghes or ghae-issue-4864 %} and synchronized to {% data variables.product.product_location %}{% endif %}. For more information, see "[About alerts for vulnerable dependencies](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies#detection-of-vulnerable-dependencies)." + {% endif %}{% data variables.product.prodname_dependabot %} doesn't scan repositories for vulnerable dependencies on a schedule, but rather when something changes. For example, a scan is triggered when a new dependency is added ({% data variables.product.prodname_dotcom %} checks for this on every push), or when a new vulnerability is added to the advisory database{% ifversion ghes or ghae-issue-4864 %} and synchronized to {% data variables.product.product_location %}{% endif %}. For more information, see "[About {% data variables.product.prodname_dependabot_alerts %}](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies#detection-of-vulnerable-dependencies)." + +## Do {% data variables.product.prodname_dependabot_alerts %} only relate to vulnerable dependencies in manifests and lockfiles? + +{% data variables.product.prodname_dependabot_alerts %} advise you about dependencies you should update, including transitive dependencies, where the version can be determined from a manifest or a lockfile. {% ifversion fpt or ghec or ghes > 3.2 %}{% data variables.product.prodname_dependabot_security_updates %} only suggest a change where {% data variables.product.prodname_dependabot %} can directly "fix" the dependency, that is, when these are: +* Direct dependencies explicitly declared in a manifest or lockfile +* Transitive dependencies declared in a lockfile{% endif %} + +**Check**: Is the uncaught vulnerability for a component that's not specified in the repository's manifest or lockfile? ## Why don't I get vulnerability alerts for some ecosystems? @@ -48,44 +54,6 @@ It's worth noting that {% data variables.product.prodname_dotcom %} Security Adv **Check**: Does the uncaught vulnerability apply to an unsupported ecosystem? -## Does the dependency graph only find dependencies in manifests and lockfiles? - -The dependency graph includes information on dependencies that are explicitly declared in your environment. That is, dependencies that are specified in a manifest or a lockfile. The dependency graph generally also includes transitive dependencies, even when they aren't specified in a lockfile, by looking at the dependencies of the dependencies in a manifest file. - -{% data variables.product.prodname_dependabot_alerts %} advise you about dependencies you should update, including transitive dependencies, where the version can be determined from a manifest or a lockfile. {% ifversion fpt or ghec or ghes > 3.2 %}{% data variables.product.prodname_dependabot_security_updates %} only suggest a change where {% data variables.product.prodname_dependabot %} can directly "fix" the dependency, that is, when these are: -* Direct dependencies explicitly declared in a manifest or lockfile -* Transitive dependencies declared in a lockfile{% endif %} - -The dependency graph doesn't include "loose" dependencies. "Loose" dependencies are individual files that are copied from another source and checked into the repository directly or within an archive (such as a ZIP or JAR file), rather than being referenced by in a package manager’s manifest or lockfile. - -**Check**: Is the uncaught vulnerability for a component that's not specified in the repository's manifest or lockfile? - -## Does the dependency graph detect dependencies specified using variables? - -The dependency graph analyzes manifests as they’re pushed to {% data variables.product.prodname_dotcom %}. The dependency graph doesn't, therefore, have access to the build environment of the project, so it can't resolve variables used within manifests. If you use variables within a manifest to specify the name, or more commonly the version of a dependency, then that dependency will not be included in the dependency graph. - -**Check**: Is the missing dependency declared in the manifest by using a variable for its name or version? - -## Are there limits which affect the dependency graph data? - -Yes, the dependency graph has two categories of limits: - -1. **Processing limits** - - These affect the dependency graph displayed within {% data variables.product.prodname_dotcom %} and also prevent {% data variables.product.prodname_dependabot_alerts %} being created. - - Manifests over 0.5 MB in size are only processed for enterprise accounts. For other accounts, manifests over 0.5 MB are ignored and will not create {% data variables.product.prodname_dependabot_alerts %}. - - By default, {% data variables.product.prodname_dotcom %} will not process more than 20 manifests per repository. {% data variables.product.prodname_dependabot_alerts %} are not created for manifests beyond this limit. If you need to increase the limit, contact {% data variables.contact.contact_support %}. - -2. **Visualization limits** - - These affect what's displayed in the dependency graph within {% data variables.product.prodname_dotcom %}. However, they don't affect the {% data variables.product.prodname_dependabot_alerts %} that are created. - - The Dependencies view of the dependency graph for a repository only displays 100 manifests. Typically this is adequate as it is significantly higher than the processing limit described above. In situations where the processing limit is over 100, {% data variables.product.prodname_dependabot_alerts %} are still created for any manifests that are not shown within {% data variables.product.prodname_dotcom %}. - -**Check**: Is the missing dependency in a manifest file that's over 0.5 MB, or in a repository with a large number of manifests? - ## Does {% data variables.product.prodname_dependabot %} generate alerts for vulnerabilities that have been known for many years? The {% data variables.product.prodname_advisory_database %} was launched in November 2019, and initially back-filled to include vulnerability information for the supported ecosystems, starting from 2017. When adding CVEs to the database, we prioritize curating newer CVEs, and CVEs affecting newer versions of software. @@ -118,7 +86,8 @@ The {% data variables.product.prodname_dependabot_alerts %} count in {% data var ## Further reading -- "[About alerts for vulnerable dependencies](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)" -- "[Viewing and updating vulnerable dependencies in your repository](/github/managing-security-vulnerabilities/viewing-and-updating-vulnerable-dependencies-in-your-repository)" -- "[Managing security and analysis settings for your repository](/github/administering-a-repository/managing-security-and-analysis-settings-for-your-repository)"{% ifversion fpt or ghec or ghes > 3.2 %} +- "[About {% data variables.product.prodname_dependabot_alerts %}](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)" +- "[Viewing {% data variables.product.prodname_dependabot_alerts %} for vulnerable dependencies](/github/managing-security-vulnerabilities/viewing-and-updating-vulnerable-dependencies-in-your-repository)" +- "[Managing security and analysis settings for your repository](/github/administering-a-repository/managing-security-and-analysis-settings-for-your-repository)" +- "[Troubleshooting the dependency graph](/code-security/supply-chain-security/understanding-your-software-supply-chain/troubleshooting-the-dependency-graph)"{% ifversion fpt or ghec or ghes > 3.2 %} - "[Troubleshooting {% data variables.product.prodname_dependabot %} errors](/github/managing-security-vulnerabilities/troubleshooting-dependabot-errors)"{% endif %} diff --git a/translations/ja-JP/content/code-security/getting-started/github-security-features.md b/translations/ja-JP/content/code-security/getting-started/github-security-features.md index 55bf4818a6..bdb89559b4 100644 --- a/translations/ja-JP/content/code-security/getting-started/github-security-features.md +++ b/translations/ja-JP/content/code-security/getting-started/github-security-features.md @@ -37,7 +37,7 @@ topics: ### {% data variables.product.prodname_dependabot_alerts %} およびセキュリティアップデート -セキュリティの脆弱性を含むことを把握している依存関係に関するアラートを表示し、プルリクエストを自動的に生成してこれらの依存関係を更新するかどうかを選択します。 詳しい情報については、「[脆弱性のある依存関係に対するアラートについて](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)」 および「[{% data variables.product.prodname_dependabot_security_updates %} について](/github/managing-security-vulnerabilities/about-dependabot-security-updates)」を参照してください。 +セキュリティの脆弱性を含むことを把握している依存関係に関するアラートを表示し、プルリクエストを自動的に生成してこれらの依存関係を更新するかどうかを選択します。 For more information, see "[About {% data variables.product.prodname_dependabot_alerts %}](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)" and "[About {% data variables.product.prodname_dependabot_security_updates %}](/github/managing-security-vulnerabilities/about-dependabot-security-updates)." {% endif %} {% ifversion ghes < 3.3 or ghae-issue-4864 %} @@ -45,7 +45,7 @@ topics: {% data reusables.dependabot.dependabot-alerts-beta %} -セキュリティの脆弱性を含むことを把握している依存関係に関するアラートを表示し、それらのアラートを管理します。 詳しい情報については、「[脆弱性のある依存関係に対するアラートについて](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)」を参照してください。 +セキュリティの脆弱性を含むことを把握している依存関係に関するアラートを表示し、それらのアラートを管理します。 詳しい情報については、「[{% data variables.product.prodname_dependabot_alerts %} について](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)」を参照してください。 {% endif %} {% ifversion fpt or ghec or ghes > 3.2 %} diff --git a/translations/ja-JP/content/code-security/getting-started/securing-your-organization.md b/translations/ja-JP/content/code-security/getting-started/securing-your-organization.md index bd40761fce..667abbef44 100644 --- a/translations/ja-JP/content/code-security/getting-started/securing-your-organization.md +++ b/translations/ja-JP/content/code-security/getting-started/securing-your-organization.md @@ -48,7 +48,7 @@ You can create a default security policy that will display in any of your organi {% data reusables.dependabot.dependabot-alerts-beta %} {% data reusables.dependabot.dependabot-alerts-dependency-graph-enterprise %} -For more information, see "[About alerts for vulnerable dependencies](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)," "[Exploring the dependencies of a repository](/code-security/supply-chain-security/exploring-the-dependencies-of-a-repository#enabling-and-disabling-the-dependency-graph-for-a-private-repository)," and "[Managing security and analysis settings for your organization](/organizations/keeping-your-organization-secure/managing-security-and-analysis-settings-for-your-organization)." +For more information, see "[About {% data variables.product.prodname_dependabot_alerts %}](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)," "[Exploring the dependencies of a repository](/code-security/supply-chain-security/exploring-the-dependencies-of-a-repository#enabling-and-disabling-the-dependency-graph-for-a-private-repository)," and "[Managing security and analysis settings for your organization](/organizations/keeping-your-organization-secure/managing-security-and-analysis-settings-for-your-organization)." {% endif %} {% ifversion fpt or ghes > 3.1 or ghae-issue-4864 or ghec %} @@ -79,7 +79,7 @@ For more information, see "[About {% data variables.product.prodname_dependabot_ You can enable {% data variables.product.prodname_dependabot %} to automatically raise pull requests to keep your dependencies up-to-date. For more information, see "[About {% data variables.product.prodname_dependabot_version_updates %}](/code-security/supply-chain-security/about-dependabot-version-updates)." -To enable {% data variables.product.prodname_dependabot_version_updates %}, you must create a *dependabot.yml* configuration file. For more information, see "[Enabling and disabling {% data variables.product.prodname_dependabot %} version updates](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-dependabot-version-updates)." +To enable {% data variables.product.prodname_dependabot_version_updates %}, you must create a *dependabot.yml* configuration file. For more information, see "[Configuring {% data variables.product.prodname_dependabot %} version updates](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-dependabot-version-updates)." {% endif %} @@ -135,7 +135,7 @@ For more information, see "[Managing security and analysis settings for your org ## Next steps {% ifversion fpt or ghes > 3.1 or ghec %}You can view, filter, and sort security alerts for repositories owned by your organization in the security overview. For more information, see "[About the security overview](/code-security/security-overview/about-the-security-overview)."{% endif %} -You can view and manage alerts from security features to address dependencies and vulnerabilities in your code. For more information, see {% ifversion fpt or ghes or ghec %} "[Viewing and updating vulnerable dependencies in your repository](/code-security/supply-chain-security/viewing-and-updating-vulnerable-dependencies-in-your-repository),"{% endif %} {% ifversion fpt or ghec or ghes > 3.2 %}"[Managing pull requests for dependency updates](/code-security/supply-chain-security/managing-pull-requests-for-dependency-updates)," {% endif %}"[Managing {% data variables.product.prodname_code_scanning %} for your repository](/code-security/secure-coding/managing-code-scanning-alerts-for-your-repository)," and "[Managing alerts from {% data variables.product.prodname_secret_scanning %}](/code-security/secret-security/managing-alerts-from-secret-scanning)." +You can view and manage alerts from security features to address dependencies and vulnerabilities in your code. For more information, see {% ifversion fpt or ghes or ghec %} "[Viewing {% data variables.product.prodname_dependabot_alerts %} for vulnerable dependencies](/code-security/supply-chain-security/viewing-and-updating-vulnerable-dependencies-in-your-repository),"{% endif %} {% ifversion fpt or ghec or ghes > 3.2 %}"[Managing pull requests for dependency updates](/code-security/supply-chain-security/managing-pull-requests-for-dependency-updates)," {% endif %}"[Managing {% data variables.product.prodname_code_scanning %} for your repository](/code-security/secure-coding/managing-code-scanning-alerts-for-your-repository)," and "[Managing alerts from {% data variables.product.prodname_secret_scanning %}](/code-security/secret-security/managing-alerts-from-secret-scanning)." {% ifversion fpt or ghec %}If you have a security vulnerability, you can create a security advisory to privately discuss and fix the vulnerability. For more information, see "[About {% data variables.product.prodname_security_advisories %}](/code-security/security-advisories/about-github-security-advisories)" and "[Creating a security advisory](/code-security/security-advisories/creating-a-security-advisory)." {% endif %} diff --git a/translations/ja-JP/content/code-security/getting-started/securing-your-repository.md b/translations/ja-JP/content/code-security/getting-started/securing-your-repository.md index 293eb3185b..1073b342f8 100644 --- a/translations/ja-JP/content/code-security/getting-started/securing-your-repository.md +++ b/translations/ja-JP/content/code-security/getting-started/securing-your-repository.md @@ -75,7 +75,7 @@ For more information, see "[Exploring the dependencies of a repository](/code-se {% data reusables.dependabot.dependabot-alerts-beta %} {% data reusables.dependabot.dependabot-alerts-dependency-graph-enterprise %} -For more information, see "[About alerts for vulnerable dependencies](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies){% ifversion fpt or ghec %}" and "[Managing security and analysis settings for your user account](/github/setting-up-and-managing-your-github-user-account/managing-security-and-analysis-settings-for-your-user-account){% endif %}." +For more information, see "[About {% data variables.product.prodname_dependabot_alerts %}](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies){% ifversion fpt or ghec %}" and "[Managing security and analysis settings for your user account](/github/setting-up-and-managing-your-github-user-account/managing-security-and-analysis-settings-for-your-user-account){% endif %}." {% endif %} @@ -111,7 +111,7 @@ For more information, see "[About {% data variables.product.prodname_dependabot_ You can enable {% data variables.product.prodname_dependabot %} to automatically raise pull requests to keep your dependencies up-to-date. For more information, see "[About {% data variables.product.prodname_dependabot_version_updates %}](/code-security/supply-chain-security/about-dependabot-version-updates)." -To enable {% data variables.product.prodname_dependabot_version_updates %}, you must create a *dependabot.yml* configuration file. For more information, see "[Enabling and disabling {% data variables.product.prodname_dependabot %} version updates](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-dependabot-version-updates)." +To enable {% data variables.product.prodname_dependabot_version_updates %}, you must create a *dependabot.yml* configuration file. For more information, see "[Configuring {% data variables.product.prodname_dependabot %} version updates](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-dependabot-version-updates)." {% endif %} @@ -132,7 +132,7 @@ You can set up {% data variables.product.prodname_code_scanning %} to automatica {% endif %} ## Next steps -You can view and manage alerts from security features to address dependencies and vulnerabilities in your code. For more information, see {% ifversion fpt or ghes or ghec %} "[Viewing and updating vulnerable dependencies in your repository](/code-security/supply-chain-security/viewing-and-updating-vulnerable-dependencies-in-your-repository),"{% endif %} {% ifversion fpt or ghec or ghes > 3.2 %}"[Managing pull requests for dependency updates](/code-security/supply-chain-security/managing-pull-requests-for-dependency-updates)," {% endif %}"[Managing {% data variables.product.prodname_code_scanning %} for your repository](/code-security/secure-coding/managing-code-scanning-alerts-for-your-repository)," and "[Managing alerts from {% data variables.product.prodname_secret_scanning %}](/code-security/secret-security/managing-alerts-from-secret-scanning)." +You can view and manage alerts from security features to address dependencies and vulnerabilities in your code. For more information, see {% ifversion fpt or ghes or ghec %} "[Viewing {% data variables.product.prodname_dependabot_alerts %} for vulnerable dependencies](/code-security/supply-chain-security/viewing-and-updating-vulnerable-dependencies-in-your-repository),"{% endif %} {% ifversion fpt or ghec or ghes > 3.2 %}"[Managing pull requests for dependency updates](/code-security/supply-chain-security/managing-pull-requests-for-dependency-updates)," {% endif %}"[Managing {% data variables.product.prodname_code_scanning %} for your repository](/code-security/secure-coding/managing-code-scanning-alerts-for-your-repository)," and "[Managing alerts from {% data variables.product.prodname_secret_scanning %}](/code-security/secret-security/managing-alerts-from-secret-scanning)." {% ifversion fpt or ghec %}If you have a security vulnerability, you can create a security advisory to privately discuss and fix the vulnerability. For more information, see "[About {% data variables.product.prodname_security_advisories %}](/code-security/security-advisories/about-github-security-advisories)" and "[Creating a security advisory](/code-security/security-advisories/creating-a-security-advisory)." {% endif %} diff --git a/translations/ja-JP/content/code-security/guides.md b/translations/ja-JP/content/code-security/guides.md index 75e6b0fd26..a0e505f267 100644 --- a/translations/ja-JP/content/code-security/guides.md +++ b/translations/ja-JP/content/code-security/guides.md @@ -75,7 +75,6 @@ includeGuides: - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/managing-pull-requests-for-dependency-updates - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-alerts-for-vulnerable-dependencies - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-dependabot-security-updates - - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-managing-vulnerable-dependencies - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/browsing-security-vulnerabilities-in-the-github-advisory-database - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/editing-security-advisories-in-the-github-advisory-database - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/configuring-dependabot-security-updates diff --git a/translations/ja-JP/content/code-security/index.md b/translations/ja-JP/content/code-security/index.md index 19f3861138..e7248afec2 100644 --- a/translations/ja-JP/content/code-security/index.md +++ b/translations/ja-JP/content/code-security/index.md @@ -54,6 +54,7 @@ children: - /code-scanning - /repository-security-advisories - /supply-chain-security + - /dependabot - /security-overview - /guides --- diff --git a/translations/ja-JP/content/code-security/security-overview/about-the-security-overview.md b/translations/ja-JP/content/code-security/security-overview/about-the-security-overview.md index 6bbc0ee124..d4a6e3f020 100644 --- a/translations/ja-JP/content/code-security/security-overview/about-the-security-overview.md +++ b/translations/ja-JP/content/code-security/security-overview/about-the-security-overview.md @@ -28,7 +28,7 @@ shortTitle: About security overview セキュリティの概要は、Organizationのセキュリティの状況の高レベルでの表示、あるいは介入が必要な問題のあるリポジトリを特定するために利用できます。 You can view aggregate or repository-specific security information in the security overview. You can also use the security overview to see which security features are enabled for your repositories and to configure any available security features that are not currently in use. -The security overview indicates whether {% ifversion fpt or ghes > 3.1 or ghec %}security{% endif %}{% ifversion ghae %}{% data variables.product.prodname_GH_advanced_security %}{% endif %} features are enabled for repositories owned by your organization and consolidates alerts for each feature.{% ifversion fpt or ghes > 3.1 or ghec %} Security features include {% data variables.product.prodname_GH_advanced_security %} features, such as {% data variables.product.prodname_code_scanning %} and {% data variables.product.prodname_secret_scanning %}, as well as {% data variables.product.prodname_dependabot_alerts %}.{% endif %} For more information about {% data variables.product.prodname_GH_advanced_security %} features, see "[About {% data variables.product.prodname_GH_advanced_security %}](/get-started/learning-about-github/about-github-advanced-security)."{% ifversion fpt or ghes > 3.1 or ghec %} For more information about {% data variables.product.prodname_dependabot_alerts %}, see "[About alerts for vulnerable dependencies](/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-alerts-for-vulnerable-dependencies#dependabot-alerts-for-vulnerable-dependencies)."{% endif %} +The security overview indicates whether {% ifversion fpt or ghes > 3.1 or ghec %}security{% endif %}{% ifversion ghae %}{% data variables.product.prodname_GH_advanced_security %}{% endif %} features are enabled for repositories owned by your organization and consolidates alerts for each feature.{% ifversion fpt or ghes > 3.1 or ghec %} Security features include {% data variables.product.prodname_GH_advanced_security %} features, such as {% data variables.product.prodname_code_scanning %} and {% data variables.product.prodname_secret_scanning %}, as well as {% data variables.product.prodname_dependabot_alerts %}.{% endif %} For more information about {% data variables.product.prodname_GH_advanced_security %} features, see "[About {% data variables.product.prodname_GH_advanced_security %}](/get-started/learning-about-github/about-github-advanced-security)."{% ifversion fpt or ghes > 3.1 or ghec %} For more information about {% data variables.product.prodname_dependabot_alerts %}, see "[About {% data variables.product.prodname_dependabot_alerts %}](/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-alerts-for-vulnerable-dependencies#dependabot-alerts-for-vulnerable-dependencies)."{% endif %} For more information about securing your code at the repository and organization levels, see "[Securing your repository](/code-security/getting-started/securing-your-repository)" and "[Securing your organization](/code-security/getting-started/securing-your-organization)." @@ -50,13 +50,13 @@ For each repository in the security overview, you will see icons for each type o ![セキュリティの概要中のアイコン](/assets/images/help/organizations/security-overview-icons.png) -| アイコン | 意味 | -| ------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| {% octicon "code-square" aria-label="Code scanning alerts" %} | {% data variables.product.prodname_code_scanning_capc %} アラート. 詳しい情報については「[{% data variables.product.prodname_code_scanning %}について](/code-security/secure-coding/about-code-scanning)」を参照してください。 | -| {% octicon "key" aria-label="Secret scanning alerts" %} | {% data variables.product.prodname_secret_scanning_caps %} アラート. 詳しい情報については「[{% data variables.product.prodname_secret_scanning %}について](/code-security/secret-security/about-secret-scanning)」を参照してください。 | -| {% octicon "hubot" aria-label="Dependabot alerts" %} | {% data variables.product.prodname_dependabot_alerts %}について受ける方法は、カスタマイズできます。 詳しい情報については、「[脆弱性のある依存関係に対するアラートについて](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)」を参照してください。 | -| {% octicon "check" aria-label="Check" %} | The security feature is enabled, but does not raise alerts in this repository. | -| {% octicon "x" aria-label="x" %} | The security feature is not supported in this repository. | +| アイコン | 意味 | +| ------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| {% octicon "code-square" aria-label="Code scanning alerts" %} | {% data variables.product.prodname_code_scanning_capc %} アラート. 詳しい情報については「[{% data variables.product.prodname_code_scanning %}について](/code-security/secure-coding/about-code-scanning)」を参照してください。 | +| {% octicon "key" aria-label="Secret scanning alerts" %} | {% data variables.product.prodname_secret_scanning_caps %} アラート. 詳しい情報については「[{% data variables.product.prodname_secret_scanning %}について](/code-security/secret-security/about-secret-scanning)」を参照してください。 | +| {% octicon "hubot" aria-label="Dependabot alerts" %} | {% data variables.product.prodname_dependabot_alerts %}について受ける方法は、カスタマイズできます。 For more information, see "[About {% data variables.product.prodname_dependabot_alerts %}](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)." | +| {% octicon "check" aria-label="Check" %} | The security feature is enabled, but does not raise alerts in this repository. | +| {% octicon "x" aria-label="x" %} | The security feature is not supported in this repository. | The security overview displays active alerts raised by security features. リポジトリに対してセキュリティの概要でアラートがない場合でも、検出されていないセキュリティ脆弱性やコードのエラーは存在するかもしれません。 diff --git a/translations/ja-JP/content/code-security/supply-chain-security/index.md b/translations/ja-JP/content/code-security/supply-chain-security/index.md index 69c78b07b7..93a4d082a9 100644 --- a/translations/ja-JP/content/code-security/supply-chain-security/index.md +++ b/translations/ja-JP/content/code-security/supply-chain-security/index.md @@ -16,8 +16,6 @@ topics: - Repositories children: - /understanding-your-software-supply-chain - - /keeping-your-dependencies-updated-automatically - - /managing-vulnerabilities-in-your-projects-dependencies - /end-to-end-supply-chain --- diff --git a/translations/ja-JP/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/index.md b/translations/ja-JP/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/index.md deleted file mode 100644 index 96d217d37f..0000000000 --- a/translations/ja-JP/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/index.md +++ /dev/null @@ -1,29 +0,0 @@ ---- -title: 依存関係を自動的に更新する -intro: '{% data variables.product.prodname_dependabot %} はリポジトリの依存関係を自動的に維持することができます。' -redirect_from: - - /github/administering-a-repository/keeping-your-dependencies-updated-automatically -versions: - fpt: '*' - ghec: '*' - ghes: '>3.2' -topics: - - Repositories - - Dependabot - - Version updates - - Dependencies - - Pull requests -children: - - /about-dependabot-version-updates - - /enabling-and-disabling-dependabot-version-updates - - /listing-dependencies-configured-for-version-updates - - /managing-pull-requests-for-dependency-updates - - /automating-dependabot-with-github-actions - - /managing-encrypted-secrets-for-dependabot - - /customizing-dependency-updates - - /configuration-options-for-dependency-updates - - /keeping-your-actions-up-to-date-with-dependabot -shortTitle: 依存関係の自動更新 ---- - -{% data reusables.dependabot.beta-security-and-version-updates %} diff --git a/translations/ja-JP/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-managing-vulnerable-dependencies.md b/translations/ja-JP/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-managing-vulnerable-dependencies.md deleted file mode 100644 index 23eab349d8..0000000000 --- a/translations/ja-JP/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-managing-vulnerable-dependencies.md +++ /dev/null @@ -1,46 +0,0 @@ ---- -title: 脆弱性のある依存関係の管理について -intro: '{% data variables.product.product_name %} は、既知の脆弱性を含むサードパーティソフトウェアの使用を回避するのに役立ちます。' -redirect_from: - - /github/managing-security-vulnerabilities/about-managing-vulnerable-dependencies - - /code-security/supply-chain-security/about-managing-vulnerable-dependencies -versions: - fpt: '*' - ghes: '>=3.2' - ghae: issue-4864 - ghec: '*' -type: overview -topics: - - Dependabot - - Dependency graph - - Dependency review - - Vulnerabilities - - Repositories - - Dependencies - - Pull requests -shortTitle: 脆弱性のある依存関係 ---- - - - -{% data variables.product.product_name %} は、脆弱性のある依存関係を削除および回避するための次のツールを提供しています。 - -## 依存関係グラフ -依存関係グラフは、リポジトリに保存されているマニフェストファイルおよびロックファイルのサマリーです。 コードベースが依存するエコシステムとパッケージ(依存関係)、およびプロジェクトに依存するリポジトリとパッケージ(依存関係)が表示されます。 依存関係グラフの情報は、依存関係のレビューと {% data variables.product.prodname_dependabot %} によって使用されます。 詳しい情報については、「[依存関係グラフについて](/github/visualizing-repository-data-with-graphs/about-the-dependency-graph)」を参照してください。 - -## 依存関係のレビュー - -{% data reusables.dependency-review.beta %} - -プルリクエストの依存関係のレビューを確認することで、依存関係からコードベースに脆弱性が発生するのを防ぐことができます。 プルリクエストが脆弱性のある依存関係を追加したり、依存関係を脆弱性のあるバージョンに変更した場合、これは依存関係のレビューで強調表示されます。 プルリクエストをマージする前に、依存関係をパッチを適用したバージョンに変更できます。 詳しい情報については「[依存関係のレビュー](/code-security/supply-chain-security/about-dependency-review)」を参照してください。 - -## {% data variables.product.prodname_dependabot_alerts %} -リポジトリ内の脆弱性のある依存関係を検出すると、{% data variables.product.product_name %} は {% data variables.product.prodname_dependabot_alerts %} を作成できます。 アラートは、リポジトリの [Security] タブに表示されます。 アラートには、プロジェクト内で影響を受けるファイルへのリンクと、修正バージョンに関する情報が含まれています。 {% data variables.product.product_name %} は、通知設定に従って、リポジトリのメンテナにも通知します。 詳しい情報については、「[脆弱性のある依存関係に対するアラートについて](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)」を参照してください。 - -{% ifversion fpt or ghec or ghes > 3.2 %} -## {% data variables.product.prodname_dependabot_security_updates %} -{% data variables.product.product_name %} がリポジトリ内の脆弱性のある依存関係に対して {% data variables.product.prodname_dependabot %} アラートが発生すると、{% data variables.product.prodname_dependabot %} は自動的にそれを修正しようとします。 {% data variables.product.prodname_dependabot_security_updates %} は、脆弱性のある依存関係を修正バージョンに更新するプルリクエストを自動的に生成します。 詳しい情報については、「[{% data variables.product.prodname_dependabot_security_updates %} について](/github/managing-security-vulnerabilities/about-dependabot-security-updates)」を参照してください。 - -## {% data variables.product.prodname_dependabot_version_updates %} -{% data variables.product.prodname_dependabot_version_updates %} を有効にすると、依存関係を維持する手間が省けます。 {% data variables.product.prodname_dependabot_version_updates %} を使用すると、{% data variables.product.prodname_dotcom %} が古い依存関係を識別するたびに、マニフェストを最新バージョンの依存関係に更新するためのプルリクエストを発行します。 対照的に、{% data variables.product.prodname_dependabot_security_updates %} は脆弱性のある依存関係を修正するためにプルリクエストのみを発行します。 詳しい情報については、「[ Dependabot のバージョン更新について](/github/administering-a-repository/about-dependabot-version-updates)」を参照してください。 -{% endif %} diff --git a/translations/ja-JP/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/index.md b/translations/ja-JP/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/index.md deleted file mode 100644 index 150d83c734..0000000000 --- a/translations/ja-JP/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/index.md +++ /dev/null @@ -1,36 +0,0 @@ ---- -title: プロジェクトの依存関係にある脆弱性を管理する -intro: 'You can track your repository''s dependencies and receive {% data variables.product.prodname_dependabot_alerts %} when {% data variables.product.product_name %} detects vulnerable dependencies.' -redirect_from: - - /articles/updating-your-project-s-dependencies - - /articles/updating-your-projects-dependencies - - /articles/managing-security-vulnerabilities-in-your-projects-dependencies - - /articles/managing-vulnerabilities-in-your-projects-dependencies - - /github/managing-security-vulnerabilities/managing-vulnerabilities-in-your-projects-dependencies -versions: - fpt: '*' - ghes: '*' - ghae: issue-4864 - ghec: '*' -topics: - - Repositories - - Dependabot - - Version updates - - Dependencies - - Pull requests - - Vulnerabilities - - Alerts -children: - - /about-managing-vulnerable-dependencies - - /browsing-security-vulnerabilities-in-the-github-advisory-database - - /editing-security-advisories-in-the-github-advisory-database - - /about-alerts-for-vulnerable-dependencies - - /configuring-notifications-for-vulnerable-dependencies - - /about-dependabot-security-updates - - /configuring-dependabot-security-updates - - /viewing-and-updating-vulnerable-dependencies-in-your-repository - - /troubleshooting-the-detection-of-vulnerable-dependencies - - /troubleshooting-dependabot-errors -shortTitle: 脆弱性のある依存関係の修復 ---- - diff --git a/translations/ja-JP/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review.md b/translations/ja-JP/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review.md index 72a04be9ef..cc0a6df48c 100644 --- a/translations/ja-JP/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review.md +++ b/translations/ja-JP/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review.md @@ -41,7 +41,7 @@ Dependency review is available when dependency graph is enabled for {% data vari プルリクエストで依存関係のレビューを確認し、脆弱性としてフラグが付けられている依存関係を変更することで、プロジェクトに脆弱性が追加されるのを防ぐことができます。 依存関係のレビューの動作に関する詳しい情報については「[Pull Request中の依存関係の変更のレビュー](/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/reviewing-dependency-changes-in-a-pull-request)」を参照してください。 -{% data variables.product.prodname_dependabot_alerts %} は、すでに依存関係にある脆弱性を検出しますが、あとで修正するよりも、潜在的な問題が持ち込まれることを回避する方がはるかに良いです。 {% data variables.product.prodname_dependabot_alerts %} に関する詳しい情報については、「[脆弱性のある依存関係に対するアラートについて](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies#dependabot-alerts-for-vulnerable-dependencies)」を参照してください。 +{% data variables.product.prodname_dependabot_alerts %} は、すでに依存関係にある脆弱性を検出しますが、あとで修正するよりも、潜在的な問題が持ち込まれることを回避する方がはるかに良いです。 For more information about {% data variables.product.prodname_dependabot_alerts %}, see "[About {% data variables.product.prodname_dependabot_alerts %}](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies#dependabot-alerts-for-vulnerable-dependencies)." 依存関係のレビューは、依存関係グラフと同じ言語とパッケージ管理エコシステムをサポートしています。 詳しい情報については、「[依存関係グラフについて](/github/visualizing-repository-data-with-graphs/about-the-dependency-graph#supported-package-ecosystems)」を参照してください。 diff --git a/translations/ja-JP/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-supply-chain-security.md b/translations/ja-JP/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-supply-chain-security.md new file mode 100644 index 0000000000..6ff3e6e9ed --- /dev/null +++ b/translations/ja-JP/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-supply-chain-security.md @@ -0,0 +1,156 @@ +--- +title: About supply chain security +intro: '{% data variables.product.product_name %} helps you secure your supply chain, from understanding the dependencies in your environment, to knowing about vulnerabilities in those dependencies{% ifversion fpt or ghec or ghes > 3.2 %}, and patching them{% endif %}.' +miniTocMaxHeadingLevel: 3 +shortTitle: Supply chain security +redirect_from: + - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies +versions: + fpt: '*' + ghes: '*' + ghae: issue-4864 + ghec: '*' +type: overview +topics: + - Advanced Security + - Dependency review + - Dependency graph + - Vulnerabilities + - Dependencies + - Pull requests + - Repositories +--- + +## About supply chain security at GitHub + +With the accelerated use of open source, most projects depend on hundreds of open-source dependencies. This poses a security problem: what if the dependencies you're using are vulnerable? You could be putting your users at risk of a supply chain attack. One of the most important things you can do to protect your supply chain is to patch your vulnerabilities. + +You add dependencies directly to your supply chain when you specify them in a manifest file or a lockfile. Dependencies can also be included transitively, that is, even if you don’t specify a particular dependency, but a dependency of yours uses it, then you’re also dependent on that dependency. + +{% data variables.product.product_name %} offers a range of features to help you understand the dependencies in your environment{% ifversion ghes < 3.3 or ghae %} and know about vulnerabilities in those dependencies{% endif %}{% ifversion fpt or ghec or ghes > 3.2 %}, know about vulnerabilities in those dependencies, and patch them{% endif %}. + +The supply chain features on {% data variables.product.product_name %} are: +- **Dependency graph** +{% ifversion fpt or ghec or ghes > 3.1 or ghae %}- **Dependency review**{% endif %} +- **{% data variables.product.prodname_dependabot_alerts %} ** +{% ifversion fpt or ghec or ghes > 3.2 %}- **{% data variables.product.prodname_dependabot_updates %}** + - **{% data variables.product.prodname_dependabot_security_updates %}** + - **{% data variables.product.prodname_dependabot_version_updates %}**{% endif %} + +The dependency graph is central to supply chain security. The dependency graph identifies all upstream dependencies and public downstream dependents of a repository or package. You can see your repository’s dependencies and some of their properties, like vulnerability information, on the dependency graph for the repository. + +{% ifversion fpt or ghec or ghes > 3.1 or ghae %} +Other supply chain features on {% data variables.product.prodname_dotcom %} rely on the information provided by the dependency graph. + +- Dependency review uses the dependency graph to identify dependency changes and help you understand the security impact of these changes when you review pull requests. +- {% data variables.product.prodname_dependabot %} cross-references dependency data provided by the dependency graph with the list of known vulnerabilities published in the {% data variables.product.prodname_advisory_database %}, scans your dependecies and generates {% data variables.product.prodname_dependabot_alerts %} when a potential vulnerability is detected. +{% ifversion fpt or ghec or ghes > 3.2 %}- {% data variables.product.prodname_dependabot_security_updates %} use the dependency graph and {% data variables.product.prodname_dependabot_alerts %} to help you update dependencies with known vulnerabilities in your repository. + +{% data variables.product.prodname_dependabot_version_updates %} don't use the dependency graph and rely on the semantic versioning of dependencies instead. {% data variables.product.prodname_dependabot_version_updates %} help you keep your dependencies updated, even when they don’t have any vulnerabilities. +{% endif %} +{% endif %} + +{% ifversion ghes < 3.2 %} +{% data variables.product.prodname_dependabot %} cross-references dependency data provided by the dependency graph with the list of known vulnerabilities published in the {% data variables.product.prodname_advisory_database %}, scans your dependencies and generates {% data variables.product.prodname_dependabot_alerts %} when a potential vulnerability is detected. + {% endif %} + +## Feature overview + +### What is the dependency graph + +To generate the dependency graph, {% data variables.product.company_short %} looks at a repository’s explicit dependencies declared in the manifest and lockfiles. When enabled, the dependency graph automatically parses all known package manifest files in the repository, and uses this to construct a graph with known dependency names and versions. + +- The dependency graph includes information on your _direct_ dependencies and _transitive_ dependencies. +- The dependency graph is automatically updated when you push a commit to {% data variables.product.company_short %} that changes or adds a supported manifest or lock file to the default branch, and when anyone pushes a change to the repository of one of your dependencies. +- You can see the dependency graph by opening the repository's main page on {% data variables.product.product_name %}, and navigating to the **Insights** tab. + +For more information about the dependency graph, see "[About the dependency graph](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph)." + +{% ifversion fpt or ghec or ghes > 3.1 or ghae %} +### What is dependency review + +Dependency review helps reviewers and contributors understand dependency changes and their security impact in every pull request. + +- Dependency review tells you which dependencies were added, removed, or updated, in a pull request. You can use the release dates, popularity of dependencies, and vulnerability information to help you decide whether to accept the change. +- You can see the dependency review for a pull request by showing the rich diff on the **Files Changed** tab. + +For more information about dependency review, see "[About dependency review](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review)." + +{% endif %} + +### What is Dependabot + +{% data variables.product.prodname_dependabot %} keeps your dependencies up to date by informing you of any security vulnerabilities in your dependencies{% ifversion fpt or ghec or ghes > 3.2 or ghae %}, and automatically opens pull requests to upgrade your dependencies to the next available secure version when a {% data variables.product.prodname_dependabot %} alert is triggered, or to the latest version when a release is published{% else %} so that you can update that dependency{% endif %}. + +{% ifversion fpt or ghec or ghes > 3.2 %} +The term "{% data variables.product.prodname_dependabot %}" encompasses the following features: +- {% data variables.product.prodname_dependabot_alerts %}—Displayed notification on the **Security** tab for the repository, and in the repository's dependency graph. The alert includes a link to the affected file in the project, and information about a fixed version. +- {% data variables.product.prodname_dependabot_updates %}: + - {% data variables.product.prodname_dependabot_security_updates %}—Triggered updates to upgrade your dependencies to a secure version when an alert is triggered. + - {% data variables.product.prodname_dependabot_version_updates %}—Scheduled updates to keep your dependencies up to date with the latest version. +{% endif %} + +#### What are Dependabot alerts + +{% data variables.product.prodname_dependabot_alerts %} highlight repositories affected by a newly discovered vulnerability based on the dependency graph and the {% data variables.product.prodname_advisory_database %}, which contains the versions on known vulnerability lists. + +- {% data variables.product.prodname_dependabot %} performs a scan to detect vulnerable dependencies and sends {% data variables.product.prodname_dependabot_alerts %} when: +{% ifversion fpt or ghec %} + - A new vulnerability is added to the {% data variables.product.prodname_advisory_database %}.{% else %} + - New advisory data is synchronized to {% data variables.product.product_location %} each hour from {% data variables.product.prodname_dotcom_the_website %}. {% data reusables.security-advisory.link-browsing-advisory-db %}{% endif %} + - The dependency graph for the repository changes. +- {% data variables.product.prodname_dependabot_alerts %} are displayed {% ifversion fpt or ghec or ghes > 3.0 %} on the **Security** tab for the repository and{% endif %} in the repository's dependency graph. The alert includes {% ifversion fpt or ghec or ghes > 3.0 %}a link to the affected file in the project, and {% endif %}information about a fixed version. + +For more information about {% data variables.product.prodname_dependabot_alerts %}, see "[About alerts for vulnerable dependencies](/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-alerts-for-vulnerable-dependencies)." + +{% ifversion fpt or ghec or ghes > 3.2 %} +#### What are Dependabot updates + +There are two types of {% data variables.product.prodname_dependabot_updates %}: {% data variables.product.prodname_dependabot %} _security_ updates and _version_ updates. {% data variables.product.prodname_dependabot %} generates automatic pull requests to update your dependencies in both cases, but there are several differences. + +{% data variables.product.prodname_dependabot_security_updates %}: + - Triggered by a {% data variables.product.prodname_dependabot %} alert + - Update dependencies to the minimum version that resolves a known vulnerability + - Supported for ecosystems the dependency graph supports + +{% data variables.product.prodname_dependabot_version_updates %}: + - Run on a schedule you configure + - Update dependencies to the latest version that matches the configuration + - Supported for a different group of ecosystems + +For more information about {% data variables.product.prodname_dependabot_updates %}, see "[About {% data variables.product.prodname_dependabot_security_updates %}](/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-dependabot-security-updates)" and "[About {% data variables.product.prodname_dependabot_version_updates %}](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/about-dependabot-version-updates)." +{% endif %} + +## Feature availability + +{% ifversion fpt or ghec %} + +Public repositories: +- **Dependency graph**—enabled by default and cannot be disabled. +- **Dependency review**—enabled by default and cannot be disabled. +- **{% data variables.product.prodname_dependabot_alerts %}**—not enabled by default. {% data variables.product.prodname_dotcom %} detects vulnerable dependencies and displays information in the dependency graph, but does not generate {% data variables.product.prodname_dependabot_alerts %} by default. Repository owners or people with admin access can enable {% data variables.product.prodname_dependabot_alerts %}. + You can also enable or disable Dependabot alerts for all repositories owned by your user account or organization. For more information, see "[Managing security and analysis settings for your user account](/account-and-profile/setting-up-and-managing-your-github-user-account/managing-user-account-settings/managing-security-and-analysis-settings-for-your-user-account)" or "[Managing security and analysis settings for your organization](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization)." + +Private repositories: +- **Dependency graph**—not enabled by default. The feature can be enabled by repository administrators. For more information, see "[Exploring the dependencies of a repository](/code-security/supply-chain-security/understanding-your-software-supply-chain/exploring-the-dependencies-of-a-repository#enabling-and-disabling-the-dependency-graph-for-a-private-repository)." +{% ifversion fpt %} +- **Dependency review**—available in private repositories owned by organizations that use {% data variables.product.prodname_ghe_cloud %} and have a license for {% data variables.product.prodname_GH_advanced_security %}. For more information, see the [{% data variables.product.prodname_ghe_cloud %} documentation](/enterprise-cloud@latest/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review). +{% elsif ghec %} +- **Dependency review**—available in private repositories owned by organizations provided you have a license for {% data variables.product.prodname_GH_advanced_security %} and the dependency graph enabled. For more information, see "[About {% data variables.product.prodname_GH_advanced_security %}](/get-started/learning-about-github/about-github-advanced-security)" and "[Exploring the dependencies of a repository](/code-security/supply-chain-security/understanding-your-software-supply-chain/exploring-the-dependencies-of-a-repository#enabling-and-disabling-the-dependency-graph-for-a-private-repository)." +{% endif %} +- **{% data variables.product.prodname_dependabot_alerts %}**—not enabled by default. Owners of private repositories, or people with admin access, can enable {% data variables.product.prodname_dependabot_alerts %} by enabling the dependency graph and {% data variables.product.prodname_dependabot_alerts %} for their repositories. + You can also enable or disable Dependabot alerts for all repositories owned by your user account or organization. For more information, see "[Managing security and analysis settings for your user account](/account-and-profile/setting-up-and-managing-your-github-user-account/managing-user-account-settings/managing-security-and-analysis-settings-for-your-user-account)" or "[Managing security and analysis settings for your organization](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization)." + +Any repository type: +- **{% data variables.product.prodname_dependabot_security_updates %}**—not enabled by default. You can enable {% data variables.product.prodname_dependabot_security_updates %} for any repository that uses {% data variables.product.prodname_dependabot_alerts %} and the dependency graph. For more information, see "[About {% data variables.product.prodname_dependabot_security_updates %}](/github/managing-security-vulnerabilities/about-dependabot-security-updates)." +- **{% data variables.product.prodname_dependabot_version_updates %}**—not enabled by default. People with write permissions to a repository can enable {% data variables.product.prodname_dependabot_version_updates %}. For information about enabling security updates, see "[Configuring {% data variables.product.prodname_dependabot_security_updates %}](/github/managing-security-vulnerabilities/configuring-dependabot-security-updates)." +{% endif %} + +{% ifversion ghes or ghae %} +- **Dependency graph** and **{% data variables.product.prodname_dependabot_alerts %}**—not enabled by default. Both features are configured at an enterprise level by the enterprise owner. For more information, see {% ifversion ghes %}"[Enabling the dependency graph for your enterprise](/admin/code-security/managing-supply-chain-security-for-your-enterprise/enabling-the-dependency-graph-for-your-enterprise)" and {% endif %}"[Enabling {% data variables.product.prodname_dependabot %} for your enterprise](/admin/configuration/configuring-github-connect/enabling-dependabot-for-your-enterprise)." +- **Dependency review**—available when dependency graph is enabled for {% data variables.product.product_location %} and {% data variables.product.prodname_advanced_security %} is enabled for the organization or repository. For more information, see "[About {% data variables.product.prodname_GH_advanced_security %}](/get-started/learning-about-github/about-github-advanced-security)." +{% endif %} +{% ifversion ghes > 3.2 %} +- **{% data variables.product.prodname_dependabot_security_updates %}**—not enabled by default. You can enable {% data variables.product.prodname_dependabot_security_updates %} for any repository that uses {% data variables.product.prodname_dependabot_alerts %} and the dependency graph. For more information, see "[About {% data variables.product.prodname_dependabot_security_updates %}](/github/managing-security-vulnerabilities/about-dependabot-security-updates)." +- **{% data variables.product.prodname_dependabot_version_updates %}**—not enabled by default. People with write permissions to a repository can enable {% data variables.product.prodname_dependabot_version_updates %}. For information about enabling security updates, see "[Configuring {% data variables.product.prodname_dependabot_security_updates %}](/github/managing-security-vulnerabilities/configuring-dependabot-security-updates)." +{% endif %} diff --git a/translations/ja-JP/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph.md b/translations/ja-JP/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph.md index 53c972c93f..91b871b9ef 100644 --- a/translations/ja-JP/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph.md +++ b/translations/ja-JP/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph.md @@ -55,7 +55,7 @@ You can use the dependency graph to: - Explore the repositories your code depends on{% ifversion fpt or ghec %}, and those that depend on it{% endif %}. For more information, see "[Exploring the dependencies of a repository](/github/visualizing-repository-data-with-graphs/exploring-the-dependencies-of-a-repository)." {% ifversion fpt or ghec %} - View a summary of the dependencies used in your organization's repositories in a single dashboard. For more information, see "[Viewing insights for your organization](/articles/viewing-insights-for-your-organization#viewing-organization-dependency-insights)."{% endif %} -- View and update vulnerable dependencies for your repository. For more information, see "[About alerts for vulnerable dependencies](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)."{% ifversion fpt or ghes > 3.1 or ghec %} +- View and update vulnerable dependencies for your repository. For more information, see "[About {% data variables.product.prodname_dependabot_alerts %}](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)."{% ifversion fpt or ghes > 3.1 or ghec %} - See information about vulnerable dependencies in pull requests. For more information, see "[Reviewing dependency changes in a pull request](/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/reviewing-dependency-changes-in-a-pull-request)."{% endif %} ## Enabling the dependency graph @@ -111,5 +111,5 @@ The recommended formats explicitly define which versions are used for all direct - "[Dependency graph](https://en.wikipedia.org/wiki/Dependency_graph)" on Wikipedia - "[Exploring the dependencies of a repository](/github/visualizing-repository-data-with-graphs/exploring-the-dependencies-of-a-repository)"{% ifversion fpt or ghec %} - "[Viewing insights for your organization](/organizations/collaborating-with-groups-in-organizations/viewing-insights-for-your-organization)"{% endif %} -- "[Viewing and updating vulnerable dependencies in your repository](/github/managing-security-vulnerabilities/viewing-and-updating-vulnerable-dependencies-in-your-repository)" +- "[Viewing {% data variables.product.prodname_dependabot_alerts %} for vulnerable dependencies](/github/managing-security-vulnerabilities/viewing-and-updating-vulnerable-dependencies-in-your-repository)" - "[Troubleshooting the detection of vulnerable dependencies](/github/managing-security-vulnerabilities/troubleshooting-the-detection-of-vulnerable-dependencies)" diff --git a/translations/ja-JP/content/code-security/supply-chain-security/understanding-your-software-supply-chain/exploring-the-dependencies-of-a-repository.md b/translations/ja-JP/content/code-security/supply-chain-security/understanding-your-software-supply-chain/exploring-the-dependencies-of-a-repository.md index 0b53c0aa2c..6a51a33743 100644 --- a/translations/ja-JP/content/code-security/supply-chain-security/understanding-your-software-supply-chain/exploring-the-dependencies-of-a-repository.md +++ b/translations/ja-JP/content/code-security/supply-chain-security/understanding-your-software-supply-chain/exploring-the-dependencies-of-a-repository.md @@ -40,7 +40,7 @@ Enterprise owners can configure the dependency graph at an enterprise level. For ### 依存関係ビュー {% ifversion fpt or ghec %} -依存関係はエコシステム別にグループ化されます。 依存関係を拡張すると、その依存関係を表示できます。 {% data variables.product.product_name %}でホストされているパブリックリポジトリの依存関係については、クリックしてそのリポジトリを見ることもできます。 プライベートリポジトリ、プライベートパッケージ、認識できないファイルの依存関係は、プレーンテキストで表示されます。 +依存関係はエコシステム別にグループ化されます。 依存関係を拡張すると、その依存関係を表示できます。 プライベートリポジトリ、プライベートパッケージ、認識できないファイルの依存関係は、プレーンテキストで表示されます。 If the package manager for the dependency is in a public repository, {% data variables.product.product_name %} will display a link to that repository. リポジトリで脆弱性が検出された場合は、{% data variables.product.prodname_dependabot_alerts %}にアクセスできるユーザに、ビューの上部で表示されます。 @@ -83,7 +83,10 @@ Enterprise owners can configure the dependency graph at an enterprise level. For ## "Used by"パッケージの変更 -依存関係グラフが有効になっている場合、サポートされているパッケージエコシステム上で公開されているパッケージをリポジトリが含んでいると、{% data variables.product.prodname_dotcom %}はリポジトリの**Code**タブのサイドバー内の"Used by"セクションに表示します。 サポートされているパッケージエコシステムに関する詳しい情報については「[依存関係グラフについて](/github/visualizing-repository-data-with-graphs/about-the-dependency-graph#supported-package-ecosystems)」を参照してください。 +You may notice some repositories have a "Used by" section in the sidebar of the **Code** tab. Your repository will have a "Used by" section if: + * The dependency graph is enabled for the repository (see the above section for more details). + * Your repository contains a package that is published on a [supported package ecosystem](/github/visualizing-repository-data-with-graphs/about-the-dependency-graph#supported-package-ecosystems). + * Within the ecosystem, your package has a link to a _public_ repository where the source is stored. "Used by"セクションは、見つかったパッケージに対する公開参照数を示し、依存物のプロジェクトのオーナーのアバターを表示します。 @@ -112,7 +115,7 @@ Enterprise owners can configure the dependency graph at an enterprise level. For ## 参考リンク - [依存関係グラフについて](/github/visualizing-repository-data-with-graphs/about-the-dependency-graph) -- [リポジトリ内の脆弱な依存関係を表示・更新する](/github/managing-security-vulnerabilities/viewing-and-updating-vulnerable-dependencies-in-your-repository){% ifversion fpt or ghec %} +- "[Viewing {% data variables.product.prodname_dependabot_alerts %} for vulnerable dependencies](/github/managing-security-vulnerabilities/viewing-and-updating-vulnerable-dependencies-in-your-repository)"{% ifversion fpt or ghec %} - [Organization のインサイトを表示する](/organizations/collaborating-with-groups-in-organizations/viewing-insights-for-your-organization) - [{% data variables.product.prodname_dotcom %}によるデータの利用と保護の方法の理解](/get-started/privacy-on-github) {% endif %} diff --git a/translations/ja-JP/content/code-security/supply-chain-security/understanding-your-software-supply-chain/index.md b/translations/ja-JP/content/code-security/supply-chain-security/understanding-your-software-supply-chain/index.md index faf0f20e3e..46fe16bc26 100644 --- a/translations/ja-JP/content/code-security/supply-chain-security/understanding-your-software-supply-chain/index.md +++ b/translations/ja-JP/content/code-security/supply-chain-security/understanding-your-software-supply-chain/index.md @@ -9,10 +9,12 @@ topics: - Dependency graph - Dependencies - Repositories -children: - - /about-the-dependency-graph - - /exploring-the-dependencies-of-a-repository - - /about-dependency-review shortTitle: Understand your supply chain +children: + - /about-supply-chain-security + - /about-the-dependency-graph + - /about-dependency-review + - /exploring-the-dependencies-of-a-repository + - /troubleshooting-the-dependency-graph --- diff --git a/translations/ja-JP/content/code-security/supply-chain-security/understanding-your-software-supply-chain/troubleshooting-the-dependency-graph.md b/translations/ja-JP/content/code-security/supply-chain-security/understanding-your-software-supply-chain/troubleshooting-the-dependency-graph.md new file mode 100644 index 0000000000..6de1b7a25d --- /dev/null +++ b/translations/ja-JP/content/code-security/supply-chain-security/understanding-your-software-supply-chain/troubleshooting-the-dependency-graph.md @@ -0,0 +1,62 @@ +--- +title: Troubleshooting the dependency graph +intro: 'If the dependency information reported by the dependency graph is not what you expected, there are a number of points to consider, and various things you can check.' +shortTitle: Troubleshoot dependency graph +versions: + fpt: '*' + ghes: '*' + ghae: issue-4864 + ghec: '*' +type: how_to +topics: + - Troubleshooting + - Errors + - Dependencies + - Vulnerabilities + - Dependency graph + - CVEs + - Repositories +--- + +{% data reusables.dependabot.result-discrepancy %} + +## Does the dependency graph only find dependencies in manifests and lockfiles? + +The dependency graph includes information on dependencies that are explicitly declared in your environment. That is, dependencies that are specified in a manifest or a lockfile. The dependency graph generally also includes transitive dependencies, even when they aren't specified in a lockfile, by looking at the dependencies of the dependencies in a manifest file. + +The dependency graph doesn't include "loose" dependencies. "Loose" dependencies are individual files that are copied from another source and checked into the repository directly or within an archive (such as a ZIP or JAR file), rather than being referenced by in a package manager’s manifest or lockfile. + +**Check**: Is the missing dependency for a component that's not specified in the repository's manifest or lockfile? + +## Does the dependency graph detect dependencies specified using variables? + +The dependency graph analyzes manifests as they’re pushed to {% data variables.product.prodname_dotcom %}. The dependency graph doesn't, therefore, have access to the build environment of the project, so it can't resolve variables used within manifests. If you use variables within a manifest to specify the name, or more commonly the version of a dependency, then that dependency will not be included in the dependency graph. + +**Check**: Is the missing dependency declared in the manifest by using a variable for its name or version? + +## Are there limits which affect the dependency graph data? + +Yes, the dependency graph has two categories of limits: + +1. **Processing limits** + + These affect the dependency graph displayed within {% data variables.product.prodname_dotcom %} and also prevent {% data variables.product.prodname_dependabot_alerts %} being created. + + Manifests over 0.5 MB in size are only processed for enterprise accounts. For other accounts, manifests over 0.5 MB are ignored and will not create {% data variables.product.prodname_dependabot_alerts %}. + + By default, {% data variables.product.prodname_dotcom %} will not process more than 20 manifests per repository. {% data variables.product.prodname_dependabot_alerts %} are not created for manifests beyond this limit. If you need to increase the limit, contact {% data variables.contact.contact_support %}. + +2. **Visualization limits** + + These affect what's displayed in the dependency graph within {% data variables.product.prodname_dotcom %}. However, they don't affect the {% data variables.product.prodname_dependabot_alerts %} that are created. + + The Dependencies view of the dependency graph for a repository only displays 100 manifests. Typically this is adequate as it is significantly higher than the processing limit described above. In situations where the processing limit is over 100, {% data variables.product.prodname_dependabot_alerts %} are still created for any manifests that are not shown within {% data variables.product.prodname_dotcom %}. + +**Check**: Is the missing dependency in a manifest file that's over 0.5 MB, or in a repository with a large number of manifests? + +## Further reading + +- "[About the dependency graph](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph)" +- "[Managing security and analysis settings for your repository](/github/administering-a-repository/managing-security-and-analysis-settings-for-your-repository)" +- "[Troubleshooting the detection of vulnerable dependencies](/code-security/dependabot/working-with-dependabot/troubleshooting-the-detection-of-vulnerable-dependencies)"{% ifversion fpt or ghec or ghes > 3.2 %} +- "[Troubleshooting {% data variables.product.prodname_dependabot %} errors](/github/managing-security-vulnerabilities/troubleshooting-dependabot-errors)"{% endif %} \ No newline at end of file diff --git a/translations/ja-JP/content/developers/apps/building-github-apps/creating-a-github-app-using-url-parameters.md b/translations/ja-JP/content/developers/apps/building-github-apps/creating-a-github-app-using-url-parameters.md index 1ea731f222..01b7f9dca6 100644 --- a/translations/ja-JP/content/developers/apps/building-github-apps/creating-a-github-app-using-url-parameters.md +++ b/translations/ja-JP/content/developers/apps/building-github-apps/creating-a-github-app-using-url-parameters.md @@ -59,39 +59,39 @@ webhook を保護するためにシークレットが必要なアプリケーシ 以下の表にある権限名をクエリパラメータ名として、権限タイプをクエリの値として使用することで、クエリ文字列で権限を設定できます。 たとえば、`contents` のユーザインターフェースに `Read & write` 権限を設定するには、クエリ文字列に `&contents=write` を含めます。 `blocking` のユーザインターフェースに `Read-only` 権限を設定するには、クエリ文字列に `&blocking=read` を含めます。 `checks` のユーザインターフェースに `no-access` を設定するには、クエリ文字列に `checks` 権限を含めないようにします。 -| 権限 | 説明 | -| -------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| 権限 | 説明 | +| -------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | [`administration`](/rest/reference/permissions-required-for-github-apps/#permission-on-administration) | Organization およびリポジトリ管理のためのさまざまなエンドポイントにアクセス権を付与します。 `none`、`read`、`write` のいずれかです。{% ifversion fpt or ghec %} | [`blocking`](/rest/reference/permissions-required-for-github-apps/#permission-on-blocking) | [Blocking Users API](/rest/reference/users#blocking) へのアクセス権を付与します。 `none`、`read`、`write` のいずれかです。{% endif %} | [`checks`](/rest/reference/permissions-required-for-github-apps/#permission-on-checks) | [Checks API](/rest/reference/checks) へのアクセス権を付与します。 `none`、`read`、`write` のいずれかです。{% ifversion ghes < 3.4 %} | `content_references` | 「[コンテンツ添付の作成](/rest/reference/apps#create-a-content-attachment)」エンドポイントへのアクセス権を付与します。 `none`、`read`、`write` のいずれかです。{% endif %} -| [`contents`](/rest/reference/permissions-required-for-github-apps/#permission-on-contents) | さまざまなエンドポイントにアクセス権を付与し、リポジトリのコンテンツを変更できるようにします。 `none`、`read`、`write` のいずれかです。 | +| [`contents`](/rest/reference/permissions-required-for-github-apps/#permission-on-contents) | さまざまなエンドポイントにアクセス権を付与し、リポジトリのコンテンツを変更できるようにします。 `none`、`read`、`write` のいずれかです。 | | [`deployments`](/rest/reference/permissions-required-for-github-apps/#permission-on-deployments) | [Deployments API](/rest/reference/repos#deployments) へのアクセス権を付与します。 `none`、`read`、`write` のいずれかです。{% ifversion fpt or ghes or ghec %} | [`emails`](/rest/reference/permissions-required-for-github-apps/#permission-on-emails) | [Emails API](/rest/reference/users#emails) へのアクセス権を付与します。 `none`、`read`、`write` のいずれかです。{% endif %} -| [`followers`](/rest/reference/permissions-required-for-github-apps/#permission-on-followers) | [Followers API](/rest/reference/users#followers) へのアクセス権を付与します。 `none`、`read`、`write` のいずれかです。 | -| [`gpg_keys`](/rest/reference/permissions-required-for-github-apps/#permission-on-gpg-keys) | [GPG Keys API](/rest/reference/users#gpg-keys) へのアクセス権を付与します。 `none`、`read`、`write` のいずれかです。 | -| [`issues`](/rest/reference/permissions-required-for-github-apps/#permission-on-issues) | [Issues API](/rest/reference/issues) へのアクセス権を付与します。 `none`、`read`、`write` のいずれかです。 | -| [`keys`](/rest/reference/permissions-required-for-github-apps/#permission-on-keys) | [Public Keys API](/rest/reference/users#keys) へのアクセス権を付与します。 `none`、`read`、`write` のいずれかです。 | +| [`followers`](/rest/reference/permissions-required-for-github-apps/#permission-on-followers) | [Followers API](/rest/reference/users#followers) へのアクセス権を付与します。 `none`、`read`、`write` のいずれかです。 | +| [`gpg_keys`](/rest/reference/permissions-required-for-github-apps/#permission-on-gpg-keys) | [GPG Keys API](/rest/reference/users#gpg-keys) へのアクセス権を付与します。 `none`、`read`、`write` のいずれかです。 | +| [`issues`](/rest/reference/permissions-required-for-github-apps/#permission-on-issues) | [Issues API](/rest/reference/issues) へのアクセス権を付与します。 `none`、`read`、`write` のいずれかです。 | +| [`keys`](/rest/reference/permissions-required-for-github-apps/#permission-on-keys) | [Public Keys API](/rest/reference/users#keys) へのアクセス権を付与します。 `none`、`read`、`write` のいずれかです。 | | [`members`](/rest/reference/permissions-required-for-github-apps/#permission-on-members) | Organization のメンバーへのアクセス権を付与します。 `none`、`read`、`write` のいずれかです。{% ifversion fpt or ghec %} -| [`メタデータ`](/rest/reference/permissions-required-for-github-apps/#metadata-permissions) | 機密データを漏洩しない、読み取り専用のエンドポイントへのアクセス権を付与します。 `read`、`none` のいずれかです。 {% data variables.product.prodname_github_app %} に何らかの権限を設定した場合、デフォルトは `read` となり、権限を指定しなかった場合、デフォルトは `none` となります。 | +| [`メタデータ`](/rest/reference/permissions-required-for-github-apps/#metadata-permissions) | 機密データを漏洩しない、読み取り専用のエンドポイントへのアクセス権を付与します。 `read`、`none` のいずれかです。 {% data variables.product.prodname_github_app %} に何らかの権限を設定した場合、デフォルトは `read` となり、権限を指定しなかった場合、デフォルトは `none` となります。 | | [`organization_administration`](/rest/reference/permissions-required-for-github-apps/#permission-on-organization-administration) | 「[Organization の更新](/rest/reference/orgs#update-an-organization)」エンドポイントと、[Organization Interaction Restrictions API](/rest/reference/interactions#set-interaction-restrictions-for-an-organization) へのアクセス権を付与します。 `none`、`read`、`write` のいずれかです。{% endif %} -| [`organization_hooks`](/rest/reference/permissions-required-for-github-apps/#permission-on-organization-hooks) | [Organization Webhooks API](/rest/reference/orgs#webhooks/) へのアクセス権を付与します。 `none`、`read`、`write` のいずれかです。 | -| `organization_plan` | 「[Organization の取得](/rest/reference/orgs#get-an-organization)」エンドポイントを使用して Organization のプランについての情報を取得するためのアクセス権を付与します。 `none`、`read` のいずれかです。 | +| [`organization_hooks`](/rest/reference/permissions-required-for-github-apps/#permission-on-organization-hooks) | [Organization Webhooks API](/rest/reference/orgs#webhooks/) へのアクセス権を付与します。 `none`、`read`、`write` のいずれかです。 | +| `organization_plan` | 「[Organization の取得](/rest/reference/orgs#get-an-organization)」エンドポイントを使用して Organization のプランについての情報を取得するためのアクセス権を付与します。 `none`、`read` のいずれかです。 | | [`organization_projects`](/rest/reference/permissions-required-for-github-apps/#permission-on-organization-projects) | [Projects API](/rest/reference/projects) へのアクセス権を付与します。 `none`、`read`、`write`、`admin` のいずれかです。{% ifversion fpt or ghec %} | [`organization_user_blocking`](/rest/reference/permissions-required-for-github-apps/#permission-on-organization-projects) | [Blocking Organization Users API](/rest/reference/orgs#blocking) へのアクセス権を付与します。 `none`、`read`、`write` のいずれかです。{% endif %} -| [`pages`](/rest/reference/permissions-required-for-github-apps/#permission-on-pages) | [Pages API](/rest/reference/repos#pages) へのアクセス権を付与します。 `none`、`read`、`write` のいずれかです。 | -| `plan` | 「[ユーザの取得](/rest/reference/users#get-a-user)」エンドポイントを使用してユーザの GitHub プランについての情報を取得するためのアクセス権を付与します。 `none`、`read` のいずれかです。 | -| [`pull_requests`](/rest/reference/permissions-required-for-github-apps/#permission-on-pull-requests) | さまざまなプルリクエストエンドポイントへのアクセス権を付与します。 `none`、`read`、`write` のいずれかです。 | -| [`repository_hooks`](/rest/reference/permissions-required-for-github-apps/#permission-on-repository-hooks) | [Repository Webhooks API](/rest/reference/repos#hooks) へのアクセス権を付与します。 `none`、`read`、`write` のいずれかです。 | +| [`pages`](/rest/reference/permissions-required-for-github-apps/#permission-on-pages) | [Pages API](/rest/reference/repos#pages) へのアクセス権を付与します。 `none`、`read`、`write` のいずれかです。 | +| `plan` | 「[ユーザの取得](/rest/reference/users#get-a-user)」エンドポイントを使用してユーザの GitHub プランについての情報を取得するためのアクセス権を付与します。 `none`、`read` のいずれかです。 | +| [`pull_requests`](/rest/reference/permissions-required-for-github-apps/#permission-on-pull-requests) | さまざまなプルリクエストエンドポイントへのアクセス権を付与します。 `none`、`read`、`write` のいずれかです。 | +| [`repository_hooks`](/rest/reference/permissions-required-for-github-apps/#permission-on-repository-hooks) | [Repository Webhooks API](/rest/reference/repos#hooks) へのアクセス権を付与します。 `none`、`read`、`write` のいずれかです。 | | [`repository_projects`](/rest/reference/permissions-required-for-github-apps/#permission-on-repository-projects) | [Projects API](/rest/reference/projects) へのアクセス権を付与します。 `none`、`read`、`write`、`admin` のいずれかです。{% ifversion fpt or ghes or ghec %} | [`secret_scanning_alerts`](/rest/reference/permissions-required-for-github-apps/#permission-on-secret-scanning-alerts) | [Secret scanning API](/rest/reference/secret-scanning) へのアクセス権を付与します。 `none`、`read`、`write` のいずれかです。{% endif %}{% ifversion fpt or ghes or ghec %} | [`security_events`](/rest/reference/permissions-required-for-github-apps/#permission-on-security-events) | [Code scanning API](/rest/reference/code-scanning/) へのアクセス権を付与します。 `none`、`read`、`write` のいずれかです。{% endif %} -| [`single_file`](/rest/reference/permissions-required-for-github-apps/#permission-on-single-file) | [Contents API](/rest/reference/repos#contents) へのアクセス権を付与します。 `none`、`read`、`write` のいずれかです。 | -| [`starring`](/rest/reference/permissions-required-for-github-apps/#permission-on-starring) | [Starring API](/rest/reference/activity#starring) へのアクセス権を付与します。 `none`、`read`、`write` のいずれかです。 | -| [`statuses`](/rest/reference/permissions-required-for-github-apps/#permission-on-statuses) | [Statuses API](/rest/reference/commits#commit-statuses) へのアクセス権を付与します。 `none`、`read`、`write` のいずれかです。 | +| [`single_file`](/rest/reference/permissions-required-for-github-apps/#permission-on-single-file) | [Contents API](/rest/reference/repos#contents) へのアクセス権を付与します。 `none`、`read`、`write` のいずれかです。 | +| [`starring`](/rest/reference/permissions-required-for-github-apps/#permission-on-starring) | [Starring API](/rest/reference/activity#starring) へのアクセス権を付与します。 `none`、`read`、`write` のいずれかです。 | +| [`statuses`](/rest/reference/permissions-required-for-github-apps/#permission-on-statuses) | [Statuses API](/rest/reference/commits#commit-statuses) へのアクセス権を付与します。 `none`、`read`、`write` のいずれかです。 | | [`team_discussions`](/rest/reference/permissions-required-for-github-apps/#permission-on-team-discussions) | [Team Discussions API](/rest/reference/teams#discussions) および [Team Discussion Comments API](/rest/reference/teams#discussion-comments) へのアクセス権を付与します。 `none`、`read`、`write` のいずれかです。{% ifversion fpt or ghes or ghae-issue-4864 or ghec %} -| `vulnerability_alerts` | リポジトリ内の脆弱性のある依存関係に対するセキュリティアラートを受信するためのアクセス権を付与します。 詳細は「[脆弱性のある依存関係に関するアラートについて](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies/)」を参照。 `none`、`read` のいずれかです。{% endif %} -| `Watch` | リストへのアクセス権を付与し、ユーザがサブスクライブするリポジトリの変更を許可します。 `none`、`read`、`write` のいずれかです。 | +| `vulnerability_alerts` | Grants access to receive {% data variables.product.prodname_dependabot_alerts %} for vulnerable dependencies in a repository. See "[About {% data variables.product.prodname_dependabot_alerts %}](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies/)" to learn more. `none`、`read` のいずれかです。{% endif %} +| `Watch` | リストへのアクセス権を付与し、ユーザがサブスクライブするリポジトリの変更を許可します。 `none`、`read`、`write` のいずれかです。 | ## {% data variables.product.prodname_github_app %} webhook イベント diff --git a/translations/ja-JP/content/developers/webhooks-and-events/webhooks/webhook-events-and-payloads.md b/translations/ja-JP/content/developers/webhooks-and-events/webhooks/webhook-events-and-payloads.md index cb85b42e78..95567e16c8 100644 --- a/translations/ja-JP/content/developers/webhooks-and-events/webhooks/webhook-events-and-payloads.md +++ b/translations/ja-JP/content/developers/webhooks-and-events/webhooks/webhook-events-and-payloads.md @@ -1246,7 +1246,7 @@ GitHub Marketplace の購入に関連するアクティビティ。 {% data reus Activity related to a security advisory that has been reviewed by {% data variables.product.company_short %}. A {% data variables.product.company_short %}-reviewed security advisory provides information about security-related vulnerabilities in software on {% data variables.product.prodname_dotcom %}. -The security advisory dataset also powers the GitHub {% data variables.product.prodname_dependabot_alerts %}. 詳しい情報については、「[脆弱性のある依存関係に対するアラートについて](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies/)」を参照してください。 +The security advisory dataset also powers the GitHub {% data variables.product.prodname_dependabot_alerts %}. 詳しい情報については、「[{% data variables.product.prodname_dependabot_alerts %} について](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies/)」を参照してください。 ### 利用の可否 diff --git a/translations/ja-JP/content/get-started/privacy-on-github/about-githubs-use-of-your-data.md b/translations/ja-JP/content/get-started/privacy-on-github/about-githubs-use-of-your-data.md index ccfbf6ade7..00b10cd4ca 100644 --- a/translations/ja-JP/content/get-started/privacy-on-github/about-githubs-use-of-your-data.md +++ b/translations/ja-JP/content/get-started/privacy-on-github/about-githubs-use-of-your-data.md @@ -20,7 +20,7 @@ shortTitle: GitHub's use of your data {% data reusables.repositories.about-github-archive-program %} 詳細は「[{% data variables.product.prodname_dotcom %} 上のコンテンツとデータのアーカイブ処理について](/github/creating-cloning-and-archiving-repositories/about-archiving-content-and-data-on-github#about-the-github-archive-program)」を参照してください。 -{% data reusables.user-settings.export-data %} For more information, see "[Requesting an archive of your personal account's data](/articles/requesting-an-archive-of-your-personal-account-s-data)." +{% data reusables.user-settings.export-data %}詳細は「[個人アカウントのデータのアーカイブをリクエストする](/articles/requesting-an-archive-of-your-personal-account-s-data)」を参照してください。 プライベートリポジトリのデータの利用をオプトインした場合でも、プライベートデータ、ソースコード、企業秘密は引き続き弊社の[利用規約](/free-pro-team@latest/github/site-policy/github-terms-of-service)の下で機密事項として扱われます。 弊社が知る情報は、集約されたデータからのみです。 詳しい情報については、「[プライベートリポジトリのデータ使用を管理する](/get-started/privacy-on-github/managing-data-use-settings-for-your-private-repository)」を参照してください。 @@ -28,7 +28,7 @@ shortTitle: GitHub's use of your data ## データによるセキュリティの推奨事項の改善 -データの利用方法の例として、パブリックリポジトリの依存対象のセキュリティの脆弱性を検出し、アラートを出すことができます。 詳しい情報については、「[脆弱性のある依存関係に対するアラートについて](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)」を参照してください。 +データの利用方法の例として、パブリックリポジトリの依存対象のセキュリティの脆弱性を検出し、アラートを出すことができます。 詳しい情報については、「[{% data variables.product.prodname_dependabot_alerts %} について](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)」を参照してください。 潜在的なセキュリティの脆弱性を検出するために、{% data variables.product.product_name %}は依存対象のマニフェストファイルの内容をスキャンし、プロジェクトの依存対象のリストを作成します。 diff --git a/translations/ja-JP/content/get-started/privacy-on-github/managing-data-use-settings-for-your-private-repository.md b/translations/ja-JP/content/get-started/privacy-on-github/managing-data-use-settings-for-your-private-repository.md index 8229beefb9..d7b42f45ee 100644 --- a/translations/ja-JP/content/get-started/privacy-on-github/managing-data-use-settings-for-your-private-repository.md +++ b/translations/ja-JP/content/get-started/privacy-on-github/managing-data-use-settings-for-your-private-repository.md @@ -16,7 +16,7 @@ shortTitle: Manage data use for private repo ## About data use for your private repository -When you enable data use for your private repository, you'll be able to access the dependency graph, where you can track your repository's dependencies and receive {% data variables.product.prodname_dependabot_alerts %} when {% data variables.product.product_name %} detects vulnerable dependencies. For more information, see "[About alerts for vulnerable dependencies](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies#dependabot-alerts-for-vulnerable-dependencies)." +When you enable data use for your private repository, you'll be able to access the dependency graph, where you can track your repository's dependencies and receive {% data variables.product.prodname_dependabot_alerts %} when {% data variables.product.product_name %} detects vulnerable dependencies. For more information, see "[About {% data variables.product.prodname_dependabot_alerts %}](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies#dependabot-alerts-for-vulnerable-dependencies)." ## Enabling or disabling data use features @@ -32,5 +32,5 @@ When you enable data use for your private repository, you'll be able to access t ## Further reading - "[About {% data variables.product.prodname_dotcom %}'s use of your data](/articles/about-github-s-use-of-your-data)" -- "[Viewing and updating vulnerable dependencies in your repository](/github/managing-security-vulnerabilities/viewing-and-updating-vulnerable-dependencies-in-your-repository)" +- "[Viewing {% data variables.product.prodname_dependabot_alerts %} for vulnerable dependencies](/github/managing-security-vulnerabilities/viewing-and-updating-vulnerable-dependencies-in-your-repository)" - "[Managing security and analysis settings for your repository](/github/administering-a-repository/managing-security-and-analysis-settings-for-your-repository)" diff --git a/translations/ja-JP/content/get-started/signing-up-for-github/setting-up-a-trial-of-github-enterprise-server.md b/translations/ja-JP/content/get-started/signing-up-for-github/setting-up-a-trial-of-github-enterprise-server.md index 77eb9bbd37..01e6944f05 100644 --- a/translations/ja-JP/content/get-started/signing-up-for-github/setting-up-a-trial-of-github-enterprise-server.md +++ b/translations/ja-JP/content/get-started/signing-up-for-github/setting-up-a-trial-of-github-enterprise-server.md @@ -19,7 +19,7 @@ shortTitle: Enterprise Server trial {% data variables.product.prodname_ghe_server %} を評価するための 45 日間トライアルをリクエストできます。 トライアルは仮想アプライアンスとしてインストールされ、オンプレミスまたはクラウドでのデプロイメントのオプションがあります。 サポートされている仮想化プラットフォームの一覧については「[GitHub Enterprise Server インスタンスをセットアップする](/enterprise-server@latest/admin/installation/setting-up-a-github-enterprise-server-instance)」を参照してください。 -{% ifversion ghes %}{% data variables.product.prodname_dependabot %}{% else %}現在、セキュリティ{% endif %}アラートと {% data variables.product.prodname_github_connect %} は {% data variables.product.prodname_ghe_server %} のトライアルでは利用できません。 これらの機能のデモについては、{% data variables.contact.contact_enterprise_sales %} にお問い合わせください。 For more information about these features, see "[About alerts for vulnerable dependencies](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)" and "[Connecting your enterprise account to {% data variables.product.prodname_ghe_cloud %}](/enterprise-server@latest/admin/configuration/managing-connections-between-your-enterprise-accounts/connecting-your-enterprise-account-to-github-enterprise-cloud)." +{% ifversion ghes %}{% data variables.product.prodname_dependabot %}{% else %}現在、セキュリティ{% endif %}アラートと {% data variables.product.prodname_github_connect %} は {% data variables.product.prodname_ghe_server %} のトライアルでは利用できません。 これらの機能のデモについては、{% data variables.contact.contact_enterprise_sales %} にお問い合わせください。 For more information about these features, see "[About {% data variables.product.prodname_dependabot_alerts %}](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)" and "[Connecting your enterprise account to {% data variables.product.prodname_ghe_cloud %}](/enterprise-server@latest/admin/configuration/managing-connections-between-your-enterprise-accounts/connecting-your-enterprise-account-to-github-enterprise-cloud)." {% data variables.product.prodname_ghe_cloud %} のトライアルも利用できます。 詳しい情報については、「[{% data variables.product.prodname_ghe_cloud %} のトライアルを設定する](/articles/setting-up-a-trial-of-github-enterprise-cloud)」を参照してください。 diff --git a/translations/ja-JP/content/get-started/writing-on-github/working-with-advanced-formatting/creating-and-highlighting-code-blocks.md b/translations/ja-JP/content/get-started/writing-on-github/working-with-advanced-formatting/creating-and-highlighting-code-blocks.md index 60b87b47b2..9ddc037251 100644 --- a/translations/ja-JP/content/get-started/writing-on-github/working-with-advanced-formatting/creating-and-highlighting-code-blocks.md +++ b/translations/ja-JP/content/get-started/writing-on-github/working-with-advanced-formatting/creating-and-highlighting-code-blocks.md @@ -69,10 +69,9 @@ Look! You can see my backticks. {% if mermaid %} ## Creating diagrams -You can use Mermaid syntax to add diagrams. For more information, see "[Creating diagrams](/get-started/writing-on-github/working-with-advanced-formatting/creating-diagrams)." +You can also use code blocks to create diagrams in Markdown. GitHub supports Mermaid, geoJSON, topoJSON, and ASCII STL syntax. For more information, see "[Creating diagrams](/get-started/writing-on-github/working-with-advanced-formatting/creating-diagrams)." {% endif %} - ## 参考リンク - [{% data variables.product.prodname_dotcom %} Flavored Markdown の仕様](https://github.github.com/gfm/) diff --git a/translations/ja-JP/content/get-started/writing-on-github/working-with-advanced-formatting/creating-diagrams.md b/translations/ja-JP/content/get-started/writing-on-github/working-with-advanced-formatting/creating-diagrams.md index 4f4f1a2e26..b781425b93 100644 --- a/translations/ja-JP/content/get-started/writing-on-github/working-with-advanced-formatting/creating-diagrams.md +++ b/translations/ja-JP/content/get-started/writing-on-github/working-with-advanced-formatting/creating-diagrams.md @@ -6,7 +6,13 @@ versions: shortTitle: Create diagrams --- -You can use Mermaid syntax to create diagrams. Mermaid is a Markdown-inspired tool that renders text into diagrams. For example, Mermaid can render flow charts, sequence diagrams, pie charts and more. For more information, see the [Mermaid documentation](https://mermaid-js.github.io/mermaid/#/). +## About creating diagrams + +You can create diagrams in Markdown using three different syntaxes: mermaid, geoJSON and topoJSON, and ASCII STL. + +## Creating Mermaid diagrams + +Mermaid is a Markdown-inspired tool that renders text into diagrams. For example, Mermaid can render flow charts, sequence diagrams, pie charts and more. For more information, see the [Mermaid documentation](https://mermaid-js.github.io/mermaid/#/). To create a Mermaid diagram, add Mermaid syntax inside a fenced code block with the `mermaid` language identifier. For more information about creating code blocks, see "[Creating and highlighting code blocks](/get-started/writing-on-github/working-with-advanced-formatting/creating-and-highlighting-code-blocks)." @@ -31,3 +37,122 @@ graph TD; **Note:** You may observe errors if you run a third-party Mermaid plugin when using Mermaid syntax on {% data variables.product.company_short %}. {% endnote %} + +## Creating geoJSON and topoJSON maps + +You can use geo/topoJSON syntax to create interactive maps. To create a map, add geoJSON or topoJSON inside a fenced code block with the `geojson` or `topojson` syntax identifier. 詳しい情報については[コードブロックの作成とハイライト](/get-started/writing-on-github/working-with-advanced-formatting/creating-and-highlighting-code-blocks)を参照してください。 + +### Using geoJSON + +For example, you can create a simple map: + +
+```geojson
+{
+  "type": "Polygon",
+  "coordinates": [
+      [
+          [-90,30],
+          [-90,35],
+          [-90,35],
+          [-85,35],
+          [-85,30]
+      ]
+  ]
+}
+```
+
+ +![Rendered map](/assets/images/help/writing/fenced-geojson-rendered-map.png) + +### Using topoJSON + +For example, you can create a simple topoJSON map: + +
+```topojson
+{
+  "type": "Topology",
+  "transform": {
+    "scale": [0.0005000500050005, 0.00010001000100010001],
+    "translate": [100, 0]
+  },
+  "objects": {
+    "example": {
+      "type": "GeometryCollection",
+      "geometries": [
+        {
+          "type": "Point",
+          "properties": {"prop0": "value0"},
+          "coordinates": [4000, 5000]
+        },
+        {
+          "type": "LineString",
+          "properties": {"prop0": "value0", "prop1": 0},
+          "arcs": [0]
+        },
+        {
+          "type": "Polygon",
+          "properties": {"prop0": "value0",
+            "prop1": {"this": "that"}
+          },
+          "arcs": [[1]]
+        }
+      ]
+    }
+  },
+  "arcs": [[[4000, 0], [1999, 9999], [2000, -9999], [2000, 9999]],[[0, 0], [0, 9999], [2000, 0], [0, -9999], [-2000, 0]]]
+}
+```
+
+ +![Rendered topojson map](/assets/images/help/writing/fenced-topojson-rendered-map.png) + +For more information on working with `.geojson` and `.topojson` files, see "[Working with non-code files](/repositories/working-with-files/using-files/working-with-non-code-files#mapping-geojson-files-on-github)." + + +## Creating STL 3D models + +You can use ASCII STL syntax directly in markdown to create interactive 3D models. To display a model, add ASCII STL syntax inside a fenced code block with the `stl` syntax identifier. 詳しい情報については[コードブロックの作成とハイライト](/get-started/writing-on-github/working-with-advanced-formatting/creating-and-highlighting-code-blocks)を参照してください。 + +For example, you can create a simple 3D model: + +
+```stl
+solid cube_corner
+  facet normal 0.0 -1.0 0.0
+    outer loop
+      vertex 0.0 0.0 0.0
+      vertex 1.0 0.0 0.0
+      vertex 0.0 0.0 1.0
+    endloop
+  endfacet
+  facet normal 0.0 0.0 -1.0
+    outer loop
+      vertex 0.0 0.0 0.0
+      vertex 0.0 1.0 0.0
+      vertex 1.0 0.0 0.0
+    endloop
+  endfacet
+  facet normal -1.0 0.0 0.0
+    outer loop
+      vertex 0.0 0.0 0.0
+      vertex 0.0 0.0 1.0
+      vertex 0.0 1.0 0.0
+    endloop
+  endfacet
+  facet normal 0.577 0.577 0.577
+    outer loop
+      vertex 1.0 0.0 0.0
+      vertex 0.0 1.0 0.0
+      vertex 0.0 0.0 1.0
+    endloop
+  endfacet
+endsolid
+```
+
+ +![Rendered 3D model](/assets/images/help/writing/fenced-stl-rendered-object.png) + +For more information on working with `.stl` files, see "[Working with non-code files](/repositories/working-with-files/using-files/working-with-non-code-files#3d-file-viewer)." + diff --git a/translations/ja-JP/content/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization.md b/translations/ja-JP/content/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization.md index 535f165c25..61b87d6530 100644 --- a/translations/ja-JP/content/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization.md +++ b/translations/ja-JP/content/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization.md @@ -123,7 +123,7 @@ You can enable or disable features for all repositories. By default, {% data variables.product.prodname_dependabot %} can't update dependencies that are located in private repositories or private package registries. However, if a dependency is in a private {% data variables.product.prodname_dotcom %} repository within the same organization as the project that uses that dependency, you can allow {% data variables.product.prodname_dependabot %} to update the version successfully by giving it access to the host repository. -If your code depends on packages in a private registry, you can allow {% data variables.product.prodname_dependabot %} to update the versions of these dependencies by configuring this at the repository level. You do this by adding authentication details to the _dependabot.yml_ file for the repository. For more information, see "[Configuration options for dependency updates](/github/administering-a-repository/configuration-options-for-dependency-updates#configuration-options-for-private-registries)." +If your code depends on packages in a private registry, you can allow {% data variables.product.prodname_dependabot %} to update the versions of these dependencies by configuring this at the repository level. You do this by adding authentication details to the _dependabot.yml_ file for the repository. For more information, see "[Configuration options for the dependabot.yml file](/github/administering-a-repository/configuration-options-for-dependency-updates#configuration-options-for-private-registries)." To allow {% data variables.product.prodname_dependabot %} to access a private {% data variables.product.prodname_dotcom %} repository: @@ -163,6 +163,5 @@ You can manage access to {% data variables.product.prodname_GH_advanced_security - "[Securing your repository](/code-security/getting-started/securing-your-repository)"{% ifversion not fpt %} - "[About secret scanning](/github/administering-a-repository/about-secret-scanning)"{% endif %}{% ifversion not ghae %} -- "[About the dependency graph](/github/visualizing-repository-data-with-graphs/about-the-dependency-graph)" -- "[Managing vulnerabilities in your project's dependencies](/github/managing-security-vulnerabilities/managing-vulnerabilities-in-your-projects-dependencies)"{% endif %}{% ifversion fpt or ghec or ghes > 3.2 %} -- "[Keeping your dependencies updated automatically](/github/administering-a-repository/keeping-your-dependencies-updated-automatically)"{% endif %} +- "[About the dependency graph](/github/visualizing-repository-data-with-graphs/about-the-dependency-graph)"{% endif %}{% ifversion fpt or ghec or ghes or ghae-issue-4864 %} +- "[About supply chain security](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-supply-chain-security)"{% endif %} diff --git a/translations/ja-JP/content/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization.md b/translations/ja-JP/content/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization.md index a79bd3321e..f6d67a50f8 100644 --- a/translations/ja-JP/content/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization.md +++ b/translations/ja-JP/content/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization.md @@ -42,7 +42,7 @@ To search for specific events, use the `action` qualifier in your query. Actions | [`billing`](#billing-category-actions) | Contains all activities related to your organization's billing. | [`business`](#business-category-actions) | Contains activities related to business settings for an enterprise. | | [`codespaces`](#codespaces-category-actions) | Contains all activities related to your organization's codespaces. |{% endif %}{% ifversion fpt or ghec or ghes > 3.2 %} -| [`dependabot_alerts`](#dependabot_alerts-category-actions) | Contains organization-level configuration activities for {% data variables.product.prodname_dependabot_alerts %} in existing repositories. For more information, see "[About alerts for vulnerable dependencies](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)." +| [`dependabot_alerts`](#dependabot_alerts-category-actions) | Contains organization-level configuration activities for {% data variables.product.prodname_dependabot_alerts %} in existing repositories. For more information, see "[About {% data variables.product.prodname_dependabot_alerts %}](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)." | [`dependabot_alerts_new_repos`](#dependabot_alerts_new_repos-category-actions) | Contains organization-level configuration activities for {% data variables.product.prodname_dependabot_alerts %} in new repositories created in the organization. | [`dependabot_security_updates`](#dependabot_security_updates-category-actions) | Contains organization-level configuration activities for {% data variables.product.prodname_dependabot_security_updates %} in existing repositories. For more information, see "[Configuring {% data variables.product.prodname_dependabot_security_updates %}](/github/managing-security-vulnerabilities/configuring-dependabot-security-updates)." | [`dependabot_security_updates_new_repos`](#dependabot_security_updates_new_repos-category-actions) | Contains organization-level configuration activities for {% data variables.product.prodname_dependabot_security_updates %} for new repositories created in the organization.{% endif %}{% ifversion fpt or ghec %} @@ -680,7 +680,7 @@ For more information, see "[Managing the publication of {% data variables.produc | Action | Description |------------------|------------------- -| `create` | Triggered when {% data variables.product.product_name %} creates a {% data variables.product.prodname_dependabot %} alert for a repository that uses a vulnerable dependency. For more information, see "[About alerts for vulnerable dependencies](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)." +| `create` | Triggered when {% data variables.product.product_name %} creates a {% data variables.product.prodname_dependabot %} alert for a repository that uses a vulnerable dependency. For more information, see "[About {% data variables.product.prodname_dependabot_alerts %}](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)." | `dismiss` | Triggered when an organization owner or person with admin access to the repository dismisses a {% data variables.product.prodname_dependabot %} alert about a vulnerable dependency. | `resolve` | Triggered when someone with write access to a repository pushes changes to update and resolve a vulnerability in a project dependency. diff --git a/translations/ja-JP/content/packages/learn-github-packages/about-permissions-for-github-packages.md b/translations/ja-JP/content/packages/learn-github-packages/about-permissions-for-github-packages.md index e2eea2abaa..021191b162 100644 --- a/translations/ja-JP/content/packages/learn-github-packages/about-permissions-for-github-packages.md +++ b/translations/ja-JP/content/packages/learn-github-packages/about-permissions-for-github-packages.md @@ -47,7 +47,7 @@ shortTitle: 権限について 例: - リポジトリからパッケージをダウンロードしてインストールするには、トークンは`read:packages`スコープを持っていなければならず、ユーザアカウントは読み取り権限を持っていなければなりません。 -- |{% ifversion fpt or ghes > 3.1 or ghec %}To delete a package on {% data variables.product.product_name %}, your token must at least have the `delete:packages` and `read:packages` scope. The `repo` scope is also required for repo-scoped packages. For more information, see "[Deleting and restoring a package](/packages/learn-github-packages/deleting-and-restoring-a-package)."{% elsif ghae %}To delete a specified version of a package on {% data variables.product.product_name %}, your token must have the `delete:packages` and `repo` scope. For more information, see "[Deleting and restoring a package](/packages/learn-github-packages/deleting-and-restoring-a-package)."{% endif %} +- |{% ifversion fpt or ghes > 3.1 or ghec %}{% data variables.product.product_name %}上のパッケージを削除するには、トークンが少なくとも`delete:packages`と`read:packages`のスコープを持っている必要があります。 リポジトリをスコープとするパッケージには、 `repo`スコープも必要です。 詳しい情報については「[パッケージの削除と復元](/packages/learn-github-packages/deleting-and-restoring-a-package)」を参照してください。{% elsif ghae %}{% data variables.product.product_name %}上のパッケージの指定されたバージョンを削除するには、トークンが`delete:packages`及び`repo`スコープを持っていなければなりません。 詳しい情報については、「[パッケージの削除とリストア](/packages/learn-github-packages/deleting-and-restoring-a-package)」を参照してください。{% endif %} | スコープ | 説明 | 必要な権限 | | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------- | ------------ | | `read:packages` | {% data variables.product.prodname_registry %}からのパッケージのダウンロードとインストール | 読み取り | diff --git a/translations/ja-JP/content/packages/working-with-a-github-packages-registry/working-with-the-rubygems-registry.md b/translations/ja-JP/content/packages/working-with-a-github-packages-registry/working-with-the-rubygems-registry.md index b3a5b600b9..01a56b4478 100644 --- a/translations/ja-JP/content/packages/working-with-a-github-packages-registry/working-with-the-rubygems-registry.md +++ b/translations/ja-JP/content/packages/working-with-a-github-packages-registry/working-with-the-rubygems-registry.md @@ -136,7 +136,7 @@ You can use gems from {% data variables.product.prodname_registry %} much like y end ``` -3. For Bundler versions earlier than 1.7.0, you need to add a new global `source`. For more information on using Bundler, see the [bundler.io documentation](http://bundler.io/v1.5/gemfile.html). +3. For Bundler versions earlier than 1.7.0, you need to add a new global `source`. For more information on using Bundler, see the [bundler.io documentation](https://bundler.io/gemfile.html). ```ruby source "https://{% ifversion fpt or ghec %}rubygems.pkg.github.com{% else %}REGISTRY-URL{% endif %}/OWNER" diff --git a/translations/ja-JP/content/pages/setting-up-a-github-pages-site-with-jekyll/testing-your-github-pages-site-locally-with-jekyll.md b/translations/ja-JP/content/pages/setting-up-a-github-pages-site-with-jekyll/testing-your-github-pages-site-locally-with-jekyll.md index 0614d8ad8e..6f1fa114b1 100644 --- a/translations/ja-JP/content/pages/setting-up-a-github-pages-site-with-jekyll/testing-your-github-pages-site-locally-with-jekyll.md +++ b/translations/ja-JP/content/pages/setting-up-a-github-pages-site-with-jekyll/testing-your-github-pages-site-locally-with-jekyll.md @@ -50,6 +50,12 @@ Jekyll を使用してサイトをテストする前に、以下の操作が必 ``` 3. サイトをプレビューするには、ウェブブラウザで `http://localhost:4000` を開きます。 +{% note %} + +**Note:** If you are using Ruby 3.0 and Jekyll 4.2.x or older, you will need to add the `webrick` gem to your project's Gemfile prior to running `bundle install`. + +{% endnote %} + ## {% data variables.product.prodname_pages %} gem の更新 Jekyll は、頻繁に更新されているアクティブなオープンソースプロジェクトです。 お使いのコンピュータ上の `github-pages` gem が {% data variables.product.prodname_pages %} サーバー上の `github-pages` gem と比較して古くなっている場合は、ローカルでビルドしたときと {% data variables.product.product_name %} に公開したときで、サイトの見え方が異なることがあります。 こうならないように、お使いのコンピュータ上の `github-pages` gem は常にアップデートしておきましょう。 diff --git a/translations/ja-JP/content/repositories/viewing-activity-and-data-for-your-repository/understanding-connections-between-repositories.md b/translations/ja-JP/content/repositories/viewing-activity-and-data-for-your-repository/understanding-connections-between-repositories.md index f9238820cb..e16ade776b 100644 --- a/translations/ja-JP/content/repositories/viewing-activity-and-data-for-your-repository/understanding-connections-between-repositories.md +++ b/translations/ja-JP/content/repositories/viewing-activity-and-data-for-your-repository/understanding-connections-between-repositories.md @@ -73,5 +73,5 @@ shortTitle: Connections between repositories 依存関係グラフは、リポジトリの依存関係を視覚化して調査するために最適な方法を提供しています。 詳しい情報については、「[依存関係グラフについて](/code-security/supply-chain-security/about-the-dependency-graph)」および「[リポジトリの依存関係を調べる](/code-security/supply-chain-security/exploring-the-dependencies-of-a-repository) 」を参照してください。 -依存関係の 1 つにセキュリティの脆弱性が見つかった場合は、{% data variables.product.company_short %} が自動的に警告するようにリポジトリを設定することもできます。 詳しい情報については、「[脆弱性のある依存関係に対するアラートについて](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)」を参照してください。 +依存関係の 1 つにセキュリティの脆弱性が見つかった場合は、{% data variables.product.company_short %} が自動的に警告するようにリポジトリを設定することもできます。 詳しい情報については、「[{% data variables.product.prodname_dependabot_alerts %} について](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)」を参照してください。 {% endif %} diff --git a/translations/ja-JP/content/repositories/working-with-files/using-files/working-with-non-code-files.md b/translations/ja-JP/content/repositories/working-with-files/using-files/working-with-non-code-files.md index a72acf5017..3a763b8869 100644 --- a/translations/ja-JP/content/repositories/working-with-files/using-files/working-with-non-code-files.md +++ b/translations/ja-JP/content/repositories/working-with-files/using-files/working-with-non-code-files.md @@ -130,6 +130,12 @@ For example, if your model's URL is [`github.com/skalnik/secret-bear-clip/blob/m {% endtip %} +{% if mermaid %} +### Rendering in Markdown + +You can embed ASCII STL syntax directly in Markdown. For more information, see "[Creating diagrams](/get-started/writing-on-github/working-with-advanced-formatting/creating-diagrams#creating-stl-3d-models)." +{% endif %} + ## CSV および TSV データをレンダリングする GitHub では、*.csv* (カンマ区切り) 形式および *.tsv* (タブ区切り) 形式のファイルのレンダリングがサポートされています。 @@ -233,7 +239,7 @@ HTML ドキュメントへのコミットのレンダリング済みビューは ![ソースとレンダリングの切り替えのスクリーンショット](/assets/images/help/repository/source-render-toggle-geojson.png) -### ジオメトリのタイプ +### Geometry types {% data variables.product.product_name %} のマップは [Leaflet.js](http://leafletjs.com) を使用し、[geoJSON の仕様](http://www.geojson.org/geojson-spec.html) (Point、LineString、Polygon、MultiPoint、MultiLineString、MultiPolygon、GeometryCollection) に概要が示されているジオメトリのタイプをすべてサポートしています。 TopoJSON ファイルは "Topology" タイプで、[topoJSON の仕様](https://github.com/mbostock/topojson/wiki/Specification)に従っている必要があります。 @@ -274,6 +280,12 @@ GeoJSON マップを {% data variables.product.product_name %} 以外の場所 {% endtip %} +{% if mermaid %} +### Mapping in Markdown + +You can embed geoJSON and topoJSON directly in Markdown. For more information, see "[Creating diagrams](/get-started/writing-on-github/working-with-advanced-formatting/creating-diagrams#creating-geojson-and-topojson-maps)." +{% endif %} + ### クラスタリング マップに大量のマーカー (およそ 750 以上) が設定されている場合、ズーム レベルが大きいときは近隣のマーカーが自動的にクラスタ化されます。 クラスタをクリックしてズームするだけで、個々のマーカーが表示されます。 @@ -292,7 +304,7 @@ geoJSON ファイルのレンダリングに問題がある場合は、[geoJSON その場合でも、`.geojson` ファイルを [TopoJSON](https://github.com/mbostock/topojson) に変換すればデータをレンダリングできます。TopoJSONは、ファイルサイズを最大 80% まで縮小できる圧縮形式です。 ファイルを小さいチャンクに分割し (州ごと、年ごとなど)、データを複数のファイルとしてリポジトリに格納することは、もちろんいつでもできます。 -### 他のリソース +### 参考リンク * [Leaflet.js geojson ドキュメント](http://leafletjs.com/examples/geojson.html) * [MapBox マーカースタイリングのドキュメント](http://www.mapbox.com/developers/simplestyle/) @@ -320,3 +332,44 @@ $ jupyter nbconvert --to html NOTEBOOK-NAME.ipynb - [Jupyter notebook の GitHub リポジトリ](https://github.com/jupyter/jupyter_notebook) - [Jupyter notebooks のギャラリー](https://github.com/jupyter/jupyter/wiki/A-gallery-of-interesting-Jupyter-Notebooks) + +{% if mermaid %} +## Displaying Mermaid files on {% data variables.product.prodname_dotcom %} + +{% data variables.product.product_name %} supports rendering Mermaid files within repositories. Commit the file as you would normally using a `.mermaid` or `.mmd` extension. Then, navigate to the path of the Mermaid file on {% data variables.product.prodname_dotcom %}. + +For example, if you add a `.mmd` file with the following content to your repository: + +``` +graph TD + A[Friend's Birthday] -->|Get money| B(Go shopping) + B --> C{Let me think} + C -->|One| D["Cool
Laptop"] + C -->|Two| E[iPhone] + C -->|Three| F[fa:fa-car Car] +``` + +When you view the file in the repository, it is rendered as a flow chart. ![Rendered mermaid file diagram](/assets/images/help/repository/mermaid-file-diagram.png) + +### トラブルシューティング + +If your chart does not render at all, verify that it contains valid Mermaid Markdown syntax by checking your chart with the [Mermaid live editor](https://mermaid.live/edit). + +If the chart displays, but does not appear as you'd expect, you can create a new [feedback discussion](https://github.com/github/feedback/discussions/categories/general-feedback), and add the `mermaid` tag. + +#### 既知の問題 + +* Sequence diagram charts frequently render with additional padding below the chart, with more padding added as the chart size increases. This is a known issue with the Mermaid library. +* Actor nodes with popover menus do not work as expected within sequence diagram charts. This is due to a discrepancy in how JavaScript events are added to a chart when the Mermaid library's API is used to render a chart. +* Not all charts are a11y compliant. This may affect users who rely on a screen reader. + +### Mermaid in Markdown + +You can embed Mermaid syntax directly in Markdown. For more information, see "[Creating diagrams](/get-started/writing-on-github/working-with-advanced-formatting/creating-diagrams#creating-mermaid-diagrams)." + +### 参考リンク + +* [Mermaid.js documentation](https://mermaid-js.github.io/mermaid/#/) +* [Mermaid.js live editor](https://mermaid.live/edit) +{% endif %} + diff --git a/translations/ja-JP/content/rest/reference/deploy_keys.md b/translations/ja-JP/content/rest/reference/deploy_keys.md new file mode 100644 index 0000000000..2a49dbdf47 --- /dev/null +++ b/translations/ja-JP/content/rest/reference/deploy_keys.md @@ -0,0 +1,17 @@ +--- +title: Deploy Keys +intro: 'The Deploy Keys API allows to create an SSH key that is stored on your server and grants access to a GitHub repository.' +allowTitleToDifferFromFilename: true +versions: + fpt: '*' + ghes: '*' + ghae: '*' + ghec: '*' +topics: + - API +miniTocMaxHeadingLevel: 3 +--- + + \ No newline at end of file diff --git a/translations/ja-JP/content/rest/reference/deployments.md b/translations/ja-JP/content/rest/reference/deployments.md index 4bc3de81a0..d4e5c24d50 100644 --- a/translations/ja-JP/content/rest/reference/deployments.md +++ b/translations/ja-JP/content/rest/reference/deployments.md @@ -1,6 +1,6 @@ --- title: デプロイメント -intro: デプロイメントAPIを使うと、デプロイーキー、デプロイメント、デプロイメント環境の作成と削除ができます。 +intro: The deployments API allows you to create and delete deployments and deployment environments. allowTitleToDifferFromFilename: true versions: fpt: '*' diff --git a/translations/ja-JP/content/rest/reference/index.md b/translations/ja-JP/content/rest/reference/index.md index bbc7d47c7a..4c1aeeb062 100644 --- a/translations/ja-JP/content/rest/reference/index.md +++ b/translations/ja-JP/content/rest/reference/index.md @@ -22,6 +22,7 @@ children: - /collaborators - /commits - /dependabot + - /deploy_keys - /deployments - /emojis - /enterprise-admin diff --git a/translations/ja-JP/data/features/mermaid.yml b/translations/ja-JP/data/features/mermaid.yml index 09870e35f9..db633f907d 100644 --- a/translations/ja-JP/data/features/mermaid.yml +++ b/translations/ja-JP/data/features/mermaid.yml @@ -1,8 +1,8 @@ --- -#Issue 5812 and 6172 -#Mermaid syntax support +#Issues 5812 and 6172, also 6411 +#Mermaid syntax support, also ASCII STL and geoJSON/topoJSON syntax support versions: fpt: '*' ghec: '*' - ghes: '>=3.5' + ghes: '>=3.6' ghae: 'issue-6172' diff --git a/translations/ja-JP/data/learning-tracks/code-security.yml b/translations/ja-JP/data/learning-tracks/code-security.yml index e3ff1aadfc..cd72a37bba 100644 --- a/translations/ja-JP/data/learning-tracks/code-security.yml +++ b/translations/ja-JP/data/learning-tracks/code-security.yml @@ -18,39 +18,39 @@ dependabot_alerts: title: '脆弱な依存関係に関する通知を取得' description: '依存関係中の新しい脆弱性に対するアラートを発するようDependabotをセットアップしてください。' guides: - - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-alerts-for-vulnerable-dependencies + - /code-security/dependabot/dependabot-alerts/about-dependabot-alerts - '{% ifversion fpt or ghec or ghes > 3.2 %}/github/administering-a-repository/managing-repository-settings/managing-security-and-analysis-settings-for-your-repository{% endif %}' - - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/viewing-and-updating-vulnerable-dependencies-in-your-repository - - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/configuring-notifications-for-vulnerable-dependencies - - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/managing-pull-requests-for-dependency-updates - - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/troubleshooting-the-detection-of-vulnerable-dependencies - - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/troubleshooting-dependabot-errors + - /code-security/dependabot/dependabot-alerts/viewing-and-updating-dependabot-alerts + - /code-security/dependabot/dependabot-alerts/configuring-notifications-for-dependabot-alerts + - /code-security/dependabot/working-with-dependabot/managing-pull-requests-for-dependency-updates + - /code-security/dependabot/working-with-dependabot/troubleshooting-the-detection-of-vulnerable-dependencies + - /code-security/dependabot/working-with-dependabot/troubleshooting-dependabot-errors #Feature available on dotcom and GHES 3.3+, so articles available on GHAE and earlier GHES hidden to hide the learning track dependabot_security_updates: title: '脆弱な依存関係を更新するためのPull Requestを取得' description: '新しい脆弱性が報告されたときにPull Requestを作成するようDependabotをセットアップ' guides: - - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-dependabot-security-updates - - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/configuring-dependabot-security-updates + - /code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates + - /code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates - '{% ifversion fpt or ghec or ghes > 3.2 %}/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/configuring-notifications-for-vulnerable-dependencies{% endif %}' - '{% ifversion fpt or ghec or ghes > 3.2 %}/github/administering-a-repository/managing-repository-settings/managing-security-and-analysis-settings-for-your-repository{% endif %}' - - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/managing-pull-requests-for-dependency-updates + - /code-security/dependabot/working-with-dependabot/managing-pull-requests-for-dependency-updates - '{% ifversion fpt or ghec or ghes > 3.2 %}/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/troubleshooting-the-detection-of-vulnerable-dependencies{% endif %}' #Feature available only on dotcom and GHES 3.3+ dependency_version_updates: title: '依存関係を最新に保つ' description: '新しいリリースをチェックし、依存関係を更新するPull Requestを作成するためにDependabotを使ってください。' guides: - - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/about-dependabot-version-updates - - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-dependabot-version-updates - - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/customizing-dependency-updates - - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/configuration-options-for-dependency-updates - - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/keeping-your-actions-up-to-date-with-dependabot - - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/automating-dependabot-with-github-actions - - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/listing-dependencies-configured-for-version-updates - - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/managing-encrypted-secrets-for-dependabot - - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/managing-pull-requests-for-dependency-updates - - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/troubleshooting-dependabot-errors + - /code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates + - /code-security/dependabot/dependabot-version-updates/configuring-dependabot-version-updates + - /code-security/dependabot/dependabot-version-updates/customizing-dependency-updates + - /code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file + - /code-security/dependabot/working-with-dependabot/keeping-your-actions-up-to-date-with-dependabot + - /code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions + - /code-security/dependabot/dependabot-version-updates/listing-dependencies-configured-for-version-updates + - /code-security/dependabot/working-with-dependabot/managing-encrypted-secrets-for-dependabot + - /code-security/dependabot/working-with-dependabot/managing-pull-requests-for-dependency-updates + - /code-security/dependabot/working-with-dependabot/troubleshooting-dependabot-errors #Feature available in GHEC, GHES 3.0 up, and GHAE. Feature limited on FPT so hidden there. secret_scanning: title: 'シークレットのスキャン' diff --git a/translations/ja-JP/data/product-examples/code-security/code-examples.yml b/translations/ja-JP/data/product-examples/code-security/code-examples.yml index 38beac236f..523fc73521 100644 --- a/translations/ja-JP/data/product-examples/code-security/code-examples.yml +++ b/translations/ja-JP/data/product-examples/code-security/code-examples.yml @@ -24,7 +24,7 @@ #Security policies title: Microsoft security policy template description: セキュリティポリシーの例 - href: https://github.com/microsoft/repo-templates/blob/main/shared/SECURITY.md + href: /microsoft/repo-templates/blob/main/shared/SECURITY.md tags: - セキュリティポリシー - diff --git a/translations/ja-JP/data/reusables/code-scanning/alert-default-branch.md b/translations/ja-JP/data/reusables/code-scanning/alert-default-branch.md new file mode 100644 index 0000000000..c6a6029e70 --- /dev/null +++ b/translations/ja-JP/data/reusables/code-scanning/alert-default-branch.md @@ -0,0 +1 @@ +The status and details on the alert page only reflect the state of the alert on the default branch of the repository, even if the alert exists in other branches. You can see the status of the alert on non-default branches in the **Affected branches** section on the right-hand side of the alert page. If an alert doesn't exist in the default branch, the status of the alert will display as "in pull request" or "in branch" and will be colored grey. \ No newline at end of file diff --git a/translations/ja-JP/data/reusables/code-scanning/filter-non-default-branches.md b/translations/ja-JP/data/reusables/code-scanning/filter-non-default-branches.md new file mode 100644 index 0000000000..4df28a76d5 --- /dev/null +++ b/translations/ja-JP/data/reusables/code-scanning/filter-non-default-branches.md @@ -0,0 +1 @@ +Please note that if you have filtered for alerts on a non-default branch, but the same alerts exist on the default branch, the alert page for any given alert will still only reflect the alert's status on the default branch, even if that status conflicts with the status on a non-default branch. For example, an alert that appears in the "Open" list in the summary of alerts for `branch-x` could show a status of "Fixed" on the alert page, if the alert is already fixed on the default branch. You can view the status of the alert for the branch you filtered on in the **Affected branches** section on the right side of the alert page. \ No newline at end of file diff --git a/translations/ja-JP/data/reusables/dependabot/private-dependencies-note.md b/translations/ja-JP/data/reusables/dependabot/private-dependencies-note.md index bba112ff1c..98c5a29e42 100644 --- a/translations/ja-JP/data/reusables/dependabot/private-dependencies-note.md +++ b/translations/ja-JP/data/reusables/dependabot/private-dependencies-note.md @@ -1 +1 @@ -セキュリティあるいはバージョンアップデートを実行する際に、エコシステムによってはアップデートが成功したことを検証するためにすべての依存関係をソースから解決できなければならないことがあります。 マニフェストあるいはロックファイルにプライベートの依存関係が含まれているなら、{% data variables.product.prodname_dependabot %}はそれらの依存関係がホストされている場所にアクセスできなければなりません。 Organizationのオーナーは、同じOrganization内のプロジェクトに対する依存関係を含むプライベートリポジトリへのアクセス権を{% data variables.product.prodname_dependabot %}に付与できます。 詳しい情報については「[Organizatonのためのセキュリティ及び分析設定の管理](/organizations/keeping-your-organization-secure/managing-security-and-analysis-settings-for-your-organization#allowing-dependabot-to-access-private-dependencies)」を参照してください。 リポジトリの_dependabot.yml_設定ファイル中で、プライベートリポジトリへのアクセスを設定できます。 詳しい情報については、「[依存関係の更新の設定オプション](/github/administering-a-repository/configuration-options-for-dependency-updates#configuration-options-for-private-registries) 」を参照してください。 +セキュリティあるいはバージョンアップデートを実行する際に、エコシステムによってはアップデートが成功したことを検証するためにすべての依存関係をソースから解決できなければならないことがあります。 マニフェストあるいはロックファイルにプライベートの依存関係が含まれているなら、{% data variables.product.prodname_dependabot %}はそれらの依存関係がホストされている場所にアクセスできなければなりません。 Organizationのオーナーは、同じOrganization内のプロジェクトに対する依存関係を含むプライベートリポジトリへのアクセス権を{% data variables.product.prodname_dependabot %}に付与できます。 詳しい情報については「[Organizatonのためのセキュリティ及び分析設定の管理](/organizations/keeping-your-organization-secure/managing-security-and-analysis-settings-for-your-organization#allowing-dependabot-to-access-private-dependencies)」を参照してください。 リポジトリの_dependabot.yml_設定ファイル中で、プライベートリポジトリへのアクセスを設定できます。 For more information, see "[Configuration options for the dependabot.yml file](/github/administering-a-repository/configuration-options-for-dependency-updates#configuration-options-for-private-registries)." diff --git a/translations/ja-JP/data/reusables/dependabot/result-discrepancy.md b/translations/ja-JP/data/reusables/dependabot/result-discrepancy.md new file mode 100644 index 0000000000..866f6f4d02 --- /dev/null +++ b/translations/ja-JP/data/reusables/dependabot/result-discrepancy.md @@ -0,0 +1 @@ +{% data variables.product.product_name %} によって報告された依存関係の検出結果は、他のツールから返される結果とは異なる場合があります。 これには理由があり、{% data variables.product.prodname_dotcom %} がプロジェクトの依存関係をどのように決定するかを理解しておくと便利です。 diff --git a/translations/ja-JP/data/reusables/repositories/github-reviews-security-advisories.md b/translations/ja-JP/data/reusables/repositories/github-reviews-security-advisories.md index 4f84799a05..e74228e1a4 100644 --- a/translations/ja-JP/data/reusables/repositories/github-reviews-security-advisories.md +++ b/translations/ja-JP/data/reusables/repositories/github-reviews-security-advisories.md @@ -1,3 +1,3 @@ {% data variables.product.prodname_dotcom %}は、公開されたそれぞれのセキュリティアドバイザリをレビューし、{% data variables.product.prodname_advisory_database %}に追加し、そのセキュリティアドバイザリを使って影響されるリポジトリに{% data variables.product.prodname_dependabot_alerts %}を送信することがあります。 セキュリティアドバイザリがフォークから生ずる場合、ユニークな名前の下でパブリックなパッケージレジストリに公開されたパッケージをフォークが所有しているときにのみアラートが送信されます。 このプロセスには最大で72時間がかかり、{% data variables.product.prodname_dotcom %}がさらなる情報を求めてあなたに連絡することがあります。 -{% data variables.product.prodname_dependabot_alerts %}に関する詳しい情報については、「[脆弱性のある依存関係に対するアラートについて](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies#dependabot-alerts-for-vulnerable-dependencies)」 および「[{% data variables.product.prodname_dependabot_security_updates %}について](/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-dependabot-security-updates)」を参照してください。 {% data variables.product.prodname_advisory_database %}に関する詳しい情報については、「[{% data variables.product.prodname_advisory_database %}におけるセキュリティ脆弱性をブラウズする](/github/managing-security-vulnerabilities/browsing-security-vulnerabilities-in-the-github-advisory-database)」を参照してください。 +For more information about {% data variables.product.prodname_dependabot_alerts %}, see "[About {% data variables.product.prodname_dependabot_alerts %}](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies#dependabot-alerts-for-vulnerable-dependencies)" and "[About {% data variables.product.prodname_dependabot_security_updates %}](/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-dependabot-security-updates)." {% data variables.product.prodname_advisory_database %}に関する詳しい情報については、「[{% data variables.product.prodname_advisory_database %}におけるセキュリティ脆弱性をブラウズする](/github/managing-security-vulnerabilities/browsing-security-vulnerabilities-in-the-github-advisory-database)」を参照してください。 diff --git a/translations/ja-JP/data/reusables/repositories/security-alert-delivery-options.md b/translations/ja-JP/data/reusables/repositories/security-alert-delivery-options.md index df5701fa85..7612c7374b 100644 --- a/translations/ja-JP/data/reusables/repositories/security-alert-delivery-options.md +++ b/translations/ja-JP/data/reusables/repositories/security-alert-delivery-options.md @@ -1,4 +1,4 @@ {% ifversion not ghae %} リポジトリにサポートされている依存関係マニフェストがあり -{% ifversion fpt or ghec %}(そしてプライベートリポジトリの場合に依存関係グラフをセットアップしているなら){% endif %}、リポジトリ内に脆弱な依存関係を{% data variables.product.product_name %}が検出すると、週次のダイジェストメールを受け取ることになります。 セキュリティアラートは、Web通知、個別のメール通知、日次のメールダイジェスト、{% data variables.product.product_name %}インターフェース上のアラートとして設定することもできます。 詳しい情報については、「[脆弱性のある依存関係に対するアラートについて](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)」を参照してください。 +{% ifversion fpt or ghec %}(そしてプライベートリポジトリの場合に依存関係グラフをセットアップしているなら){% endif %}、リポジトリ内に脆弱な依存関係を{% data variables.product.product_name %}が検出すると、週次のダイジェストメールを受け取ることになります。 セキュリティアラートは、Web通知、個別のメール通知、日次のメールダイジェスト、{% data variables.product.product_name %}インターフェース上のアラートとして設定することもできます。 詳しい情報については、「[{% data variables.product.prodname_dependabot_alerts %} について](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)」を参照してください。 {% endif %} diff --git a/translations/ja-JP/data/reusables/rest-reference/deployments/keys.md b/translations/ja-JP/data/reusables/rest-reference/deploy_keys/deploy_keys.md similarity index 94% rename from translations/ja-JP/data/reusables/rest-reference/deployments/keys.md rename to translations/ja-JP/data/reusables/rest-reference/deploy_keys/deploy_keys.md index ae5ed1ae39..f8e7a1c953 100644 --- a/translations/ja-JP/data/reusables/rest-reference/deployments/keys.md +++ b/translations/ja-JP/data/reusables/rest-reference/deploy_keys/deploy_keys.md @@ -1,5 +1,3 @@ -## デプロイキー - {% data reusables.repositories.deploy-keys %} デプロイキーは、以下の API エンドポイントを使用するか、GitHub を使用することでセットアップできます。 GitHub でデプロイキーを設定する方法については、「[デプロイキーを管理する](/developers/overview/managing-deploy-keys)」を参照してください。 \ No newline at end of file diff --git a/translations/ja-JP/data/reusables/webhooks/repository_vulnerability_alert_short_desc.md b/translations/ja-JP/data/reusables/webhooks/repository_vulnerability_alert_short_desc.md index 4aea385281..2fe7cd8e0d 100644 --- a/translations/ja-JP/data/reusables/webhooks/repository_vulnerability_alert_short_desc.md +++ b/translations/ja-JP/data/reusables/webhooks/repository_vulnerability_alert_short_desc.md @@ -1 +1 @@ -リポジトリ内のセキュリティ脆弱性アラートに関連するアクティビティ。 {% data reusables.webhooks.action_type_desc %} 詳しい情報については「[脆弱性のある依存関係に対するアラートについて](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies/)」を参照してください。 +リポジトリ内のセキュリティ脆弱性アラートに関連するアクティビティ。 {% data reusables.webhooks.action_type_desc %} For more information, see the "[About {% data variables.product.prodname_dependabot_alerts %}](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies/)". diff --git a/translations/log/ja-resets.csv b/translations/log/ja-resets.csv index a64bef81ea..f57fd583fe 100644 --- a/translations/log/ja-resets.csv +++ b/translations/log/ja-resets.csv @@ -98,15 +98,17 @@ translations/ja-JP/content/code-security/code-scanning/using-codeql-code-scannin translations/ja-JP/content/code-security/code-scanning/using-codeql-code-scanning-with-your-existing-ci-system/configuring-codeql-runner-in-your-ci-system.md,broken liquid tags translations/ja-JP/content/code-security/code-scanning/using-codeql-code-scanning-with-your-existing-ci-system/installing-codeql-cli-in-your-ci-system.md,broken liquid tags translations/ja-JP/content/code-security/code-scanning/using-codeql-code-scanning-with-your-existing-ci-system/running-codeql-runner-in-your-ci-system.md,broken liquid tags +translations/ja-JP/content/code-security/dependabot/dependabot-alerts/about-dependabot-alerts.md,broken liquid tags +translations/ja-JP/content/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates.md,broken liquid tags +translations/ja-JP/content/code-security/dependabot/working-with-dependabot/keeping-your-actions-up-to-date-with-dependabot.md,broken liquid tags +translations/ja-JP/content/code-security/dependabot/working-with-dependabot/troubleshooting-the-detection-of-vulnerable-dependencies.md,broken liquid tags translations/ja-JP/content/code-security/getting-started/securing-your-organization.md,broken liquid tags translations/ja-JP/content/code-security/getting-started/securing-your-repository.md,broken liquid tags translations/ja-JP/content/code-security/index.md,broken liquid tags translations/ja-JP/content/code-security/secret-scanning/about-secret-scanning.md,broken liquid tags -translations/ja-JP/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/keeping-your-actions-up-to-date-with-dependabot.md,broken liquid tags -translations/ja-JP/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-alerts-for-vulnerable-dependencies.md,broken liquid tags -translations/ja-JP/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/configuring-dependabot-security-updates.md,broken liquid tags -translations/ja-JP/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/troubleshooting-the-detection-of-vulnerable-dependencies.md,broken liquid tags +translations/ja-JP/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-supply-chain-security.md,broken liquid tags translations/ja-JP/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph.md,Listed in localization-support#489 +translations/ja-JP/content/code-security/supply-chain-security/understanding-your-software-supply-chain/troubleshooting-the-dependency-graph.md,broken liquid tags translations/ja-JP/content/codespaces/customizing-your-codespace/personalizing-codespaces-for-your-account.md,broken liquid tags translations/ja-JP/content/codespaces/developing-in-codespaces/using-codespaces-in-visual-studio-code.md,broken liquid tags translations/ja-JP/content/codespaces/prebuilding-your-codespaces/configuring-prebuilds.md,broken liquid tags From 4fcd3ae25f5c82c0f1663b65f76e219520ca4b58 Mon Sep 17 00:00:00 2001 From: Peter Bengtsson Date: Fri, 18 Mar 2022 17:46:07 -0400 Subject: [PATCH 32/52] automatically start server for jest (#26206) * reinstate * start server manually * routing tests too * skip more * sleep more and fail if not 200 * use e2etest for content/ too * automatically start server for jest * does this work? * feedbacked * rename things * getting it to work * add dev dependency * install the right version * don't need to start that * fix package lock * update readme about it * feedbacked --- .github/workflows/browser-test.yml | 3 + .github/workflows/test.yml | 10 - Dockerfile | 1 + jest.config.js | 2 + package-lock.json | 409 +++++++++++++++-------------- package.json | 7 +- script/kill-server-for-jest.mjs | 24 ++ script/server-for-jest.mjs | 35 +++ script/start-server-for-jest.mjs | 42 +++ server.mjs | 54 +--- start-server.mjs | 54 ++++ tests/README.md | 25 ++ tests/browser/browser.js | 52 ++-- 13 files changed, 430 insertions(+), 288 deletions(-) create mode 100755 script/kill-server-for-jest.mjs create mode 100644 script/server-for-jest.mjs create mode 100755 script/start-server-for-jest.mjs create mode 100644 start-server.mjs diff --git a/.github/workflows/browser-test.yml b/.github/workflows/browser-test.yml index b5fb973f6c..14b0e3de1b 100644 --- a/.github/workflows/browser-test.yml +++ b/.github/workflows/browser-test.yml @@ -59,5 +59,8 @@ jobs: path: .next/cache key: ${{ runner.os }}-nextjs-${{ hashFiles('package*.json') }} + - name: Run build script + run: npm run build + - name: Run browser-test run: npm run browser-test diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 61e3e3c673..de1034d14f 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -140,16 +140,6 @@ jobs: NODE_ENV: test run: ./script/warm-before-tests.mjs - - name: Start production-like server in the background - if: ${{ matrix.test-group == 'rendering' || matrix.test-group == 'routing' || matrix.test-group == 'content' }} - env: - NODE_ENV: test - PORT: 4000 - run: | - node server.mjs & - sleep 3 - curl --retry-connrefused --retry 5 -I --fail http://localhost:4000/healthz - - name: Run tests env: DIFF_FILE: get_diff_files.txt diff --git a/Dockerfile b/Dockerfile index 082e40cf85..2fef6655a0 100644 --- a/Dockerfile +++ b/Dockerfile @@ -89,6 +89,7 @@ COPY --chown=node:node feature-flags.json ./ COPY --chown=node:node data ./data COPY --chown=node:node next.config.js ./ COPY --chown=node:node server.mjs ./server.mjs +COPY --chown=node:node start-server.mjs ./start-server.mjs EXPOSE $PORT diff --git a/jest.config.js b/jest.config.js index 6b0e3458c1..7e320cd0dc 100644 --- a/jest.config.js +++ b/jest.config.js @@ -41,4 +41,6 @@ module.exports = { ], testMatch: ['**/tests/**/*.js'], testLocationInResults: isActions, + globalSetup: './script/start-server-for-jest.mjs', + globalTeardown: './script/kill-server-for-jest.mjs', } diff --git a/package-lock.json b/package-lock.json index db07591998..4f2a50a441 100644 --- a/package-lock.json +++ b/package-lock.json @@ -140,9 +140,11 @@ "japanese-characters": "^1.1.0", "javascript-stringify": "^2.1.0", "jest": "^27.4.7", + "jest-environment-puppeteer": "5.0.4", "jest-fail-on-console": "^2.2.3", "jest-github-actions-reporter": "^1.0.3", "jest-slow-test-reporter": "^1.0.0", + "kill-port": "1.6.1", "linkinator": "^3.0.3", "lint-staged": "^12.3.3", "make-promises-safe": "^5.1.0", @@ -3665,9 +3667,9 @@ } }, "node_modules/@sideway/address": { - "version": "4.1.2", - "resolved": "https://registry.npmjs.org/@sideway/address/-/address-4.1.2.tgz", - "integrity": "sha512-idTz8ibqWFrPU8kMirL0CoPH/A29XOzzAzpyN3zQ4kAWnzmNfFmRaoMNN6VI8ske5M73HZyhIaW4OuSFIdM4oA==", + "version": "4.1.3", + "resolved": "https://registry.npmjs.org/@sideway/address/-/address-4.1.3.tgz", + "integrity": "sha512-8ncEUtmnTsMmL7z1YPB47kPUq7LpKWJNFPsRzHiIajGC5uXlWGn+AmkYPcHNl8S4tcEGx+cnORnNYaw2wvL+LQ==", "devOptional": true, "dependencies": { "@hapi/hoek": "^9.0.0" @@ -4847,7 +4849,7 @@ "version": "3.1.0", "resolved": "https://registry.npmjs.org/arr-union/-/arr-union-3.1.0.tgz", "integrity": "sha1-45sJrqne+Gao8gbiiK9jkZuuOcQ=", - "optional": true, + "devOptional": true, "engines": { "node": ">=0.10.0" } @@ -6891,7 +6893,7 @@ "version": "0.2.4", "resolved": "https://registry.npmjs.org/clone-deep/-/clone-deep-0.2.4.tgz", "integrity": "sha1-TnPdCen7lxzDhnDF3O2cGJZIHMY=", - "optional": true, + "devOptional": true, "dependencies": { "for-own": "^0.1.3", "is-plain-object": "^2.0.1", @@ -6907,13 +6909,13 @@ "version": "1.1.6", "resolved": "https://registry.npmjs.org/is-buffer/-/is-buffer-1.1.6.tgz", "integrity": "sha512-NcdALwpXkTm5Zvvbk7owOUSvVvBKDgKP5/ewfXEznmQFfs4ZRmanOeKBTjRVjka3QFoN6XJ+9F3USqfHqTaU5w==", - "optional": true + "devOptional": true }, "node_modules/clone-deep/node_modules/is-plain-object": { "version": "2.0.4", "resolved": "https://registry.npmjs.org/is-plain-object/-/is-plain-object-2.0.4.tgz", "integrity": "sha512-h5PpgXkWitc38BBMYawTYMWJHFZJVnBquFE57xFpjB8pJFiF6gZ+bU+WyI/yqXiFR5mdLsgYNaPe8uao6Uv9Og==", - "optional": true, + "devOptional": true, "dependencies": { "isobject": "^3.0.1" }, @@ -6925,7 +6927,7 @@ "version": "3.2.2", "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-3.2.2.tgz", "integrity": "sha1-MeohpzS6ubuw8yRm2JOupR5KPGQ=", - "optional": true, + "devOptional": true, "dependencies": { "is-buffer": "^1.1.5" }, @@ -7532,7 +7534,7 @@ "version": "0.10.0", "resolved": "https://registry.npmjs.org/cwd/-/cwd-0.10.0.tgz", "integrity": "sha1-FyQAaUBXwioTsM8WFix+S3p/5Wc=", - "optional": true, + "devOptional": true, "dependencies": { "find-pkg": "^0.1.2", "fs-exists-sync": "^0.1.0" @@ -9227,7 +9229,7 @@ "version": "1.2.2", "resolved": "https://registry.npmjs.org/expand-tilde/-/expand-tilde-1.2.2.tgz", "integrity": "sha1-C4HrqJflo9MdHD0QL48BRB5VlEk=", - "optional": true, + "devOptional": true, "dependencies": { "os-homedir": "^1.0.1" }, @@ -9597,7 +9599,7 @@ "version": "0.1.3", "resolved": "https://registry.npmjs.org/find-file-up/-/find-file-up-0.1.3.tgz", "integrity": "sha1-z2gJG8+fMApA2kEbN9pczlovvqA=", - "optional": true, + "devOptional": true, "dependencies": { "fs-exists-sync": "^0.1.0", "resolve-dir": "^0.1.0" @@ -9610,7 +9612,7 @@ "version": "0.1.2", "resolved": "https://registry.npmjs.org/find-pkg/-/find-pkg-0.1.2.tgz", "integrity": "sha1-G9wiwG42NlUy4qJIBGhUuXiNpVc=", - "optional": true, + "devOptional": true, "dependencies": { "find-file-up": "^0.1.2" }, @@ -9622,7 +9624,7 @@ "version": "1.4.7", "resolved": "https://registry.npmjs.org/find-process/-/find-process-1.4.7.tgz", "integrity": "sha512-/U4CYp1214Xrp3u3Fqr9yNynUrr5Le4y0SsJh2lMDDSbpwYSz3M2SMWQC+wqcx79cN8PQtHQIL8KnuY9M66fdg==", - "optional": true, + "devOptional": true, "dependencies": { "chalk": "^4.0.0", "commander": "^5.1.0", @@ -9636,7 +9638,7 @@ "version": "4.1.2", "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz", "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==", - "optional": true, + "devOptional": true, "dependencies": { "ansi-styles": "^4.1.0", "supports-color": "^7.1.0" @@ -9652,7 +9654,7 @@ "version": "5.1.0", "resolved": "https://registry.npmjs.org/commander/-/commander-5.1.0.tgz", "integrity": "sha512-P0CysNDQ7rtVw4QIQtm+MRxV66vKFSvlsQvGYXZWR3qFU0jlMKHZZZgw8e+8DSah4UDKMqnknRDQz+xuQXQ/Zg==", - "optional": true, + "devOptional": true, "engines": { "node": ">= 6" } @@ -9725,7 +9727,7 @@ "version": "1.0.2", "resolved": "https://registry.npmjs.org/for-in/-/for-in-1.0.2.tgz", "integrity": "sha1-gQaNKVqBQuwKxybG4iAMMPttXoA=", - "optional": true, + "devOptional": true, "engines": { "node": ">=0.10.0" } @@ -9734,7 +9736,7 @@ "version": "0.1.5", "resolved": "https://registry.npmjs.org/for-own/-/for-own-0.1.5.tgz", "integrity": "sha1-UmXGgaTylNq78XyVCbZ2OqhFEM4=", - "optional": true, + "devOptional": true, "dependencies": { "for-in": "^1.0.1" }, @@ -9845,7 +9847,7 @@ "version": "0.1.0", "resolved": "https://registry.npmjs.org/fs-exists-sync/-/fs-exists-sync-0.1.0.tgz", "integrity": "sha1-mC1ok6+RjnLQjeyehnP/K1qNat0=", - "optional": true, + "devOptional": true, "engines": { "node": ">=0.10.0" } @@ -10029,6 +10031,12 @@ "url": "https://github.com/sponsors/ljharb" } }, + "node_modules/get-them-args": { + "version": "1.3.2", + "resolved": "https://registry.npmjs.org/get-them-args/-/get-them-args-1.3.2.tgz", + "integrity": "sha1-dKILqKSr7OWuGZrQPyvMaP38m6U=", + "dev": true + }, "node_modules/gifwrap": { "version": "0.9.2", "resolved": "https://registry.npmjs.org/gifwrap/-/gifwrap-0.9.2.tgz", @@ -10236,7 +10244,7 @@ "version": "0.2.3", "resolved": "https://registry.npmjs.org/global-modules/-/global-modules-0.2.3.tgz", "integrity": "sha1-6lo77ULG1s6ZWk+KEmm12uIjgo0=", - "optional": true, + "devOptional": true, "dependencies": { "global-prefix": "^0.1.4", "is-windows": "^0.2.0" @@ -10249,7 +10257,7 @@ "version": "0.1.5", "resolved": "https://registry.npmjs.org/global-prefix/-/global-prefix-0.1.5.tgz", "integrity": "sha1-jTvGuNo8qBEqFg2NSW/wRiv+948=", - "optional": true, + "devOptional": true, "dependencies": { "homedir-polyfill": "^1.0.0", "ini": "^1.3.4", @@ -10264,7 +10272,7 @@ "version": "1.3.1", "resolved": "https://registry.npmjs.org/which/-/which-1.3.1.tgz", "integrity": "sha512-HxJdYWq1MTIQbJ3nw0cqssHoTNU267KlrDuGZ1WYlxDStUtKUhOaJmh112/TZmHxxUfuJqPXSOm7tDyas0OSIQ==", - "optional": true, + "devOptional": true, "dependencies": { "isexe": "^2.0.0" }, @@ -10822,7 +10830,7 @@ "version": "1.0.3", "resolved": "https://registry.npmjs.org/homedir-polyfill/-/homedir-polyfill-1.0.3.tgz", "integrity": "sha512-eSmmWE5bZTK2Nou4g0AI3zZ9rswp7GRKoKXS1BLUkvPviOqs4YTN1djQIqrXy9k5gEtdLPy86JjRwsNM9tnDcA==", - "optional": true, + "devOptional": true, "dependencies": { "parse-passwd": "^1.0.0" }, @@ -11718,7 +11726,7 @@ "version": "0.2.0", "resolved": "https://registry.npmjs.org/is-windows/-/is-windows-0.2.0.tgz", "integrity": "sha1-3hqm1j6indJIc3tp8f+LgALSEIw=", - "optional": true, + "devOptional": true, "engines": { "node": ">=0.10.0" } @@ -11766,7 +11774,7 @@ "version": "3.0.1", "resolved": "https://registry.npmjs.org/isobject/-/isobject-3.0.1.tgz", "integrity": "sha1-TkMekrEalzFjaqH5yNHMvP2reN8=", - "optional": true, + "devOptional": true, "engines": { "node": ">=0.10.0" } @@ -12081,7 +12089,7 @@ "version": "5.0.3", "resolved": "https://registry.npmjs.org/jest-dev-server/-/jest-dev-server-5.0.3.tgz", "integrity": "sha512-aJR3a5KdY18Lsz+VbREKwx2HM3iukiui+J9rlv9o6iYTwZCSsJazSTStcD9K1q0AIF3oA+FqLOKDyo/sc7+fJw==", - "optional": true, + "devOptional": true, "dependencies": { "chalk": "^4.1.1", "cwd": "^0.10.0", @@ -12096,7 +12104,7 @@ "version": "4.1.2", "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz", "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==", - "optional": true, + "devOptional": true, "dependencies": { "ansi-styles": "^4.1.0", "supports-color": "^7.1.0" @@ -12222,7 +12230,7 @@ "version": "5.0.4", "resolved": "https://registry.npmjs.org/jest-environment-puppeteer/-/jest-environment-puppeteer-5.0.4.tgz", "integrity": "sha512-wd4EDOD4QRi11QZ1IV8WsL1wlnnMUtcqtU0BNm+REzRtg78K2XHn3jS6YxGeXIOnsgrJeHxsD7DlRZ/GkFteLg==", - "optional": true, + "devOptional": true, "dependencies": { "chalk": "^4.1.1", "cwd": "^0.10.0", @@ -12235,7 +12243,7 @@ "version": "4.1.2", "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz", "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==", - "optional": true, + "devOptional": true, "dependencies": { "ansi-styles": "^4.1.0", "supports-color": "^7.1.0" @@ -12891,14 +12899,14 @@ } }, "node_modules/joi": { - "version": "17.4.2", - "resolved": "https://registry.npmjs.org/joi/-/joi-17.4.2.tgz", - "integrity": "sha512-Lm56PP+n0+Z2A2rfRvsfWVDXGEWjXxatPopkQ8qQ5mxCEhwHG+Ettgg5o98FFaxilOxozoa14cFhrE/hOzh/Nw==", + "version": "17.6.0", + "resolved": "https://registry.npmjs.org/joi/-/joi-17.6.0.tgz", + "integrity": "sha512-OX5dG6DTbcr/kbMFj0KGYxuew69HPcAE3K/sZpEV2nP6e/j/C0HV+HNiBPCASxdx5T7DMoa0s8UeHWMnb6n2zw==", "devOptional": true, "dependencies": { "@hapi/hoek": "^9.0.0", "@hapi/topo": "^5.0.0", - "@sideway/address": "^4.1.0", + "@sideway/address": "^4.1.3", "@sideway/formula": "^3.0.0", "@sideway/pinpoint": "^2.0.0" } @@ -13138,6 +13146,19 @@ "json-buffer": "3.0.1" } }, + "node_modules/kill-port": { + "version": "1.6.1", + "resolved": "https://registry.npmjs.org/kill-port/-/kill-port-1.6.1.tgz", + "integrity": "sha512-un0Y55cOM7JKGaLnGja28T38tDDop0AQ8N0KlAdyh+B1nmMoX8AnNmqPNZbS3mUMgiST51DCVqmbFT1gNJpVNw==", + "dev": true, + "dependencies": { + "get-them-args": "1.3.2", + "shell-exec": "1.0.2" + }, + "bin": { + "kill-port": "cli.js" + } + }, "node_modules/kind-of": { "version": "6.0.3", "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-6.0.3.tgz", @@ -13194,7 +13215,7 @@ "version": "1.0.4", "resolved": "https://registry.npmjs.org/lazy-cache/-/lazy-cache-1.0.4.tgz", "integrity": "sha1-odePw6UEdMuAhF07O24dpJpEbo4=", - "optional": true, + "devOptional": true, "engines": { "node": ">=0.10.0" } @@ -13452,15 +13473,6 @@ "integrity": "sha512-hUewv7oMjCp+wkBv5Rm0v87eJhq4woh5rSR+42YSQJKecCqgIqNkZ6lAlQms/BwHPJA5NKMRlpxPRv0n8HQW6g==", "dev": true }, - "node_modules/listr2/node_modules/rxjs": { - "version": "7.5.2", - "resolved": "https://registry.npmjs.org/rxjs/-/rxjs-7.5.2.tgz", - "integrity": "sha512-PwDt186XaL3QN5qXj/H9DGyHhP3/RYYgZZwqBv9Tv8rsAaiwFH1IsJJlcgD37J7UW5a6O67qX0KWKS3/pu0m4w==", - "dev": true, - "dependencies": { - "tslib": "^2.1.0" - } - }, "node_modules/listr2/node_modules/slice-ansi": { "version": "3.0.0", "resolved": "https://registry.npmjs.org/slice-ansi/-/slice-ansi-3.0.0.tgz", @@ -14141,7 +14153,7 @@ "version": "3.0.3", "resolved": "https://registry.npmjs.org/merge-deep/-/merge-deep-3.0.3.tgz", "integrity": "sha512-qtmzAS6t6grwEkNrunqTBdn0qKwFgNWvlxUbAV8es9M7Ot1EbyApytCnvE0jALPa46ZpKDUo527kKiaWplmlFA==", - "optional": true, + "devOptional": true, "dependencies": { "arr-union": "^3.1.0", "clone-deep": "^0.2.4", @@ -14155,13 +14167,13 @@ "version": "1.1.6", "resolved": "https://registry.npmjs.org/is-buffer/-/is-buffer-1.1.6.tgz", "integrity": "sha512-NcdALwpXkTm5Zvvbk7owOUSvVvBKDgKP5/ewfXEznmQFfs4ZRmanOeKBTjRVjka3QFoN6XJ+9F3USqfHqTaU5w==", - "optional": true + "devOptional": true }, "node_modules/merge-deep/node_modules/kind-of": { "version": "3.2.2", "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-3.2.2.tgz", "integrity": "sha1-MeohpzS6ubuw8yRm2JOupR5KPGQ=", - "optional": true, + "devOptional": true, "dependencies": { "is-buffer": "^1.1.5" }, @@ -14873,7 +14885,7 @@ "version": "2.0.1", "resolved": "https://registry.npmjs.org/mixin-object/-/mixin-object-2.0.1.tgz", "integrity": "sha1-T7lJRB2rGCVA8f4DW6YOGUel5X4=", - "optional": true, + "devOptional": true, "dependencies": { "for-in": "^0.1.3", "is-extendable": "^0.1.1" @@ -14886,7 +14898,7 @@ "version": "0.1.8", "resolved": "https://registry.npmjs.org/for-in/-/for-in-0.1.8.tgz", "integrity": "sha1-2Hc5COMSVhCZUrH9ubP6hn0ndeE=", - "optional": true, + "devOptional": true, "engines": { "node": ">=0.10.0" } @@ -15976,7 +15988,7 @@ "version": "1.0.2", "resolved": "https://registry.npmjs.org/os-homedir/-/os-homedir-1.0.2.tgz", "integrity": "sha1-/7xJiDNuDoM94MFox+8VISGqf7M=", - "optional": true, + "devOptional": true, "engines": { "node": ">=0.10.0" } @@ -17011,7 +17023,7 @@ "version": "1.0.0", "resolved": "https://registry.npmjs.org/parse-passwd/-/parse-passwd-1.0.0.tgz", "integrity": "sha1-bVuTSkVpk7I9N/QKOC1vFmao5cY=", - "optional": true, + "devOptional": true, "engines": { "node": ">=0.10.0" } @@ -19075,7 +19087,7 @@ "version": "0.1.1", "resolved": "https://registry.npmjs.org/resolve-dir/-/resolve-dir-0.1.1.tgz", "integrity": "sha1-shklmlYC+sXFxJatiUpujMQwJh4=", - "optional": true, + "devOptional": true, "dependencies": { "expand-tilde": "^1.2.2", "global-modules": "^0.2.3" @@ -19218,23 +19230,14 @@ } }, "node_modules/rxjs": { - "version": "6.6.7", - "resolved": "https://registry.npmjs.org/rxjs/-/rxjs-6.6.7.tgz", - "integrity": "sha512-hTdwr+7yYNIT5n4AMYp85KA6yw2Va0FLa3Rguvbpa4W3I5xynaBZo41cM3XM+4Q6fRMj3sBYIR1VAmZMXYJvRQ==", - "optional": true, + "version": "7.5.5", + "resolved": "https://registry.npmjs.org/rxjs/-/rxjs-7.5.5.tgz", + "integrity": "sha512-sy+H0pQofO95VDmFLzyaw9xNJU4KTRSwQIGM6+iG3SypAtCiLDzpeG8sJrNCWn2Up9km+KhkvTdbkrdy+yzZdw==", + "dev": true, "dependencies": { - "tslib": "^1.9.0" - }, - "engines": { - "npm": ">=2.0.0" + "tslib": "^2.1.0" } }, - "node_modules/rxjs/node_modules/tslib": { - "version": "1.14.1", - "resolved": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", - "integrity": "sha512-Xni35NKzjgMrwevysHTCArtLDpPvye8zV/0E4EyYn43P7/7qvQwPh9BGkHewbMulVntbigmcT7rdX3BNo9wRJg==", - "optional": true - }, "node_modules/sade": { "version": "1.7.4", "resolved": "https://registry.npmjs.org/sade/-/sade-1.7.4.tgz", @@ -19571,7 +19574,7 @@ "version": "0.1.2", "resolved": "https://registry.npmjs.org/shallow-clone/-/shallow-clone-0.1.2.tgz", "integrity": "sha1-WQnodLp3EG1zrEFM/sH/yofZcGA=", - "optional": true, + "devOptional": true, "dependencies": { "is-extendable": "^0.1.1", "kind-of": "^2.0.1", @@ -19586,13 +19589,13 @@ "version": "1.1.6", "resolved": "https://registry.npmjs.org/is-buffer/-/is-buffer-1.1.6.tgz", "integrity": "sha512-NcdALwpXkTm5Zvvbk7owOUSvVvBKDgKP5/ewfXEznmQFfs4ZRmanOeKBTjRVjka3QFoN6XJ+9F3USqfHqTaU5w==", - "optional": true + "devOptional": true }, "node_modules/shallow-clone/node_modules/kind-of": { "version": "2.0.1", "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-2.0.1.tgz", "integrity": "sha1-AY7HpM5+OobLkUG+UZ0kyPqpgbU=", - "optional": true, + "devOptional": true, "dependencies": { "is-buffer": "^1.0.2" }, @@ -19604,7 +19607,7 @@ "version": "0.2.7", "resolved": "https://registry.npmjs.org/lazy-cache/-/lazy-cache-0.2.7.tgz", "integrity": "sha1-f+3fLctu23fRHvHRF6tf/fCrG2U=", - "optional": true, + "devOptional": true, "engines": { "node": ">=0.10.0" } @@ -19635,6 +19638,12 @@ "node": ">=8" } }, + "node_modules/shell-exec": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/shell-exec/-/shell-exec-1.0.2.tgz", + "integrity": "sha512-jyVd+kU2X+mWKMmGhx4fpWbPsjvD53k9ivqetutVW/BQ+WIZoDoP4d8vUMGezV6saZsiNoW2f9GIhg9Dondohg==", + "dev": true + }, "node_modules/shell-quote": { "version": "1.7.2", "resolved": "https://registry.npmjs.org/shell-quote/-/shell-quote-1.7.2.tgz", @@ -19680,9 +19689,9 @@ } }, "node_modules/signal-exit": { - "version": "3.0.5", - "resolved": "https://registry.npmjs.org/signal-exit/-/signal-exit-3.0.5.tgz", - "integrity": "sha512-KWcOiKeQj6ZyXx7zq4YxSMgHRlod4czeBQZrPb8OKcohcqAXShm7E20kEMle9WBt26hFcAf0qLOcp5zmY7kOqQ==", + "version": "3.0.7", + "resolved": "https://registry.npmjs.org/signal-exit/-/signal-exit-3.0.7.tgz", + "integrity": "sha512-wnD2ZE+l+SPC/uoS0vXeE9L1+0wuaMqKlfz9AMUo38JsyLSBWSFcHR1Rri62LZc12vLr1gb3jl7iwQhgwpAbGQ==", "devOptional": true }, "node_modules/sisteransi": { @@ -19801,7 +19810,7 @@ "version": "5.0.0", "resolved": "https://registry.npmjs.org/spawnd/-/spawnd-5.0.0.tgz", "integrity": "sha512-28+AJr82moMVWolQvlAIv3JcYDkjkFTEmfDc503wxrF5l2rQ3dFz6DpbXp3kD4zmgGGldfM4xM4v1sFj/ZaIOA==", - "optional": true, + "devOptional": true, "dependencies": { "exit": "^0.1.2", "signal-exit": "^3.0.3", @@ -19933,21 +19942,6 @@ "node": ">=6" } }, - "node_modules/start-server-and-test/node_modules/rxjs": { - "version": "7.4.0", - "resolved": "https://registry.npmjs.org/rxjs/-/rxjs-7.4.0.tgz", - "integrity": "sha512-7SQDi7xeTMCJpqViXh8gL/lebcwlp3d831F05+9B44A4B0WfsEwUQHR64gsH1kvJ+Ep/J9K2+n1hVl1CsGN23w==", - "dev": true, - "dependencies": { - "tslib": "~2.1.0" - } - }, - "node_modules/start-server-and-test/node_modules/tslib": { - "version": "2.1.0", - "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.1.0.tgz", - "integrity": "sha512-hcVC3wYEziELGGmEEXue7D75zbwIIVUMWAVbHItGPx0ziyXxrOMQx4rQEVEV45Ut/1IotuEvwqPopzIOkDMf0A==", - "dev": true - }, "node_modules/start-server-and-test/node_modules/wait-on": { "version": "6.0.0", "resolved": "https://registry.npmjs.org/wait-on/-/wait-on-6.0.0.tgz", @@ -20913,7 +20907,7 @@ "version": "1.2.2", "resolved": "https://registry.npmjs.org/tree-kill/-/tree-kill-1.2.2.tgz", "integrity": "sha512-L0Orpi8qGpRG//Nd+H90vFB+3iHnue1zSSGmNOOCh1GLJ7rUKVwV2HvijphGQS2UmhUZewS9VgvxYIdgr+fG1A==", - "optional": true, + "devOptional": true, "bin": { "tree-kill": "cli.js" } @@ -21776,7 +21770,7 @@ "version": "5.3.0", "resolved": "https://registry.npmjs.org/wait-on/-/wait-on-5.3.0.tgz", "integrity": "sha512-DwrHrnTK+/0QFaB9a8Ol5Lna3k7WvUR4jzSKmz0YaPBpuN2sACyiPVKVfj6ejnjcajAcvn3wlbTyMIn9AZouOg==", - "optional": true, + "devOptional": true, "dependencies": { "axios": "^0.21.1", "joi": "^17.3.0", @@ -21791,11 +21785,29 @@ "node": ">=8.9.0" } }, + "node_modules/wait-on/node_modules/rxjs": { + "version": "6.6.7", + "resolved": "https://registry.npmjs.org/rxjs/-/rxjs-6.6.7.tgz", + "integrity": "sha512-hTdwr+7yYNIT5n4AMYp85KA6yw2Va0FLa3Rguvbpa4W3I5xynaBZo41cM3XM+4Q6fRMj3sBYIR1VAmZMXYJvRQ==", + "devOptional": true, + "dependencies": { + "tslib": "^1.9.0" + }, + "engines": { + "npm": ">=2.0.0" + } + }, + "node_modules/wait-on/node_modules/tslib": { + "version": "1.14.1", + "resolved": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", + "integrity": "sha512-Xni35NKzjgMrwevysHTCArtLDpPvye8zV/0E4EyYn43P7/7qvQwPh9BGkHewbMulVntbigmcT7rdX3BNo9wRJg==", + "devOptional": true + }, "node_modules/wait-port": { "version": "0.2.9", "resolved": "https://registry.npmjs.org/wait-port/-/wait-port-0.2.9.tgz", "integrity": "sha512-hQ/cVKsNqGZ/UbZB/oakOGFqic00YAMM5/PEj3Bt4vKarv2jWIWzDbqlwT94qMs/exAQAsvMOq99sZblV92zxQ==", - "optional": true, + "devOptional": true, "dependencies": { "chalk": "^2.4.2", "commander": "^3.0.2", @@ -21812,7 +21824,7 @@ "version": "3.2.1", "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-3.2.1.tgz", "integrity": "sha512-VT0ZI6kZRdTh8YyJw3SMbYm/u+NqfsAxEpWO0Pf9sq8/e94WxxOpPKx9FR1FlyCtOVDNOQ+8ntlqFxiRc+r5qA==", - "optional": true, + "devOptional": true, "dependencies": { "color-convert": "^1.9.0" }, @@ -21824,7 +21836,7 @@ "version": "2.4.2", "resolved": "https://registry.npmjs.org/chalk/-/chalk-2.4.2.tgz", "integrity": "sha512-Mti+f9lpJNcwF4tWV8/OrTTtF1gZi+f8FqlyAdouralcFWFQWF2+NgCHShjkCb+IFBLq9buZwE1xckQU4peSuQ==", - "optional": true, + "devOptional": true, "dependencies": { "ansi-styles": "^3.2.1", "escape-string-regexp": "^1.0.5", @@ -21838,7 +21850,7 @@ "version": "1.9.3", "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-1.9.3.tgz", "integrity": "sha512-QfAUtd+vFdAtFQcC8CCyYt1fYWxSqAiK2cSD6zDB8N3cpsEBAvRxp9zOGg6G/SHHJYAT88/az/IuDGALsNVbGg==", - "optional": true, + "devOptional": true, "dependencies": { "color-name": "1.1.3" } @@ -21847,19 +21859,19 @@ "version": "1.1.3", "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.3.tgz", "integrity": "sha1-p9BVi9icQveV3UIyj3QIMcpTvCU=", - "optional": true + "devOptional": true }, "node_modules/wait-port/node_modules/commander": { "version": "3.0.2", "resolved": "https://registry.npmjs.org/commander/-/commander-3.0.2.tgz", "integrity": "sha512-Gar0ASD4BDyKC4hl4DwHqDrmvjoxWKZigVnAbn5H1owvm4CxCPdb0HQDehwNYMJpla5+M2tPmPARzhtYuwpHow==", - "optional": true + "devOptional": true }, "node_modules/wait-port/node_modules/escape-string-regexp": { "version": "1.0.5", "resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz", "integrity": "sha1-G2HAViGQqN/2rjuyzwIAyhMLhtQ=", - "optional": true, + "devOptional": true, "engines": { "node": ">=0.8.0" } @@ -21868,7 +21880,7 @@ "version": "3.0.0", "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-3.0.0.tgz", "integrity": "sha1-tdRU3CGZriJWmfNGfloH87lVuv0=", - "optional": true, + "devOptional": true, "engines": { "node": ">=4" } @@ -21877,7 +21889,7 @@ "version": "5.5.0", "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-5.5.0.tgz", "integrity": "sha512-QjVjwdXIt408MIiAqCX4oUKsgU2EqAGzs2Ppkm4aQYbjm+ZEWEcW4SfFNTr4uMNZma0ey4f5lgLrkB0aX0QMow==", - "optional": true, + "devOptional": true, "dependencies": { "has-flag": "^3.0.0" }, @@ -25192,9 +25204,9 @@ } }, "@sideway/address": { - "version": "4.1.2", - "resolved": "https://registry.npmjs.org/@sideway/address/-/address-4.1.2.tgz", - "integrity": "sha512-idTz8ibqWFrPU8kMirL0CoPH/A29XOzzAzpyN3zQ4kAWnzmNfFmRaoMNN6VI8ske5M73HZyhIaW4OuSFIdM4oA==", + "version": "4.1.3", + "resolved": "https://registry.npmjs.org/@sideway/address/-/address-4.1.3.tgz", + "integrity": "sha512-8ncEUtmnTsMmL7z1YPB47kPUq7LpKWJNFPsRzHiIajGC5uXlWGn+AmkYPcHNl8S4tcEGx+cnORnNYaw2wvL+LQ==", "devOptional": true, "requires": { "@hapi/hoek": "^9.0.0" @@ -26202,7 +26214,7 @@ "version": "3.1.0", "resolved": "https://registry.npmjs.org/arr-union/-/arr-union-3.1.0.tgz", "integrity": "sha1-45sJrqne+Gao8gbiiK9jkZuuOcQ=", - "optional": true + "devOptional": true }, "array-flatten": { "version": "1.1.1", @@ -27906,7 +27918,7 @@ "version": "0.2.4", "resolved": "https://registry.npmjs.org/clone-deep/-/clone-deep-0.2.4.tgz", "integrity": "sha1-TnPdCen7lxzDhnDF3O2cGJZIHMY=", - "optional": true, + "devOptional": true, "requires": { "for-own": "^0.1.3", "is-plain-object": "^2.0.1", @@ -27919,13 +27931,13 @@ "version": "1.1.6", "resolved": "https://registry.npmjs.org/is-buffer/-/is-buffer-1.1.6.tgz", "integrity": "sha512-NcdALwpXkTm5Zvvbk7owOUSvVvBKDgKP5/ewfXEznmQFfs4ZRmanOeKBTjRVjka3QFoN6XJ+9F3USqfHqTaU5w==", - "optional": true + "devOptional": true }, "is-plain-object": { "version": "2.0.4", "resolved": "https://registry.npmjs.org/is-plain-object/-/is-plain-object-2.0.4.tgz", "integrity": "sha512-h5PpgXkWitc38BBMYawTYMWJHFZJVnBquFE57xFpjB8pJFiF6gZ+bU+WyI/yqXiFR5mdLsgYNaPe8uao6Uv9Og==", - "optional": true, + "devOptional": true, "requires": { "isobject": "^3.0.1" } @@ -27934,7 +27946,7 @@ "version": "3.2.2", "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-3.2.2.tgz", "integrity": "sha1-MeohpzS6ubuw8yRm2JOupR5KPGQ=", - "optional": true, + "devOptional": true, "requires": { "is-buffer": "^1.1.5" } @@ -28427,7 +28439,7 @@ "version": "0.10.0", "resolved": "https://registry.npmjs.org/cwd/-/cwd-0.10.0.tgz", "integrity": "sha1-FyQAaUBXwioTsM8WFix+S3p/5Wc=", - "optional": true, + "devOptional": true, "requires": { "find-pkg": "^0.1.2", "fs-exists-sync": "^0.1.0" @@ -29719,7 +29731,7 @@ "version": "1.2.2", "resolved": "https://registry.npmjs.org/expand-tilde/-/expand-tilde-1.2.2.tgz", "integrity": "sha1-C4HrqJflo9MdHD0QL48BRB5VlEk=", - "optional": true, + "devOptional": true, "requires": { "os-homedir": "^1.0.1" } @@ -30006,7 +30018,7 @@ "version": "0.1.3", "resolved": "https://registry.npmjs.org/find-file-up/-/find-file-up-0.1.3.tgz", "integrity": "sha1-z2gJG8+fMApA2kEbN9pczlovvqA=", - "optional": true, + "devOptional": true, "requires": { "fs-exists-sync": "^0.1.0", "resolve-dir": "^0.1.0" @@ -30016,7 +30028,7 @@ "version": "0.1.2", "resolved": "https://registry.npmjs.org/find-pkg/-/find-pkg-0.1.2.tgz", "integrity": "sha1-G9wiwG42NlUy4qJIBGhUuXiNpVc=", - "optional": true, + "devOptional": true, "requires": { "find-file-up": "^0.1.2" } @@ -30025,7 +30037,7 @@ "version": "1.4.7", "resolved": "https://registry.npmjs.org/find-process/-/find-process-1.4.7.tgz", "integrity": "sha512-/U4CYp1214Xrp3u3Fqr9yNynUrr5Le4y0SsJh2lMDDSbpwYSz3M2SMWQC+wqcx79cN8PQtHQIL8KnuY9M66fdg==", - "optional": true, + "devOptional": true, "requires": { "chalk": "^4.0.0", "commander": "^5.1.0", @@ -30036,7 +30048,7 @@ "version": "4.1.2", "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz", "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==", - "optional": true, + "devOptional": true, "requires": { "ansi-styles": "^4.1.0", "supports-color": "^7.1.0" @@ -30046,7 +30058,7 @@ "version": "5.1.0", "resolved": "https://registry.npmjs.org/commander/-/commander-5.1.0.tgz", "integrity": "sha512-P0CysNDQ7rtVw4QIQtm+MRxV66vKFSvlsQvGYXZWR3qFU0jlMKHZZZgw8e+8DSah4UDKMqnknRDQz+xuQXQ/Zg==", - "optional": true + "devOptional": true } } }, @@ -30095,13 +30107,13 @@ "version": "1.0.2", "resolved": "https://registry.npmjs.org/for-in/-/for-in-1.0.2.tgz", "integrity": "sha1-gQaNKVqBQuwKxybG4iAMMPttXoA=", - "optional": true + "devOptional": true }, "for-own": { "version": "0.1.5", "resolved": "https://registry.npmjs.org/for-own/-/for-own-0.1.5.tgz", "integrity": "sha1-UmXGgaTylNq78XyVCbZ2OqhFEM4=", - "optional": true, + "devOptional": true, "requires": { "for-in": "^1.0.1" } @@ -30187,7 +30199,7 @@ "version": "0.1.0", "resolved": "https://registry.npmjs.org/fs-exists-sync/-/fs-exists-sync-0.1.0.tgz", "integrity": "sha1-mC1ok6+RjnLQjeyehnP/K1qNat0=", - "optional": true + "devOptional": true }, "fs-extra": { "version": "10.0.1", @@ -30328,6 +30340,12 @@ "get-intrinsic": "^1.1.1" } }, + "get-them-args": { + "version": "1.3.2", + "resolved": "https://registry.npmjs.org/get-them-args/-/get-them-args-1.3.2.tgz", + "integrity": "sha1-dKILqKSr7OWuGZrQPyvMaP38m6U=", + "dev": true + }, "gifwrap": { "version": "0.9.2", "resolved": "https://registry.npmjs.org/gifwrap/-/gifwrap-0.9.2.tgz", @@ -30499,7 +30517,7 @@ "version": "0.2.3", "resolved": "https://registry.npmjs.org/global-modules/-/global-modules-0.2.3.tgz", "integrity": "sha1-6lo77ULG1s6ZWk+KEmm12uIjgo0=", - "optional": true, + "devOptional": true, "requires": { "global-prefix": "^0.1.4", "is-windows": "^0.2.0" @@ -30509,7 +30527,7 @@ "version": "0.1.5", "resolved": "https://registry.npmjs.org/global-prefix/-/global-prefix-0.1.5.tgz", "integrity": "sha1-jTvGuNo8qBEqFg2NSW/wRiv+948=", - "optional": true, + "devOptional": true, "requires": { "homedir-polyfill": "^1.0.0", "ini": "^1.3.4", @@ -30521,7 +30539,7 @@ "version": "1.3.1", "resolved": "https://registry.npmjs.org/which/-/which-1.3.1.tgz", "integrity": "sha512-HxJdYWq1MTIQbJ3nw0cqssHoTNU267KlrDuGZ1WYlxDStUtKUhOaJmh112/TZmHxxUfuJqPXSOm7tDyas0OSIQ==", - "optional": true, + "devOptional": true, "requires": { "isexe": "^2.0.0" } @@ -30943,7 +30961,7 @@ "version": "1.0.3", "resolved": "https://registry.npmjs.org/homedir-polyfill/-/homedir-polyfill-1.0.3.tgz", "integrity": "sha512-eSmmWE5bZTK2Nou4g0AI3zZ9rswp7GRKoKXS1BLUkvPviOqs4YTN1djQIqrXy9k5gEtdLPy86JjRwsNM9tnDcA==", - "optional": true, + "devOptional": true, "requires": { "parse-passwd": "^1.0.0" } @@ -31544,7 +31562,7 @@ "version": "0.2.0", "resolved": "https://registry.npmjs.org/is-windows/-/is-windows-0.2.0.tgz", "integrity": "sha1-3hqm1j6indJIc3tp8f+LgALSEIw=", - "optional": true + "devOptional": true }, "is-word-character": { "version": "1.0.4", @@ -31582,7 +31600,7 @@ "version": "3.0.1", "resolved": "https://registry.npmjs.org/isobject/-/isobject-3.0.1.tgz", "integrity": "sha1-TkMekrEalzFjaqH5yNHMvP2reN8=", - "optional": true + "devOptional": true }, "istanbul-lib-coverage": { "version": "3.2.0", @@ -31814,7 +31832,7 @@ "version": "5.0.3", "resolved": "https://registry.npmjs.org/jest-dev-server/-/jest-dev-server-5.0.3.tgz", "integrity": "sha512-aJR3a5KdY18Lsz+VbREKwx2HM3iukiui+J9rlv9o6iYTwZCSsJazSTStcD9K1q0AIF3oA+FqLOKDyo/sc7+fJw==", - "optional": true, + "devOptional": true, "requires": { "chalk": "^4.1.1", "cwd": "^0.10.0", @@ -31829,7 +31847,7 @@ "version": "4.1.2", "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz", "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==", - "optional": true, + "devOptional": true, "requires": { "ansi-styles": "^4.1.0", "supports-color": "^7.1.0" @@ -31928,7 +31946,7 @@ "version": "5.0.4", "resolved": "https://registry.npmjs.org/jest-environment-puppeteer/-/jest-environment-puppeteer-5.0.4.tgz", "integrity": "sha512-wd4EDOD4QRi11QZ1IV8WsL1wlnnMUtcqtU0BNm+REzRtg78K2XHn3jS6YxGeXIOnsgrJeHxsD7DlRZ/GkFteLg==", - "optional": true, + "devOptional": true, "requires": { "chalk": "^4.1.1", "cwd": "^0.10.0", @@ -31941,7 +31959,7 @@ "version": "4.1.2", "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz", "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==", - "optional": true, + "devOptional": true, "requires": { "ansi-styles": "^4.1.0", "supports-color": "^7.1.0" @@ -32461,14 +32479,14 @@ } }, "joi": { - "version": "17.4.2", - "resolved": "https://registry.npmjs.org/joi/-/joi-17.4.2.tgz", - "integrity": "sha512-Lm56PP+n0+Z2A2rfRvsfWVDXGEWjXxatPopkQ8qQ5mxCEhwHG+Ettgg5o98FFaxilOxozoa14cFhrE/hOzh/Nw==", + "version": "17.6.0", + "resolved": "https://registry.npmjs.org/joi/-/joi-17.6.0.tgz", + "integrity": "sha512-OX5dG6DTbcr/kbMFj0KGYxuew69HPcAE3K/sZpEV2nP6e/j/C0HV+HNiBPCASxdx5T7DMoa0s8UeHWMnb6n2zw==", "devOptional": true, "requires": { "@hapi/hoek": "^9.0.0", "@hapi/topo": "^5.0.0", - "@sideway/address": "^4.1.0", + "@sideway/address": "^4.1.3", "@sideway/formula": "^3.0.0", "@sideway/pinpoint": "^2.0.0" } @@ -32668,6 +32686,16 @@ "json-buffer": "3.0.1" } }, + "kill-port": { + "version": "1.6.1", + "resolved": "https://registry.npmjs.org/kill-port/-/kill-port-1.6.1.tgz", + "integrity": "sha512-un0Y55cOM7JKGaLnGja28T38tDDop0AQ8N0KlAdyh+B1nmMoX8AnNmqPNZbS3mUMgiST51DCVqmbFT1gNJpVNw==", + "dev": true, + "requires": { + "get-them-args": "1.3.2", + "shell-exec": "1.0.2" + } + }, "kind-of": { "version": "6.0.3", "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-6.0.3.tgz", @@ -32712,7 +32740,7 @@ "version": "1.0.4", "resolved": "https://registry.npmjs.org/lazy-cache/-/lazy-cache-1.0.4.tgz", "integrity": "sha1-odePw6UEdMuAhF07O24dpJpEbo4=", - "optional": true + "devOptional": true }, "leven": { "version": "3.1.0", @@ -32883,15 +32911,6 @@ "integrity": "sha512-hUewv7oMjCp+wkBv5Rm0v87eJhq4woh5rSR+42YSQJKecCqgIqNkZ6lAlQms/BwHPJA5NKMRlpxPRv0n8HQW6g==", "dev": true }, - "rxjs": { - "version": "7.5.2", - "resolved": "https://registry.npmjs.org/rxjs/-/rxjs-7.5.2.tgz", - "integrity": "sha512-PwDt186XaL3QN5qXj/H9DGyHhP3/RYYgZZwqBv9Tv8rsAaiwFH1IsJJlcgD37J7UW5a6O67qX0KWKS3/pu0m4w==", - "dev": true, - "requires": { - "tslib": "^2.1.0" - } - }, "slice-ansi": { "version": "3.0.0", "resolved": "https://registry.npmjs.org/slice-ansi/-/slice-ansi-3.0.0.tgz", @@ -33412,7 +33431,7 @@ "version": "3.0.3", "resolved": "https://registry.npmjs.org/merge-deep/-/merge-deep-3.0.3.tgz", "integrity": "sha512-qtmzAS6t6grwEkNrunqTBdn0qKwFgNWvlxUbAV8es9M7Ot1EbyApytCnvE0jALPa46ZpKDUo527kKiaWplmlFA==", - "optional": true, + "devOptional": true, "requires": { "arr-union": "^3.1.0", "clone-deep": "^0.2.4", @@ -33423,13 +33442,13 @@ "version": "1.1.6", "resolved": "https://registry.npmjs.org/is-buffer/-/is-buffer-1.1.6.tgz", "integrity": "sha512-NcdALwpXkTm5Zvvbk7owOUSvVvBKDgKP5/ewfXEznmQFfs4ZRmanOeKBTjRVjka3QFoN6XJ+9F3USqfHqTaU5w==", - "optional": true + "devOptional": true }, "kind-of": { "version": "3.2.2", "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-3.2.2.tgz", "integrity": "sha1-MeohpzS6ubuw8yRm2JOupR5KPGQ=", - "optional": true, + "devOptional": true, "requires": { "is-buffer": "^1.1.5" } @@ -33865,7 +33884,7 @@ "version": "2.0.1", "resolved": "https://registry.npmjs.org/mixin-object/-/mixin-object-2.0.1.tgz", "integrity": "sha1-T7lJRB2rGCVA8f4DW6YOGUel5X4=", - "optional": true, + "devOptional": true, "requires": { "for-in": "^0.1.3", "is-extendable": "^0.1.1" @@ -33875,7 +33894,7 @@ "version": "0.1.8", "resolved": "https://registry.npmjs.org/for-in/-/for-in-0.1.8.tgz", "integrity": "sha1-2Hc5COMSVhCZUrH9ubP6hn0ndeE=", - "optional": true + "devOptional": true } } }, @@ -34712,7 +34731,7 @@ "version": "1.0.2", "resolved": "https://registry.npmjs.org/os-homedir/-/os-homedir-1.0.2.tgz", "integrity": "sha1-/7xJiDNuDoM94MFox+8VISGqf7M=", - "optional": true + "devOptional": true }, "p-cancelable": { "version": "2.1.1", @@ -35543,7 +35562,7 @@ "version": "1.0.0", "resolved": "https://registry.npmjs.org/parse-passwd/-/parse-passwd-1.0.0.tgz", "integrity": "sha1-bVuTSkVpk7I9N/QKOC1vFmao5cY=", - "optional": true + "devOptional": true }, "parse5": { "version": "6.0.1", @@ -37095,7 +37114,7 @@ "version": "0.1.1", "resolved": "https://registry.npmjs.org/resolve-dir/-/resolve-dir-0.1.1.tgz", "integrity": "sha1-shklmlYC+sXFxJatiUpujMQwJh4=", - "optional": true, + "devOptional": true, "requires": { "expand-tilde": "^1.2.2", "global-modules": "^0.2.3" @@ -37196,20 +37215,12 @@ } }, "rxjs": { - "version": "6.6.7", - "resolved": "https://registry.npmjs.org/rxjs/-/rxjs-6.6.7.tgz", - "integrity": "sha512-hTdwr+7yYNIT5n4AMYp85KA6yw2Va0FLa3Rguvbpa4W3I5xynaBZo41cM3XM+4Q6fRMj3sBYIR1VAmZMXYJvRQ==", - "optional": true, + "version": "7.5.5", + "resolved": "https://registry.npmjs.org/rxjs/-/rxjs-7.5.5.tgz", + "integrity": "sha512-sy+H0pQofO95VDmFLzyaw9xNJU4KTRSwQIGM6+iG3SypAtCiLDzpeG8sJrNCWn2Up9km+KhkvTdbkrdy+yzZdw==", + "dev": true, "requires": { - "tslib": "^1.9.0" - }, - "dependencies": { - "tslib": { - "version": "1.14.1", - "resolved": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", - "integrity": "sha512-Xni35NKzjgMrwevysHTCArtLDpPvye8zV/0E4EyYn43P7/7qvQwPh9BGkHewbMulVntbigmcT7rdX3BNo9wRJg==", - "optional": true - } + "tslib": "^2.1.0" } }, "sade": { @@ -37492,7 +37503,7 @@ "version": "0.1.2", "resolved": "https://registry.npmjs.org/shallow-clone/-/shallow-clone-0.1.2.tgz", "integrity": "sha1-WQnodLp3EG1zrEFM/sH/yofZcGA=", - "optional": true, + "devOptional": true, "requires": { "is-extendable": "^0.1.1", "kind-of": "^2.0.1", @@ -37504,13 +37515,13 @@ "version": "1.1.6", "resolved": "https://registry.npmjs.org/is-buffer/-/is-buffer-1.1.6.tgz", "integrity": "sha512-NcdALwpXkTm5Zvvbk7owOUSvVvBKDgKP5/ewfXEznmQFfs4ZRmanOeKBTjRVjka3QFoN6XJ+9F3USqfHqTaU5w==", - "optional": true + "devOptional": true }, "kind-of": { "version": "2.0.1", "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-2.0.1.tgz", "integrity": "sha1-AY7HpM5+OobLkUG+UZ0kyPqpgbU=", - "optional": true, + "devOptional": true, "requires": { "is-buffer": "^1.0.2" } @@ -37519,7 +37530,7 @@ "version": "0.2.7", "resolved": "https://registry.npmjs.org/lazy-cache/-/lazy-cache-0.2.7.tgz", "integrity": "sha1-f+3fLctu23fRHvHRF6tf/fCrG2U=", - "optional": true + "devOptional": true } } }, @@ -37543,6 +37554,12 @@ "integrity": "sha512-7++dFhtcx3353uBaq8DDR4NuxBetBzC7ZQOhmTQInHEd6bSrXdiEyzCvG07Z44UYdLShWUyXt5M/yhz8ekcb1A==", "dev": true }, + "shell-exec": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/shell-exec/-/shell-exec-1.0.2.tgz", + "integrity": "sha512-jyVd+kU2X+mWKMmGhx4fpWbPsjvD53k9ivqetutVW/BQ+WIZoDoP4d8vUMGezV6saZsiNoW2f9GIhg9Dondohg==", + "dev": true + }, "shell-quote": { "version": "1.7.2", "resolved": "https://registry.npmjs.org/shell-quote/-/shell-quote-1.7.2.tgz", @@ -37576,9 +37593,9 @@ } }, "signal-exit": { - "version": "3.0.5", - "resolved": "https://registry.npmjs.org/signal-exit/-/signal-exit-3.0.5.tgz", - "integrity": "sha512-KWcOiKeQj6ZyXx7zq4YxSMgHRlod4czeBQZrPb8OKcohcqAXShm7E20kEMle9WBt26hFcAf0qLOcp5zmY7kOqQ==", + "version": "3.0.7", + "resolved": "https://registry.npmjs.org/signal-exit/-/signal-exit-3.0.7.tgz", + "integrity": "sha512-wnD2ZE+l+SPC/uoS0vXeE9L1+0wuaMqKlfz9AMUo38JsyLSBWSFcHR1Rri62LZc12vLr1gb3jl7iwQhgwpAbGQ==", "devOptional": true }, "sisteransi": { @@ -37664,7 +37681,7 @@ "version": "5.0.0", "resolved": "https://registry.npmjs.org/spawnd/-/spawnd-5.0.0.tgz", "integrity": "sha512-28+AJr82moMVWolQvlAIv3JcYDkjkFTEmfDc503wxrF5l2rQ3dFz6DpbXp3kD4zmgGGldfM4xM4v1sFj/ZaIOA==", - "optional": true, + "devOptional": true, "requires": { "exit": "^0.1.2", "signal-exit": "^3.0.3", @@ -37771,21 +37788,6 @@ "wait-on": "6.0.0" }, "dependencies": { - "rxjs": { - "version": "7.4.0", - "resolved": "https://registry.npmjs.org/rxjs/-/rxjs-7.4.0.tgz", - "integrity": "sha512-7SQDi7xeTMCJpqViXh8gL/lebcwlp3d831F05+9B44A4B0WfsEwUQHR64gsH1kvJ+Ep/J9K2+n1hVl1CsGN23w==", - "dev": true, - "requires": { - "tslib": "~2.1.0" - } - }, - "tslib": { - "version": "2.1.0", - "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.1.0.tgz", - "integrity": "sha512-hcVC3wYEziELGGmEEXue7D75zbwIIVUMWAVbHItGPx0ziyXxrOMQx4rQEVEV45Ut/1IotuEvwqPopzIOkDMf0A==", - "dev": true - }, "wait-on": { "version": "6.0.0", "resolved": "https://registry.npmjs.org/wait-on/-/wait-on-6.0.0.tgz", @@ -38519,7 +38521,7 @@ "version": "1.2.2", "resolved": "https://registry.npmjs.org/tree-kill/-/tree-kill-1.2.2.tgz", "integrity": "sha512-L0Orpi8qGpRG//Nd+H90vFB+3iHnue1zSSGmNOOCh1GLJ7rUKVwV2HvijphGQS2UmhUZewS9VgvxYIdgr+fG1A==", - "optional": true + "devOptional": true }, "trim-newlines": { "version": "4.0.2", @@ -39172,20 +39174,37 @@ "version": "5.3.0", "resolved": "https://registry.npmjs.org/wait-on/-/wait-on-5.3.0.tgz", "integrity": "sha512-DwrHrnTK+/0QFaB9a8Ol5Lna3k7WvUR4jzSKmz0YaPBpuN2sACyiPVKVfj6ejnjcajAcvn3wlbTyMIn9AZouOg==", - "optional": true, + "devOptional": true, "requires": { "axios": "^0.21.1", "joi": "^17.3.0", "lodash": "^4.17.21", "minimist": "^1.2.5", "rxjs": "^6.6.3" + }, + "dependencies": { + "rxjs": { + "version": "6.6.7", + "resolved": "https://registry.npmjs.org/rxjs/-/rxjs-6.6.7.tgz", + "integrity": "sha512-hTdwr+7yYNIT5n4AMYp85KA6yw2Va0FLa3Rguvbpa4W3I5xynaBZo41cM3XM+4Q6fRMj3sBYIR1VAmZMXYJvRQ==", + "devOptional": true, + "requires": { + "tslib": "^1.9.0" + } + }, + "tslib": { + "version": "1.14.1", + "resolved": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", + "integrity": "sha512-Xni35NKzjgMrwevysHTCArtLDpPvye8zV/0E4EyYn43P7/7qvQwPh9BGkHewbMulVntbigmcT7rdX3BNo9wRJg==", + "devOptional": true + } } }, "wait-port": { "version": "0.2.9", "resolved": "https://registry.npmjs.org/wait-port/-/wait-port-0.2.9.tgz", "integrity": "sha512-hQ/cVKsNqGZ/UbZB/oakOGFqic00YAMM5/PEj3Bt4vKarv2jWIWzDbqlwT94qMs/exAQAsvMOq99sZblV92zxQ==", - "optional": true, + "devOptional": true, "requires": { "chalk": "^2.4.2", "commander": "^3.0.2", @@ -39196,7 +39215,7 @@ "version": "3.2.1", "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-3.2.1.tgz", "integrity": "sha512-VT0ZI6kZRdTh8YyJw3SMbYm/u+NqfsAxEpWO0Pf9sq8/e94WxxOpPKx9FR1FlyCtOVDNOQ+8ntlqFxiRc+r5qA==", - "optional": true, + "devOptional": true, "requires": { "color-convert": "^1.9.0" } @@ -39205,7 +39224,7 @@ "version": "2.4.2", "resolved": "https://registry.npmjs.org/chalk/-/chalk-2.4.2.tgz", "integrity": "sha512-Mti+f9lpJNcwF4tWV8/OrTTtF1gZi+f8FqlyAdouralcFWFQWF2+NgCHShjkCb+IFBLq9buZwE1xckQU4peSuQ==", - "optional": true, + "devOptional": true, "requires": { "ansi-styles": "^3.2.1", "escape-string-regexp": "^1.0.5", @@ -39216,7 +39235,7 @@ "version": "1.9.3", "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-1.9.3.tgz", "integrity": "sha512-QfAUtd+vFdAtFQcC8CCyYt1fYWxSqAiK2cSD6zDB8N3cpsEBAvRxp9zOGg6G/SHHJYAT88/az/IuDGALsNVbGg==", - "optional": true, + "devOptional": true, "requires": { "color-name": "1.1.3" } @@ -39225,31 +39244,31 @@ "version": "1.1.3", "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.3.tgz", "integrity": "sha1-p9BVi9icQveV3UIyj3QIMcpTvCU=", - "optional": true + "devOptional": true }, "commander": { "version": "3.0.2", "resolved": "https://registry.npmjs.org/commander/-/commander-3.0.2.tgz", "integrity": "sha512-Gar0ASD4BDyKC4hl4DwHqDrmvjoxWKZigVnAbn5H1owvm4CxCPdb0HQDehwNYMJpla5+M2tPmPARzhtYuwpHow==", - "optional": true + "devOptional": true }, "escape-string-regexp": { "version": "1.0.5", "resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz", "integrity": "sha1-G2HAViGQqN/2rjuyzwIAyhMLhtQ=", - "optional": true + "devOptional": true }, "has-flag": { "version": "3.0.0", "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-3.0.0.tgz", "integrity": "sha1-tdRU3CGZriJWmfNGfloH87lVuv0=", - "optional": true + "devOptional": true }, "supports-color": { "version": "5.5.0", "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-5.5.0.tgz", "integrity": "sha512-QjVjwdXIt408MIiAqCX4oUKsgU2EqAGzs2Ppkm4aQYbjm+ZEWEcW4SfFNTr4uMNZma0ey4f5lgLrkB0aX0QMow==", - "optional": true, + "devOptional": true, "requires": { "has-flag": "^3.0.0" } diff --git a/package.json b/package.json index d593750624..a9fcbfbcb6 100644 --- a/package.json +++ b/package.json @@ -142,9 +142,11 @@ "japanese-characters": "^1.1.0", "javascript-stringify": "^2.1.0", "jest": "^27.4.7", + "jest-environment-puppeteer": "5.0.4", "jest-fail-on-console": "^2.2.3", "jest-github-actions-reporter": "^1.0.3", "jest-slow-test-reporter": "^1.0.0", + "kill-port": "1.6.1", "linkinator": "^3.0.3", "lint-staged": "^12.3.3", "make-promises-safe": "^5.1.0", @@ -186,9 +188,7 @@ "private": true, "repository": "https://github.com/github/docs", "scripts": { - "browser-test": "start-server-and-test browser-test-server 4001 browser-test-tests", - "browser-test-server": "cross-env NODE_ENV=production PORT=4001 ENABLED_LANGUAGES=en,ja node server.mjs", - "browser-test-tests": "cross-env BROWSER=1 NODE_OPTIONS=--experimental-vm-modules jest tests/browser/browser.js", + "browser-test": "cross-env BROWSER=1 NODE_OPTIONS=--experimental-vm-modules jest tests/browser/browser.js", "build": "next build", "debug": "cross-env NODE_ENV=development ENABLED_LANGUAGES='en,ja' nodemon --inspect server.mjs", "dev": "npm start", @@ -196,7 +196,6 @@ "lint-translation": "cross-env NODE_OPTIONS=--experimental-vm-modules TEST_TRANSLATION=true jest tests/linting/lint-files.js", "pa11y-ci": "pa11y-ci", "pa11y-test": "start-server-and-test browser-test-server 4001 pa11y-ci", - "prebrowser-test": "npm run build", "prepare": "husky install", "prettier": "prettier -w \"**/*.{ts,tsx,js,mjs,scss,yml,yaml}\"", "prettier-check": "prettier -c \"**/*.{ts,tsx,js,mjs,scss,yml,yaml}\"", diff --git a/script/kill-server-for-jest.mjs b/script/kill-server-for-jest.mjs new file mode 100755 index 0000000000..6795d8fde4 --- /dev/null +++ b/script/kill-server-for-jest.mjs @@ -0,0 +1,24 @@ +#!/usr/bin/env node + +import teardownJestPuppeteer from 'jest-environment-puppeteer/teardown.js' + +import { START_JEST_SERVER, isServerHealthy, killServer } from './server-for-jest.mjs' + +export default async () => { + if (START_JEST_SERVER) { + global.__SERVER__.close() + + if (await isServerHealthy()) { + killServer() + } + } + + // The way jest-puppeteer works is that you add a preset in + // `jest.config.js` but that preset will clash with the execution + // of this script. So we have to manually do what we do normally + // do in `jest.config.js` + // Note, we can delete this when we migrate to Playwright. + if (process.env.BROWSER) { + await teardownJestPuppeteer() + } +} diff --git a/script/server-for-jest.mjs b/script/server-for-jest.mjs new file mode 100644 index 0000000000..73d28d86bb --- /dev/null +++ b/script/server-for-jest.mjs @@ -0,0 +1,35 @@ +import kill from 'kill-port' +import portUsed from 'port-used' +import got, { RequestError } from 'got' + +export const PORT = 4000 + +// By default it's on +export const START_JEST_SERVER = Boolean(JSON.parse(process.env.START_JEST_SERVER || 1)) + +export async function isServerHealthy() { + try { + const res = await got.head(`http://localhost:${PORT}/healthz`, { retry: { limit: 0 } }) + return res.statusCode === 200 + } catch (err) { + // This exception is thrown if you can't even connect. + if (err instanceof RequestError) { + return false + } + throw err + } +} + +export function killServer() { + kill(PORT, 'tcp') + .then(() => { + console.log(`Killed what was on :${PORT}`) + }) + .catch((error) => { + console.log(`Unable to kill whatever was on :${PORT}:`, error) + }) +} + +export async function isPortRunning() { + return await portUsed.check(PORT) +} diff --git a/script/start-server-for-jest.mjs b/script/start-server-for-jest.mjs new file mode 100755 index 0000000000..9f665af7ef --- /dev/null +++ b/script/start-server-for-jest.mjs @@ -0,0 +1,42 @@ +#!/usr/bin/env node + +import setupJestPuppeteer from 'jest-environment-puppeteer/setup.js' + +import { main } from '../start-server.mjs' + +import { PORT, START_JEST_SERVER, isServerHealthy, isPortRunning } from './server-for-jest.mjs' + +export default async () => { + if (START_JEST_SERVER) { + console.log(`Starting a server for jest on port :${PORT}.`) + + process.env.NODE_ENV = 'test' + // Has to be this because that's what the end-to-end tests expect + process.env.PORT = `${PORT}` + + if (await isPortRunning()) { + console.error(`Something's already running on :${PORT}`) + console.log( + 'If you intend to run jest tests with an existing server, set env var START_JEST_SERVER=false' + ) + process.exit(1) + } + + // So it can be accessed from the script that + // is set up by the jest config: `globalTeardown` + global.__SERVER__ = await main() + + console.assert(await isServerHealthy()) + } else { + console.warn(`jest is NOT automatically starting a server on port :${PORT}`) + } + + // The way jest-puppeteer works is that you add a preset in + // `jest.config.js` but that preset will clash with the execution + // of this script. So we have to manually do what we do normally + // do in `jest.config.js`. + // Note, we can delete this when we migrate to Playwright. + if (process.env.BROWSER) { + await setupJestPuppeteer() + } +} diff --git a/server.mjs b/server.mjs index fa4bb2c0fe..ed58037d9d 100644 --- a/server.mjs +++ b/server.mjs @@ -1,55 +1,3 @@ -import dotenv from 'dotenv' -import './lib/feature-flags.js' -import './lib/check-node-version.js' -import './lib/handle-exceptions.js' -import portUsed from 'port-used' -import createApp from './lib/app.js' -import warmServer from './lib/warm-server.js' -import http from 'http' -dotenv.config() - -const { PORT, NODE_ENV } = process.env -const port = Number(PORT) || 4000 - -async function main() { - if (NODE_ENV !== 'production') { - await checkPortAvailability() - } - - await startServer() -} - -async function checkPortAvailability() { - // Check that the development server is not already running - const portInUse = await portUsed.check(port) - if (portInUse) { - console.log(`\n\n\nPort ${port} is not available. You may already have a server running.`) - console.log( - `Try running \`npx kill-port ${port}\` to shut down all your running node processes.\n\n\n` - ) - console.log('\x07') // system 'beep' sound - process.exit(1) - } -} - -async function startServer() { - const app = createApp() - - // Warm up as soon as possible. - // The `warmServer()` function is idempotent and it will soon be used - // by some middleware, but there's no point in having a started server - // without this warmed up. Besides, by starting this slow thing now, - // it can start immediately instead of waiting for the first request - // to trigger it to warm up. That way, when in development and triggering - // a `nodemon` restart, there's a good chance the warm up has come some - // way before you manage to reach for your browser to do a page refresh. - await warmServer() - - // Workaround for https://github.com/expressjs/express/issues/1101 - const server = http.createServer(app) - server - .listen(port, () => console.log(`app running on http://localhost:${port}`)) - .on('error', () => server.close()) -} +import { main } from './start-server.mjs' main() diff --git a/start-server.mjs b/start-server.mjs new file mode 100644 index 0000000000..170b5bf5d2 --- /dev/null +++ b/start-server.mjs @@ -0,0 +1,54 @@ +import dotenv from 'dotenv' +import './lib/feature-flags.js' +import './lib/check-node-version.js' +import './lib/handle-exceptions.js' +import portUsed from 'port-used' +import createApp from './lib/app.js' +import warmServer from './lib/warm-server.js' +import http from 'http' +dotenv.config() + +const { PORT, NODE_ENV } = process.env +const port = Number(PORT) || 4000 + +export async function main() { + if (NODE_ENV !== 'production') { + await checkPortAvailability() + } + + return await startServer() +} + +async function checkPortAvailability() { + // Check that the development server is not already running + const portInUse = await portUsed.check(port) + if (portInUse) { + console.log(`\n\n\nPort ${port} is not available. You may already have a server running.`) + console.log( + `Try running \`npx kill-port ${port}\` to shut down all your running node processes.\n\n\n` + ) + console.log('\x07') // system 'beep' sound + process.exit(1) + } +} + +async function startServer() { + const app = createApp() + + // Warm up as soon as possible. + // The `warmServer()` function is idempotent and it will soon be used + // by some middleware, but there's no point in having a started server + // without this warmed up. Besides, by starting this slow thing now, + // it can start immediately instead of waiting for the first request + // to trigger it to warm up. That way, when in development and triggering + // a `nodemon` restart, there's a good chance the warm up has come some + // way before you manage to reach for your browser to do a page refresh. + await warmServer() + + // Workaround for https://github.com/expressjs/express/issues/1101 + const server = http.createServer(app) + + return server + .listen(port, () => console.log(`app running on http://localhost:${port}`)) + .on('error', () => server.close()) +} diff --git a/tests/README.md b/tests/README.md index 496dc32a63..4377e7a779 100644 --- a/tests/README.md +++ b/tests/README.md @@ -76,3 +76,28 @@ run the linter: ```sh npm run lint ``` + +### Keeping the server running + +When you run `jest` tests, that depend on making real HTTP requests +to `localhost:4000`, the `jest` tests have a hook that starts the +server before running all/any tests, and stops the server when it's done. + +You can disable that, which might make it easier when debugging tests +since the server won't need to start and stop every time you run tests. + +In one terminal type: + +```sh +NODE_ENV=test PORT=4000 node server.mjs +``` + +and then, in another terminal type: + +```sh +START_JEST_SERVER=false jest tests/rendering/foo/bar.js +``` + +Or whatever the testing command you use. Note the `START_JEST_SERVER=false` +environment variable that needs to be set or else, `jest` will try to start +a server on `:4000` too. diff --git a/tests/browser/browser.js b/tests/browser/browser.js index 046ac81fa7..55eba3218f 100644 --- a/tests/browser/browser.js +++ b/tests/browser/browser.js @@ -9,7 +9,7 @@ describe('homepage', () => { jest.setTimeout(60 * 1000) test('should be titled "GitHub Documentation"', async () => { - await page.goto('http://localhost:4001') + await page.goto('http://localhost:4000') await expect(page.title()).resolves.toMatch('GitHub Documentation') }) }) @@ -18,7 +18,7 @@ describe('browser search', () => { jest.setTimeout(60 * 1000) it('works on the homepage', async () => { - await page.goto('http://localhost:4001/en') + await page.goto('http://localhost:4000/en') await page.click('[data-testid=site-search-input]') await page.type('[data-testid=site-search-input]', 'actions') await page.waitForSelector('[data-testid=search-results]') @@ -27,7 +27,7 @@ describe('browser search', () => { }) it('works on mobile landing pages', async () => { - await page.goto('http://localhost:4001/en/actions') + await page.goto('http://localhost:4000/en/actions') await page.click('[data-testid=mobile-menu-button]') await page.click('[data-testid=mobile-header] [data-testid=site-search-input]') await page.type('[data-testid=mobile-header] [data-testid=site-search-input]', 'workflows') @@ -39,7 +39,7 @@ describe('browser search', () => { it('works on desktop landing pages', async () => { const initialViewport = page.viewport() await page.setViewport({ width: 1024, height: 768 }) - await page.goto('http://localhost:4001/en/actions') + await page.goto('http://localhost:4000/en/actions') await page.click('[data-testid=desktop-header] [data-testid=site-search-input]') await page.type('[data-testid=desktop-header] [data-testid=site-search-input]', 'workflows') await page.waitForSelector('[data-testid=search-results]') @@ -50,7 +50,7 @@ describe('browser search', () => { // 404 page is statically generated with next, so search is not available, but may possibly be brought back // Docs Engineering issue: 961 it.skip('works on 404 error page', async () => { - await page.goto('http://localhost:4001/en/404') + await page.goto('http://localhost:4000/en/404') await page.click('[data-testid=search] input[type="search"]') await page.type('[data-testid=search] input[type="search"]', 'actions') await page.waitForSelector('[data-testid=search-results]') @@ -63,7 +63,7 @@ describe('browser search', () => { const newPage = await browser.newPage() await newPage.goto( - `http://localhost:4001/ja/enterprise-server@${oldestSupported}/admin/installation` + `http://localhost:4000/ja/enterprise-server@${oldestSupported}/admin/installation` ) await newPage.setRequestInterception(true) @@ -89,7 +89,7 @@ describe('browser search', () => { expect.assertions(2) const newPage = await browser.newPage() - await newPage.goto('http://localhost:4001/en/enterprise-cloud@latest/admin/overview') + await newPage.goto('http://localhost:4000/en/enterprise-cloud@latest/admin/overview') await newPage.setRequestInterception(true) newPage.on('request', (interceptedRequest) => { @@ -114,7 +114,7 @@ describe('browser search', () => { expect.assertions(2) const newPage = await browser.newPage() - await newPage.goto('http://localhost:4001/en/github-ae@latest/admin/overview') + await newPage.goto('http://localhost:4000/en/github-ae@latest/admin/overview') await newPage.setRequestInterception(true) newPage.on('request', (interceptedRequest) => { @@ -142,7 +142,7 @@ describe('survey', () => { it('sends an event to /events when submitting form', async () => { // Visit a page that displays the prompt await page.goto( - 'http://localhost:4001/en/actions/getting-started-with-github-actions/about-github-actions' + 'http://localhost:4000/en/actions/getting-started-with-github-actions/about-github-actions' ) // Track network requests @@ -177,7 +177,7 @@ describe('survey', () => { describe('csrf meta', () => { it('should have a csrf-token meta tag on the page', async () => { await page.goto( - 'http://localhost:4001/en/actions/getting-started-with-github-actions/about-github-actions' + 'http://localhost:4000/en/actions/getting-started-with-github-actions/about-github-actions' ) await page.waitForSelector('meta[name="csrf-token"]') }) @@ -204,10 +204,10 @@ describe('platform picker', () => { ] const linuxUserAgent = userAgents[2] const pageWithPlatformPicker = - 'http://localhost:4001/en/github/using-git/configuring-git-to-handle-line-endings' - const pageWithoutPlatformPicker = 'http://localhost:4001/en/github/using-git' + 'http://localhost:4000/en/github/using-git/configuring-git-to-handle-line-endings' + const pageWithoutPlatformPicker = 'http://localhost:4000/en/github/using-git' const pageWithDefaultPlatform = - 'http://localhost:4001/en/actions/hosting-your-own-runners/configuring-the-self-hosted-runner-application-as-a-service' + 'http://localhost:4000/en/actions/hosting-your-own-runners/configuring-the-self-hosted-runner-application-as-a-service' it('should have a platform picker', async () => { await page.goto(pageWithPlatformPicker) @@ -286,11 +286,11 @@ describe('platform picker', () => { describe('tool specific content', () => { const pageWithSingleSwitcher = - 'http://localhost:4001/en/actions/managing-workflow-runs/manually-running-a-workflow' + 'http://localhost:4000/en/actions/managing-workflow-runs/manually-running-a-workflow' const pageWithoutSwitcher = - 'http://localhost:4001/en/billing/managing-billing-for-github-sponsors/about-billing-for-github-sponsors' + 'http://localhost:4000/en/billing/managing-billing-for-github-sponsors/about-billing-for-github-sponsors' const pageWithMultipleSwitcher = - 'http://localhost:4001/en/issues/trying-out-the-new-projects-experience/using-the-api-to-manage-projects' + 'http://localhost:4000/en/issues/trying-out-the-new-projects-experience/using-the-api-to-manage-projects' it('should have a tool switcher if a tool switcher is included', async () => { await page.goto(pageWithSingleSwitcher) @@ -373,7 +373,7 @@ describe('tool specific content', () => { describe('code examples', () => { it('loads correctly', async () => { - await page.goto('http://localhost:4001/en/code-security') + await page.goto('http://localhost:4000/en/code-security') const shownCards = await page.$$('[data-testid=code-example-card]') const shownNoResult = await page.$('[data-testid=code-examples-no-results]') expect(shownCards.length).toBeGreaterThan(0) @@ -381,7 +381,7 @@ describe('code examples', () => { }) it('filters cards', async () => { - await page.goto('http://localhost:4001/en/code-security') + await page.goto('http://localhost:4000/en/code-security') await page.click('[data-testid=code-examples-input]') await page.type('[data-testid=code-examples-input]', 'policy') await page.click('[data-testid=code-examples-search-btn]') @@ -390,7 +390,7 @@ describe('code examples', () => { }) it('shows more cards', async () => { - await page.goto('http://localhost:4001/en/code-security') + await page.goto('http://localhost:4000/en/code-security') const initialCards = await page.$$('[data-testid=code-example-card]') await page.click('[data-testid=code-examples-show-more]') const moreCards = await page.$$('[data-testid=code-example-card]') @@ -398,7 +398,7 @@ describe('code examples', () => { }) it('displays no result message', async () => { - await page.goto('http://localhost:4001/en/code-security') + await page.goto('http://localhost:4000/en/code-security') await page.click('[data-testid=code-examples-input]') await page.type('[data-testid=code-examples-input]', 'this should not work') await page.click('[data-testid=code-examples-search-btn]') @@ -411,7 +411,7 @@ describe('code examples', () => { describe('filter cards', () => { it('works with select input', async () => { - await page.goto('http://localhost:4001/en/code-security/guides') + await page.goto('http://localhost:4000/en/code-security/guides') // 2nd element is 'Overview' await page.click('[data-testid=card-filter-types] button') await page.click('[data-testid=types-dropdown] > div > div:nth-child(2)') @@ -424,7 +424,7 @@ describe('filter cards', () => { }) it('works with select input on an Enterprise version', async () => { - await page.goto(`http://localhost:4001/en/enterprise-server@${latest}/code-security/guides`) + await page.goto(`http://localhost:4000/en/enterprise-server@${latest}/code-security/guides`) // 2nd element is 'Overview' await page.click('[data-testid=card-filter-types] button') await page.click('[data-testid=types-dropdown] > div > div:nth-child(2)') @@ -445,7 +445,7 @@ describe('language banner', () => { // run a reliable test. But hey, on the bright side, if we don't have a WIP // language then this code will never run anyway! if (wipLanguageKey) { - const res = await page.goto(`http://localhost:4001/${wipLanguageKey}/actions`) + const res = await page.goto(`http://localhost:4000/${wipLanguageKey}/actions`) expect(res.ok()).toBe(true) const href = await page.$eval('a#to-english-doc', (el) => el.href) expect(href.endsWith('/en/actions')).toBe(true) @@ -461,11 +461,11 @@ describe.skip('next/link client-side navigation', () => { it('should have 200 response to /_next/data when link is clicked', async () => { const initialViewport = page.viewport() await page.setViewport({ width: 1024, height: 768 }) - await page.goto('http://localhost:4001/en/actions/guides') + await page.goto('http://localhost:4000/en/actions/guides') const [response] = await Promise.all([ page.waitForResponse((response) => - response.url().startsWith('http://localhost:4001/_next/data') + response.url().startsWith('http://localhost:4000/_next/data') ), page.waitForNavigation({ waitUntil: 'networkidle2' }), page.click( @@ -496,7 +496,7 @@ describe('iframe pages', () => { }) // Hardcoded path to a page where we know we have a YouTube embed - const res = await newPage.goto('http://localhost:4001/en/codespaces') + const res = await newPage.goto('http://localhost:4000/en/codespaces') expect(res.ok()).toBeTruthy() expect(failedURLs.length, `Following URLs ${failedURLs.join(', ')} failed`).toBeFalsy() From 317b67bc29f8d30571ad5d418131988e30913f2f Mon Sep 17 00:00:00 2001 From: GitHub Actions Date: Sat, 19 Mar 2022 02:46:12 +0000 Subject: [PATCH 33/52] update search indexes --- lib/search/indexes/github-docs-3.1-cn-records.json.br | 4 ++-- lib/search/indexes/github-docs-3.1-cn.json.br | 4 ++-- lib/search/indexes/github-docs-3.1-en-records.json.br | 4 ++-- lib/search/indexes/github-docs-3.1-en.json.br | 4 ++-- lib/search/indexes/github-docs-3.1-es-records.json.br | 4 ++-- lib/search/indexes/github-docs-3.1-es.json.br | 4 ++-- lib/search/indexes/github-docs-3.1-ja-records.json.br | 4 ++-- lib/search/indexes/github-docs-3.1-ja.json.br | 4 ++-- lib/search/indexes/github-docs-3.1-pt-records.json.br | 4 ++-- lib/search/indexes/github-docs-3.1-pt.json.br | 4 ++-- lib/search/indexes/github-docs-3.2-cn-records.json.br | 4 ++-- lib/search/indexes/github-docs-3.2-cn.json.br | 4 ++-- lib/search/indexes/github-docs-3.2-en-records.json.br | 4 ++-- lib/search/indexes/github-docs-3.2-en.json.br | 4 ++-- lib/search/indexes/github-docs-3.2-es-records.json.br | 4 ++-- lib/search/indexes/github-docs-3.2-es.json.br | 4 ++-- lib/search/indexes/github-docs-3.2-ja-records.json.br | 4 ++-- lib/search/indexes/github-docs-3.2-ja.json.br | 4 ++-- lib/search/indexes/github-docs-3.2-pt-records.json.br | 4 ++-- lib/search/indexes/github-docs-3.2-pt.json.br | 4 ++-- lib/search/indexes/github-docs-3.3-cn-records.json.br | 4 ++-- lib/search/indexes/github-docs-3.3-cn.json.br | 4 ++-- lib/search/indexes/github-docs-3.3-en-records.json.br | 4 ++-- lib/search/indexes/github-docs-3.3-en.json.br | 4 ++-- lib/search/indexes/github-docs-3.3-es-records.json.br | 4 ++-- lib/search/indexes/github-docs-3.3-es.json.br | 4 ++-- lib/search/indexes/github-docs-3.3-ja-records.json.br | 4 ++-- lib/search/indexes/github-docs-3.3-ja.json.br | 4 ++-- lib/search/indexes/github-docs-3.3-pt-records.json.br | 4 ++-- lib/search/indexes/github-docs-3.3-pt.json.br | 4 ++-- lib/search/indexes/github-docs-3.4-cn-records.json.br | 4 ++-- lib/search/indexes/github-docs-3.4-cn.json.br | 4 ++-- lib/search/indexes/github-docs-3.4-en-records.json.br | 4 ++-- lib/search/indexes/github-docs-3.4-en.json.br | 4 ++-- lib/search/indexes/github-docs-3.4-es-records.json.br | 4 ++-- lib/search/indexes/github-docs-3.4-es.json.br | 4 ++-- lib/search/indexes/github-docs-3.4-ja-records.json.br | 4 ++-- lib/search/indexes/github-docs-3.4-ja.json.br | 4 ++-- lib/search/indexes/github-docs-3.4-pt-records.json.br | 4 ++-- lib/search/indexes/github-docs-3.4-pt.json.br | 4 ++-- lib/search/indexes/github-docs-dotcom-cn-records.json.br | 4 ++-- lib/search/indexes/github-docs-dotcom-cn.json.br | 4 ++-- lib/search/indexes/github-docs-dotcom-en-records.json.br | 4 ++-- lib/search/indexes/github-docs-dotcom-en.json.br | 4 ++-- lib/search/indexes/github-docs-dotcom-es-records.json.br | 4 ++-- lib/search/indexes/github-docs-dotcom-es.json.br | 4 ++-- lib/search/indexes/github-docs-dotcom-ja-records.json.br | 4 ++-- lib/search/indexes/github-docs-dotcom-ja.json.br | 4 ++-- lib/search/indexes/github-docs-dotcom-pt-records.json.br | 4 ++-- lib/search/indexes/github-docs-dotcom-pt.json.br | 4 ++-- lib/search/indexes/github-docs-ghae-cn-records.json.br | 4 ++-- lib/search/indexes/github-docs-ghae-cn.json.br | 4 ++-- lib/search/indexes/github-docs-ghae-en-records.json.br | 4 ++-- lib/search/indexes/github-docs-ghae-en.json.br | 4 ++-- lib/search/indexes/github-docs-ghae-es-records.json.br | 4 ++-- lib/search/indexes/github-docs-ghae-es.json.br | 4 ++-- lib/search/indexes/github-docs-ghae-ja-records.json.br | 4 ++-- lib/search/indexes/github-docs-ghae-ja.json.br | 4 ++-- lib/search/indexes/github-docs-ghae-pt-records.json.br | 4 ++-- lib/search/indexes/github-docs-ghae-pt.json.br | 4 ++-- lib/search/indexes/github-docs-ghec-cn-records.json.br | 4 ++-- lib/search/indexes/github-docs-ghec-cn.json.br | 4 ++-- lib/search/indexes/github-docs-ghec-en-records.json.br | 4 ++-- lib/search/indexes/github-docs-ghec-en.json.br | 4 ++-- lib/search/indexes/github-docs-ghec-es-records.json.br | 4 ++-- lib/search/indexes/github-docs-ghec-es.json.br | 4 ++-- lib/search/indexes/github-docs-ghec-ja-records.json.br | 4 ++-- lib/search/indexes/github-docs-ghec-ja.json.br | 4 ++-- lib/search/indexes/github-docs-ghec-pt-records.json.br | 4 ++-- lib/search/indexes/github-docs-ghec-pt.json.br | 4 ++-- 70 files changed, 140 insertions(+), 140 deletions(-) diff --git a/lib/search/indexes/github-docs-3.1-cn-records.json.br b/lib/search/indexes/github-docs-3.1-cn-records.json.br index 8e2bc92c1d..9cbf69bdd4 100644 --- a/lib/search/indexes/github-docs-3.1-cn-records.json.br +++ b/lib/search/indexes/github-docs-3.1-cn-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:2318572e7f54b5937cab36e4ede940b81093c445f6a8961878db353feb805231 -size 655629 +oid sha256:0ecadf84a419a6e5f2032570e3b430ccc9586e9fe31eb18b5cdbef3a89996ec3 +size 657766 diff --git a/lib/search/indexes/github-docs-3.1-cn.json.br b/lib/search/indexes/github-docs-3.1-cn.json.br index aa35aa03f5..6450fc16d9 100644 --- a/lib/search/indexes/github-docs-3.1-cn.json.br +++ b/lib/search/indexes/github-docs-3.1-cn.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:68e8c5c9bb6ec77220527640266111c4f924a6de0bbb44a611e528c160b37361 -size 1346743 +oid sha256:2482f4f495188c89db9512d3788cbb158f9b2e11378593d9f154bb14f2071dd9 +size 1347978 diff --git a/lib/search/indexes/github-docs-3.1-en-records.json.br b/lib/search/indexes/github-docs-3.1-en-records.json.br index e89bd74540..6bc9ef43ff 100644 --- a/lib/search/indexes/github-docs-3.1-en-records.json.br +++ b/lib/search/indexes/github-docs-3.1-en-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:14604ea616491a409b571f19d56dd9a4ad289901fc8ea9989e543a183e2c589d -size 879025 +oid sha256:b233dd4c46590e32755ce2f4c2649f868cef82a8805ef0da2d7874edd0356f51 +size 881244 diff --git a/lib/search/indexes/github-docs-3.1-en.json.br b/lib/search/indexes/github-docs-3.1-en.json.br index 922e90cac5..99557769bc 100644 --- a/lib/search/indexes/github-docs-3.1-en.json.br +++ b/lib/search/indexes/github-docs-3.1-en.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:33bec5734669c9e79a321da24909392294ac08d372eaa917faf73adfd0aff83e -size 3380106 +oid sha256:64d18aff6ec3692f330d64da78949a6d24d47f171dc0c35d58f0a8b24bffa1c6 +size 3384999 diff --git a/lib/search/indexes/github-docs-3.1-es-records.json.br b/lib/search/indexes/github-docs-3.1-es-records.json.br index 94a8388600..b050d19083 100644 --- a/lib/search/indexes/github-docs-3.1-es-records.json.br +++ b/lib/search/indexes/github-docs-3.1-es-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:7c23bef2038f36fafc2271af64a4b3cbdbf810c7ff0b3f5d07ec99812d694aff -size 605814 +oid sha256:d7cdcf26ac6c61c3e562e23929b97e1804532f812c0665cf08fd4f40675b8297 +size 607684 diff --git a/lib/search/indexes/github-docs-3.1-es.json.br b/lib/search/indexes/github-docs-3.1-es.json.br index c5b91a781f..71c817ae54 100644 --- a/lib/search/indexes/github-docs-3.1-es.json.br +++ b/lib/search/indexes/github-docs-3.1-es.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:425ba95a1fe0e1a73c471490b14b0ed9848397e7ceda0d7f0bf9567950d87776 -size 2560159 +oid sha256:d3017544426c9d268ec01b3644295eacab731658571dab4e07e974be0d210270 +size 2566872 diff --git a/lib/search/indexes/github-docs-3.1-ja-records.json.br b/lib/search/indexes/github-docs-3.1-ja-records.json.br index a8c0961739..35fe948a7d 100644 --- a/lib/search/indexes/github-docs-3.1-ja-records.json.br +++ b/lib/search/indexes/github-docs-3.1-ja-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:c7bd9ea80e42727533fbb919ce379cc8dfb8856aea045ac91c3c3872d4cc51d2 -size 672436 +oid sha256:809b9eb7faa28b115f502242db5d6baa852aa17c4dcb82cb2b96ab171034c2dc +size 672182 diff --git a/lib/search/indexes/github-docs-3.1-ja.json.br b/lib/search/indexes/github-docs-3.1-ja.json.br index df15e7ca0e..eb3b138dac 100644 --- a/lib/search/indexes/github-docs-3.1-ja.json.br +++ b/lib/search/indexes/github-docs-3.1-ja.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:a7f74ed5b825ede77505c4f1080f12ddef50eeb8bebebbbee543d3ecb0c4d867 -size 3570777 +oid sha256:73d84c312015b04ab842b5acd0de1ea31d773af62eb43b63ae34d185e059b5b4 +size 3572428 diff --git a/lib/search/indexes/github-docs-3.1-pt-records.json.br b/lib/search/indexes/github-docs-3.1-pt-records.json.br index fac242a6fd..f971bae32a 100644 --- a/lib/search/indexes/github-docs-3.1-pt-records.json.br +++ b/lib/search/indexes/github-docs-3.1-pt-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:66f6dd0117f2b7877a99068fe666df80d8835730f62c02e450bb770d69f30844 -size 596844 +oid sha256:6fe5e44c4da712a1959a005e7e7e7c21122e9c173e18005751dd43548f9a1fe4 +size 598555 diff --git a/lib/search/indexes/github-docs-3.1-pt.json.br b/lib/search/indexes/github-docs-3.1-pt.json.br index a2a4d1cdb0..be8f9f9735 100644 --- a/lib/search/indexes/github-docs-3.1-pt.json.br +++ b/lib/search/indexes/github-docs-3.1-pt.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:b560eeeefdd0c788f0f5216042dd19bf2b9670cf007b81cc7e00f16c9d088595 -size 2436455 +oid sha256:b52bd0ea80ad62b66dcf1b04fbefbf6f029df6fb7352272376ec20e6a1ff162b +size 2445706 diff --git a/lib/search/indexes/github-docs-3.2-cn-records.json.br b/lib/search/indexes/github-docs-3.2-cn-records.json.br index be0252d732..77ed7be9b3 100644 --- a/lib/search/indexes/github-docs-3.2-cn-records.json.br +++ b/lib/search/indexes/github-docs-3.2-cn-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:0e366010dbef51e1b3de6efb8b4269f410486b6fdf61cc2c2cf71a17074f3bd1 -size 673766 +oid sha256:e19054c10dcdce714fcdc02251e89bb448e46a2d7b7ac6cacb77f7b710cfaf2c +size 675512 diff --git a/lib/search/indexes/github-docs-3.2-cn.json.br b/lib/search/indexes/github-docs-3.2-cn.json.br index a85c364923..ec3af6818a 100644 --- a/lib/search/indexes/github-docs-3.2-cn.json.br +++ b/lib/search/indexes/github-docs-3.2-cn.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:f421bd8c2b9f4b40d3ecd99b5b36f3f3fae08fcb13f3d2177e8410864ee304a3 -size 1377222 +oid sha256:10beac65d3444bd9ebe92d89c6d676bbcf22484a715407204f1d25bfc5b61989 +size 1378933 diff --git a/lib/search/indexes/github-docs-3.2-en-records.json.br b/lib/search/indexes/github-docs-3.2-en-records.json.br index 4a2ad6d2a2..b31ed7b041 100644 --- a/lib/search/indexes/github-docs-3.2-en-records.json.br +++ b/lib/search/indexes/github-docs-3.2-en-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:3321b04b643b06c8bbaceda009be23fd63539e7587a360777e6e7bb0446be937 -size 908165 +oid sha256:f38b879d8e9d5c64de8aefc38c58eb9c772e7caa193168d9f08ef4e672fce725 +size 909582 diff --git a/lib/search/indexes/github-docs-3.2-en.json.br b/lib/search/indexes/github-docs-3.2-en.json.br index cd9419230b..fc5187598b 100644 --- a/lib/search/indexes/github-docs-3.2-en.json.br +++ b/lib/search/indexes/github-docs-3.2-en.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:f9e641631519213037058b105d84ad5a54c07f9693c58dfc4c3720351ace88e8 -size 3497155 +oid sha256:55ab7e6efba6698a69c3d32edb2844a4eae2eb7981e215cac8cf882ad8019e21 +size 3500991 diff --git a/lib/search/indexes/github-docs-3.2-es-records.json.br b/lib/search/indexes/github-docs-3.2-es-records.json.br index 63dd2b81e5..7a3ceca2ab 100644 --- a/lib/search/indexes/github-docs-3.2-es-records.json.br +++ b/lib/search/indexes/github-docs-3.2-es-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:69ed3e6750d16926345745da406ca156ac2049811c7405eb9d9ad6b1f8ff128d -size 623100 +oid sha256:df38f4863690e1c8dd212231e6c5d8fa4d3cbd8ce83542f144e3bba049af700e +size 624895 diff --git a/lib/search/indexes/github-docs-3.2-es.json.br b/lib/search/indexes/github-docs-3.2-es.json.br index 8906965f70..4c5ecef339 100644 --- a/lib/search/indexes/github-docs-3.2-es.json.br +++ b/lib/search/indexes/github-docs-3.2-es.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:8d378e2a6d5ed537113604cbd72e3b667b4fd4b9b7cc1b9fba403c85d7020f15 -size 2632611 +oid sha256:ed573c5de0af9be7c5a15a259875dd158db9105056493fdda63998e567f63d4f +size 2635675 diff --git a/lib/search/indexes/github-docs-3.2-ja-records.json.br b/lib/search/indexes/github-docs-3.2-ja-records.json.br index c3d7df8ac5..f219366752 100644 --- a/lib/search/indexes/github-docs-3.2-ja-records.json.br +++ b/lib/search/indexes/github-docs-3.2-ja-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:26aa5c820267408461c6a9e92efcf0be56dfc443ee3a00edd07d5dd40f724d4d -size 688156 +oid sha256:188592d094cf7ab22a66b347fd8a2cd0f32628574154675ed5a918c86ab7ba63 +size 689376 diff --git a/lib/search/indexes/github-docs-3.2-ja.json.br b/lib/search/indexes/github-docs-3.2-ja.json.br index db686016eb..0cae832b64 100644 --- a/lib/search/indexes/github-docs-3.2-ja.json.br +++ b/lib/search/indexes/github-docs-3.2-ja.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:2bfe7ffc7ca9456a3a9bc2b759485c832e3a85599cb4108e7e3cf4852da49e6e -size 3654732 +oid sha256:5bfa6d889e0872872c8cd33718918a6c1bc10d89754d366a83b32a3c91b71fb0 +size 3665162 diff --git a/lib/search/indexes/github-docs-3.2-pt-records.json.br b/lib/search/indexes/github-docs-3.2-pt-records.json.br index 10368f0d4b..c90917c426 100644 --- a/lib/search/indexes/github-docs-3.2-pt-records.json.br +++ b/lib/search/indexes/github-docs-3.2-pt-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:e214d40d17524d3a01426f7c9860ce81ec2e5181baef8511350830a7f0baab4c -size 613494 +oid sha256:6963677ebc68cc8a8effd2b980ab696399b41ff93f48984446286dff820d13dc +size 614652 diff --git a/lib/search/indexes/github-docs-3.2-pt.json.br b/lib/search/indexes/github-docs-3.2-pt.json.br index 5bb5c23c36..81e74fba1a 100644 --- a/lib/search/indexes/github-docs-3.2-pt.json.br +++ b/lib/search/indexes/github-docs-3.2-pt.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:57ddf9e784705b5f5a5f102d86efa8e8b6f021994c96791d3122057851f61bc8 -size 2497020 +oid sha256:54719807aadd47fb53ffd60a3c07c2972cbe5beb68ca16a372ebcaa2868b4a1e +size 2505320 diff --git a/lib/search/indexes/github-docs-3.3-cn-records.json.br b/lib/search/indexes/github-docs-3.3-cn-records.json.br index 8fcce56c51..7405ec40fe 100644 --- a/lib/search/indexes/github-docs-3.3-cn-records.json.br +++ b/lib/search/indexes/github-docs-3.3-cn-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:7b2460fac16107c76450cc30ba678873cdd933e31e675697ad2a5740aa756d86 -size 695926 +oid sha256:ffb043ede05a1e70dd493b4d2e10230e50ef356d047371976f578f1ce5081efe +size 698051 diff --git a/lib/search/indexes/github-docs-3.3-cn.json.br b/lib/search/indexes/github-docs-3.3-cn.json.br index cc2ca33021..e5beddb72a 100644 --- a/lib/search/indexes/github-docs-3.3-cn.json.br +++ b/lib/search/indexes/github-docs-3.3-cn.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:ffdb4e6e4aefde395d29720bab4c2267b6dcaf94ef985c5b9a7b5166592409b6 -size 1433778 +oid sha256:6db63f19f2b7fca0f4e785622e2fcf72287311e1c49970e57d2011a50efe8fac +size 1433956 diff --git a/lib/search/indexes/github-docs-3.3-en-records.json.br b/lib/search/indexes/github-docs-3.3-en-records.json.br index 21a996fd1e..686622a326 100644 --- a/lib/search/indexes/github-docs-3.3-en-records.json.br +++ b/lib/search/indexes/github-docs-3.3-en-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:ddb0d13d4b61bf789eb12d3a3135253848a7ae0efe9fdf6fc22795189198f744 -size 942051 +oid sha256:c371699143f3202e889ad66417f6afe9038707a54b2a382706bae0c91175509f +size 943515 diff --git a/lib/search/indexes/github-docs-3.3-en.json.br b/lib/search/indexes/github-docs-3.3-en.json.br index aa3682264b..4bc2002247 100644 --- a/lib/search/indexes/github-docs-3.3-en.json.br +++ b/lib/search/indexes/github-docs-3.3-en.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:30ec224c828e7008b429101128f75849c89f7db2bc163e6e7f520ba3a69477cc -size 3614379 +oid sha256:7e33932bd5a13acc59a14d915f0e0abf58da5f443601ea64ff556442cabf1fa7 +size 3618045 diff --git a/lib/search/indexes/github-docs-3.3-es-records.json.br b/lib/search/indexes/github-docs-3.3-es-records.json.br index fab10c3165..7a79fed504 100644 --- a/lib/search/indexes/github-docs-3.3-es-records.json.br +++ b/lib/search/indexes/github-docs-3.3-es-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:b38f89b1de064f6a3a09c853482d0f391c94648b14e3ff84fe8f429569b5693b -size 642280 +oid sha256:6d9330eff22903d1ea49e54d8c0bcbde642abb777ad3e99c28a4da7a0a641f52 +size 644033 diff --git a/lib/search/indexes/github-docs-3.3-es.json.br b/lib/search/indexes/github-docs-3.3-es.json.br index c3d9df80f1..fd165148f0 100644 --- a/lib/search/indexes/github-docs-3.3-es.json.br +++ b/lib/search/indexes/github-docs-3.3-es.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:b740bfde44a5153508044423a0ebea45949ec1d815593ff0f0be39db84475901 -size 2734715 +oid sha256:e24e43dc64924b3aedde6856d377a073e770fea551d86608017d461f42486fcd +size 2721404 diff --git a/lib/search/indexes/github-docs-3.3-ja-records.json.br b/lib/search/indexes/github-docs-3.3-ja-records.json.br index ec52c64dda..f036d0bf37 100644 --- a/lib/search/indexes/github-docs-3.3-ja-records.json.br +++ b/lib/search/indexes/github-docs-3.3-ja-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:ada6b3072e429e0b929c4775ae4d61a684281887da64db64217385bfa26949e2 -size 711689 +oid sha256:b698982c0cefa8fc6023314d95e3e5809b2b12194ad0e376bb9f2a0c97381e65 +size 712819 diff --git a/lib/search/indexes/github-docs-3.3-ja.json.br b/lib/search/indexes/github-docs-3.3-ja.json.br index 58e5c26338..c6892f864f 100644 --- a/lib/search/indexes/github-docs-3.3-ja.json.br +++ b/lib/search/indexes/github-docs-3.3-ja.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:91a96c419ca6dad29b42b6ce40513a8e6bc5bcfeb097b9c731f18c6b58d3bc52 -size 3779619 +oid sha256:a7f480f7b7ac07788afebb7927606bbdfe99eefb5be13dd0c662b9058a99b668 +size 3784700 diff --git a/lib/search/indexes/github-docs-3.3-pt-records.json.br b/lib/search/indexes/github-docs-3.3-pt-records.json.br index 4520ea71f8..41dbf0aafe 100644 --- a/lib/search/indexes/github-docs-3.3-pt-records.json.br +++ b/lib/search/indexes/github-docs-3.3-pt-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:f72a7771cb7effee80d214330f61e36965b59f116ebfa64eff78e599055c699b -size 631461 +oid sha256:d9f9ac2b01517cd0c4401f275dc2b55f875e0f137f0da4b89fd20e9f05d5aa38 +size 633681 diff --git a/lib/search/indexes/github-docs-3.3-pt.json.br b/lib/search/indexes/github-docs-3.3-pt.json.br index 13d1035006..04c9cc7449 100644 --- a/lib/search/indexes/github-docs-3.3-pt.json.br +++ b/lib/search/indexes/github-docs-3.3-pt.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:a3a640d7bfd5c9d4d02095e7c4d741fce954ed1343960e13c30f371089681bf6 -size 2580487 +oid sha256:042d5b4cc8fede3a76b1d92d5813974c2da86b76a8b319d8c7bb899c0e90e0b8 +size 2590894 diff --git a/lib/search/indexes/github-docs-3.4-cn-records.json.br b/lib/search/indexes/github-docs-3.4-cn-records.json.br index d611cbf710..e227d1eb01 100644 --- a/lib/search/indexes/github-docs-3.4-cn-records.json.br +++ b/lib/search/indexes/github-docs-3.4-cn-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:002e39f6b38438ce067422a64b6561dea2a54333251ce39a1ef7611882e01798 -size 699093 +oid sha256:f4f2a213929c4849b06edb1cc7829e746653d413f3f69d6aca58bea13ab82433 +size 701243 diff --git a/lib/search/indexes/github-docs-3.4-cn.json.br b/lib/search/indexes/github-docs-3.4-cn.json.br index 289d73c6a7..6ab9bc4676 100644 --- a/lib/search/indexes/github-docs-3.4-cn.json.br +++ b/lib/search/indexes/github-docs-3.4-cn.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:c5820ebf32f38d3e90cf9873b8aa867bef3b0bf27abb1b8e6eaabf525c24753a -size 1444802 +oid sha256:c142aeffe1607a924bf6cc61934b633e91499859df7542805a7c41b1341762fb +size 1444521 diff --git a/lib/search/indexes/github-docs-3.4-en-records.json.br b/lib/search/indexes/github-docs-3.4-en-records.json.br index b4339b068b..0583804085 100644 --- a/lib/search/indexes/github-docs-3.4-en-records.json.br +++ b/lib/search/indexes/github-docs-3.4-en-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:1e4ee3c17217cee844209c497627dcbe51ae677ea1eb6379b7d8c5c698d3654f -size 952128 +oid sha256:0db7ecfc0aa4f36f591e0683459db4f2a6e640ca67f7ad4f614a49a89697a8c8 +size 955799 diff --git a/lib/search/indexes/github-docs-3.4-en.json.br b/lib/search/indexes/github-docs-3.4-en.json.br index 9d4f639087..95a29c300b 100644 --- a/lib/search/indexes/github-docs-3.4-en.json.br +++ b/lib/search/indexes/github-docs-3.4-en.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:731b2c7a2cab959b62363dc2166133857a191069fe4fc7fe79fcfbe7f329c5d3 -size 3649664 +oid sha256:1e0231bacf808f63d92a19eb15858b773fddcd113521630c7374e94d4b3172bd +size 3655008 diff --git a/lib/search/indexes/github-docs-3.4-es-records.json.br b/lib/search/indexes/github-docs-3.4-es-records.json.br index 843e96c3c5..7b5bc89403 100644 --- a/lib/search/indexes/github-docs-3.4-es-records.json.br +++ b/lib/search/indexes/github-docs-3.4-es-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:038be36b2f394609ed2d4a3f6f14ce58cc0b54e4c46c173f2611ea3177ae2004 -size 646999 +oid sha256:1d55d7bf12f4a19fd573a39be4b63e3d173f65a8da8cb288660f1f860a87df1b +size 648013 diff --git a/lib/search/indexes/github-docs-3.4-es.json.br b/lib/search/indexes/github-docs-3.4-es.json.br index ad7923e80a..691ee78560 100644 --- a/lib/search/indexes/github-docs-3.4-es.json.br +++ b/lib/search/indexes/github-docs-3.4-es.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:acf8f3f424a1a15d17e0dd8e635df29bd777ed0c1f36079a6974970255b2f229 -size 2754258 +oid sha256:2a4b82a243a2e232944fa13d347e0a5f9ba4e320e02bb12c7978b0a0b9761a58 +size 2738239 diff --git a/lib/search/indexes/github-docs-3.4-ja-records.json.br b/lib/search/indexes/github-docs-3.4-ja-records.json.br index 7b69a82d99..ad505c5e9e 100644 --- a/lib/search/indexes/github-docs-3.4-ja-records.json.br +++ b/lib/search/indexes/github-docs-3.4-ja-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:fc625dfe56ed400591f4f377f6b9e1729edcff0bd0bc25d06bdb6908e119f5dc -size 714422 +oid sha256:30a49e680374624495db55890d55297917370b29b5f74c874055302833440dd1 +size 716417 diff --git a/lib/search/indexes/github-docs-3.4-ja.json.br b/lib/search/indexes/github-docs-3.4-ja.json.br index 6521a466db..627c75284a 100644 --- a/lib/search/indexes/github-docs-3.4-ja.json.br +++ b/lib/search/indexes/github-docs-3.4-ja.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:2b25fe9fa984859f6cdcfc57e67f318d0bd9f245f785b5764baa88e1774ec4f0 -size 3800303 +oid sha256:8b3641b63529ce89f0be5251501e74757ab766c425833fcd2ec576630e9b6615 +size 3809087 diff --git a/lib/search/indexes/github-docs-3.4-pt-records.json.br b/lib/search/indexes/github-docs-3.4-pt-records.json.br index 193a3f3072..d438cec038 100644 --- a/lib/search/indexes/github-docs-3.4-pt-records.json.br +++ b/lib/search/indexes/github-docs-3.4-pt-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:871a596f0d7b2fb930b1ca2bff910a8e1082b59f5e62f8624ab2e43594b019bd -size 635576 +oid sha256:789da13e1bb5d34d1a048c80da164e1b3676e866d1925e27482b908100c44671 +size 637451 diff --git a/lib/search/indexes/github-docs-3.4-pt.json.br b/lib/search/indexes/github-docs-3.4-pt.json.br index ef0e125e7f..923617d8c8 100644 --- a/lib/search/indexes/github-docs-3.4-pt.json.br +++ b/lib/search/indexes/github-docs-3.4-pt.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:9e2e856069449d3ccafca9a968e968481fc9dec7625dc3e2d49ce3a4887ce17c -size 2595364 +oid sha256:c31f2bd16acd9ba8f23305568b73562b397d96500f5af85e9ecca8e5581ae337 +size 2602741 diff --git a/lib/search/indexes/github-docs-dotcom-cn-records.json.br b/lib/search/indexes/github-docs-dotcom-cn-records.json.br index 03e50028d4..19dfbf3ead 100644 --- a/lib/search/indexes/github-docs-dotcom-cn-records.json.br +++ b/lib/search/indexes/github-docs-dotcom-cn-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:8fcd2a19ae3e2d117f27a22551b49a76f0f6c15b869ca48444def992f8990471 -size 902100 +oid sha256:137c8c35bfb1d9bf3fc58ae1e6d92c45f6063cb2a382c9c28efb1e4836ffb811 +size 905159 diff --git a/lib/search/indexes/github-docs-dotcom-cn.json.br b/lib/search/indexes/github-docs-dotcom-cn.json.br index 8e9cbade5f..3955646dde 100644 --- a/lib/search/indexes/github-docs-dotcom-cn.json.br +++ b/lib/search/indexes/github-docs-dotcom-cn.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:4b2f52e87ec95c2d8aa3ae7f0fab054bcae7094cdb40d644c36da8d57526fde7 -size 1584977 +oid sha256:7bb80cfa08098abe32781d4b65ff3beda4d60443aaf2d87fa5f676ed8608e6ad +size 1588519 diff --git a/lib/search/indexes/github-docs-dotcom-en-records.json.br b/lib/search/indexes/github-docs-dotcom-en-records.json.br index 2fa06f8c15..ff5337779a 100644 --- a/lib/search/indexes/github-docs-dotcom-en-records.json.br +++ b/lib/search/indexes/github-docs-dotcom-en-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:7ccd34b481056ebf149da728cba7a1a92f4671d6254ac85beae2b4469c522297 -size 1220361 +oid sha256:75e541f636caf213bf8ac9718ec28dafa35cce066f67ecab28a80d14d0bf27ae +size 1223737 diff --git a/lib/search/indexes/github-docs-dotcom-en.json.br b/lib/search/indexes/github-docs-dotcom-en.json.br index aaa3ff7d84..a617b3f7c3 100644 --- a/lib/search/indexes/github-docs-dotcom-en.json.br +++ b/lib/search/indexes/github-docs-dotcom-en.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:9f0e06305c4ef60710c29a1c0338bb28669a9f20cac1b1cb4702c6dfb31d7124 -size 4407613 +oid sha256:68e4e46c116d2187db539ecf852021e259775138805362be38b9d6268b0c32e9 +size 4415034 diff --git a/lib/search/indexes/github-docs-dotcom-es-records.json.br b/lib/search/indexes/github-docs-dotcom-es-records.json.br index e7db7d4c4b..13d91d7d28 100644 --- a/lib/search/indexes/github-docs-dotcom-es-records.json.br +++ b/lib/search/indexes/github-docs-dotcom-es-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:b86f3a9ef88ecb5f600c63ce5ffa0312a4e8c3a57ed0bc466eb97aa2bcb23e76 -size 815562 +oid sha256:77486b04dbfdccc60d8466c18c4e05348650a71fea512c57db8c4ed2e2d4309f +size 817603 diff --git a/lib/search/indexes/github-docs-dotcom-es.json.br b/lib/search/indexes/github-docs-dotcom-es.json.br index 9e053cf5a7..5708c4904c 100644 --- a/lib/search/indexes/github-docs-dotcom-es.json.br +++ b/lib/search/indexes/github-docs-dotcom-es.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:39b1507f0f58cac4aea1d1735c9ecb90f6ba8c0bd94fbe6f074ed3e5e11b6a13 -size 3283165 +oid sha256:7fcc5fddde07ec9baec47bbbd951b91993a0a159765cb389a6b3cabe88ea47c1 +size 3272907 diff --git a/lib/search/indexes/github-docs-dotcom-ja-records.json.br b/lib/search/indexes/github-docs-dotcom-ja-records.json.br index 601f86af9b..a42e760db6 100644 --- a/lib/search/indexes/github-docs-dotcom-ja-records.json.br +++ b/lib/search/indexes/github-docs-dotcom-ja-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:c7092fbdfda116f018c66a66d1e98617abe9d58dc13543b1ddee61f6078e5b2a -size 916450 +oid sha256:4ed7d5dc2ea8ccf0bce3037d1e17167b381d36174f0324ff653c72e6526faefe +size 919400 diff --git a/lib/search/indexes/github-docs-dotcom-ja.json.br b/lib/search/indexes/github-docs-dotcom-ja.json.br index 2b11459a39..9cdd842e14 100644 --- a/lib/search/indexes/github-docs-dotcom-ja.json.br +++ b/lib/search/indexes/github-docs-dotcom-ja.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:66ead63a16b4425e59b8f42588753fcd1637eed4ea8c6b916b9b15af3d4f7cdf -size 4652213 +oid sha256:024b153cad32e3c09f08f0a42114d01c10a5d971b40599d01d765ead3fa4fe75 +size 4661433 diff --git a/lib/search/indexes/github-docs-dotcom-pt-records.json.br b/lib/search/indexes/github-docs-dotcom-pt-records.json.br index 7303bdfdd3..8c3132fca5 100644 --- a/lib/search/indexes/github-docs-dotcom-pt-records.json.br +++ b/lib/search/indexes/github-docs-dotcom-pt-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:fc6b0d24f01fdb09f2d7cddffe09249e11ecd7969e857b93eca5be9e725ee863 -size 804973 +oid sha256:ea0bea375ff02d044f05dcfbb7aadc99a076e6a2023ad7e053e869856ff3a0ef +size 807462 diff --git a/lib/search/indexes/github-docs-dotcom-pt.json.br b/lib/search/indexes/github-docs-dotcom-pt.json.br index 78fc4e0ec2..0ce902636a 100644 --- a/lib/search/indexes/github-docs-dotcom-pt.json.br +++ b/lib/search/indexes/github-docs-dotcom-pt.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:3b9f7ab24e0fb2f7bfd55c619736a2d53fcf6bb25ea7acb1eaa8de2bc7af703d -size 3122534 +oid sha256:22a7a3c5d454fc0974b01f57527b1241984699e2e5443d2f3397fe3fd96d22d0 +size 3127708 diff --git a/lib/search/indexes/github-docs-ghae-cn-records.json.br b/lib/search/indexes/github-docs-ghae-cn-records.json.br index 3302a9de58..281a92313d 100644 --- a/lib/search/indexes/github-docs-ghae-cn-records.json.br +++ b/lib/search/indexes/github-docs-ghae-cn-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:aa7f42ce36df1bfa5d3b72c04fa22f0b4ce0e43410843df7328d92c7f6517714 -size 536146 +oid sha256:6e471b92a33b808d381e6dc5f8e1d3b05553a9d24e57382e65181621a88e313e +size 536560 diff --git a/lib/search/indexes/github-docs-ghae-cn.json.br b/lib/search/indexes/github-docs-ghae-cn.json.br index 08df4d150f..15b6dca2ae 100644 --- a/lib/search/indexes/github-docs-ghae-cn.json.br +++ b/lib/search/indexes/github-docs-ghae-cn.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:d22425b47e256c7f81da2276b0319b3531a44d54dba29beb693ac649bf77c13a -size 1026737 +oid sha256:ba65e90e466f03aa5ec1dd81e2f5201fb2abc5cf908382256cac924f9c1e8dff +size 1025069 diff --git a/lib/search/indexes/github-docs-ghae-en-records.json.br b/lib/search/indexes/github-docs-ghae-en-records.json.br index 72db5ea938..a4c240e6ab 100644 --- a/lib/search/indexes/github-docs-ghae-en-records.json.br +++ b/lib/search/indexes/github-docs-ghae-en-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:28e4624393a0173436e5af9f985451c9dcde94c7f6f8affb44b165ae247c1b05 -size 737083 +oid sha256:7a48730be3a2bf8e95a645768e8c0fc606a6e8a65030a87ca8b4098348af851e +size 736890 diff --git a/lib/search/indexes/github-docs-ghae-en.json.br b/lib/search/indexes/github-docs-ghae-en.json.br index bcd9526fcc..c66f2c5e3d 100644 --- a/lib/search/indexes/github-docs-ghae-en.json.br +++ b/lib/search/indexes/github-docs-ghae-en.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:0d4ee66f809d0e2c1ae3c7afc33486eaa57e88dfea803d42f96146aa48a1bf69 -size 2786060 +oid sha256:80ea4002bd44efecf3eaac5dc614946ce7d34485e7b58cb81b42b571e32a9caa +size 2787566 diff --git a/lib/search/indexes/github-docs-ghae-es-records.json.br b/lib/search/indexes/github-docs-ghae-es-records.json.br index 78c32fe7f5..4be3fecfde 100644 --- a/lib/search/indexes/github-docs-ghae-es-records.json.br +++ b/lib/search/indexes/github-docs-ghae-es-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:0ed50a286ea0073fa4b1d2abe4992c8a9d2f8089d2f9438bda6b1c4d7b3096e2 -size 496850 +oid sha256:53ee5fbc9efc7a10a44376f44d8e76c71e2b6af33d48fc70325d15bfa3fa5c9d +size 495779 diff --git a/lib/search/indexes/github-docs-ghae-es.json.br b/lib/search/indexes/github-docs-ghae-es.json.br index 4f0b093816..6f696d1eff 100644 --- a/lib/search/indexes/github-docs-ghae-es.json.br +++ b/lib/search/indexes/github-docs-ghae-es.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:a85c159c8ff1d0f10c673657d83ad9920bb30589e178931d14a9cd9fa1c34eef -size 2016241 +oid sha256:246301513bed266d9031d3e2f6b3d60d40de5c2cb96eb753aad164155312d6e1 +size 2017914 diff --git a/lib/search/indexes/github-docs-ghae-ja-records.json.br b/lib/search/indexes/github-docs-ghae-ja-records.json.br index a9cb1514f9..66d73eef8f 100644 --- a/lib/search/indexes/github-docs-ghae-ja-records.json.br +++ b/lib/search/indexes/github-docs-ghae-ja-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:055cdd76a474448f525f5d280bf46babde2b616b5417079093270497157c0c48 -size 546867 +oid sha256:fb44f528f148d04400d8b5522bc72616386742cb69291e58a3999ed50d2efde5 +size 547236 diff --git a/lib/search/indexes/github-docs-ghae-ja.json.br b/lib/search/indexes/github-docs-ghae-ja.json.br index 75e260d604..b980a4b0dc 100644 --- a/lib/search/indexes/github-docs-ghae-ja.json.br +++ b/lib/search/indexes/github-docs-ghae-ja.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:f25075ca35fd115e1018df7a227870324ff3801f447a8c284105f6fcbc77958a -size 2776530 +oid sha256:c7e4222dc18433e7a8f9d3588d6b7406e381315dbe12977e3b3fedeb40c62283 +size 2779252 diff --git a/lib/search/indexes/github-docs-ghae-pt-records.json.br b/lib/search/indexes/github-docs-ghae-pt-records.json.br index 29fb66fccc..929acce634 100644 --- a/lib/search/indexes/github-docs-ghae-pt-records.json.br +++ b/lib/search/indexes/github-docs-ghae-pt-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:40324b524f8a97099ac3083ef97c2d8a5d84e918d3ec15cd888c2e3b7477c9c9 -size 487605 +oid sha256:04afb99d228ce76fdfc296811a7812e05820691c4deeabde78bbc81102573e7f +size 488213 diff --git a/lib/search/indexes/github-docs-ghae-pt.json.br b/lib/search/indexes/github-docs-ghae-pt.json.br index 8ce903a505..33b7837db7 100644 --- a/lib/search/indexes/github-docs-ghae-pt.json.br +++ b/lib/search/indexes/github-docs-ghae-pt.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:f8697d9d5eee16b439dcd7325337796d6e4ed0306c9eec98e08f7f5d8e55e7fe -size 1894238 +oid sha256:9838c434a6cb5c53dbc54cf7c5e1d23a0ceb774f416f7785cec5c7efd17bd676 +size 1895072 diff --git a/lib/search/indexes/github-docs-ghec-cn-records.json.br b/lib/search/indexes/github-docs-ghec-cn-records.json.br index e7cf3ecac8..29afe36102 100644 --- a/lib/search/indexes/github-docs-ghec-cn-records.json.br +++ b/lib/search/indexes/github-docs-ghec-cn-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:225fcdf4b67344802b148d1e57ea536e6276d400affadd3275dadee5a15e1a3b -size 831969 +oid sha256:379a9814ee5acb46b249fd8bfe7ddf78571b2c4c329b4755e86da4ced6b1543b +size 836383 diff --git a/lib/search/indexes/github-docs-ghec-cn.json.br b/lib/search/indexes/github-docs-ghec-cn.json.br index 197ba6e9dd..231fcd09aa 100644 --- a/lib/search/indexes/github-docs-ghec-cn.json.br +++ b/lib/search/indexes/github-docs-ghec-cn.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:336d2ef794187c438f8bcbf77e7bef6ae288f041494acf091b522c2dbe648bb8 -size 1651644 +oid sha256:effb71d6a65c70b70205d7bf55dc4e36d85698ce91edb8da34acfd12b6c36607 +size 1650559 diff --git a/lib/search/indexes/github-docs-ghec-en-records.json.br b/lib/search/indexes/github-docs-ghec-en-records.json.br index 44d3c5ab1c..083762333c 100644 --- a/lib/search/indexes/github-docs-ghec-en-records.json.br +++ b/lib/search/indexes/github-docs-ghec-en-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:89f999019371aea5bb11776ae0b034545ee2796d6969b45c8d9d445b1f1427e7 -size 1102618 +oid sha256:8b2bc29c90f4d7483eef346c34e13ab3783167c7ca8310b7e160fa5dd50454b8 +size 1102983 diff --git a/lib/search/indexes/github-docs-ghec-en.json.br b/lib/search/indexes/github-docs-ghec-en.json.br index 90cd4af6fd..7c1ca3f855 100644 --- a/lib/search/indexes/github-docs-ghec-en.json.br +++ b/lib/search/indexes/github-docs-ghec-en.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:3faf739d8c49876b9b890433f9ad61b4ab70899184c4c54e20d7e577c5cce39f -size 4198874 +oid sha256:e8b31861698a275d85ea3e051758549c38d2b45576d3191243793967ff822938 +size 4205550 diff --git a/lib/search/indexes/github-docs-ghec-es-records.json.br b/lib/search/indexes/github-docs-ghec-es-records.json.br index eed8582c95..f066944a3b 100644 --- a/lib/search/indexes/github-docs-ghec-es-records.json.br +++ b/lib/search/indexes/github-docs-ghec-es-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:182385b293495a6f11ae230aa32a4ef3e8e4f8eb09b10cb91beda6a5550a9bda -size 775339 +oid sha256:e5cad06a98fcda383e1360d4622e49086bc41c811777b37c83c4997899040bbd +size 776226 diff --git a/lib/search/indexes/github-docs-ghec-es.json.br b/lib/search/indexes/github-docs-ghec-es.json.br index 1a070c5dbb..11180efab1 100644 --- a/lib/search/indexes/github-docs-ghec-es.json.br +++ b/lib/search/indexes/github-docs-ghec-es.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:c6a332ef005519ae31c1e28e0ba1239d2554c4ff66db63a3b144d7723a7484b1 -size 3279824 +oid sha256:3d30e46ed7158398b46d9f7fc289b6876b4bea4a2418e76b00ebe266fa44f2c3 +size 3268431 diff --git a/lib/search/indexes/github-docs-ghec-ja-records.json.br b/lib/search/indexes/github-docs-ghec-ja-records.json.br index 4cdf484a24..517ac1618e 100644 --- a/lib/search/indexes/github-docs-ghec-ja-records.json.br +++ b/lib/search/indexes/github-docs-ghec-ja-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:4f8612afe6cfacec8ec92bbf5cf345af1ac08f4d514808025bbc657a1ba2b026 -size 851983 +oid sha256:22edf52e92dca48e0e6a542d4eacc572374bfe0c676cdbbba4b4bee28b15d9f7 +size 852998 diff --git a/lib/search/indexes/github-docs-ghec-ja.json.br b/lib/search/indexes/github-docs-ghec-ja.json.br index 1b74bd3267..b518fe8e7a 100644 --- a/lib/search/indexes/github-docs-ghec-ja.json.br +++ b/lib/search/indexes/github-docs-ghec-ja.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:8fd1d7d1d06d3428534a031074f5bf44859ac3171dd108d3a6ff9415e01f523e -size 4541895 +oid sha256:81e653d4542bd54b58befac28723337a7a52b6a558d52c719b5ff40c59f1170f +size 4550512 diff --git a/lib/search/indexes/github-docs-ghec-pt-records.json.br b/lib/search/indexes/github-docs-ghec-pt-records.json.br index 73c7f075b8..ca514112a7 100644 --- a/lib/search/indexes/github-docs-ghec-pt-records.json.br +++ b/lib/search/indexes/github-docs-ghec-pt-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:b5b51f4e58e811e00e4d3fe205ee29896509b8f2a70d4a8d85f36853108727fa -size 762981 +oid sha256:d515d4031a9247891050d3cf8af301241dacef2dea0fb6911f568fed52e18d8b +size 766093 diff --git a/lib/search/indexes/github-docs-ghec-pt.json.br b/lib/search/indexes/github-docs-ghec-pt.json.br index ce9f18baf3..66364fe84d 100644 --- a/lib/search/indexes/github-docs-ghec-pt.json.br +++ b/lib/search/indexes/github-docs-ghec-pt.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:ee9700e2dd94826e6ebd9ccff5879d4ee0bc01869b8894f8d0a9127e7af51b2a -size 3090780 +oid sha256:e1fc8c01ac95785d54dffe51ffa274fa41bcdc8048a5d53d79b4c6e996a39707 +size 3107619 From 8179107ae84f0ded8b764ade486096d3cfadc3de Mon Sep 17 00:00:00 2001 From: GitHub Actions Date: Sat, 19 Mar 2022 10:08:44 +0000 Subject: [PATCH 34/52] update search indexes --- lib/search/indexes/github-docs-3.1-cn-records.json.br | 4 ++-- lib/search/indexes/github-docs-3.1-cn.json.br | 4 ++-- lib/search/indexes/github-docs-3.1-en-records.json.br | 4 ++-- lib/search/indexes/github-docs-3.1-en.json.br | 4 ++-- lib/search/indexes/github-docs-3.1-es-records.json.br | 4 ++-- lib/search/indexes/github-docs-3.1-es.json.br | 4 ++-- lib/search/indexes/github-docs-3.1-ja-records.json.br | 4 ++-- lib/search/indexes/github-docs-3.1-ja.json.br | 4 ++-- lib/search/indexes/github-docs-3.1-pt-records.json.br | 4 ++-- lib/search/indexes/github-docs-3.1-pt.json.br | 4 ++-- lib/search/indexes/github-docs-3.2-cn-records.json.br | 4 ++-- lib/search/indexes/github-docs-3.2-cn.json.br | 4 ++-- lib/search/indexes/github-docs-3.2-en-records.json.br | 4 ++-- lib/search/indexes/github-docs-3.2-en.json.br | 4 ++-- lib/search/indexes/github-docs-3.2-es-records.json.br | 4 ++-- lib/search/indexes/github-docs-3.2-es.json.br | 4 ++-- lib/search/indexes/github-docs-3.2-ja-records.json.br | 4 ++-- lib/search/indexes/github-docs-3.2-ja.json.br | 4 ++-- lib/search/indexes/github-docs-3.2-pt-records.json.br | 4 ++-- lib/search/indexes/github-docs-3.2-pt.json.br | 4 ++-- lib/search/indexes/github-docs-3.3-cn-records.json.br | 4 ++-- lib/search/indexes/github-docs-3.3-cn.json.br | 4 ++-- lib/search/indexes/github-docs-3.3-en-records.json.br | 4 ++-- lib/search/indexes/github-docs-3.3-en.json.br | 4 ++-- lib/search/indexes/github-docs-3.3-es-records.json.br | 4 ++-- lib/search/indexes/github-docs-3.3-es.json.br | 4 ++-- lib/search/indexes/github-docs-3.3-ja-records.json.br | 4 ++-- lib/search/indexes/github-docs-3.3-ja.json.br | 4 ++-- lib/search/indexes/github-docs-3.3-pt-records.json.br | 4 ++-- lib/search/indexes/github-docs-3.3-pt.json.br | 4 ++-- lib/search/indexes/github-docs-3.4-cn-records.json.br | 4 ++-- lib/search/indexes/github-docs-3.4-cn.json.br | 4 ++-- lib/search/indexes/github-docs-3.4-en-records.json.br | 4 ++-- lib/search/indexes/github-docs-3.4-en.json.br | 4 ++-- lib/search/indexes/github-docs-3.4-es-records.json.br | 4 ++-- lib/search/indexes/github-docs-3.4-es.json.br | 4 ++-- lib/search/indexes/github-docs-3.4-ja-records.json.br | 4 ++-- lib/search/indexes/github-docs-3.4-ja.json.br | 4 ++-- lib/search/indexes/github-docs-3.4-pt-records.json.br | 4 ++-- lib/search/indexes/github-docs-3.4-pt.json.br | 4 ++-- lib/search/indexes/github-docs-dotcom-cn-records.json.br | 4 ++-- lib/search/indexes/github-docs-dotcom-cn.json.br | 4 ++-- lib/search/indexes/github-docs-dotcom-en-records.json.br | 4 ++-- lib/search/indexes/github-docs-dotcom-en.json.br | 4 ++-- lib/search/indexes/github-docs-dotcom-es-records.json.br | 4 ++-- lib/search/indexes/github-docs-dotcom-es.json.br | 4 ++-- lib/search/indexes/github-docs-dotcom-ja-records.json.br | 4 ++-- lib/search/indexes/github-docs-dotcom-ja.json.br | 4 ++-- lib/search/indexes/github-docs-dotcom-pt-records.json.br | 4 ++-- lib/search/indexes/github-docs-dotcom-pt.json.br | 4 ++-- lib/search/indexes/github-docs-ghae-cn-records.json.br | 4 ++-- lib/search/indexes/github-docs-ghae-cn.json.br | 4 ++-- lib/search/indexes/github-docs-ghae-en-records.json.br | 4 ++-- lib/search/indexes/github-docs-ghae-en.json.br | 4 ++-- lib/search/indexes/github-docs-ghae-es-records.json.br | 4 ++-- lib/search/indexes/github-docs-ghae-es.json.br | 4 ++-- lib/search/indexes/github-docs-ghae-ja-records.json.br | 4 ++-- lib/search/indexes/github-docs-ghae-ja.json.br | 4 ++-- lib/search/indexes/github-docs-ghae-pt-records.json.br | 4 ++-- lib/search/indexes/github-docs-ghae-pt.json.br | 4 ++-- lib/search/indexes/github-docs-ghec-cn-records.json.br | 4 ++-- lib/search/indexes/github-docs-ghec-cn.json.br | 4 ++-- lib/search/indexes/github-docs-ghec-en-records.json.br | 4 ++-- lib/search/indexes/github-docs-ghec-en.json.br | 4 ++-- lib/search/indexes/github-docs-ghec-es-records.json.br | 4 ++-- lib/search/indexes/github-docs-ghec-es.json.br | 4 ++-- lib/search/indexes/github-docs-ghec-ja-records.json.br | 4 ++-- lib/search/indexes/github-docs-ghec-ja.json.br | 4 ++-- lib/search/indexes/github-docs-ghec-pt-records.json.br | 4 ++-- lib/search/indexes/github-docs-ghec-pt.json.br | 4 ++-- 70 files changed, 140 insertions(+), 140 deletions(-) diff --git a/lib/search/indexes/github-docs-3.1-cn-records.json.br b/lib/search/indexes/github-docs-3.1-cn-records.json.br index 9cbf69bdd4..fdd718d13a 100644 --- a/lib/search/indexes/github-docs-3.1-cn-records.json.br +++ b/lib/search/indexes/github-docs-3.1-cn-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:0ecadf84a419a6e5f2032570e3b430ccc9586e9fe31eb18b5cdbef3a89996ec3 -size 657766 +oid sha256:cc424574a2561bfc24d222cf06b24a8c4fc81633c09d0a191f964ac9f3ca6a48 +size 656270 diff --git a/lib/search/indexes/github-docs-3.1-cn.json.br b/lib/search/indexes/github-docs-3.1-cn.json.br index 6450fc16d9..42777129a8 100644 --- a/lib/search/indexes/github-docs-3.1-cn.json.br +++ b/lib/search/indexes/github-docs-3.1-cn.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:2482f4f495188c89db9512d3788cbb158f9b2e11378593d9f154bb14f2071dd9 -size 1347978 +oid sha256:01a3dd7c5f9f0226a8987da3416a6b158aa03979ae192df450339ac34315a234 +size 1347889 diff --git a/lib/search/indexes/github-docs-3.1-en-records.json.br b/lib/search/indexes/github-docs-3.1-en-records.json.br index 6bc9ef43ff..76bed1d475 100644 --- a/lib/search/indexes/github-docs-3.1-en-records.json.br +++ b/lib/search/indexes/github-docs-3.1-en-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:b233dd4c46590e32755ce2f4c2649f868cef82a8805ef0da2d7874edd0356f51 -size 881244 +oid sha256:135d36edcee1bc4e4a4e6b6435a8e45411feea65a4b02cc47be0772e2ff81783 +size 879722 diff --git a/lib/search/indexes/github-docs-3.1-en.json.br b/lib/search/indexes/github-docs-3.1-en.json.br index 99557769bc..87d430a0f2 100644 --- a/lib/search/indexes/github-docs-3.1-en.json.br +++ b/lib/search/indexes/github-docs-3.1-en.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:64d18aff6ec3692f330d64da78949a6d24d47f171dc0c35d58f0a8b24bffa1c6 -size 3384999 +oid sha256:a14895025812730812f797a2f875d749e3cc7883beac6b53d2becb4977d626f1 +size 3384119 diff --git a/lib/search/indexes/github-docs-3.1-es-records.json.br b/lib/search/indexes/github-docs-3.1-es-records.json.br index b050d19083..c107ee7351 100644 --- a/lib/search/indexes/github-docs-3.1-es-records.json.br +++ b/lib/search/indexes/github-docs-3.1-es-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:d7cdcf26ac6c61c3e562e23929b97e1804532f812c0665cf08fd4f40675b8297 -size 607684 +oid sha256:280ce8ed47742ff617564403bbed7b8d5c5b98d909318376e56fa659a4232458 +size 608572 diff --git a/lib/search/indexes/github-docs-3.1-es.json.br b/lib/search/indexes/github-docs-3.1-es.json.br index 71c817ae54..c61d70da88 100644 --- a/lib/search/indexes/github-docs-3.1-es.json.br +++ b/lib/search/indexes/github-docs-3.1-es.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:d3017544426c9d268ec01b3644295eacab731658571dab4e07e974be0d210270 -size 2566872 +oid sha256:f0c4c35ec5e7e24f442e55801175db800c28324ad33b087109cef04f3bf0bdad +size 2565280 diff --git a/lib/search/indexes/github-docs-3.1-ja-records.json.br b/lib/search/indexes/github-docs-3.1-ja-records.json.br index 35fe948a7d..4695b2cd94 100644 --- a/lib/search/indexes/github-docs-3.1-ja-records.json.br +++ b/lib/search/indexes/github-docs-3.1-ja-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:809b9eb7faa28b115f502242db5d6baa852aa17c4dcb82cb2b96ab171034c2dc -size 672182 +oid sha256:ee7c3566fdc57aae584a2a955f664288baff74a37a56ffc964a04ccc81aab093 +size 672864 diff --git a/lib/search/indexes/github-docs-3.1-ja.json.br b/lib/search/indexes/github-docs-3.1-ja.json.br index eb3b138dac..5064074b08 100644 --- a/lib/search/indexes/github-docs-3.1-ja.json.br +++ b/lib/search/indexes/github-docs-3.1-ja.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:73d84c312015b04ab842b5acd0de1ea31d773af62eb43b63ae34d185e059b5b4 -size 3572428 +oid sha256:12c25276e82da50182cb581e97156e76310d63892b7a19c613169461e4cfb754 +size 3572459 diff --git a/lib/search/indexes/github-docs-3.1-pt-records.json.br b/lib/search/indexes/github-docs-3.1-pt-records.json.br index f971bae32a..7148672df5 100644 --- a/lib/search/indexes/github-docs-3.1-pt-records.json.br +++ b/lib/search/indexes/github-docs-3.1-pt-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:6fe5e44c4da712a1959a005e7e7e7c21122e9c173e18005751dd43548f9a1fe4 -size 598555 +oid sha256:5c9fa4e52d7e11e8a9c47a4356fc11922f23bb9cf19458c13d4027bcbf1d90be +size 598413 diff --git a/lib/search/indexes/github-docs-3.1-pt.json.br b/lib/search/indexes/github-docs-3.1-pt.json.br index be8f9f9735..b6bc545caa 100644 --- a/lib/search/indexes/github-docs-3.1-pt.json.br +++ b/lib/search/indexes/github-docs-3.1-pt.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:b52bd0ea80ad62b66dcf1b04fbefbf6f029df6fb7352272376ec20e6a1ff162b -size 2445706 +oid sha256:bc219a12c9e41bcf578ad2033160512cee9dd3df09d61a3db8944ea0d84087f5 +size 2446686 diff --git a/lib/search/indexes/github-docs-3.2-cn-records.json.br b/lib/search/indexes/github-docs-3.2-cn-records.json.br index 77ed7be9b3..21b2cee78c 100644 --- a/lib/search/indexes/github-docs-3.2-cn-records.json.br +++ b/lib/search/indexes/github-docs-3.2-cn-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:e19054c10dcdce714fcdc02251e89bb448e46a2d7b7ac6cacb77f7b710cfaf2c -size 675512 +oid sha256:6516c6a728200371170389ec7b442b0f40fce1199f36ab4bfed5b22ac36319f1 +size 674650 diff --git a/lib/search/indexes/github-docs-3.2-cn.json.br b/lib/search/indexes/github-docs-3.2-cn.json.br index ec3af6818a..2c78050f0f 100644 --- a/lib/search/indexes/github-docs-3.2-cn.json.br +++ b/lib/search/indexes/github-docs-3.2-cn.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:10beac65d3444bd9ebe92d89c6d676bbcf22484a715407204f1d25bfc5b61989 -size 1378933 +oid sha256:d530c747c2f667ce7b4f6c4eae0fb064809b3b1fb3ce64754ce9d3248779f0c9 +size 1377425 diff --git a/lib/search/indexes/github-docs-3.2-en-records.json.br b/lib/search/indexes/github-docs-3.2-en-records.json.br index b31ed7b041..8a956f6ddf 100644 --- a/lib/search/indexes/github-docs-3.2-en-records.json.br +++ b/lib/search/indexes/github-docs-3.2-en-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:f38b879d8e9d5c64de8aefc38c58eb9c772e7caa193168d9f08ef4e672fce725 -size 909582 +oid sha256:10c8372de74af4bfe02dc2323769ec4d2b19e471d2b29e199ef517bc012cfaf4 +size 909077 diff --git a/lib/search/indexes/github-docs-3.2-en.json.br b/lib/search/indexes/github-docs-3.2-en.json.br index fc5187598b..4c80aa1488 100644 --- a/lib/search/indexes/github-docs-3.2-en.json.br +++ b/lib/search/indexes/github-docs-3.2-en.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:55ab7e6efba6698a69c3d32edb2844a4eae2eb7981e215cac8cf882ad8019e21 -size 3500991 +oid sha256:0e01c30a88fe7f26b630868adbf56e2d09d2db909382f2e4b589a7d40cef6cf8 +size 3499475 diff --git a/lib/search/indexes/github-docs-3.2-es-records.json.br b/lib/search/indexes/github-docs-3.2-es-records.json.br index 7a3ceca2ab..ecc83cc779 100644 --- a/lib/search/indexes/github-docs-3.2-es-records.json.br +++ b/lib/search/indexes/github-docs-3.2-es-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:df38f4863690e1c8dd212231e6c5d8fa4d3cbd8ce83542f144e3bba049af700e -size 624895 +oid sha256:f0c8deccfb2be6e70d84e844a79bce79a793fda9b7a2d11f602c5f11fa0641b8 +size 624609 diff --git a/lib/search/indexes/github-docs-3.2-es.json.br b/lib/search/indexes/github-docs-3.2-es.json.br index 4c5ecef339..765dd4dab4 100644 --- a/lib/search/indexes/github-docs-3.2-es.json.br +++ b/lib/search/indexes/github-docs-3.2-es.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:ed573c5de0af9be7c5a15a259875dd158db9105056493fdda63998e567f63d4f -size 2635675 +oid sha256:8b77b8d78c5bf134c339aa20f355cbb86d099e7fcb264df2223ef84102473243 +size 2635612 diff --git a/lib/search/indexes/github-docs-3.2-ja-records.json.br b/lib/search/indexes/github-docs-3.2-ja-records.json.br index f219366752..bf1f4e5aa6 100644 --- a/lib/search/indexes/github-docs-3.2-ja-records.json.br +++ b/lib/search/indexes/github-docs-3.2-ja-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:188592d094cf7ab22a66b347fd8a2cd0f32628574154675ed5a918c86ab7ba63 -size 689376 +oid sha256:47793f8e76d13c17030f9e1c9c493b060cccaa66925ced1117597f1192ded5bb +size 689550 diff --git a/lib/search/indexes/github-docs-3.2-ja.json.br b/lib/search/indexes/github-docs-3.2-ja.json.br index 0cae832b64..060eaeadf3 100644 --- a/lib/search/indexes/github-docs-3.2-ja.json.br +++ b/lib/search/indexes/github-docs-3.2-ja.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:5bfa6d889e0872872c8cd33718918a6c1bc10d89754d366a83b32a3c91b71fb0 -size 3665162 +oid sha256:1380afe616e75e3a310b58712f30cc3a013aeb2291f69f3946ff95c09a71503f +size 3663238 diff --git a/lib/search/indexes/github-docs-3.2-pt-records.json.br b/lib/search/indexes/github-docs-3.2-pt-records.json.br index c90917c426..5202a3260c 100644 --- a/lib/search/indexes/github-docs-3.2-pt-records.json.br +++ b/lib/search/indexes/github-docs-3.2-pt-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:6963677ebc68cc8a8effd2b980ab696399b41ff93f48984446286dff820d13dc -size 614652 +oid sha256:6a4791429f015c52472efa93eeba114e2c820118c997351308f72fd5c4b6ec33 +size 614180 diff --git a/lib/search/indexes/github-docs-3.2-pt.json.br b/lib/search/indexes/github-docs-3.2-pt.json.br index 81e74fba1a..7cac397b19 100644 --- a/lib/search/indexes/github-docs-3.2-pt.json.br +++ b/lib/search/indexes/github-docs-3.2-pt.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:54719807aadd47fb53ffd60a3c07c2972cbe5beb68ca16a372ebcaa2868b4a1e -size 2505320 +oid sha256:9a77b0b59da21175b2fc1274307618d7da1f6d15e1b26cee31a4b88d7555f741 +size 2505188 diff --git a/lib/search/indexes/github-docs-3.3-cn-records.json.br b/lib/search/indexes/github-docs-3.3-cn-records.json.br index 7405ec40fe..f048177fbc 100644 --- a/lib/search/indexes/github-docs-3.3-cn-records.json.br +++ b/lib/search/indexes/github-docs-3.3-cn-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:ffb043ede05a1e70dd493b4d2e10230e50ef356d047371976f578f1ce5081efe -size 698051 +oid sha256:89d9e4645e2f9d6ed6b475b934d63af96e07b475cf9841138b4b647d4cd56f97 +size 698146 diff --git a/lib/search/indexes/github-docs-3.3-cn.json.br b/lib/search/indexes/github-docs-3.3-cn.json.br index e5beddb72a..4014a3ff36 100644 --- a/lib/search/indexes/github-docs-3.3-cn.json.br +++ b/lib/search/indexes/github-docs-3.3-cn.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:6db63f19f2b7fca0f4e785622e2fcf72287311e1c49970e57d2011a50efe8fac -size 1433956 +oid sha256:01dd6105505cdd7002990b984676c7572d2ea0a94745e42d65ea963162492367 +size 1433520 diff --git a/lib/search/indexes/github-docs-3.3-en-records.json.br b/lib/search/indexes/github-docs-3.3-en-records.json.br index 686622a326..025285c2db 100644 --- a/lib/search/indexes/github-docs-3.3-en-records.json.br +++ b/lib/search/indexes/github-docs-3.3-en-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:c371699143f3202e889ad66417f6afe9038707a54b2a382706bae0c91175509f -size 943515 +oid sha256:af4450d14ef560063290eba12c236d3e9939cc68e32693a7faa6149e0080c83d +size 943519 diff --git a/lib/search/indexes/github-docs-3.3-en.json.br b/lib/search/indexes/github-docs-3.3-en.json.br index 4bc2002247..192aa699bd 100644 --- a/lib/search/indexes/github-docs-3.3-en.json.br +++ b/lib/search/indexes/github-docs-3.3-en.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:7e33932bd5a13acc59a14d915f0e0abf58da5f443601ea64ff556442cabf1fa7 -size 3618045 +oid sha256:7d70fa9f7da57fd38c5cce32d1de18adcbc4bb099cb935188c6a37ef983aee6c +size 3614224 diff --git a/lib/search/indexes/github-docs-3.3-es-records.json.br b/lib/search/indexes/github-docs-3.3-es-records.json.br index 7a79fed504..b4356fdb70 100644 --- a/lib/search/indexes/github-docs-3.3-es-records.json.br +++ b/lib/search/indexes/github-docs-3.3-es-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:6d9330eff22903d1ea49e54d8c0bcbde642abb777ad3e99c28a4da7a0a641f52 -size 644033 +oid sha256:55700877829cec931a50618ff7b7320015c7cf9f38a7c9881ec034bd1a4660f0 +size 643584 diff --git a/lib/search/indexes/github-docs-3.3-es.json.br b/lib/search/indexes/github-docs-3.3-es.json.br index fd165148f0..766659ecd3 100644 --- a/lib/search/indexes/github-docs-3.3-es.json.br +++ b/lib/search/indexes/github-docs-3.3-es.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:e24e43dc64924b3aedde6856d377a073e770fea551d86608017d461f42486fcd -size 2721404 +oid sha256:222ee2814de550dd7ade742677e204e6cff40a5ba06f84f7f7e54176eaf1ac46 +size 2721496 diff --git a/lib/search/indexes/github-docs-3.3-ja-records.json.br b/lib/search/indexes/github-docs-3.3-ja-records.json.br index f036d0bf37..f5ebe6ecee 100644 --- a/lib/search/indexes/github-docs-3.3-ja-records.json.br +++ b/lib/search/indexes/github-docs-3.3-ja-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:b698982c0cefa8fc6023314d95e3e5809b2b12194ad0e376bb9f2a0c97381e65 -size 712819 +oid sha256:21ebb5ab33c86695e3397f8cebc0d573a311d90555af77c8738b3ed089430ac7 +size 712511 diff --git a/lib/search/indexes/github-docs-3.3-ja.json.br b/lib/search/indexes/github-docs-3.3-ja.json.br index c6892f864f..d2a7726ae3 100644 --- a/lib/search/indexes/github-docs-3.3-ja.json.br +++ b/lib/search/indexes/github-docs-3.3-ja.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:a7f480f7b7ac07788afebb7927606bbdfe99eefb5be13dd0c662b9058a99b668 -size 3784700 +oid sha256:24d61c0e4fa92c59c8215236812b45a0aeb86e134b7a39a5d7653583ed7673a5 +size 3786299 diff --git a/lib/search/indexes/github-docs-3.3-pt-records.json.br b/lib/search/indexes/github-docs-3.3-pt-records.json.br index 41dbf0aafe..2a0c33aeb4 100644 --- a/lib/search/indexes/github-docs-3.3-pt-records.json.br +++ b/lib/search/indexes/github-docs-3.3-pt-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:d9f9ac2b01517cd0c4401f275dc2b55f875e0f137f0da4b89fd20e9f05d5aa38 -size 633681 +oid sha256:909122157f58915022f1ac7b4c1ac798bde98152dd429667244e72c548d6a0e8 +size 634030 diff --git a/lib/search/indexes/github-docs-3.3-pt.json.br b/lib/search/indexes/github-docs-3.3-pt.json.br index 04c9cc7449..946e2d6467 100644 --- a/lib/search/indexes/github-docs-3.3-pt.json.br +++ b/lib/search/indexes/github-docs-3.3-pt.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:042d5b4cc8fede3a76b1d92d5813974c2da86b76a8b319d8c7bb899c0e90e0b8 -size 2590894 +oid sha256:3086104e649d6615bd4f292fc2db96de5388bd74c9936534e96792573a053e7b +size 2591619 diff --git a/lib/search/indexes/github-docs-3.4-cn-records.json.br b/lib/search/indexes/github-docs-3.4-cn-records.json.br index e227d1eb01..bf800b6564 100644 --- a/lib/search/indexes/github-docs-3.4-cn-records.json.br +++ b/lib/search/indexes/github-docs-3.4-cn-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:f4f2a213929c4849b06edb1cc7829e746653d413f3f69d6aca58bea13ab82433 -size 701243 +oid sha256:bc47686a992f2f5276ed7eba98ce6480f2256b6ebfd1813459dbb2ccb5021620 +size 701158 diff --git a/lib/search/indexes/github-docs-3.4-cn.json.br b/lib/search/indexes/github-docs-3.4-cn.json.br index 6ab9bc4676..a4d3744294 100644 --- a/lib/search/indexes/github-docs-3.4-cn.json.br +++ b/lib/search/indexes/github-docs-3.4-cn.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:c142aeffe1607a924bf6cc61934b633e91499859df7542805a7c41b1341762fb -size 1444521 +oid sha256:6a7d84b07c998c3153138ae74d916b5dd2451350942c5c730cccd1e852162017 +size 1444180 diff --git a/lib/search/indexes/github-docs-3.4-en-records.json.br b/lib/search/indexes/github-docs-3.4-en-records.json.br index 0583804085..c7422b1944 100644 --- a/lib/search/indexes/github-docs-3.4-en-records.json.br +++ b/lib/search/indexes/github-docs-3.4-en-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:0db7ecfc0aa4f36f591e0683459db4f2a6e640ca67f7ad4f614a49a89697a8c8 -size 955799 +oid sha256:af9b9e4f7449147805c763d71f2841215f05ef928c56a4d8798622bc095d9f36 +size 954366 diff --git a/lib/search/indexes/github-docs-3.4-en.json.br b/lib/search/indexes/github-docs-3.4-en.json.br index 95a29c300b..6370dabdce 100644 --- a/lib/search/indexes/github-docs-3.4-en.json.br +++ b/lib/search/indexes/github-docs-3.4-en.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:1e0231bacf808f63d92a19eb15858b773fddcd113521630c7374e94d4b3172bd -size 3655008 +oid sha256:20bcff6b07545fd1c35554d31d3a2aa5725cdb2a2e6eb004ff3c36114416aea8 +size 3652332 diff --git a/lib/search/indexes/github-docs-3.4-es-records.json.br b/lib/search/indexes/github-docs-3.4-es-records.json.br index 7b5bc89403..6b35a02256 100644 --- a/lib/search/indexes/github-docs-3.4-es-records.json.br +++ b/lib/search/indexes/github-docs-3.4-es-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:1d55d7bf12f4a19fd573a39be4b63e3d173f65a8da8cb288660f1f860a87df1b -size 648013 +oid sha256:9aa1c121ec6679d6d7dff16e951082a8beeb6542fb45bc4fc9a35e8b32b84e90 +size 648076 diff --git a/lib/search/indexes/github-docs-3.4-es.json.br b/lib/search/indexes/github-docs-3.4-es.json.br index 691ee78560..7c6c5baa37 100644 --- a/lib/search/indexes/github-docs-3.4-es.json.br +++ b/lib/search/indexes/github-docs-3.4-es.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:2a4b82a243a2e232944fa13d347e0a5f9ba4e320e02bb12c7978b0a0b9761a58 -size 2738239 +oid sha256:5830fcb17f65769a56b3a9a06d585e62781ddb4145f06f19082a1a0c77aa994b +size 2738704 diff --git a/lib/search/indexes/github-docs-3.4-ja-records.json.br b/lib/search/indexes/github-docs-3.4-ja-records.json.br index ad505c5e9e..5b061902fb 100644 --- a/lib/search/indexes/github-docs-3.4-ja-records.json.br +++ b/lib/search/indexes/github-docs-3.4-ja-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:30a49e680374624495db55890d55297917370b29b5f74c874055302833440dd1 -size 716417 +oid sha256:95c51c972824cf4a3d1b285d91def6f003ee0673f704854c6d539a47577f0773 +size 716083 diff --git a/lib/search/indexes/github-docs-3.4-ja.json.br b/lib/search/indexes/github-docs-3.4-ja.json.br index 627c75284a..ec0e7ec256 100644 --- a/lib/search/indexes/github-docs-3.4-ja.json.br +++ b/lib/search/indexes/github-docs-3.4-ja.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:8b3641b63529ce89f0be5251501e74757ab766c425833fcd2ec576630e9b6615 -size 3809087 +oid sha256:d0cfa439fa6abc32f7a8a8f4e5ab56f623b35b394042a37a7deff3b588b094a5 +size 3807053 diff --git a/lib/search/indexes/github-docs-3.4-pt-records.json.br b/lib/search/indexes/github-docs-3.4-pt-records.json.br index d438cec038..5dec2daab6 100644 --- a/lib/search/indexes/github-docs-3.4-pt-records.json.br +++ b/lib/search/indexes/github-docs-3.4-pt-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:789da13e1bb5d34d1a048c80da164e1b3676e866d1925e27482b908100c44671 -size 637451 +oid sha256:42681eae5a8c4eacaa9c950ce79bc1dae978d570cd9f1134b71e71a72949f481 +size 638490 diff --git a/lib/search/indexes/github-docs-3.4-pt.json.br b/lib/search/indexes/github-docs-3.4-pt.json.br index 923617d8c8..d4c1ba6c92 100644 --- a/lib/search/indexes/github-docs-3.4-pt.json.br +++ b/lib/search/indexes/github-docs-3.4-pt.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:c31f2bd16acd9ba8f23305568b73562b397d96500f5af85e9ecca8e5581ae337 -size 2602741 +oid sha256:8cfc28a0ad78477c5de0f89a4871608bc4b8dd3c65d805c8528c28a51682c15a +size 2604099 diff --git a/lib/search/indexes/github-docs-dotcom-cn-records.json.br b/lib/search/indexes/github-docs-dotcom-cn-records.json.br index 19dfbf3ead..f9a33a9a32 100644 --- a/lib/search/indexes/github-docs-dotcom-cn-records.json.br +++ b/lib/search/indexes/github-docs-dotcom-cn-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:137c8c35bfb1d9bf3fc58ae1e6d92c45f6063cb2a382c9c28efb1e4836ffb811 -size 905159 +oid sha256:40b4d24ec150fc8adb4ecebf5b5c9b25a5a32eaea91edacb71ba355e5841a07e +size 905729 diff --git a/lib/search/indexes/github-docs-dotcom-cn.json.br b/lib/search/indexes/github-docs-dotcom-cn.json.br index 3955646dde..1e92a24aa7 100644 --- a/lib/search/indexes/github-docs-dotcom-cn.json.br +++ b/lib/search/indexes/github-docs-dotcom-cn.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:7bb80cfa08098abe32781d4b65ff3beda4d60443aaf2d87fa5f676ed8608e6ad -size 1588519 +oid sha256:91bd5f2ba237488d50f83f33483725c47be62f15d3a31fc3f1674f4b0824b01b +size 1588004 diff --git a/lib/search/indexes/github-docs-dotcom-en-records.json.br b/lib/search/indexes/github-docs-dotcom-en-records.json.br index ff5337779a..70e2617a16 100644 --- a/lib/search/indexes/github-docs-dotcom-en-records.json.br +++ b/lib/search/indexes/github-docs-dotcom-en-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:75e541f636caf213bf8ac9718ec28dafa35cce066f67ecab28a80d14d0bf27ae -size 1223737 +oid sha256:8f04688d578b1185e666ddbad7aebd56a81785991b6d1d69e9b403b3b325c9f6 +size 1225365 diff --git a/lib/search/indexes/github-docs-dotcom-en.json.br b/lib/search/indexes/github-docs-dotcom-en.json.br index a617b3f7c3..2c988662d3 100644 --- a/lib/search/indexes/github-docs-dotcom-en.json.br +++ b/lib/search/indexes/github-docs-dotcom-en.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:68e4e46c116d2187db539ecf852021e259775138805362be38b9d6268b0c32e9 -size 4415034 +oid sha256:92b7f1398d88e3b6ee453cbfa6e38e437a8dc3385b7175417329a7d1a76e048b +size 4416531 diff --git a/lib/search/indexes/github-docs-dotcom-es-records.json.br b/lib/search/indexes/github-docs-dotcom-es-records.json.br index 13d91d7d28..8bcb54f7a7 100644 --- a/lib/search/indexes/github-docs-dotcom-es-records.json.br +++ b/lib/search/indexes/github-docs-dotcom-es-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:77486b04dbfdccc60d8466c18c4e05348650a71fea512c57db8c4ed2e2d4309f -size 817603 +oid sha256:02c154d4d870339f4fe7c068cdf1a7fcfe69828201459211539585fef85d7bc1 +size 817668 diff --git a/lib/search/indexes/github-docs-dotcom-es.json.br b/lib/search/indexes/github-docs-dotcom-es.json.br index 5708c4904c..bb72de1192 100644 --- a/lib/search/indexes/github-docs-dotcom-es.json.br +++ b/lib/search/indexes/github-docs-dotcom-es.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:7fcc5fddde07ec9baec47bbbd951b91993a0a159765cb389a6b3cabe88ea47c1 -size 3272907 +oid sha256:14b8efbdf6be2a7af42e4d146ec3982e29a926eb3f90de1d96362f4f9f705e72 +size 3276932 diff --git a/lib/search/indexes/github-docs-dotcom-ja-records.json.br b/lib/search/indexes/github-docs-dotcom-ja-records.json.br index a42e760db6..77614cce94 100644 --- a/lib/search/indexes/github-docs-dotcom-ja-records.json.br +++ b/lib/search/indexes/github-docs-dotcom-ja-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:4ed7d5dc2ea8ccf0bce3037d1e17167b381d36174f0324ff653c72e6526faefe -size 919400 +oid sha256:cbb23a7107fddc48e6336fa85de816efc0c7741adfe78a208e9851e29f6c6ea1 +size 919842 diff --git a/lib/search/indexes/github-docs-dotcom-ja.json.br b/lib/search/indexes/github-docs-dotcom-ja.json.br index 9cdd842e14..251d28b36d 100644 --- a/lib/search/indexes/github-docs-dotcom-ja.json.br +++ b/lib/search/indexes/github-docs-dotcom-ja.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:024b153cad32e3c09f08f0a42114d01c10a5d971b40599d01d765ead3fa4fe75 -size 4661433 +oid sha256:681b51d2b923977460a99b3f4f3de15c360926ac061b7bff40b8d724c3efcc95 +size 4660813 diff --git a/lib/search/indexes/github-docs-dotcom-pt-records.json.br b/lib/search/indexes/github-docs-dotcom-pt-records.json.br index 8c3132fca5..7b0035d163 100644 --- a/lib/search/indexes/github-docs-dotcom-pt-records.json.br +++ b/lib/search/indexes/github-docs-dotcom-pt-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:ea0bea375ff02d044f05dcfbb7aadc99a076e6a2023ad7e053e869856ff3a0ef -size 807462 +oid sha256:6b4f8c4274d1080fab06052a7a562fd8ddc01eda96bcef1c192b601b99117f10 +size 806926 diff --git a/lib/search/indexes/github-docs-dotcom-pt.json.br b/lib/search/indexes/github-docs-dotcom-pt.json.br index 0ce902636a..ebd320df85 100644 --- a/lib/search/indexes/github-docs-dotcom-pt.json.br +++ b/lib/search/indexes/github-docs-dotcom-pt.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:22a7a3c5d454fc0974b01f57527b1241984699e2e5443d2f3397fe3fd96d22d0 -size 3127708 +oid sha256:6ed96829e80a3d46e1363506c51c4bc9d6c3e3568fb40e7c3e6cb191014f1090 +size 3127728 diff --git a/lib/search/indexes/github-docs-ghae-cn-records.json.br b/lib/search/indexes/github-docs-ghae-cn-records.json.br index 281a92313d..de3fa877f1 100644 --- a/lib/search/indexes/github-docs-ghae-cn-records.json.br +++ b/lib/search/indexes/github-docs-ghae-cn-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:6e471b92a33b808d381e6dc5f8e1d3b05553a9d24e57382e65181621a88e313e -size 536560 +oid sha256:1292e6c8287d83d1e9a437fae562b4f366dd179cda6796b86ccb11e2b5d2a809 +size 536581 diff --git a/lib/search/indexes/github-docs-ghae-cn.json.br b/lib/search/indexes/github-docs-ghae-cn.json.br index 15b6dca2ae..b0cc477011 100644 --- a/lib/search/indexes/github-docs-ghae-cn.json.br +++ b/lib/search/indexes/github-docs-ghae-cn.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:ba65e90e466f03aa5ec1dd81e2f5201fb2abc5cf908382256cac924f9c1e8dff -size 1025069 +oid sha256:07a2afaa4de90d6d1a31c07244578af7fa5d0be835fb47a0a5533bc3a08fe472 +size 1024501 diff --git a/lib/search/indexes/github-docs-ghae-en-records.json.br b/lib/search/indexes/github-docs-ghae-en-records.json.br index a4c240e6ab..450c3ee32c 100644 --- a/lib/search/indexes/github-docs-ghae-en-records.json.br +++ b/lib/search/indexes/github-docs-ghae-en-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:7a48730be3a2bf8e95a645768e8c0fc606a6e8a65030a87ca8b4098348af851e -size 736890 +oid sha256:19623f55ec1eb7dff1e95a9d7e1ce0005a31256254dd3553d4a9c8a2f4412430 +size 736598 diff --git a/lib/search/indexes/github-docs-ghae-en.json.br b/lib/search/indexes/github-docs-ghae-en.json.br index c66f2c5e3d..27c6038f1a 100644 --- a/lib/search/indexes/github-docs-ghae-en.json.br +++ b/lib/search/indexes/github-docs-ghae-en.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:80ea4002bd44efecf3eaac5dc614946ce7d34485e7b58cb81b42b571e32a9caa -size 2787566 +oid sha256:ec3592e500272b1aa2251d56e8d07241e0f1b98791634d5ff2af52ad526cf010 +size 2787948 diff --git a/lib/search/indexes/github-docs-ghae-es-records.json.br b/lib/search/indexes/github-docs-ghae-es-records.json.br index 4be3fecfde..3008e03a7c 100644 --- a/lib/search/indexes/github-docs-ghae-es-records.json.br +++ b/lib/search/indexes/github-docs-ghae-es-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:53ee5fbc9efc7a10a44376f44d8e76c71e2b6af33d48fc70325d15bfa3fa5c9d -size 495779 +oid sha256:885fd193b80df890ec0a848d61ce6e16e6fcc7463c99a499d1ad164793a27aaa +size 495902 diff --git a/lib/search/indexes/github-docs-ghae-es.json.br b/lib/search/indexes/github-docs-ghae-es.json.br index 6f696d1eff..fe5910e73e 100644 --- a/lib/search/indexes/github-docs-ghae-es.json.br +++ b/lib/search/indexes/github-docs-ghae-es.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:246301513bed266d9031d3e2f6b3d60d40de5c2cb96eb753aad164155312d6e1 -size 2017914 +oid sha256:5f8351f49ac031b16a7c0cdf70d5958b4dc5c56f8ee6d233b75bb016afbb93dd +size 2016275 diff --git a/lib/search/indexes/github-docs-ghae-ja-records.json.br b/lib/search/indexes/github-docs-ghae-ja-records.json.br index 66d73eef8f..4388ac9e1f 100644 --- a/lib/search/indexes/github-docs-ghae-ja-records.json.br +++ b/lib/search/indexes/github-docs-ghae-ja-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:fb44f528f148d04400d8b5522bc72616386742cb69291e58a3999ed50d2efde5 -size 547236 +oid sha256:6b21bd519cf82b45e70f6523d2477c9a10754c78a86e11380f7066d9a6497938 +size 547924 diff --git a/lib/search/indexes/github-docs-ghae-ja.json.br b/lib/search/indexes/github-docs-ghae-ja.json.br index b980a4b0dc..5c2d4d4a68 100644 --- a/lib/search/indexes/github-docs-ghae-ja.json.br +++ b/lib/search/indexes/github-docs-ghae-ja.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:c7e4222dc18433e7a8f9d3588d6b7406e381315dbe12977e3b3fedeb40c62283 -size 2779252 +oid sha256:c943b56780874c9f3e7b6c87c634090c24e646c6bb5ca45cf2c17964d46f2b43 +size 2781265 diff --git a/lib/search/indexes/github-docs-ghae-pt-records.json.br b/lib/search/indexes/github-docs-ghae-pt-records.json.br index 929acce634..7a0b624fde 100644 --- a/lib/search/indexes/github-docs-ghae-pt-records.json.br +++ b/lib/search/indexes/github-docs-ghae-pt-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:04afb99d228ce76fdfc296811a7812e05820691c4deeabde78bbc81102573e7f -size 488213 +oid sha256:b280390c62ac548b1e4aa17062b6b82f356b3c8759125f2c9f48da0c3b6924a7 +size 488040 diff --git a/lib/search/indexes/github-docs-ghae-pt.json.br b/lib/search/indexes/github-docs-ghae-pt.json.br index 33b7837db7..aaf8c3c9a1 100644 --- a/lib/search/indexes/github-docs-ghae-pt.json.br +++ b/lib/search/indexes/github-docs-ghae-pt.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:9838c434a6cb5c53dbc54cf7c5e1d23a0ceb774f416f7785cec5c7efd17bd676 -size 1895072 +oid sha256:ccf9ff527d7474e729e42bbc2ce35fb3f5a073662a7d9ccb96b22501364548f6 +size 1894775 diff --git a/lib/search/indexes/github-docs-ghec-cn-records.json.br b/lib/search/indexes/github-docs-ghec-cn-records.json.br index 29afe36102..f4d0f35279 100644 --- a/lib/search/indexes/github-docs-ghec-cn-records.json.br +++ b/lib/search/indexes/github-docs-ghec-cn-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:379a9814ee5acb46b249fd8bfe7ddf78571b2c4c329b4755e86da4ced6b1543b -size 836383 +oid sha256:46c8429991d66b3e744c68c88ada72bfc17108febdad2653d513714c0861b49f +size 837061 diff --git a/lib/search/indexes/github-docs-ghec-cn.json.br b/lib/search/indexes/github-docs-ghec-cn.json.br index 231fcd09aa..9850a36aef 100644 --- a/lib/search/indexes/github-docs-ghec-cn.json.br +++ b/lib/search/indexes/github-docs-ghec-cn.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:effb71d6a65c70b70205d7bf55dc4e36d85698ce91edb8da34acfd12b6c36607 -size 1650559 +oid sha256:a65847526a1101e19d4537d6a58e2542ca55675e52b597a7006413025867f255 +size 1651748 diff --git a/lib/search/indexes/github-docs-ghec-en-records.json.br b/lib/search/indexes/github-docs-ghec-en-records.json.br index 083762333c..b8d6ea9240 100644 --- a/lib/search/indexes/github-docs-ghec-en-records.json.br +++ b/lib/search/indexes/github-docs-ghec-en-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:8b2bc29c90f4d7483eef346c34e13ab3783167c7ca8310b7e160fa5dd50454b8 -size 1102983 +oid sha256:97051dd391ed1ea1eba175f6fd50c5c5711c796205b0c0a5db7333246c2a015f +size 1105313 diff --git a/lib/search/indexes/github-docs-ghec-en.json.br b/lib/search/indexes/github-docs-ghec-en.json.br index 7c1ca3f855..f062d5468d 100644 --- a/lib/search/indexes/github-docs-ghec-en.json.br +++ b/lib/search/indexes/github-docs-ghec-en.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:e8b31861698a275d85ea3e051758549c38d2b45576d3191243793967ff822938 -size 4205550 +oid sha256:2c1d3db025ca22c8740bf403042ceb92025837344bc4ff0866af54e05237ef2e +size 4206680 diff --git a/lib/search/indexes/github-docs-ghec-es-records.json.br b/lib/search/indexes/github-docs-ghec-es-records.json.br index f066944a3b..d0f73a10a4 100644 --- a/lib/search/indexes/github-docs-ghec-es-records.json.br +++ b/lib/search/indexes/github-docs-ghec-es-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:e5cad06a98fcda383e1360d4622e49086bc41c811777b37c83c4997899040bbd -size 776226 +oid sha256:1f6ffc811371042aa951adc408b3a8a3ef26d220f90d46e923bbd988090c974d +size 776302 diff --git a/lib/search/indexes/github-docs-ghec-es.json.br b/lib/search/indexes/github-docs-ghec-es.json.br index 11180efab1..4117cb6eea 100644 --- a/lib/search/indexes/github-docs-ghec-es.json.br +++ b/lib/search/indexes/github-docs-ghec-es.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:3d30e46ed7158398b46d9f7fc289b6876b4bea4a2418e76b00ebe266fa44f2c3 -size 3268431 +oid sha256:7f49952c8e1b25cadc2488c406a796e0b0aaebb7ef82aa8bf242603dae638c79 +size 3268345 diff --git a/lib/search/indexes/github-docs-ghec-ja-records.json.br b/lib/search/indexes/github-docs-ghec-ja-records.json.br index 517ac1618e..16d67eb500 100644 --- a/lib/search/indexes/github-docs-ghec-ja-records.json.br +++ b/lib/search/indexes/github-docs-ghec-ja-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:22edf52e92dca48e0e6a542d4eacc572374bfe0c676cdbbba4b4bee28b15d9f7 -size 852998 +oid sha256:e394634c97e36806dc6e9b4e8ad7bd67c32e4b142d888f69ef929b1b53077003 +size 853861 diff --git a/lib/search/indexes/github-docs-ghec-ja.json.br b/lib/search/indexes/github-docs-ghec-ja.json.br index b518fe8e7a..8eb9fe4efd 100644 --- a/lib/search/indexes/github-docs-ghec-ja.json.br +++ b/lib/search/indexes/github-docs-ghec-ja.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:81e653d4542bd54b58befac28723337a7a52b6a558d52c719b5ff40c59f1170f -size 4550512 +oid sha256:2449c37b569977c40ca2d454df7e453d7bbf06a69d83225d5709fa068b0b4c9b +size 4555311 diff --git a/lib/search/indexes/github-docs-ghec-pt-records.json.br b/lib/search/indexes/github-docs-ghec-pt-records.json.br index ca514112a7..6274360104 100644 --- a/lib/search/indexes/github-docs-ghec-pt-records.json.br +++ b/lib/search/indexes/github-docs-ghec-pt-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:d515d4031a9247891050d3cf8af301241dacef2dea0fb6911f568fed52e18d8b -size 766093 +oid sha256:c5b4049b1e19da7cf5442d2288955485f389d65887a7bc7a6fccf23fcb3f36da +size 765588 diff --git a/lib/search/indexes/github-docs-ghec-pt.json.br b/lib/search/indexes/github-docs-ghec-pt.json.br index 66364fe84d..c1ba2c1a4e 100644 --- a/lib/search/indexes/github-docs-ghec-pt.json.br +++ b/lib/search/indexes/github-docs-ghec-pt.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:e1fc8c01ac95785d54dffe51ffa274fa41bcdc8048a5d53d79b4c6e996a39707 -size 3107619 +oid sha256:9a442f68e99f96877c9e4d5cac37021e966aee48a92a894991b19b7231d9d580 +size 3109722 From ae8a9289093ecb4f4fbcee93d3f9d5afa80b26b7 Mon Sep 17 00:00:00 2001 From: Laura Coursen Date: Sat, 19 Mar 2022 05:48:19 -0500 Subject: [PATCH 35/52] Networking requirements and resolution for GitHub Actions on GHES (#25622) --- .../about-self-hosted-runners.md | 47 +++++++++++++------ .../network-ports.md | 19 +++++++- .../about-github-actions-for-enterprises.md | 2 +- .../about-using-actions-in-your-enterprise.md | 34 ++++++++++---- ...-githubcom-actions-using-github-connect.md | 15 ++++-- .../enterprise-github-connect-warning.md | 15 ------ .../actions/github-connect-resolution.md | 1 + ...f-hosted-runner-communications-for-ghae.md | 8 ---- ...self-hosted-runner-networking-to-dotcom.md | 1 + .../self-hosted-runner-ports-protocols.md | 4 +- 10 files changed, 92 insertions(+), 54 deletions(-) delete mode 100644 data/reusables/actions/enterprise-github-connect-warning.md create mode 100644 data/reusables/actions/github-connect-resolution.md delete mode 100644 data/reusables/actions/self-hosted-runner-communications-for-ghae.md create mode 100644 data/reusables/actions/self-hosted-runner-networking-to-dotcom.md diff --git a/content/actions/hosting-your-own-runners/about-self-hosted-runners.md b/content/actions/hosting-your-own-runners/about-self-hosted-runners.md index f2904902c9..472e15ed55 100644 --- a/content/actions/hosting-your-own-runners/about-self-hosted-runners.md +++ b/content/actions/hosting-your-own-runners/about-self-hosted-runners.md @@ -133,16 +133,30 @@ Some extra configuration might be required to use actions from {% data variables ## Communication between self-hosted runners and {% data variables.product.product_name %} -The self-hosted runner polls {% data variables.product.product_name %} to retrieve application updates and to check if any jobs are queued for processing. The self-hosted runner uses a HTTPS _long poll_ that opens a connection to {% data variables.product.product_name %} for 50 seconds, and if no response is received, it then times out and creates a new long poll. The application must be running on the machine to accept and run {% data variables.product.prodname_actions %} jobs. +The self-hosted runner connects to {% data variables.product.product_name %} to receive job assignments and to download new versions of the runner application. The self-hosted runner uses an {% ifversion ghes %}HTTP(S){% else %}HTTPS{% endif %} _long poll_ that opens a connection to {% data variables.product.product_name %} for 50 seconds, and if no response is received, it then times out and creates a new long poll. The application must be running on the machine to accept and run {% data variables.product.prodname_actions %} jobs. {% data reusables.actions.self-hosted-runner-ports-protocols %} -{% data reusables.actions.self-hosted-runner-communications-for-ghae %} +{% ifversion fpt or ghec %} +Since the self-hosted runner opens a connection to {% data variables.product.product_location %}, you do not need to allow {% data variables.product.prodname_dotcom %} to make inbound connections to your self-hosted runner. +{% elsif ghes or ghae %} +Only an outbound connection from the runner to {% data variables.product.product_location %} is required. There is no need for an inbound connection from {% data variables.product.product_location %} to the runner. +{%- endif %} + +{% ifversion ghes %} + +{% data variables.product.product_name %} must accept inbound connections from your runners over {% ifversion ghes %}HTTP(S){% else %}HTTPS{% endif %} at {% data variables.product.product_location %}'s hostname and API subdomain, and your runners must allow outbound connections over {% ifversion ghes %}HTTP(S){% else %}HTTPS{% endif %} to {% data variables.product.product_location %}'s hostname and API subdomain. + +{% elsif ghae %} + +You must ensure that the self-hosted runner has appropriate network access to communicate with your {% data variables.product.product_name %} URL and its subdomains. For example, if your subdomain for {% data variables.product.product_name %} is `octoghae`, then you will need to allow the self-hosted runner to access `octoghae.githubenterprise.com`, `api.octoghae.githubenterprise.com`, and `codeload.octoghae.githubenterprise.com`. + +If you use an IP address allow list, you must add your self-hosted runner's IP address to the allow list. For more information, see "[Managing allowed IP addresses for your organization](/organizations/keeping-your-organization-secure/managing-allowed-ip-addresses-for-your-organization#using-github-actions-with-an-ip-allow-list)." + +{% endif %} {% ifversion fpt or ghec %} -Since the self-hosted runner opens a connection to {% data variables.product.prodname_dotcom %}, you do not need to allow {% data variables.product.prodname_dotcom %} to make inbound connections to your self-hosted runner. - You must ensure that the machine has the appropriate network access to communicate with the {% data variables.product.prodname_dotcom %} hosts listed below. Some hosts are required for essential runner operations, while other hosts are only required for certain functionality. {% note %} @@ -191,27 +205,25 @@ If you use an IP address allow list for your {% data variables.product.prodname_ {% else %} -You must ensure that the machine has the appropriate network access to communicate with {% data variables.product.product_location %}.{% ifversion ghes %} Self-hosted runners connect directly to {% data variables.product.product_location %} and do not require any external internet access in order to function. As a result, you can use network routing to direct communication between the self-hosted runner and {% data variables.product.product_location %}. For example, you can assign a private IP address to your self-hosted runner and configure routing to send traffic to {% data variables.product.product_location %}, with no need for traffic to traverse a public network.{% endif %} +{% ifversion ghes %}Self-hosted runners do not require any external internet access in order to function. As a result, you can use network routing to direct communication between the self-hosted runner and {% data variables.product.product_location %}. For example, you can assign a private IP address to your self-hosted runner and configure routing to send traffic to {% data variables.product.product_location %}, with no need for traffic to traverse a public network.{% endif %} {% endif %} +{% ifversion ghae %} +If you use an IP address allow list for your {% data variables.product.prodname_dotcom %} organization or enterprise account, you must add your self-hosted runner's IP address to the allow list. For more information, see "[Managing allowed IP addresses for your organization](/organizations/keeping-your-organization-secure/managing-allowed-ip-addresses-for-your-organization#using-github-actions-with-an-ip-allow-list)." +{% endif %} + You can also use self-hosted runners with a proxy server. For more information, see "[Using a proxy server with self-hosted runners](/actions/automating-your-workflow-with-github-actions/using-a-proxy-server-with-self-hosted-runners)." For more information about troubleshooting common network connectivity issues, see "[Monitoring and troubleshooting self-hosted runners](/actions/hosting-your-own-runners/monitoring-and-troubleshooting-self-hosted-runners#troubleshooting-network-connectivity)." -{% ifversion ghes %} +{% ifversion ghes or ghae %} ## Communication between self-hosted runners and {% data variables.product.prodname_dotcom_the_website %} -Self-hosted runners do not need to connect to {% data variables.product.prodname_dotcom_the_website %} unless you have [enabled automatic access to {% data variables.product.prodname_dotcom_the_website %} actions using {% data variables.product.prodname_github_connect %}](/admin/github-actions/managing-access-to-actions-from-githubcom/enabling-automatic-access-to-githubcom-actions-using-github-connect). +Self-hosted runners do not need to connect to {% data variables.product.prodname_dotcom_the_website %} unless you have enabled automatic access to {% data variables.product.prodname_dotcom_the_website %} actions for {% data variables.product.product_location %}. For more information, see "[About using actions in your enterprise](/admin/github-actions/managing-access-to-actions-from-githubcom/about-using-actions-in-your-enterprise)." -If you have enabled automatic access to {% data variables.product.prodname_dotcom_the_website %} actions using {% data variables.product.prodname_github_connect %}, then the self-hosted runner will connect directly to {% data variables.product.prodname_dotcom_the_website %} to download actions. You must ensure that the machine has the appropriate network access to communicate with the {% data variables.product.prodname_dotcom %} URLs listed below. - -{% note %} - -**Note:** Some of the domains listed below are configured using `CNAME` records. Some firewalls might require you to add rules recursively for all `CNAME` records. Note that the `CNAME` records might change in the future, and that only the domains listed below will remain constant. - -{% endnote %} +If you have enabled automatic access to {% data variables.product.prodname_dotcom_the_website %} actions, then the self-hosted runner will connect directly to {% data variables.product.prodname_dotcom_the_website %} to download actions. You must ensure that the machine has the appropriate network access to communicate with the {% data variables.product.prodname_dotcom %} URLs listed below. ``` github.com @@ -219,6 +231,13 @@ api.github.com codeload.github.com ``` +{% note %} + +**Note:** Some of the domains listed above are configured using `CNAME` records. Some firewalls might require you to add rules recursively for all `CNAME` records. Note that the `CNAME` records might change in the future, and that only the domains listed above will remain constant. + +{% endnote %} + + {% endif %} ## Self-hosted runner security diff --git a/content/admin/configuration/configuring-network-settings/network-ports.md b/content/admin/configuration/configuring-network-settings/network-ports.md index 80cfbb860b..ec8cf46782 100644 --- a/content/admin/configuration/configuring-network-settings/network-ports.md +++ b/content/admin/configuration/configuring-network-settings/network-ports.md @@ -25,7 +25,7 @@ Some administrative ports are required to configure {% data variables.product.pr | Port | Service | Description | |---|---|---| | 8443 | HTTPS | Secure web-based {% data variables.enterprise.management_console %}. Required for basic installation and configuration. | -| 8080 | HTTP | Plain-text web-based {% data variables.enterprise.management_console %}. Not required unless SSL is disabled manually. | +| 8080 | HTTP | Plain-text web-based {% data variables.enterprise.management_console %}. Not required unless TLS is disabled manually. | | 122 | SSH | Shell access for {% data variables.product.product_location %}. Required to be open to incoming connections between all nodes in a high availability configuration. The default SSH port (22) is dedicated to Git and SSH application network traffic. | | 1194/UDP | VPN | Secure replication network tunnel in high availability configuration. Required to be open for communication between all nodes in the configuration.| | 123/UDP| NTP | Required for time protocol operation. | @@ -38,7 +38,7 @@ Application ports provide web application and Git access for end users. | Port | Service | Description | |---|---|---| | 443 | HTTPS | Access to the web application and Git over HTTPS. | -| 80 | HTTP | Access to the web application. All requests are redirected to the HTTPS port when SSL is enabled. | +| 80 | HTTP | Access to the web application. All requests are redirected to the HTTPS port if TLS is configured. | | 22 | SSH | Access to Git over SSH. Supports clone, fetch, and push operations to public and private repositories. | | 9418 | Git | Git protocol port supports clone and fetch operations to public repositories with unencrypted network communication. {% data reusables.enterprise_installation.when-9418-necessary %} | @@ -51,3 +51,18 @@ Email ports must be accessible directly or via relay for inbound email support f | Port | Service | Description | |---|---|---| | 25 | SMTP | Support for SMTP with encryption (STARTTLS). | + +## {% data variables.product.prodname_actions %} ports + +{% data variables.product.prodname_actions %} ports must be accessible for self-hosted runners to connect to {% data variables.product.product_location %}. For more information, see "[About self-hosted runners](/actions/hosting-your-own-runners/about-self-hosted-runners#communication-between-self-hosted-runners-and-github-enterprise-server)." + +| Port | Service | Description | +|---|---|---| +| 443 | HTTPS | Self-hosted runners connect to {% data variables.product.product_location %} to receive job assignments and to download new versions of the runner application. Required if TLS is configured. +| 80 | HTTP | Self-hosted runners connect to {% data variables.product.product_location %} to receive job assignments and to download new versions of the runner application. Required if TLS is not configured. + +If you enable automatic access to {% data variables.product.prodname_dotcom_the_website %} actions, {% data variables.product.prodname_actions %} will always search for an action on {% data variables.product.product_location %} first, via these ports, before checking {% data variables.product.prodname_dotcom_the_website %}. For more information, see "[Enabling automatic access to {% data variables.product.prodname_dotcom_the_website %} actions using {% data variables.product.prodname_github_connect %}](/admin/github-actions/managing-access-to-actions-from-githubcom/enabling-automatic-access-to-githubcom-actions-using-github-connect#about-resolution-for-actions-using-github-connect)." + +## Further reading + +- "[Configuring TLS](/admin/configuration/configuring-network-settings/configuring-tls)" diff --git a/content/admin/github-actions/getting-started-with-github-actions-for-your-enterprise/about-github-actions-for-enterprises.md b/content/admin/github-actions/getting-started-with-github-actions-for-your-enterprise/about-github-actions-for-enterprises.md index b07878188c..b0313604d2 100644 --- a/content/admin/github-actions/getting-started-with-github-actions-for-your-enterprise/about-github-actions-for-enterprises.md +++ b/content/admin/github-actions/getting-started-with-github-actions-for-your-enterprise/about-github-actions-for-enterprises.md @@ -33,7 +33,7 @@ topics: {% data variables.product.prodname_actions %} helps your team work faster at scale. When large repositories start using {% data variables.product.prodname_actions %}, teams merge significantly more pull requests per day, and the pull requests are merged significantly faster. For more information, see "[Writing and shipping code faster](https://octoverse.github.com/writing-code-faster/#scale-through-automation)" in the State of the Octoverse. -You can create your own unique automations, or you can use and adapt workflows from our ecosystem of over 10,000 actions built by industry leaders and the open source community. For more information, see "[Finding and customizing actions](/actions/learn-github-actions/finding-and-customizing-actions)." +You can create your own unique automations, or you can use and adapt workflows from our ecosystem of over 10,000 actions built by industry leaders and the open source community. {% ifversion ghec %}For more information, see "[Finding and customizing actions](/actions/learn-github-actions/finding-and-customizing-actions)."{% else %}You can restrict your developers to using actions that exist on {% data variables.product.product_location %}, or you can allow your developers to access actions on {% data variables.product.prodname_dotcom_the_website %}. For more information, see "[About using actions in your enterprise](/admin/github-actions/managing-access-to-actions-from-githubcom/about-using-actions-in-your-enterprise)."{% endif %} {% data variables.product.prodname_actions %} is developer friendly, because it's integrated directly into the familiar {% data variables.product.product_name %} experience. diff --git a/content/admin/github-actions/managing-access-to-actions-from-githubcom/about-using-actions-in-your-enterprise.md b/content/admin/github-actions/managing-access-to-actions-from-githubcom/about-using-actions-in-your-enterprise.md index 0574bc0877..b507720da4 100644 --- a/content/admin/github-actions/managing-access-to-actions-from-githubcom/about-using-actions-in-your-enterprise.md +++ b/content/admin/github-actions/managing-access-to-actions-from-githubcom/about-using-actions-in-your-enterprise.md @@ -13,7 +13,7 @@ type: overview topics: - Actions - Enterprise -shortTitle: Add actions in your enterprise +shortTitle: About actions in your enterprise --- {% data reusables.actions.enterprise-beta %} @@ -23,13 +23,24 @@ shortTitle: Add actions in your enterprise {% data variables.product.prodname_actions %} workflows can use _actions_, which are individual tasks that you can combine to create jobs and customize your workflow. You can create your own actions, or use and customize actions shared by the {% data variables.product.prodname_dotcom %} community. -{% data reusables.actions.enterprise-no-internet-actions %} +{% data reusables.actions.enterprise-no-internet-actions %} You can restrict your developers to using actions that are stored on {% data variables.product.product_location %}, which includes most official {% data variables.product.company_short %}-authored actions, as well as any actions your developers create. Alternatively, to allow your developers to benefit from the full ecosystem of actions built by industry leaders and the open source community, you can configure access to other actions from {% data variables.product.prodname_dotcom_the_website %}. + +We recommend allowing automatic access to all actions from {% data variables.product.prodname_dotcom_the_website %}. {% ifversion ghes %}However, this does require {% data variables.product.product_name %} to make outbound connections to {% data variables.product.prodname_dotcom_the_website %}. If you don't want to allow these connections, or{% else %}If{% endif %} you want to have greater control over which actions are used on your enterprise, you can manually sync specific actions from {% data variables.product.prodname_dotcom_the_website %}. ## Official actions bundled with your enterprise instance {% data reusables.actions.actions-bundled-with-ghes %} -The bundled official actions include `actions/checkout`, `actions/upload-artifact`, `actions/download-artifact`, `actions/labeler`, and various `actions/setup-` actions, among others. To see all the official actions included on your enterprise instance, browse to the `actions` organization on your instance: https://HOSTNAME/actions. +The bundled official actions include the following, among others. +- `actions/checkout` +- `actions/upload-artifact` +- `actions/download-artifact` +- `actions/labeler` +- Various `actions/setup-` actions + +To see all the official actions included on your enterprise instance, browse to the `actions` organization on your instance: https://HOSTNAME/actions. + +There is no connection required between {% data variables.product.product_location %} and {% data variables.product.prodname_dotcom_the_website %} to use these actions. Each action is a repository in the `actions` organization, and each action repository includes the necessary tags, branches, and commit SHAs that your workflows can use to reference the action. For information on how to update the bundled official actions, see "[Using the latest version of the official bundled actions](/admin/github-actions/using-the-latest-version-of-the-official-bundled-actions)." @@ -43,14 +54,21 @@ Each action is a repository in the `actions` organization, and each action repos ## Configuring access to actions on {% data variables.product.prodname_dotcom_the_website %} -{% ifversion ghes %} -Before you can configure access to actions on {% data variables.product.prodname_dotcom_the_website %}, you must configure {% data variables.product.product_location %} to use {% data variables.product.prodname_actions %}. For more information, see "[Getting started with {% data variables.product.prodname_actions %} for GitHub Enterprise Server](/admin/github-actions/enabling-github-actions-for-github-enterprise-server/getting-started-with-github-actions-for-github-enterprise-server)." -{% endif %} - {% data reusables.actions.access-actions-on-dotcom %} The recommended approach is to enable automatic access to all actions from {% data variables.product.prodname_dotcom_the_website %}. You can do this by using {% data variables.product.prodname_github_connect %} to integrate {% data variables.product.product_name %} with {% data variables.product.prodname_ghe_cloud %}. For more information, see "[Enabling automatic access to {% data variables.product.prodname_dotcom_the_website %} actions using {% data variables.product.prodname_github_connect %}](/enterprise/admin/github-actions/enabling-automatic-access-to-githubcom-actions-using-github-connect)". +{% ifversion ghes %} +{% note %} + +**Note:** Before you can configure access to actions on {% data variables.product.prodname_dotcom_the_website %}, you must configure {% data variables.product.product_location %} to use {% data variables.product.prodname_actions %}. For more information, see "[Getting started with {% data variables.product.prodname_actions %} for GitHub Enterprise Server](/admin/github-actions/enabling-github-actions-for-github-enterprise-server/getting-started-with-github-actions-for-github-enterprise-server)." + + +{% endnote %} +{% endif %} + +{% data reusables.actions.self-hosted-runner-networking-to-dotcom %} + {% data reusables.actions.enterprise-limit-actions-use %} -Alternatively, if you want stricter control over which actions are allowed in your enterprise, you can manually download and sync actions onto your enterprise instance using the `actions-sync` tool. For more information, see "[Manually syncing actions from {% data variables.product.prodname_dotcom_the_website %}](/enterprise/admin/github-actions/manually-syncing-actions-from-githubcom)." +Alternatively, if you want stricter control over which actions are allowed in your enterprise, or you do not want to allow outbound connections to {% data variables.product.prodname_dotcom_the_website %}, you can manually download and sync actions onto your enterprise instance using the `actions-sync` tool. For more information, see "[Manually syncing actions from {% data variables.product.prodname_dotcom_the_website %}](/enterprise/admin/github-actions/manually-syncing-actions-from-githubcom)." diff --git a/content/admin/github-actions/managing-access-to-actions-from-githubcom/enabling-automatic-access-to-githubcom-actions-using-github-connect.md b/content/admin/github-actions/managing-access-to-actions-from-githubcom/enabling-automatic-access-to-githubcom-actions-using-github-connect.md index 3dc27dc3ff..f539aeca8d 100644 --- a/content/admin/github-actions/managing-access-to-actions-from-githubcom/enabling-automatic-access-to-githubcom-actions-using-github-connect.md +++ b/content/admin/github-actions/managing-access-to-actions-from-githubcom/enabling-automatic-access-to-githubcom-actions-using-github-connect.md @@ -21,11 +21,18 @@ shortTitle: Use GitHub Connect for actions ## About automatic access to {% data variables.product.prodname_dotcom_the_website %} actions -By default, {% data variables.product.prodname_actions %} workflows on {% data variables.product.product_name %} cannot use actions directly from {% data variables.product.prodname_dotcom_the_website %} or [{% data variables.product.prodname_marketplace %}](https://github.com/marketplace?type=actions). +By default, {% data variables.product.prodname_actions %} workflows on {% data variables.product.product_name %} cannot use actions directly from {% data variables.product.prodname_dotcom_the_website %} or [{% data variables.product.prodname_marketplace %}](https://github.com/marketplace?type=actions). To make all actions from {% data variables.product.prodname_dotcom_the_website %} available on your enterprise instance, you can use {% data variables.product.prodname_github_connect %} to integrate {% data variables.product.product_name %} with {% data variables.product.prodname_ghe_cloud %}. -To make all actions from {% data variables.product.prodname_dotcom_the_website %} available on your enterprise instance, you can use {% data variables.product.prodname_github_connect %} to integrate {% data variables.product.product_name %} with {% data variables.product.prodname_ghe_cloud %}. For other ways of accessing actions from {% data variables.product.prodname_dotcom_the_website %}, see "[About using actions in your enterprise](/admin/github-actions/about-using-actions-in-your-enterprise)." +{% data reusables.actions.self-hosted-runner-networking-to-dotcom %} -To use actions from {% data variables.product.prodname_dotcom_the_website %}, your self-hosted runners must be able to download public actions from `api.github.com`. +Alternatively, if you want stricter control over which actions are allowed in your enterprise, you can manually download and sync actions onto your enterprise instance using the `actions-sync` tool. For more information, see "[Manually syncing actions from {% data variables.product.prodname_dotcom_the_website %}](/enterprise/admin/github-actions/manually-syncing-actions-from-githubcom)." + +## About resolution for actions using {% data variables.product.prodname_github_connect %} + +{% data reusables.actions.github-connect-resolution %} + +If a user has already created an organization and repository in your enterprise that matches an organization and repository name on {% data variables.product.prodname_dotcom_the_website %}, the repository on your enterprise will be used instead of the {% data variables.product.prodname_dotcom_the_website %} repository. {% ifversion ghes < 3.3 or ghae %}A malicious user could take advantage of this behavior to run code as part of a workflow{% else %}For more information, see "[Automatic retirement of namespaces for actions accessed on {% data variables.product.prodname_dotcom_the_website%}](#automatic-retirement-of-namespaces-for-actions-accessed-on-githubcom)." +{% endif %} ## Enabling automatic access to all {% data variables.product.prodname_dotcom_the_website %} actions @@ -33,8 +40,6 @@ Before enabling access to all actions from {% data variables.product.prodname_do - Configure {% data variables.product.product_location %} to use {% data variables.product.prodname_actions %}. For more information, see "[Getting started with {% data variables.product.prodname_actions %} for GitHub Enterprise Server](/admin/github-actions/enabling-github-actions-for-github-enterprise-server/getting-started-with-github-actions-for-github-enterprise-server)." - Enable{% else %} enable{% endif %} {% data variables.product.prodname_github_connect %}. For more information, see "[Managing {% data variables.product.prodname_github_connect %}](/admin/configuration/configuring-github-connect/managing-github-connect)." -{% data reusables.actions.enterprise-github-connect-warning %} - {% data reusables.enterprise-accounts.access-enterprise %} {% data reusables.enterprise-accounts.github-connect-tab %} 1. Under "Users can utilize actions from GitHub.com in workflow runs", use the drop-down menu and select **Enabled**. diff --git a/data/reusables/actions/enterprise-github-connect-warning.md b/data/reusables/actions/enterprise-github-connect-warning.md deleted file mode 100644 index 30cd0dd1e4..0000000000 --- a/data/reusables/actions/enterprise-github-connect-warning.md +++ /dev/null @@ -1,15 +0,0 @@ -{% ifversion ghes > 3.2 or ghae-issue-4815 %} -{% note %} - -**Note:** When a workflow uses an action by referencing the repository where the action is stored, {% data variables.product.prodname_actions %} will try to find the repository on your {% data variables.product.prodname_ghe_server %} instance first before falling back to {% data variables.product.prodname_dotcom_the_website %}. If a user has already created an organization and repository in your enterprise that matches an organization and repository name on {% data variables.product.prodname_dotcom %}, the repository on your enterprise will be used in place of the {% data variables.product.prodname_dotcom %} repository. For more information, see "[Automatic retirement of namespaces for actions accessed on {% data variables.product.prodname_dotcom_the_website%}](#automatic-retirement-of-namespaces-for-actions-accessed-on-githubcom)." - -{% endnote %} -{% endif %} - -{% ifversion ghes < 3.3 or ghae %} -{% note %} - -**Note:** When a workflow uses an action by referencing the repository where the action is stored, {% data variables.product.prodname_actions %} will try to find the repository on your {% data variables.product.prodname_ghe_server %} instance first before falling back to {% data variables.product.prodname_dotcom_the_website %}. If a user creates an organization and repository in your enterprise that matches an organization and repository name on {% data variables.product.prodname_dotcom %}, the repository on your enterprise will be used in place of the {% data variables.product.prodname_dotcom %} repository. A malicious user could take advantage of this behavior to run code as part of a workflow. - -{% endnote %} -{% endif %} diff --git a/data/reusables/actions/github-connect-resolution.md b/data/reusables/actions/github-connect-resolution.md new file mode 100644 index 0000000000..816e314a30 --- /dev/null +++ b/data/reusables/actions/github-connect-resolution.md @@ -0,0 +1 @@ +When a workflow uses an action by referencing the repository where the action is stored, {% data variables.product.prodname_actions %} will first try to find the repository on {% data variables.product.product_location %}. If the repository does not exist on {% data variables.product.product_location %}, and if you have automatic access to {% data variables.product.prodname_dotcom_the_website %} enabled, {% data variables.product.prodname_actions %} will try to find the repository on {% data variables.product.prodname_dotcom_the_website %}. \ No newline at end of file diff --git a/data/reusables/actions/self-hosted-runner-communications-for-ghae.md b/data/reusables/actions/self-hosted-runner-communications-for-ghae.md deleted file mode 100644 index 3734abb068..0000000000 --- a/data/reusables/actions/self-hosted-runner-communications-for-ghae.md +++ /dev/null @@ -1,8 +0,0 @@ -{% ifversion ghae %} - -You must ensure that the self-hosted runner has appropriate network access to communicate with your {% data variables.product.prodname_ghe_managed %} URL and its subdomains. -For example, if your instance name is `octoghae`, then you will need to allow the self-hosted runner to access `octoghae.githubenterprise.com`, `api.octoghae.githubenterprise.com`, and `codeload.octoghae.githubenterprise.com`. - -If you use an IP address allow list for your organization or enterprise account on {% data variables.product.prodname_dotcom %}, you must add your self-hosted runner's IP address to the allow list. For more information, see "[Managing allowed IP addresses for your organization](/organizations/keeping-your-organization-secure/managing-allowed-ip-addresses-for-your-organization#using-github-actions-with-an-ip-allow-list)." - -{% endif %} diff --git a/data/reusables/actions/self-hosted-runner-networking-to-dotcom.md b/data/reusables/actions/self-hosted-runner-networking-to-dotcom.md new file mode 100644 index 0000000000..893f05bfe2 --- /dev/null +++ b/data/reusables/actions/self-hosted-runner-networking-to-dotcom.md @@ -0,0 +1 @@ +To use actions from {% data variables.product.prodname_dotcom_the_website %},{% ifversion ghes %} both {% data variables.product.product_location %} and{% endif %} your self-hosted runners must be able to make outbound connections to {% data variables.product.prodname_dotcom_the_website %}. No inbound connections from {% data variables.product.prodname_dotcom_the_website %} are required. For more information. For more information, see "[About self-hosted runners](/actions/hosting-your-own-runners/about-self-hosted-runners#communication-betweens-self-hosted-runners-and-githubcom)." \ No newline at end of file diff --git a/data/reusables/actions/self-hosted-runner-ports-protocols.md b/data/reusables/actions/self-hosted-runner-ports-protocols.md index 57f16b0906..d81e3706fb 100644 --- a/data/reusables/actions/self-hosted-runner-ports-protocols.md +++ b/data/reusables/actions/self-hosted-runner-ports-protocols.md @@ -1 +1,3 @@ -Self-hosted runners must be able to communicate with {% ifversion ghae %}your enterprise on {% data variables.product.product_name %}{% elsif fpt or ghec or ghes %}{% data variables.product.product_location %}{% endif %} over HTTP (port 80) and HTTPS (port 443). +{% ifversion ghes or ghae %} +The connection between self-hosted runners and {% data variables.product.product_name %} is over {% ifversion ghes %}HTTP (port 80) or {% endif %}HTTPS (port 443). {% ifversion ghes %}To ensure connectivity over HTTPS, configure TLS for {% data variables.product.product_location %}. For more information, see "[Configuring TLS](/admin/configuration/configuring-network-settings/configuring-tls)."{% endif %} +{% endif %} From b685b6fda716ebd5ce3023c462523016c86bf0b6 Mon Sep 17 00:00:00 2001 From: Peter Bengtsson Date: Sat, 19 Mar 2022 12:05:27 -0400 Subject: [PATCH 36/52] don't need disk caching for site data (#26333) * reinstate * start server manually * routing tests too * skip more * sleep more and fail if not 200 * use e2etest for content/ too * automatically start server for jest * does this work? * feedbacked * rename things * getting it to work * add dev dependency * install the right version * don't need to start that * fix package lock * update readme about it * feedbacked * don't need disk caching for site-data --- .github/workflows/test.yml | 5 ----- lib/site-data.js | 29 ++--------------------------- script/warm-before-tests.mjs | 22 ---------------------- 3 files changed, 2 insertions(+), 54 deletions(-) delete mode 100755 script/warm-before-tests.mjs diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index de1034d14f..7b4669893d 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -135,11 +135,6 @@ jobs: - name: Run build script run: npm run build - - name: Warm possible disk caching - env: - NODE_ENV: test - run: ./script/warm-before-tests.mjs - - name: Run tests env: DIFF_FILE: get_diff_files.txt diff --git a/lib/site-data.js b/lib/site-data.js index 7734f45f9c..b5a2a5bbbb 100755 --- a/lib/site-data.js +++ b/lib/site-data.js @@ -1,5 +1,3 @@ -import fs from 'fs' -import os from 'os' import path from 'path' import flat from 'flat' import { get, set } from 'lodash-es' @@ -7,30 +5,7 @@ import languages from './languages.js' import dataDirectory from './data-directory.js' import encodeBracketedParentheses from './encode-bracketed-parentheses.js' -const TEMP_DIRECTORY = process.env.RUNNER_TEMP || os.tmpdir() - -function diskMemoize(prefix, fn) { - const useCache = process.env.NODE_ENV !== 'development' - return (dir) => { - const cacheFileName = `${prefix}.${dir.replace(/[^\w]+/g, '-').toLowerCase() || 'en'}.json` - if (useCache) { - try { - return JSON.parse(fs.readFileSync(cacheFileName, 'utf-8')) - } catch (err) { - if (!(err.code === 'ENOENT' || err instanceof SyntaxError)) throw err - } - } - - const result = fn(dir) - if (useCache) { - fs.writeFileSync(cacheFileName, JSON.stringify(result), 'utf-8') - console.log(`Disk-cache miss on ${cacheFileName}`, new Date()) - } - return result - } -} - -const loadSiteDataFromDir = diskMemoize(path.join(TEMP_DIRECTORY, 'docs-site-data'), (dir) => { +const loadSiteDataFromDir = (dir) => { return { site: { data: dataDirectory(path.join(dir, 'data'), { @@ -39,7 +14,7 @@ const loadSiteDataFromDir = diskMemoize(path.join(TEMP_DIRECTORY, 'docs-site-dat }), }, } -}) +} export default function loadSiteData() { // load English site data diff --git a/script/warm-before-tests.mjs b/script/warm-before-tests.mjs deleted file mode 100755 index 99bfc4ba03..0000000000 --- a/script/warm-before-tests.mjs +++ /dev/null @@ -1,22 +0,0 @@ -#!/usr/bin/env node - -// [start-readme] -// -// It runs the warmServer() function because that function can do things -// like writing to disk as a caching mechanism. -// When jest runs tests, it starts multiple concurrent processes, -// even if it runs it serially (`--runInBand`) so it's highly likely -// that two concurrent processes both attempt to writing to -// the same exact file. By running this script before anything -// begins, we can be certain that files that should have been created -// are created. -// -// [end-readme] - -import warmServer from '../lib/warm-server.js' - -main() - -async function main() { - await warmServer() -} From 027f62e057c6f931f38d079f3c407743f7e46581 Mon Sep 17 00:00:00 2001 From: docubot <67483024+docubot@users.noreply.github.com> Date: Sat, 19 Mar 2022 10:57:00 -0700 Subject: [PATCH 37/52] New translation batch for pt (#26344) * Add crowdin translations * Run script/i18n/homogenize-frontmatter.js * Run script/i18n/fix-translation-errors.js * Run script/i18n/lint-translation-files.js --check rendering * run script/i18n/reset-files-with-broken-liquid-tags.js --language=pt * run script/i18n/reset-known-broken-translation-files.js * Check in pt CSV report --- translations/log/pt-resets.csv | 4 +- .../about-self-hosted-runners.md | 47 +++++++++----- .../network-ports.md | 19 +++++- .../about-github-actions-for-enterprises.md | 2 +- .../about-using-actions-in-your-enterprise.md | 34 +++++++--- ...-githubcom-actions-using-github-connect.md | 15 +++-- ...ilities-in-the-github-advisory-database.md | 6 +- .../about-dependabot-version-updates.md | 32 +++++----- ...he-detection-of-vulnerable-dependencies.md | 62 +++++++++---------- .../enterprise-github-connect-warning.md | 15 ----- .../actions/github-connect-resolution.md | 1 + ...f-hosted-runner-communications-for-ghae.md | 7 --- ...self-hosted-runner-networking-to-dotcom.md | 1 + .../self-hosted-runner-ports-protocols.md | 4 +- .../dependabot/result-discrepancy.md | 2 +- .../partner-secret-list-public-repo.md | 1 + 16 files changed, 146 insertions(+), 106 deletions(-) delete mode 100644 translations/pt-BR/data/reusables/actions/enterprise-github-connect-warning.md create mode 100644 translations/pt-BR/data/reusables/actions/github-connect-resolution.md delete mode 100644 translations/pt-BR/data/reusables/actions/self-hosted-runner-communications-for-ghae.md create mode 100644 translations/pt-BR/data/reusables/actions/self-hosted-runner-networking-to-dotcom.md diff --git a/translations/log/pt-resets.csv b/translations/log/pt-resets.csv index b97f8f6972..4558a18bbc 100644 --- a/translations/log/pt-resets.csv +++ b/translations/log/pt-resets.csv @@ -28,7 +28,7 @@ translations/pt-BR/content/education/explore-the-benefits-of-teaching-and-learni translations/pt-BR/content/get-started/customizing-your-github-workflow/exploring-integrations/github-extensions-and-integrations.md,broken liquid tags translations/pt-BR/content/get-started/signing-up-for-github/setting-up-a-trial-of-github-enterprise-cloud.md,broken liquid tags translations/pt-BR/content/github/index.md,Listed in localization-support#489 -translations/pt-BR/content/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization.md,parsing error +translations/pt-BR/content/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization.md,rendering error translations/pt-BR/content/organizations/organizing-members-into-teams/about-teams.md,broken liquid tags translations/pt-BR/content/packages/learn-github-packages/introduction-to-github-packages.md,broken liquid tags translations/pt-BR/content/packages/learn-github-packages/publishing-a-package.md,broken liquid tags @@ -39,7 +39,7 @@ translations/pt-BR/content/packages/working-with-a-github-packages-registry/work translations/pt-BR/content/packages/working-with-a-github-packages-registry/working-with-the-nuget-registry.md,Listed in localization-support#489 translations/pt-BR/content/packages/working-with-a-github-packages-registry/working-with-the-nuget-registry.md,broken liquid tags translations/pt-BR/content/packages/working-with-a-github-packages-registry/working-with-the-rubygems-registry.md,broken liquid tags -translations/pt-BR/content/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository.md,parsing error +translations/pt-BR/content/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository.md,broken liquid tags translations/pt-BR/content/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/about-email-notifications-for-pushes-to-your-repository.md,broken liquid tags translations/pt-BR/content/rest/reference/enterprise-admin.md,Listed in localization-support#489 translations/pt-BR/content/rest/reference/enterprise-admin.md,broken liquid tags diff --git a/translations/pt-BR/content/actions/hosting-your-own-runners/about-self-hosted-runners.md b/translations/pt-BR/content/actions/hosting-your-own-runners/about-self-hosted-runners.md index f2904902c9..472e15ed55 100644 --- a/translations/pt-BR/content/actions/hosting-your-own-runners/about-self-hosted-runners.md +++ b/translations/pt-BR/content/actions/hosting-your-own-runners/about-self-hosted-runners.md @@ -133,16 +133,30 @@ Some extra configuration might be required to use actions from {% data variables ## Communication between self-hosted runners and {% data variables.product.product_name %} -The self-hosted runner polls {% data variables.product.product_name %} to retrieve application updates and to check if any jobs are queued for processing. The self-hosted runner uses a HTTPS _long poll_ that opens a connection to {% data variables.product.product_name %} for 50 seconds, and if no response is received, it then times out and creates a new long poll. The application must be running on the machine to accept and run {% data variables.product.prodname_actions %} jobs. +The self-hosted runner connects to {% data variables.product.product_name %} to receive job assignments and to download new versions of the runner application. The self-hosted runner uses an {% ifversion ghes %}HTTP(S){% else %}HTTPS{% endif %} _long poll_ that opens a connection to {% data variables.product.product_name %} for 50 seconds, and if no response is received, it then times out and creates a new long poll. The application must be running on the machine to accept and run {% data variables.product.prodname_actions %} jobs. {% data reusables.actions.self-hosted-runner-ports-protocols %} -{% data reusables.actions.self-hosted-runner-communications-for-ghae %} +{% ifversion fpt or ghec %} +Since the self-hosted runner opens a connection to {% data variables.product.product_location %}, you do not need to allow {% data variables.product.prodname_dotcom %} to make inbound connections to your self-hosted runner. +{% elsif ghes or ghae %} +Only an outbound connection from the runner to {% data variables.product.product_location %} is required. There is no need for an inbound connection from {% data variables.product.product_location %} to the runner. +{%- endif %} + +{% ifversion ghes %} + +{% data variables.product.product_name %} must accept inbound connections from your runners over {% ifversion ghes %}HTTP(S){% else %}HTTPS{% endif %} at {% data variables.product.product_location %}'s hostname and API subdomain, and your runners must allow outbound connections over {% ifversion ghes %}HTTP(S){% else %}HTTPS{% endif %} to {% data variables.product.product_location %}'s hostname and API subdomain. + +{% elsif ghae %} + +You must ensure that the self-hosted runner has appropriate network access to communicate with your {% data variables.product.product_name %} URL and its subdomains. For example, if your subdomain for {% data variables.product.product_name %} is `octoghae`, then you will need to allow the self-hosted runner to access `octoghae.githubenterprise.com`, `api.octoghae.githubenterprise.com`, and `codeload.octoghae.githubenterprise.com`. + +If you use an IP address allow list, you must add your self-hosted runner's IP address to the allow list. For more information, see "[Managing allowed IP addresses for your organization](/organizations/keeping-your-organization-secure/managing-allowed-ip-addresses-for-your-organization#using-github-actions-with-an-ip-allow-list)." + +{% endif %} {% ifversion fpt or ghec %} -Since the self-hosted runner opens a connection to {% data variables.product.prodname_dotcom %}, you do not need to allow {% data variables.product.prodname_dotcom %} to make inbound connections to your self-hosted runner. - You must ensure that the machine has the appropriate network access to communicate with the {% data variables.product.prodname_dotcom %} hosts listed below. Some hosts are required for essential runner operations, while other hosts are only required for certain functionality. {% note %} @@ -191,27 +205,25 @@ If you use an IP address allow list for your {% data variables.product.prodname_ {% else %} -You must ensure that the machine has the appropriate network access to communicate with {% data variables.product.product_location %}.{% ifversion ghes %} Self-hosted runners connect directly to {% data variables.product.product_location %} and do not require any external internet access in order to function. As a result, you can use network routing to direct communication between the self-hosted runner and {% data variables.product.product_location %}. For example, you can assign a private IP address to your self-hosted runner and configure routing to send traffic to {% data variables.product.product_location %}, with no need for traffic to traverse a public network.{% endif %} +{% ifversion ghes %}Self-hosted runners do not require any external internet access in order to function. As a result, you can use network routing to direct communication between the self-hosted runner and {% data variables.product.product_location %}. For example, you can assign a private IP address to your self-hosted runner and configure routing to send traffic to {% data variables.product.product_location %}, with no need for traffic to traverse a public network.{% endif %} {% endif %} +{% ifversion ghae %} +If you use an IP address allow list for your {% data variables.product.prodname_dotcom %} organization or enterprise account, you must add your self-hosted runner's IP address to the allow list. For more information, see "[Managing allowed IP addresses for your organization](/organizations/keeping-your-organization-secure/managing-allowed-ip-addresses-for-your-organization#using-github-actions-with-an-ip-allow-list)." +{% endif %} + You can also use self-hosted runners with a proxy server. For more information, see "[Using a proxy server with self-hosted runners](/actions/automating-your-workflow-with-github-actions/using-a-proxy-server-with-self-hosted-runners)." For more information about troubleshooting common network connectivity issues, see "[Monitoring and troubleshooting self-hosted runners](/actions/hosting-your-own-runners/monitoring-and-troubleshooting-self-hosted-runners#troubleshooting-network-connectivity)." -{% ifversion ghes %} +{% ifversion ghes or ghae %} ## Communication between self-hosted runners and {% data variables.product.prodname_dotcom_the_website %} -Self-hosted runners do not need to connect to {% data variables.product.prodname_dotcom_the_website %} unless you have [enabled automatic access to {% data variables.product.prodname_dotcom_the_website %} actions using {% data variables.product.prodname_github_connect %}](/admin/github-actions/managing-access-to-actions-from-githubcom/enabling-automatic-access-to-githubcom-actions-using-github-connect). +Self-hosted runners do not need to connect to {% data variables.product.prodname_dotcom_the_website %} unless you have enabled automatic access to {% data variables.product.prodname_dotcom_the_website %} actions for {% data variables.product.product_location %}. For more information, see "[About using actions in your enterprise](/admin/github-actions/managing-access-to-actions-from-githubcom/about-using-actions-in-your-enterprise)." -If you have enabled automatic access to {% data variables.product.prodname_dotcom_the_website %} actions using {% data variables.product.prodname_github_connect %}, then the self-hosted runner will connect directly to {% data variables.product.prodname_dotcom_the_website %} to download actions. You must ensure that the machine has the appropriate network access to communicate with the {% data variables.product.prodname_dotcom %} URLs listed below. - -{% note %} - -**Note:** Some of the domains listed below are configured using `CNAME` records. Some firewalls might require you to add rules recursively for all `CNAME` records. Note that the `CNAME` records might change in the future, and that only the domains listed below will remain constant. - -{% endnote %} +If you have enabled automatic access to {% data variables.product.prodname_dotcom_the_website %} actions, then the self-hosted runner will connect directly to {% data variables.product.prodname_dotcom_the_website %} to download actions. You must ensure that the machine has the appropriate network access to communicate with the {% data variables.product.prodname_dotcom %} URLs listed below. ``` github.com @@ -219,6 +231,13 @@ api.github.com codeload.github.com ``` +{% note %} + +**Note:** Some of the domains listed above are configured using `CNAME` records. Some firewalls might require you to add rules recursively for all `CNAME` records. Note that the `CNAME` records might change in the future, and that only the domains listed above will remain constant. + +{% endnote %} + + {% endif %} ## Self-hosted runner security diff --git a/translations/pt-BR/content/admin/configuration/configuring-network-settings/network-ports.md b/translations/pt-BR/content/admin/configuration/configuring-network-settings/network-ports.md index 77caf7b17d..04e7395bf2 100644 --- a/translations/pt-BR/content/admin/configuration/configuring-network-settings/network-ports.md +++ b/translations/pt-BR/content/admin/configuration/configuring-network-settings/network-ports.md @@ -26,7 +26,7 @@ Certas portas administrativas são obrigatórias para configurar a {% data varia | Porta | Serviço | Descrição | | -------- | ------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | 8443 | HTTPS | {% data variables.enterprise.management_console %} seguro na web. Obrigatória para instalação e configuração básicas. | -| 8080 | HTTP | {% data variables.enterprise.management_console %} de texto simples na web. Não é obrigatória, a menos que o SSL seja desativado manualmente. | +| 8080 | HTTP | {% data variables.enterprise.management_console %} de texto simples na web. Not required unless TLS is disabled manually. | | 122 | SSH | Acesso de shell à {% data variables.product.product_location %}. Obrigatório para estar aberto a conexões de entrada entre todos os nós em uma configuração de alta disponibilidade. A porta SSH padrão (22) é dedicada ao tráfego de rede de aplicativos Git e SSH. | | 1194/UDP | VPN | Túnel de rede de réplica segura na configuração de alta disponibilidade. Obrigatório estar aberto para a comunicação entre todos os nós da configuração. | | 123/UDP | NTP | Obrigatória para operações de protocolo de tempo. | @@ -39,7 +39,7 @@ As portas de aplicativo fornecem aplicativos da web e acesso dos usuários finai | Porta | Serviço | Descrição | | ----- | ------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | | 443 | HTTPS | Acesso ao aplicativo da web e ao Git por HTTPS. | -| 80 | HTTP | Acesso ao aplicativo da web. Todas as solicitações são redirecionadas para a porta HTTPS quando o SSL está ativado. | +| 80 | HTTP | Acesso ao aplicativo da web. All requests are redirected to the HTTPS port if TLS is configured. | | 22 | SSH | Acesso ao Git por SSH. Compatível com operações de clonagem, fetch e push em repositórios públicos e privados. | | 9418 | Git | A porta do protocolo Git é compatível com operações de clonagem e fetch em repositórios públicos com comunicação de rede não criptografada. {% data reusables.enterprise_installation.when-9418-necessary %} @@ -52,3 +52,18 @@ As portas de e-mail devem estar acessíveis diretamente ou via retransmissão pa | Porta | Serviço | Descrição | | ----- | ------- | ------------------------------------------- | | 25 | SMTP | Suporte a SMTP com criptografia (STARTTLS). | + +## {% data variables.product.prodname_actions %} ports + +{% data variables.product.prodname_actions %} ports must be accessible for self-hosted runners to connect to {% data variables.product.product_location %}. Para obter mais informações, consulte "[Sobre executores auto-hospedados](/actions/hosting-your-own-runners/about-self-hosted-runners#communication-between-self-hosted-runners-and-github-enterprise-server)." + +| Porta | Serviço | Descrição | +| ----- | ------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| 443 | HTTPS | Self-hosted runners connect to {% data variables.product.product_location %} to receive job assignments and to download new versions of the runner application. Required if TLS is configured. | +| 80 | HTTP | Self-hosted runners connect to {% data variables.product.product_location %} to receive job assignments and to download new versions of the runner application. Required if TLS is not configured. | + +If you enable automatic access to {% data variables.product.prodname_dotcom_the_website %} actions, {% data variables.product.prodname_actions %} will always search for an action on {% data variables.product.product_location %} first, via these ports, before checking {% data variables.product.prodname_dotcom_the_website %}. Para obter mais informações, consulte "[Habilitar o acesso automático às ações de {% data variables.product.prodname_dotcom_the_website %} usando o {% data variables.product.prodname_github_connect %}](/admin/github-actions/managing-access-to-actions-from-githubcom/enabling-automatic-access-to-githubcom-actions-using-github-connect#about-resolution-for-actions-using-github-connect)". + +## Leia mais + +- "[Configuring TLS](/admin/configuration/configuring-network-settings/configuring-tls)" diff --git a/translations/pt-BR/content/admin/github-actions/getting-started-with-github-actions-for-your-enterprise/about-github-actions-for-enterprises.md b/translations/pt-BR/content/admin/github-actions/getting-started-with-github-actions-for-your-enterprise/about-github-actions-for-enterprises.md index 9e763f278f..7107f53840 100644 --- a/translations/pt-BR/content/admin/github-actions/getting-started-with-github-actions-for-your-enterprise/about-github-actions-for-enterprises.md +++ b/translations/pt-BR/content/admin/github-actions/getting-started-with-github-actions-for-your-enterprise/about-github-actions-for-enterprises.md @@ -33,7 +33,7 @@ topics: {% data variables.product.prodname_actions %} ajuda a sua equipe a trabalhar mais rápido e em escala. Quando grandes repositórios começam a usar o {% data variables.product.prodname_actions %}, as equipes fazem merge de um número significativamente maior de pull requests por dia, e os pull requests são mesclados muito mais rapidamente. Para obter mais informações, consulte "[Gravação e envio mais rápido de código](https://octoverse.github.com/writing-code-faster/#scale-through-automation)" no estado do Octoverse. -Você pode criar suas próprias automações exclusivas ou você pode usar e adaptar os fluxos de trabalho do nosso ecossistema de mais de 10, 00 ações construídas por líderes do setor e pela comunidade de código aberto. Para obter mais informações, consulte "[Localizar e personalizar ações](/actions/learn-github-actions/finding-and-customizing-actions)". +Você pode criar suas próprias automações exclusivas ou você pode usar e adaptar os fluxos de trabalho do nosso ecossistema de mais de 10, 00 ações construídas por líderes do setor e pela comunidade de código aberto. {% ifversion ghec %}For more information, see "[Finding and customizing actions](/actions/learn-github-actions/finding-and-customizing-actions)."{% else %}You can restrict your developers to using actions that exist on {% data variables.product.product_location %}, or you can allow your developers to access actions on {% data variables.product.prodname_dotcom_the_website %}. For more information, see "[About using actions in your enterprise](/admin/github-actions/managing-access-to-actions-from-githubcom/about-using-actions-in-your-enterprise)."{% endif %} {% data variables.product.prodname_actions %} é intuitivo para o desenvolvedor, pois está integrado diretamente à experiência familiar de {% data variables.product.product_name %}. diff --git a/translations/pt-BR/content/admin/github-actions/managing-access-to-actions-from-githubcom/about-using-actions-in-your-enterprise.md b/translations/pt-BR/content/admin/github-actions/managing-access-to-actions-from-githubcom/about-using-actions-in-your-enterprise.md index 622a1f2668..5deb482159 100644 --- a/translations/pt-BR/content/admin/github-actions/managing-access-to-actions-from-githubcom/about-using-actions-in-your-enterprise.md +++ b/translations/pt-BR/content/admin/github-actions/managing-access-to-actions-from-githubcom/about-using-actions-in-your-enterprise.md @@ -13,7 +13,7 @@ type: overview topics: - Actions - Enterprise -shortTitle: Adicionar ações à sua empresa +shortTitle: About actions in your enterprise --- {% data reusables.actions.enterprise-beta %} @@ -23,13 +23,24 @@ shortTitle: Adicionar ações à sua empresa Os fluxos de trabalho de {% data variables.product.prodname_actions %} podem usar _ações_, que são tarefas individuais que você pode combinar para criar tarefas e personalizar seu fluxo de trabalho. Você pode criar suas próprias ações ou usar e personalizar ações compartilhadas pela comunidade {% data variables.product.prodname_dotcom %}. -{% data reusables.actions.enterprise-no-internet-actions %} +{% data reusables.actions.enterprise-no-internet-actions %} You can restrict your developers to using actions that are stored on {% data variables.product.product_location %}, which includes most official {% data variables.product.company_short %}-authored actions, as well as any actions your developers create. Alternatively, to allow your developers to benefit from the full ecosystem of actions built by industry leaders and the open source community, you can configure access to other actions from {% data variables.product.prodname_dotcom_the_website %}. + +We recommend allowing automatic access to all actions from {% data variables.product.prodname_dotcom_the_website %}. {% ifversion ghes %}However, this does require {% data variables.product.product_name %} to make outbound connections to {% data variables.product.prodname_dotcom_the_website %}. If you don't want to allow these connections, or{% else %}If{% endif %} you want to have greater control over which actions are used on your enterprise, you can manually sync specific actions from {% data variables.product.prodname_dotcom_the_website %}. ## Ações oficiais agrupadas com a sua instância corporativa {% data reusables.actions.actions-bundled-with-ghes %} -As ações oficiais empacotadas incluem `ações/checkout`, `actions/upload-artefact`, `actions/download-artefact`, `actions/labeler`, e várias ações de `actions/setup-`, entre outras. Para ver todas as ações oficiais incluídas na instância da sua empresa, acesse a organização das `ações` na sua instância: https://HOSTNAME/actions. +The bundled official actions include the following, among others. +- `actions/checkout` +- `actions/upload-artifact` +- `actions/download-artifact` +- `actions/labeler` +- Various `actions/setup-` actions + +Para ver todas as ações oficiais incluídas na instância da sua empresa, acesse a organização das `ações` na sua instância: https://HOSTNAME/actions. + +There is no connection required between {% data variables.product.product_location %} and {% data variables.product.prodname_dotcom_the_website %} to use these actions. Cada ação é um repositório na organização de `ações`, e cada repositório de ação inclui as tags necessárias, branches e commit de SHAs que seus fluxos de trabalho podem usar para fazer referência à ação. Para obter informações sobre como atualizar as ações oficiais empacotadas, consulte "[Usar a versão mais recente das ações oficiais empacotadas](/admin/github-actions/using-the-latest-version-of-the-official-bundled-actions)". @@ -43,14 +54,21 @@ Cada ação é um repositório na organização de `ações`, e cada repositóri ## Configurar o acesso a ações no {% data variables.product.prodname_dotcom_the_website %} -{% ifversion ghes %} -Antes que você possa configurar o acesso a ações em {% data variables.product.prodname_dotcom_the_website %}, você deve configurar {% data variables.product.product_location %} para usar {% data variables.product.prodname_actions %}. Para obter mais informações, consulte "[Primeiros passos com {% data variables.product.prodname_actions %} para o GitHub Enterprise Server](/admin/github-actions/enabling-github-actions-for-github-enterprise-server/getting-started-with-github-actions-for-github-enterprise-server)." -{% endif %} - {% data reusables.actions.access-actions-on-dotcom %} A abordagem recomendada é habilitar o acesso automático para todas as ações a partir de {% data variables.product.prodname_dotcom_the_website %}. Você pode fazer isso usando {% data variables.product.prodname_github_connect %} para integrar {% data variables.product.product_name %} com {% data variables.product.prodname_ghe_cloud %}. Para obter mais informações, consulte "[Habilitar acesso automático a ações de {% data variables.product.prodname_dotcom_the_website %} usando {% data variables.product.prodname_github_connect %}](/enterprise/admin/github-actions/enabling-automatic-access-to-githubcom-actions-using-github-connect)". +{% ifversion ghes %} +{% note %} + +**Note:** Before you can configure access to actions on {% data variables.product.prodname_dotcom_the_website %}, you must configure {% data variables.product.product_location %} to use {% data variables.product.prodname_actions %}. Para obter mais informações, consulte "[Primeiros passos com {% data variables.product.prodname_actions %} para o GitHub Enterprise Server](/admin/github-actions/enabling-github-actions-for-github-enterprise-server/getting-started-with-github-actions-for-github-enterprise-server)." + + +{% endnote %} +{% endif %} + +{% data reusables.actions.self-hosted-runner-networking-to-dotcom %} + {% data reusables.actions.enterprise-limit-actions-use %} -Como alternativa, se você quiser ter um controle mais rigoroso sobre quais as ações que são permitidas na sua empresa, você pode fazer o download e sincronizar manualmente as ações na instância da sua empresa usando a ferramenta de `actions-sync`. Para obter mais informações, consulte "[Sincronizando ações manualmente com o {% data variables.product.prodname_dotcom_the_website %}](/enterprise/admin/github-actions/manually-syncing-actions-from-githubcom)". +Alternatively, if you want stricter control over which actions are allowed in your enterprise, or you do not want to allow outbound connections to {% data variables.product.prodname_dotcom_the_website %}, you can manually download and sync actions onto your enterprise instance using the `actions-sync` tool. Para obter mais informações, consulte "[Sincronizando ações manualmente com o {% data variables.product.prodname_dotcom_the_website %}](/enterprise/admin/github-actions/manually-syncing-actions-from-githubcom)". diff --git a/translations/pt-BR/content/admin/github-actions/managing-access-to-actions-from-githubcom/enabling-automatic-access-to-githubcom-actions-using-github-connect.md b/translations/pt-BR/content/admin/github-actions/managing-access-to-actions-from-githubcom/enabling-automatic-access-to-githubcom-actions-using-github-connect.md index 3dd10bccfe..9ce209f06d 100644 --- a/translations/pt-BR/content/admin/github-actions/managing-access-to-actions-from-githubcom/enabling-automatic-access-to-githubcom-actions-using-github-connect.md +++ b/translations/pt-BR/content/admin/github-actions/managing-access-to-actions-from-githubcom/enabling-automatic-access-to-githubcom-actions-using-github-connect.md @@ -21,11 +21,18 @@ shortTitle: Usar GitHub Connect para ações ## Sobre o acesso automático a ações de {% data variables.product.prodname_dotcom_the_website %} -Por padrão, os fluxos de trabalho {% data variables.product.prodname_actions %} em {% data variables.product.product_name %} não podem usar ações diretamente de {% data variables.product.prodname_dotcom_the_website %} ou [{% data variables.product.prodname_marketplace %}](https://github.com/marketplace?type=actions). +Por padrão, os fluxos de trabalho {% data variables.product.prodname_actions %} em {% data variables.product.product_name %} não podem usar ações diretamente de {% data variables.product.prodname_dotcom_the_website %} ou [{% data variables.product.prodname_marketplace %}](https://github.com/marketplace?type=actions). Para tornar todas as ações de {% data variables.product.prodname_dotcom_the_website %} disponíveis na sua instância corporativa, você pode usar {% data variables.product.prodname_github_connect %} para integrar {% data variables.product.product_name %} a {% data variables.product.prodname_ghe_cloud %}. -Para tornar todas as ações de {% data variables.product.prodname_dotcom_the_website %} disponíveis na sua instância corporativa, você pode usar {% data variables.product.prodname_github_connect %} para integrar {% data variables.product.product_name %} a {% data variables.product.prodname_ghe_cloud %}. Para saber outras formas de acessar ações a partir da {% data variables.product.prodname_dotcom_the_website %}, consulte "[Sobre o uso de ações na sua empresa](/admin/github-actions/about-using-actions-in-your-enterprise)". +{% data reusables.actions.self-hosted-runner-networking-to-dotcom %} -Para usar ações de {% data variables.product.prodname_dotcom_the_website %}, seus executores auto-hospedados devem conseguir fazer o download das ações públicas de `api.github.com`. +Como alternativa, se você quiser ter um controle mais rigoroso sobre quais as ações que são permitidas na sua empresa, você pode fazer o download e sincronizar manualmente as ações na instância da sua empresa usando a ferramenta de `actions-sync`. Para obter mais informações, consulte "[Sincronizando ações manualmente com o {% data variables.product.prodname_dotcom_the_website %}](/enterprise/admin/github-actions/manually-syncing-actions-from-githubcom)". + +## About resolution for actions using {% data variables.product.prodname_github_connect %} + +{% data reusables.actions.github-connect-resolution %} + +If a user has already created an organization and repository in your enterprise that matches an organization and repository name on {% data variables.product.prodname_dotcom_the_website %}, the repository on your enterprise will be used instead of the {% data variables.product.prodname_dotcom_the_website %} repository. {% ifversion ghes < 3.3 or ghae %}A malicious user could take advantage of this behavior to run code as part of a workflow{% else %}For more information, see "[Automatic retirement of namespaces for actions accessed on {% data variables.product.prodname_dotcom_the_website%}](#automatic-retirement-of-namespaces-for-actions-accessed-on-githubcom)." +{% endif %} ## Habilitar o acesso automático a todas as ações de {% data variables.product.prodname_dotcom_the_website %} @@ -33,8 +40,6 @@ Antes de permitir o acesso a todas as ações de {% data variables.product.prodn - Configure {% data variables.product.product_location %} para usar {% data variables.product.prodname_actions %}. Para obter mais informações, consulte "[Primeiros passos com {% data variables.product.prodname_actions %} para o GitHub Enterprise Server](/admin/github-actions/enabling-github-actions-for-github-enterprise-server/getting-started-with-github-actions-for-github-enterprise-server)." - Habilitar {% else %} habilitar{% endif %} {% data variables.product.prodname_github_connect %}. Para obter mais informações, consulte "[Gerenciando {% data variables.product.prodname_github_connect %}](/admin/configuration/configuring-github-connect/managing-github-connect)". -{% data reusables.actions.enterprise-github-connect-warning %} - {% data reusables.enterprise-accounts.access-enterprise %} {% data reusables.enterprise-accounts.github-connect-tab %} 1. Em "Os usuários podem usar as ações do GitHub.com em execuções do fluxo de trabalho", use o menu suspenso e selecione **Habilitado**. ![Menu suspenso para ações do GitHub.com em execuções do fluxos de trabalho](/assets/images/enterprise/site-admin-settings/enable-marketplace-actions-drop-down-ae.png) diff --git a/translations/pt-BR/content/code-security/dependabot/dependabot-alerts/browsing-security-vulnerabilities-in-the-github-advisory-database.md b/translations/pt-BR/content/code-security/dependabot/dependabot-alerts/browsing-security-vulnerabilities-in-the-github-advisory-database.md index 470dd7e449..3937bb774d 100644 --- a/translations/pt-BR/content/code-security/dependabot/dependabot-alerts/browsing-security-vulnerabilities-in-the-github-advisory-database.md +++ b/translations/pt-BR/content/code-security/dependabot/dependabot-alerts/browsing-security-vulnerabilities-in-the-github-advisory-database.md @@ -113,9 +113,9 @@ Para qualquer consultoria revisada por {% data variables.product.company_short % 1. Navegue até https://github.com/advisories. 2. Clique em uma consultoria. 3. Na parte superior da página da consultoria, clique em **Alertas do dependabot**. ![Alertas do Dependabot](/assets/images/help/security/advisory-database-dependabot-alerts.png) -4. Opcionalmente, para filtrar a lista, use a barra de pesquisa ou os menus suspensos. The "Organization" drop-down menu allows you to filter the {% data variables.product.prodname_dependabot_alerts %} per owner (organization or user). ![Barra de pesquisa e menus suspensos para filtrar alertas](/assets/images/help/security/advisory-database-dependabot-alerts-filters.png) -5. For more details about the vulnerability, and for advice on how to fix the vulnerable repository, click the repository name. +4. Opcionalmente, para filtrar a lista, use a barra de pesquisa ou os menus suspensos. O menu suspenso "Organização" permite filtrar {% data variables.product.prodname_dependabot_alerts %} por proprietário (organização ou usuário). ![Barra de pesquisa e menus suspensos para filtrar alertas](/assets/images/help/security/advisory-database-dependabot-alerts-filters.png) +5. Para mais detalhes sobre a vulnerabilidade e para aconselhamento sobre como corrigir o repositório vulnerável clique no nome do repositório. ## Leia mais -- MITRE's [definition of "vulnerability"](https://www.cve.org/ResourcesSupport/Glossary#vulnerability) +- [Definição de "vulnerabilidade"](https://www.cve.org/ResourcesSupport/Glossary#vulnerability) da MITRE diff --git a/translations/pt-BR/content/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates.md b/translations/pt-BR/content/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates.md index e15c567eb8..1dc65fa444 100644 --- a/translations/pt-BR/content/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates.md +++ b/translations/pt-BR/content/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates.md @@ -1,6 +1,6 @@ --- -title: About Dependabot version updates -intro: 'You can use {% data variables.product.prodname_dependabot %} to keep the packages you use updated to the latest versions.' +title: Sobre as atualizações da versão do Dependabot +intro: 'Você pode usar o {% data variables.product.prodname_dependabot %} para manter os pacotes que usa atualizados para as versões mais recentes.' redirect_from: - /github/administering-a-repository/about-dependabot - /github/administering-a-repository/about-github-dependabot @@ -26,44 +26,44 @@ shortTitle: Atualizações de versão do Dependabot {% data reusables.dependabot.beta-security-and-version-updates %} {% data reusables.dependabot.enterprise-enable-dependabot %} -## About {% data variables.product.prodname_dependabot_version_updates %} +## Sobre o {% data variables.product.prodname_dependabot_version_updates %} -{% data variables.product.prodname_dependabot %} takes the effort out of maintaining your dependencies. You can use it to ensure that your repository automatically keeps up with the latest releases of the packages and applications it depends on. +O {% data variables.product.prodname_dependabot %} facilita a manutenção de suas dependências. Você pode usá-lo para garantir que seu repositório se mantenha atualizado automaticamente com as versões mais recentes dos pacotes e aplicações do qual ele depende. -You enable {% data variables.product.prodname_dependabot_version_updates %} by checking a configuration file into your repository. The configuration file specifies the location of the manifest, or of other package definition files, stored in your repository. {% data variables.product.prodname_dependabot %} uses this information to check for outdated packages and applications. {% data variables.product.prodname_dependabot %} determines if there is a new version of a dependency by looking at the semantic versioning ([semver](https://semver.org/)) of the dependency to decide whether it should update to that version. For certain package managers, {% data variables.product.prodname_dependabot_version_updates %} also supports vendoring. Vendored (or cached) dependencies are dependencies that are checked in to a specific directory in a repository rather than referenced in a manifest. Vendored dependencies are available at build time even if package servers are unavailable. {% data variables.product.prodname_dependabot_version_updates %} can be configured to check vendored dependencies for new versions and update them if necessary. +Você habilita o {% data variables.product.prodname_dependabot_version_updates %} verificando um arquivo de configuração no seu repositório. O arquivo de configuração especifica a localização do manifesto ou de outros arquivos de definição de pacote, armazenados no seu repositório. O {% data variables.product.prodname_dependabot %} usa essas informações para verificar pacotes e aplicativos desatualizados. {% data variables.product.prodname_dependabot %} determina se há uma nova versão de uma dependência observando a versão semântica ([semver](https://semver.org/)) da dependência para decidir se deve atualizar para essa versão. Para certos gerentes de pacote, {% data variables.product.prodname_dependabot_version_updates %} também é compatível com armazenamento. Dependências de vendor (ou armazenadas) são dependências registradas em um diretório específico em um repositório, em vez de referenciadas em um manifesto. Dependências de vendor estão disponíveis no tempo de criação, ainda que os servidores de pacote estejam indisponíveis. {% data variables.product.prodname_dependabot_version_updates %} pode ser configurado para verificar as dependências de vendor para novas versões e atualizá-las, se necessário. -When {% data variables.product.prodname_dependabot %} identifies an outdated dependency, it raises a pull request to update the manifest to the latest version of the dependency. For vendored dependencies, {% data variables.product.prodname_dependabot %} raises a pull request to replace the outdated dependency with the new version directly. You check that your tests pass, review the changelog and release notes included in the pull request summary, and then merge it. For more information, see "[Configuring {% data variables.product.prodname_dependabot %} version updates](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-dependabot-version-updates)." +Quando {% data variables.product.prodname_dependabot %} identifica uma dependência desatualizada, ele cria uma pull request para atualizar o manifesto para a última versão da dependência. Para dependências de vendor, {% data variables.product.prodname_dependabot %} levanta um pull request para substituir diretamente a dependência desatualizada pela nova versão. Você verifica se os seus testes passam, revisa o changelog e lança observações incluídas no resumo do pull request e, em seguida, faz a mesclagem. For more information, see "[Configuring {% data variables.product.prodname_dependabot %} version updates](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-dependabot-version-updates)." -If you enable _security updates_, {% data variables.product.prodname_dependabot %} also raises pull requests to update vulnerable dependencies. Para obter mais informações, consulte "[Sobre {% data variables.product.prodname_dependabot_security_updates %}](/github/managing-security-vulnerabilities/about-dependabot-security-updates)." +Se você habilitar _Atualizações de segurança_, {% data variables.product.prodname_dependabot %} também eleva pull requests para atualizar dependências vulneráveis. Para obter mais informações, consulte "[Sobre {% data variables.product.prodname_dependabot_security_updates %}](/github/managing-security-vulnerabilities/about-dependabot-security-updates)." {% data reusables.dependabot.pull-request-security-vs-version-updates %} {% data reusables.dependabot.dependabot-tos %} -## Frequency of {% data variables.product.prodname_dependabot %} pull requests +## Frequência de {% data variables.product.prodname_dependabot %} pull requests -You specify how often to check each ecosystem for new versions in the configuration file: daily, weekly, or monthly. +Você especifica com que frequência verifica cada ecossistema para novas versões no arquivo de configuração: diariamente, semanalmente ou mensalmente. {% data reusables.dependabot.initial-updates %} -If you've enabled security updates, you'll sometimes see extra pull requests for security updates. These are triggered by a {% data variables.product.prodname_dependabot %} alert for a dependency on your default branch. {% data variables.product.prodname_dependabot %} automatically raises a pull request to update the vulnerable dependency. +Se tiver habilitado atualizações de segurança, às vezes você verá atualizações de segurança extras de pull requests. Elas são acionadas por um alerta de {% data variables.product.prodname_dependabot %} para uma dependência de seu branch padrão. {% data variables.product.prodname_dependabot %} gera automaticamente um pull request para atualizar a dependência vulnerável. -## Supported repositories and ecosystems +## Repositórios e ecossistemas suportados -You can configure version updates for repositories that contain a dependency manifest or lock file for one of the supported package managers. For some package managers, you can also configure vendoring for dependencies. For more information, see "[Configuration options for the dependabot.yml file](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/configuration-options-for-dependency-updates#vendor)." +É possível configurar atualizações de versão para repositórios que contenham um manifesto de dependência ou arquivo de bloqueio para um dos gerentes de pacotes suportados. Para alguns gerenciadores de pacotes, você também pode configurar o armazenamento para dependências. For more information, see "[Configuration options for the dependabot.yml file](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/configuration-options-for-dependency-updates#vendor)." {% note %} {% data reusables.dependabot.private-dependencies-note %} -{% data variables.product.prodname_dependabot %} doesn't support private {% data variables.product.prodname_dotcom %} dependencies for all package managers. See the details in the table below. +{% data variables.product.prodname_dependabot %} não é compatível com as dependências privadas de {% data variables.product.prodname_dotcom %} para todos os gerenciadores de pacote. Veja os detalhes na tabela abaixo. {% endnote %} {% data reusables.dependabot.supported-package-managers %} -If your repository already uses an integration for dependency management, you will need to disable this before enabling {% data variables.product.prodname_dependabot %}. {% ifversion fpt or ghec %}For more information, see "[About integrations](/github/customizing-your-github-workflow/about-integrations)."{% endif %} +Se o seu repositório já usa uma integração para gerenciamento de dependências, você precisará desativar isso antes de habilitar o {% data variables.product.prodname_dependabot %}. {% ifversion fpt or ghec %}Para obter mais informações, consulte "[Sobre integrações](/github/customizing-your-github-workflow/about-integrations)."{% endif %} -## About notifications for {% data variables.product.prodname_dependabot %} version updates +## Sobre notificações para atualizações de versão para {% data variables.product.prodname_dependabot %} -You can filter your notifications on {% data variables.product.company_short %} to show notifications for pull requests created by {% data variables.product.prodname_dependabot %}. Para obter mais informações, consulte "[Gerenciando notificações de sua caixa de entrada](/github/managing-subscriptions-and-notifications-on-github/managing-notifications-from-your-inbox)". +Você pode filtrar suas notificações em {% data variables.product.company_short %} para mostrar as notificações para pull requests criados por {% data variables.product.prodname_dependabot %}. Para obter mais informações, consulte "[Gerenciando notificações de sua caixa de entrada](/github/managing-subscriptions-and-notifications-on-github/managing-notifications-from-your-inbox)". diff --git a/translations/pt-BR/content/code-security/dependabot/working-with-dependabot/troubleshooting-the-detection-of-vulnerable-dependencies.md b/translations/pt-BR/content/code-security/dependabot/working-with-dependabot/troubleshooting-the-detection-of-vulnerable-dependencies.md index 8df9657bb7..af332a25e3 100644 --- a/translations/pt-BR/content/code-security/dependabot/working-with-dependabot/troubleshooting-the-detection-of-vulnerable-dependencies.md +++ b/translations/pt-BR/content/code-security/dependabot/working-with-dependabot/troubleshooting-the-detection-of-vulnerable-dependencies.md @@ -1,6 +1,6 @@ --- -title: Troubleshooting the detection of vulnerable dependencies -intro: 'If the dependency information reported by {% data variables.product.product_name %} is not what you expected, there are a number of points to consider, and various things you can check.' +title: Solução de problemas de detecção de dependências vulneráveis +intro: 'Se as informações sobre dependências relatadas por {% data variables.product.product_name %} não são o que você esperava, há uma série de pontos a considerar, e várias coisas que você pode verificar.' shortTitle: Troubleshoot vulnerability detection redirect_from: - /github/managing-security-vulnerabilities/troubleshooting-the-detection-of-vulnerable-dependencies @@ -27,61 +27,61 @@ topics: {% data reusables.dependabot.beta-security-and-version-updates %} {% data reusables.dependabot.result-discrepancy %} -## Why do some dependencies seem to be missing? +## Por que algumas dependências parecem estar faltando? -{% data variables.product.prodname_dotcom %} generates and displays dependency data differently than other tools. Consequently, if you've been using another tool to identify dependencies you will almost certainly see different results. Consider the following: +O {% data variables.product.prodname_dotcom %} gera e exibe dados de dependência de maneira diferente de outras ferramentas. Consequentemente, se você usou outra ferramenta para identificar dependências, quase certamente verá resultados diferentes. Considere o seguinte: -* {% data variables.product.prodname_advisory_database %} is one of the data sources that {% data variables.product.prodname_dotcom %} uses to identify vulnerable dependencies. It's a free, curated database of vulnerability information for common package ecosystems on {% data variables.product.prodname_dotcom %}. It includes both data reported directly to {% data variables.product.prodname_dotcom %} from {% data variables.product.prodname_security_advisories %}, as well as official feeds and community sources. This data is reviewed and curated by {% data variables.product.prodname_dotcom %} to ensure that false or unactionable information is not shared with the development community. {% data reusables.security-advisory.link-browsing-advisory-db %} -* The dependency graph parses all known package manifest files in a user’s repository. For example, for npm it will parse the _package-lock.json_ file. It constructs a graph of all of the repository’s dependencies and public dependents. This happens when you enable the dependency graph and when anyone pushes to the default branch, and it includes commits that makes changes to a supported manifest format. For more information, see "[About the dependency graph](/github/visualizing-repository-data-with-graphs/about-the-dependency-graph)" and "[Troubleshooting the dependency graph](/code-security/supply-chain-security/understanding-your-software-supply-chain/troubleshooting-the-dependency-graph)." -* {% data variables.product.prodname_dependabot %} scans any push, to the default branch, that contains a manifest file. When a new vulnerability record is added, it scans all existing repositories and generates an alert for each vulnerable repository. {% data variables.product.prodname_dependabot_alerts %} are aggregated at the repository level, rather than creating one alert per vulnerability. For more information, see "[About {% data variables.product.prodname_dependabot_alerts %}](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)." -* {% ifversion fpt or ghec or ghes > 3.2 %}{% data variables.product.prodname_dependabot_security_updates %} are triggered when you receive an alert about a vulnerable dependency in your repository. Where possible, {% data variables.product.prodname_dependabot %} creates a pull request in your repository to upgrade the vulnerable dependency to the minimum possible secure version needed to avoid the vulnerability. For more information, see "[About {% data variables.product.prodname_dependabot_security_updates %}](/github/managing-security-vulnerabilities/about-dependabot-security-updates)" and "[Troubleshooting {% data variables.product.prodname_dependabot %} errors](/github/managing-security-vulnerabilities/troubleshooting-dependabot-errors)." +* {% data variables.product.prodname_advisory_database %} é uma das fontes de dados que {% data variables.product.prodname_dotcom %} usa para identificar dependências vulneráveis. É um banco de dados gratuito e curado com informações sobre vulnerabilidade para ecossistemas de pacote comum em {% data variables.product.prodname_dotcom %}. Inclui tanto dados relatados diretamente para {% data variables.product.prodname_dotcom %} de {% data variables.product.prodname_security_advisories %} quanto os feeds oficiais e as fontes comunitárias. Estes dados são revisados e curados por {% data variables.product.prodname_dotcom %} para garantir que informações falsas ou não acionáveis não sejam compartilhadas com a comunidade de desenvolvimento. {% data reusables.security-advisory.link-browsing-advisory-db %} +* O gráfico de dependências analisa todos os arquivos conhecidos de manifesto de pacote no repositório de um usuário. Por exemplo, para o npm, ele irá analisar o arquivo _package-lock.json_. Ele constrói um gráfico de todas as dependências do repositório e dependências públicas. Isso acontece quando você habilita o gráfico de dependências e quando alguém faz push para o branch-padrão, e inclui commits que fazem alterações em um formato de manifesto compatível. For more information, see "[About the dependency graph](/github/visualizing-repository-data-with-graphs/about-the-dependency-graph)" and "[Troubleshooting the dependency graph](/code-security/supply-chain-security/understanding-your-software-supply-chain/troubleshooting-the-dependency-graph)." +* {% data variables.product.prodname_dependabot %} verifica qualquer push, para o branch-padrão, que contém um arquivo de manifesto. Quando um novo registro de vulnerabilidade é adicionado, ele verifica todos os repositórios existentes e gera um alerta para cada repositório vulnerável. {% data variables.product.prodname_dependabot_alerts %} são agregados ao nível do repositório, em vez de criar um alerta por vulnerabilidade. For more information, see "[About {% data variables.product.prodname_dependabot_alerts %}](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)." +* {% ifversion fpt or ghec or ghes > 3.2 %}{% data variables.product.prodname_dependabot_security_updates %} são acionados quando você recebe um alerta sobre uma dependência vulnerável no repositório. Sempre que possível, {% data variables.product.prodname_dependabot %} cria um pull request no repositório para atualizar a dependência vulnerável à versão mínima segura necessária para evitar a vulnerabilidade. Para obter mais informações, consulte "[Sobre {% data variables.product.prodname_dependabot_security_updates %}](/github/managing-security-vulnerabilities/about-dependabot-security-updates)" e "[Solução de problemas de {% data variables.product.prodname_dependabot %}](/github/managing-security-vulnerabilities/troubleshooting-dependabot-errors)". - {% endif %}{% data variables.product.prodname_dependabot %} doesn't scan repositories for vulnerable dependencies on a schedule, but rather when something changes. For example, a scan is triggered when a new dependency is added ({% data variables.product.prodname_dotcom %} checks for this on every push), or when a new vulnerability is added to the advisory database{% ifversion ghes or ghae-issue-4864 %} and synchronized to {% data variables.product.product_location %}{% endif %}. For more information, see "[About {% data variables.product.prodname_dependabot_alerts %}](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies#detection-of-vulnerable-dependencies)." + {% endif %}{% data variables.product.prodname_dependabot %} não pesquisa repositórios com relação a dependências vulneráveis de uma programação, mas o faz quando algo muda. Por exemplo, aciona-se uma varredura quando uma nova dependência é adicionada ({% data variables.product.prodname_dotcom %} verifica isso em cada push), ou quando uma nova vulnerabilidade é adicionada ao banco de dados da consultoria{% ifversion ghes or ghae-issue-4864 %} e sincronizado com {% data variables.product.product_location %}{% endif %}. Para obter mais informações, consulte "[Sobre {% data variables.product.prodname_dependabot_alerts %}](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies#detection-of-vulnerable-dependencies)". ## Do {% data variables.product.prodname_dependabot_alerts %} only relate to vulnerable dependencies in manifests and lockfiles? -{% data variables.product.prodname_dependabot_alerts %} advise you about dependencies you should update, including transitive dependencies, where the version can be determined from a manifest or a lockfile. {% ifversion fpt or ghec or ghes > 3.2 %}{% data variables.product.prodname_dependabot_security_updates %} only suggest a change where {% data variables.product.prodname_dependabot %} can directly "fix" the dependency, that is, when these are: -* Direct dependencies explicitly declared in a manifest or lockfile -* Transitive dependencies declared in a lockfile{% endif %} +Os {% data variables.product.prodname_dependabot_alerts %} aconselham você com relação a dependências que você deve atualizar, incluindo dependências transitivas, em que a versão pode ser determinada a partir de um manifesto ou de um arquivo de bloqueio. {% ifversion fpt or ghec or ghes > 3.2 %}{% data variables.product.prodname_dependabot_security_updates %} sugere apenas uma mudança em que {% data variables.product.prodname_dependabot %} pode "corrigir" diretamente a dependência, ou seja, quando são: +* Dependências diretas, que são definidas explicitamente em um manifesto ou arquivo de bloqueio +* Dependências transitórias declaradas em um arquivo de bloqueio{% endif %} -**Check**: Is the uncaught vulnerability for a component that's not specified in the repository's manifest or lockfile? +**Verifique**: A vulnerabilidade não detectada para um componente não especificado no manifesto ou no arquivo de bloqueio do repositório? -## Why don't I get vulnerability alerts for some ecosystems? +## Por que não recebo alertas de vulnerabilidade em alguns ecossistemas? -{% data variables.product.prodname_dotcom %} limits its support for vulnerability alerts to a set of ecosystems where we can provide high-quality, actionable data. Curated vulnerabilities in the {% data variables.product.prodname_advisory_database %}, the dependency graph, {% ifversion fpt or ghec %}{% data variables.product.prodname_dependabot %} security updates, {% endif %}and {% data variables.product.prodname_dependabot_alerts %} are provided for several ecosystems, including Java’s Maven, JavaScript’s npm and Yarn, .NET’s NuGet, Python’s pip, Ruby's RubyGems, and PHP’s Composer. We'll continue to add support for more ecosystems over time. For an overview of the package ecosystems that we support, see "[About the dependency graph](/github/visualizing-repository-data-with-graphs/about-the-dependency-graph#supported-package-ecosystems)." +O {% data variables.product.prodname_dotcom %} limita seu suporte a alertas de vulnerabilidade a um conjunto de ecossistemas onde podemos fornecer dados de alta qualidade e relevantes. As vulnerabilidades curadas no {% data variables.product.prodname_advisory_database %}, o gráfico de dependências, {% ifversion fpt or ghec %}{% data variables.product.prodname_dependabot %} atualizações de segurança, {% endif %}e {% data variables.product.prodname_dependabot_alerts %} são fornecidos para vários ecossistemas, incluindo o Maven do Javaen, o npm do JavaScript e o Yarn, Nuget do .NET's, Pip Python, RubyGems e PHP Composer. Nós continuaremos a adicionar suporte para mais ecossistemas ao longo do tempo. Para uma visão geral dos ecossistemas de pacotes suportados por nós, consulte "[Sobre o gráfico de dependências](/github/visualizing-repository-data-with-graphs/about-the-dependency-graph#supported-package-ecosystems)". -It's worth noting that {% data variables.product.prodname_dotcom %} Security Advisories may exist for other ecosystems. The information in a security advisory is provided by the maintainers of a particular repository. This data is not curated in the same way as information for the supported ecosystems. {% ifversion fpt or ghec %}For more information, see "[About {% data variables.product.prodname_dotcom %} Security Advisories](/github/managing-security-vulnerabilities/about-github-security-advisories)."{% endif %} +Vale a pena observar que as consultorias de segurança de {% data variables.product.prodname_dotcom %} podem existir para outros ecossistemas. As informações em uma consultoria de segurança são fornecidas pelos mantenedores de um determinado repositório. Estes dados não são curados da mesma forma que as informações relativas aos ecossistemas suportados. {% ifversion fpt or ghec %}Para obter mais informações, consulte "[Sobre consultorias de segurança de {% data variables.product.prodname_dotcom %}](/github/managing-security-vulnerabilities/about-github-security-advisories){% endif %} -**Check**: Does the uncaught vulnerability apply to an unsupported ecosystem? +**Verificar**: A vulnerabilidade não capturada se aplica a um ecossistema não suportado? -## Does {% data variables.product.prodname_dependabot %} generate alerts for vulnerabilities that have been known for many years? +## O {% data variables.product.prodname_dependabot %} gera alertas de vulnerabilidades que são conhecidas há muitos anos? -The {% data variables.product.prodname_advisory_database %} was launched in November 2019, and initially back-filled to include vulnerability information for the supported ecosystems, starting from 2017. When adding CVEs to the database, we prioritize curating newer CVEs, and CVEs affecting newer versions of software. +O {% data variables.product.prodname_advisory_database %} foi lançado em novembro de 2019 e preencheu, inicialmente, a inclusão de informações de vulnerabilidade para os ecossistemas compatíveis a partir de 2017. Ao adicionar CVEs ao banco de dados, priorizamos a curadoria de CVEs mais recentes e CVEs que afetam versões mais recentes do software. -Some information on older vulnerabilities is available, especially where these CVEs are particularly widespread, however some old vulnerabilities are not included in the {% data variables.product.prodname_advisory_database %}. If there's a specific old vulnerability that you need to be included in the database, contact {% data variables.contact.contact_support %}. +Algumas informações sobre vulnerabilidades mais antigas estão disponíveis, especialmente quando estes CVEs estão particularmente disseminados. No entanto algumas vulnerabilidades antigas não estão incluídas no {% data variables.product.prodname_advisory_database %}. Se houver uma vulnerabilidade antiga específica que você precisar incluir no banco de dados, entre em contato com {% data variables.contact.contact_support %}. -**Check**: Does the uncaught vulnerability have a publish date earlier than 2017 in the National Vulnerability Database? +**Verifique**: A vulnerabilidade não detectada tem uma data de publicação anterior a 2017 no Banco de Dados Nacional de Vulnerabilidade? -## Why does {% data variables.product.prodname_advisory_database %} use a subset of published vulnerability data? +## Por que o {% data variables.product.prodname_advisory_database %} usa um subconjunto de dados de vulnerabilidade publicada? -Some third-party tools use uncurated CVE data that isn't checked or filtered by a human. This means that CVEs with tagging or severity errors, or other quality issues, will cause more frequent, more noisy, and less useful alerts. +Algumas ferramentas de terceiros usam dados de CVE não descurados que não são verificados ou filtrados por um ser humano. Isto significa que os CVEs com erros de etiqueta ou de gravidade, ou outros problemas de qualidade, gerarão alertas mais frequentes, mais ruidosos e menos úteis. -Since {% data variables.product.prodname_dependabot %} uses curated data in the {% data variables.product.prodname_advisory_database %}, the volume of alerts may be lower, but the alerts you do receive will be accurate and relevant. +Uma vez que {% data variables.product.prodname_dependabot %} usa dados curados em {% data variables.product.prodname_advisory_database %}, o volume de alertas pode ser menor, mas os alertas que você recebe serão precisos e relevantes. {% ifversion fpt or ghec %} -## Does each dependency vulnerability generate a separate alert? +## Cada vulnerabilidade de dependência gera um alerta separado? -When a dependency has multiple vulnerabilities, an alert is generated for each vulnerability at the level of advisory plus manifest. +Quando uma dependência tem várias vulnerabilidades, gera-se um alerta para cada vulnerabilidade no nível da consultoria mais manifesto. -![Screenshot of the {% data variables.product.prodname_dependabot_alerts %} tab showing two alerts from the same package with different manifests.](/assets/images/help/repository/dependabot-alerts-view.png) +![Captura de tela da aba de {% data variables.product.prodname_dependabot_alerts %} que mostra dois alertas do mesmo pacote com manifestos diferentes.](/assets/images/help/repository/dependabot-alerts-view.png) -Legacy {% data variables.product.prodname_dependabot_alerts %} were grouped into a single aggregated alert with all the vulnerabilities for the same dependency. If you navigate to a link to a legacy {% data variables.product.prodname_dependabot %} alert, you will be redirected to the {% data variables.product.prodname_dependabot_alerts %} tab filtered to display vulnerabilities for that dependent package and manifest. +O legado de {% data variables.product.prodname_dependabot_alerts %} foi agrupado em um único alerta agregado com todas as vulnerabilidades para a mesma dependência. Se você acessar um link para um alerta de legadode {% data variables.product.prodname_dependabot %}, você será redirecionado para a aba de {% data variables.product.prodname_dependabot_alerts %} filtrada para exibir vulnerabilidades para esse pacote e manifesto dependente. -![Screenshot of the {% data variables.product.prodname_dependabot_alerts %} tab showing the filtered alerts from navigating to a legacy {% data variables.product.prodname_dependabot %} alert.](/assets/images/help/repository/legacy-dependabot-alerts-view.png) +![Captura de tela da aba {% data variables.product.prodname_dependabot_alerts %} que mostra os alertas filtrados da navegação até um alerta de legado de {% data variables.product.prodname_dependabot %}.](/assets/images/help/repository/legacy-dependabot-alerts-view.png) -The {% data variables.product.prodname_dependabot_alerts %} count in {% data variables.product.prodname_dotcom %} shows a total for the number of alerts, which is the number of vulnerabilities, not the number of dependencies. +A contagem de {% data variables.product.prodname_dependabot_alerts %} em {% data variables.product.prodname_dotcom %} mostra um total para o número de alertas, que é o número de vulnerabilidades, não o número de dependências. -**Check**: If there is a discrepancy in the totals you are seeing, check that you are not comparing alert numbers with dependency numbers. Also check that you are viewing all alerts and not a subset of filtered alerts. +**Verifique**: Se houver discrepância no total que você está vendo, verifique se você não está comparando números de alerta com números de dependência. Também verifique se você está visualizando todos os alertas e não um subconjunto de alertas filtrados. {% endif %} ## Leia mais diff --git a/translations/pt-BR/data/reusables/actions/enterprise-github-connect-warning.md b/translations/pt-BR/data/reusables/actions/enterprise-github-connect-warning.md deleted file mode 100644 index 8da7379ebd..0000000000 --- a/translations/pt-BR/data/reusables/actions/enterprise-github-connect-warning.md +++ /dev/null @@ -1,15 +0,0 @@ -{% ifversion ghes > 3.2 or ghae-issue-4815 %} -{% note %} - -**Observação:** Quando um fluxo de trabalho usa uma ação fazendo referência ao repositório onde a ação é armazenada, {% data variables.product.prodname_actions %} tentará encontrar o repositório na sua instância de {% data variables.product.prodname_ghe_server %} antes de voltar para {% data variables.product.prodname_dotcom_the_website %}. Se um usuário tiver criado uma organização e um repositório em sua empresa, que corresponde a uma organização e nome do repositório em {% data variables.product.prodname_dotcom %}, o repositório da sua empresa será usado no lugar do repositório de {% data variables.product.prodname_dotcom %}. Para obter mais informações, consulte "[Desativação automática de namespaces para ações acessadas em {% data variables.product.prodname_dotcom_the_website%}](#automatic-retirement-of-namespaces-for-actions-accessed-on-githubcom)". - -{% endnote %} -{% endif %} - -{% ifversion ghes < 3.3 or ghae %} -{% note %} - -**Observação:** Quando um fluxo de trabalho usa uma ação fazendo referência ao repositório onde a ação é armazenada, {% data variables.product.prodname_actions %} tentará encontrar o repositório na sua instância de {% data variables.product.prodname_ghe_server %} antes de voltar para {% data variables.product.prodname_dotcom_the_website %}. Se um usuário criar uma organização e um repositório em sua empresa, que corresponde a uma organização e nome do repositório em {% data variables.product.prodname_dotcom %}, o repositório da sua empresa será usado no lugar do repositório de {% data variables.product.prodname_dotcom %}. Um usuário malicioso pode aproveitar este comportamento para executar o código como parte de um fluxo de trabalho. - -{% endnote %} -{% endif %} diff --git a/translations/pt-BR/data/reusables/actions/github-connect-resolution.md b/translations/pt-BR/data/reusables/actions/github-connect-resolution.md new file mode 100644 index 0000000000..816e314a30 --- /dev/null +++ b/translations/pt-BR/data/reusables/actions/github-connect-resolution.md @@ -0,0 +1 @@ +When a workflow uses an action by referencing the repository where the action is stored, {% data variables.product.prodname_actions %} will first try to find the repository on {% data variables.product.product_location %}. If the repository does not exist on {% data variables.product.product_location %}, and if you have automatic access to {% data variables.product.prodname_dotcom_the_website %} enabled, {% data variables.product.prodname_actions %} will try to find the repository on {% data variables.product.prodname_dotcom_the_website %}. \ No newline at end of file diff --git a/translations/pt-BR/data/reusables/actions/self-hosted-runner-communications-for-ghae.md b/translations/pt-BR/data/reusables/actions/self-hosted-runner-communications-for-ghae.md deleted file mode 100644 index 48239a161e..0000000000 --- a/translations/pt-BR/data/reusables/actions/self-hosted-runner-communications-for-ghae.md +++ /dev/null @@ -1,7 +0,0 @@ -{% ifversion ghae %} - -You must ensure that the self-hosted runner has appropriate network access to communicate with your {% data variables.product.prodname_ghe_managed %} URL and its subdomains. Por exemplo, se o o nome da sua instância for `octoghae`, você deverá permitir que o executor auto-hospedado acesse `octoghae.githubenterprise.com`, `api.octoghae.githubenterprise.com` e `codeload.octoghae.githubenterprise.com`. - -If you use an IP address allow list for your organization or enterprise account on {% data variables.product.prodname_dotcom %}, you must add your self-hosted runner's IP address to the allow list. Para obter mais informações, consulte "[Gerenciar endereços IP permitidos para a sua organização](/organizations/keeping-your-organization-secure/managing-allowed-ip-addresses-for-your-organization#using-github-actions-with-an-ip-allow-list)". - -{% endif %} diff --git a/translations/pt-BR/data/reusables/actions/self-hosted-runner-networking-to-dotcom.md b/translations/pt-BR/data/reusables/actions/self-hosted-runner-networking-to-dotcom.md new file mode 100644 index 0000000000..42dada4867 --- /dev/null +++ b/translations/pt-BR/data/reusables/actions/self-hosted-runner-networking-to-dotcom.md @@ -0,0 +1 @@ +To use actions from {% data variables.product.prodname_dotcom_the_website %},{% ifversion ghes %} both {% data variables.product.product_location %} and{% endif %} your self-hosted runners must be able to make outbound connections to {% data variables.product.prodname_dotcom_the_website %}. No inbound connections from {% data variables.product.prodname_dotcom_the_website %} are required. For more information. Para obter mais informações, consulte "[Sobre executores auto-hospedados](/actions/hosting-your-own-runners/about-self-hosted-runners#communication-betweens-self-hosted-runners-and-githubcom)." \ No newline at end of file diff --git a/translations/pt-BR/data/reusables/actions/self-hosted-runner-ports-protocols.md b/translations/pt-BR/data/reusables/actions/self-hosted-runner-ports-protocols.md index 57f16b0906..a24c445d1b 100644 --- a/translations/pt-BR/data/reusables/actions/self-hosted-runner-ports-protocols.md +++ b/translations/pt-BR/data/reusables/actions/self-hosted-runner-ports-protocols.md @@ -1 +1,3 @@ -Self-hosted runners must be able to communicate with {% ifversion ghae %}your enterprise on {% data variables.product.product_name %}{% elsif fpt or ghec or ghes %}{% data variables.product.product_location %}{% endif %} over HTTP (port 80) and HTTPS (port 443). +{% ifversion ghes or ghae %} +The connection between self-hosted runners and {% data variables.product.product_name %} is over {% ifversion ghes %}HTTP (port 80) or {% endif %}HTTPS (port 443). {% ifversion ghes %}To ensure connectivity over HTTPS, configure TLS for {% data variables.product.product_location %}. For more information, see "[Configuring TLS](/admin/configuration/configuring-network-settings/configuring-tls)."{% endif %} +{% endif %} diff --git a/translations/pt-BR/data/reusables/dependabot/result-discrepancy.md b/translations/pt-BR/data/reusables/dependabot/result-discrepancy.md index 241548122b..fe37e0946d 100644 --- a/translations/pt-BR/data/reusables/dependabot/result-discrepancy.md +++ b/translations/pt-BR/data/reusables/dependabot/result-discrepancy.md @@ -1 +1 @@ -The results of dependency detection reported by {% data variables.product.product_name %} may be different from the results returned by other tools. There are good reasons for this and it's helpful to understand how {% data variables.product.prodname_dotcom %} determines dependencies for your project. +Os resultados da detecção de dependências relatados pelo {% data variables.product.product_name %} podem ser diferentes dos resultados retornados por outras ferramentas. Existem boas razões para isso e é útil entender como {% data variables.product.prodname_dotcom %} determina as dependências para o seu projeto. diff --git a/translations/pt-BR/data/reusables/secret-scanning/partner-secret-list-public-repo.md b/translations/pt-BR/data/reusables/secret-scanning/partner-secret-list-public-repo.md index 34b598c265..bd8a8ce498 100644 --- a/translations/pt-BR/data/reusables/secret-scanning/partner-secret-list-public-repo.md +++ b/translations/pt-BR/data/reusables/secret-scanning/partner-secret-list-public-repo.md @@ -58,6 +58,7 @@ | Meta | Facebook Access Token | | npm | Token de acesso de npm | | NuGet | Chave de API de NuGet | +| Octopus Deploy | Octopus Deploy API Key | | OpenAI | OpenAI API Key | | Palantir | Token web de JSON de Palantir | | PlanetScale | PlanetScale Database Password | From e30b44383ce6f9c273d8ede34363b76ae3ee38e5 Mon Sep 17 00:00:00 2001 From: docubot <67483024+docubot@users.noreply.github.com> Date: Sun, 20 Mar 2022 08:01:27 -0700 Subject: [PATCH 38/52] New translation batch for ja (#26348) * Add crowdin translations * Run script/i18n/homogenize-frontmatter.js * Run script/i18n/lint-translation-files.js --check rendering * run script/i18n/reset-files-with-broken-liquid-tags.js --language=ja * run script/i18n/reset-known-broken-translation-files.js * Check in ja CSV report --- .../about-self-hosted-runners.md | 47 +++++--- .../automatic-token-authentication.md | 106 +++++++++--------- .../network-ports.md | 66 ++++++----- .../about-github-actions-for-enterprises.md | 2 +- .../about-using-actions-in-your-enterprise.md | 34 ++++-- ...-githubcom-actions-using-github-connect.md | 15 ++- .../enterprise-github-connect-warning.md | 15 --- .../actions/github-connect-resolution.md | 1 + ...f-hosted-runner-communications-for-ghae.md | 7 -- ...self-hosted-runner-networking-to-dotcom.md | 1 + .../self-hosted-runner-ports-protocols.md | 4 +- .../partner-secret-list-public-repo.md | 1 + translations/log/ja-resets.csv | 12 +- 13 files changed, 174 insertions(+), 137 deletions(-) delete mode 100644 translations/ja-JP/data/reusables/actions/enterprise-github-connect-warning.md create mode 100644 translations/ja-JP/data/reusables/actions/github-connect-resolution.md delete mode 100644 translations/ja-JP/data/reusables/actions/self-hosted-runner-communications-for-ghae.md create mode 100644 translations/ja-JP/data/reusables/actions/self-hosted-runner-networking-to-dotcom.md diff --git a/translations/ja-JP/content/actions/hosting-your-own-runners/about-self-hosted-runners.md b/translations/ja-JP/content/actions/hosting-your-own-runners/about-self-hosted-runners.md index f2904902c9..472e15ed55 100644 --- a/translations/ja-JP/content/actions/hosting-your-own-runners/about-self-hosted-runners.md +++ b/translations/ja-JP/content/actions/hosting-your-own-runners/about-self-hosted-runners.md @@ -133,16 +133,30 @@ Some extra configuration might be required to use actions from {% data variables ## Communication between self-hosted runners and {% data variables.product.product_name %} -The self-hosted runner polls {% data variables.product.product_name %} to retrieve application updates and to check if any jobs are queued for processing. The self-hosted runner uses a HTTPS _long poll_ that opens a connection to {% data variables.product.product_name %} for 50 seconds, and if no response is received, it then times out and creates a new long poll. The application must be running on the machine to accept and run {% data variables.product.prodname_actions %} jobs. +The self-hosted runner connects to {% data variables.product.product_name %} to receive job assignments and to download new versions of the runner application. The self-hosted runner uses an {% ifversion ghes %}HTTP(S){% else %}HTTPS{% endif %} _long poll_ that opens a connection to {% data variables.product.product_name %} for 50 seconds, and if no response is received, it then times out and creates a new long poll. The application must be running on the machine to accept and run {% data variables.product.prodname_actions %} jobs. {% data reusables.actions.self-hosted-runner-ports-protocols %} -{% data reusables.actions.self-hosted-runner-communications-for-ghae %} +{% ifversion fpt or ghec %} +Since the self-hosted runner opens a connection to {% data variables.product.product_location %}, you do not need to allow {% data variables.product.prodname_dotcom %} to make inbound connections to your self-hosted runner. +{% elsif ghes or ghae %} +Only an outbound connection from the runner to {% data variables.product.product_location %} is required. There is no need for an inbound connection from {% data variables.product.product_location %} to the runner. +{%- endif %} + +{% ifversion ghes %} + +{% data variables.product.product_name %} must accept inbound connections from your runners over {% ifversion ghes %}HTTP(S){% else %}HTTPS{% endif %} at {% data variables.product.product_location %}'s hostname and API subdomain, and your runners must allow outbound connections over {% ifversion ghes %}HTTP(S){% else %}HTTPS{% endif %} to {% data variables.product.product_location %}'s hostname and API subdomain. + +{% elsif ghae %} + +You must ensure that the self-hosted runner has appropriate network access to communicate with your {% data variables.product.product_name %} URL and its subdomains. For example, if your subdomain for {% data variables.product.product_name %} is `octoghae`, then you will need to allow the self-hosted runner to access `octoghae.githubenterprise.com`, `api.octoghae.githubenterprise.com`, and `codeload.octoghae.githubenterprise.com`. + +If you use an IP address allow list, you must add your self-hosted runner's IP address to the allow list. For more information, see "[Managing allowed IP addresses for your organization](/organizations/keeping-your-organization-secure/managing-allowed-ip-addresses-for-your-organization#using-github-actions-with-an-ip-allow-list)." + +{% endif %} {% ifversion fpt or ghec %} -Since the self-hosted runner opens a connection to {% data variables.product.prodname_dotcom %}, you do not need to allow {% data variables.product.prodname_dotcom %} to make inbound connections to your self-hosted runner. - You must ensure that the machine has the appropriate network access to communicate with the {% data variables.product.prodname_dotcom %} hosts listed below. Some hosts are required for essential runner operations, while other hosts are only required for certain functionality. {% note %} @@ -191,27 +205,25 @@ If you use an IP address allow list for your {% data variables.product.prodname_ {% else %} -You must ensure that the machine has the appropriate network access to communicate with {% data variables.product.product_location %}.{% ifversion ghes %} Self-hosted runners connect directly to {% data variables.product.product_location %} and do not require any external internet access in order to function. As a result, you can use network routing to direct communication between the self-hosted runner and {% data variables.product.product_location %}. For example, you can assign a private IP address to your self-hosted runner and configure routing to send traffic to {% data variables.product.product_location %}, with no need for traffic to traverse a public network.{% endif %} +{% ifversion ghes %}Self-hosted runners do not require any external internet access in order to function. As a result, you can use network routing to direct communication between the self-hosted runner and {% data variables.product.product_location %}. For example, you can assign a private IP address to your self-hosted runner and configure routing to send traffic to {% data variables.product.product_location %}, with no need for traffic to traverse a public network.{% endif %} {% endif %} +{% ifversion ghae %} +If you use an IP address allow list for your {% data variables.product.prodname_dotcom %} organization or enterprise account, you must add your self-hosted runner's IP address to the allow list. For more information, see "[Managing allowed IP addresses for your organization](/organizations/keeping-your-organization-secure/managing-allowed-ip-addresses-for-your-organization#using-github-actions-with-an-ip-allow-list)." +{% endif %} + You can also use self-hosted runners with a proxy server. For more information, see "[Using a proxy server with self-hosted runners](/actions/automating-your-workflow-with-github-actions/using-a-proxy-server-with-self-hosted-runners)." For more information about troubleshooting common network connectivity issues, see "[Monitoring and troubleshooting self-hosted runners](/actions/hosting-your-own-runners/monitoring-and-troubleshooting-self-hosted-runners#troubleshooting-network-connectivity)." -{% ifversion ghes %} +{% ifversion ghes or ghae %} ## Communication between self-hosted runners and {% data variables.product.prodname_dotcom_the_website %} -Self-hosted runners do not need to connect to {% data variables.product.prodname_dotcom_the_website %} unless you have [enabled automatic access to {% data variables.product.prodname_dotcom_the_website %} actions using {% data variables.product.prodname_github_connect %}](/admin/github-actions/managing-access-to-actions-from-githubcom/enabling-automatic-access-to-githubcom-actions-using-github-connect). +Self-hosted runners do not need to connect to {% data variables.product.prodname_dotcom_the_website %} unless you have enabled automatic access to {% data variables.product.prodname_dotcom_the_website %} actions for {% data variables.product.product_location %}. For more information, see "[About using actions in your enterprise](/admin/github-actions/managing-access-to-actions-from-githubcom/about-using-actions-in-your-enterprise)." -If you have enabled automatic access to {% data variables.product.prodname_dotcom_the_website %} actions using {% data variables.product.prodname_github_connect %}, then the self-hosted runner will connect directly to {% data variables.product.prodname_dotcom_the_website %} to download actions. You must ensure that the machine has the appropriate network access to communicate with the {% data variables.product.prodname_dotcom %} URLs listed below. - -{% note %} - -**Note:** Some of the domains listed below are configured using `CNAME` records. Some firewalls might require you to add rules recursively for all `CNAME` records. Note that the `CNAME` records might change in the future, and that only the domains listed below will remain constant. - -{% endnote %} +If you have enabled automatic access to {% data variables.product.prodname_dotcom_the_website %} actions, then the self-hosted runner will connect directly to {% data variables.product.prodname_dotcom_the_website %} to download actions. You must ensure that the machine has the appropriate network access to communicate with the {% data variables.product.prodname_dotcom %} URLs listed below. ``` github.com @@ -219,6 +231,13 @@ api.github.com codeload.github.com ``` +{% note %} + +**Note:** Some of the domains listed above are configured using `CNAME` records. Some firewalls might require you to add rules recursively for all `CNAME` records. Note that the `CNAME` records might change in the future, and that only the domains listed above will remain constant. + +{% endnote %} + + {% endif %} ## Self-hosted runner security diff --git a/translations/ja-JP/content/actions/security-guides/automatic-token-authentication.md b/translations/ja-JP/content/actions/security-guides/automatic-token-authentication.md index 7399217ace..18f4b679cb 100644 --- a/translations/ja-JP/content/actions/security-guides/automatic-token-authentication.md +++ b/translations/ja-JP/content/actions/security-guides/automatic-token-authentication.md @@ -1,6 +1,6 @@ --- title: Automatic token authentication -intro: '{% data variables.product.prodname_dotcom %} provides a token that you can use to authenticate on behalf of {% data variables.product.prodname_actions %}.' +intro: '{% data variables.product.prodname_dotcom %}は、{% data variables.product.prodname_actions %}の代理で認証を受けるために利用できるトークンを提供します。' redirect_from: - /github/automating-your-workflow-with-github-actions/authenticating-with-the-github_token - /actions/automating-your-workflow-with-github-actions/authenticating-with-the-github_token @@ -17,37 +17,37 @@ shortTitle: Automatic token authentication {% data reusables.actions.enterprise-beta %} {% data reusables.actions.enterprise-github-hosted-runners %} -## About the `GITHUB_TOKEN` secret +## `GITHUB_TOKEN`シークレットについて -At the start of each workflow run, {% data variables.product.prodname_dotcom %} automatically creates a unique `GITHUB_TOKEN` secret to use in your workflow. You can use the `GITHUB_TOKEN` to authenticate in a workflow run. +At the start of each workflow run, {% data variables.product.prodname_dotcom %} automatically creates a unique `GITHUB_TOKEN` secret to use in your workflow. この`GITHUB_TOKEN`は、ワークフローの実行内での認証に利用できます。 -When you enable {% data variables.product.prodname_actions %}, {% data variables.product.prodname_dotcom %} installs a {% data variables.product.prodname_github_app %} on your repository. The `GITHUB_TOKEN` secret is a {% data variables.product.prodname_github_app %} installation access token. You can use the installation access token to authenticate on behalf of the {% data variables.product.prodname_github_app %} installed on your repository. The token's permissions are limited to the repository that contains your workflow. For more information, see "[Permissions for the `GITHUB_TOKEN`](#permissions-for-the-github_token)." +{% data variables.product.prodname_actions %}を有効化すると、{% data variables.product.prodname_dotcom %}はリポジトリに{% data variables.product.prodname_github_app %}をインストールします。 `GITHUB_TOKEN`シークレットは、{% data variables.product.prodname_github_app %}インストールアクセストークンです。 このインストールアクセストークンは、リポジトリにインストールされた{% data variables.product.prodname_github_app %}の代わりに認証を受けるために利用できます このトークンの権限は、ワークフローを含むリポジトリに限定されます。 詳しい情報については「[`GITHUB_TOKEN`の権限](#permissions-for-the-github_token)」を参照してください。 -Before each job begins, {% data variables.product.prodname_dotcom %} fetches an installation access token for the job. {% data reusables.actions.github-token-expiration %} +各ジョブの開始前に、{% data variables.product.prodname_dotcom %} はジョブのインストールアクセストークンをフェッチします。 {% data reusables.actions.github-token-expiration %} -The token is also available in the `github.token` context. For more information, see "[Contexts](/actions/learn-github-actions/contexts#github-context)." +このトークンは、`github.token`コンテキストにもあります。 詳細については、「[コンテキスト](/actions/learn-github-actions/contexts#github-context)」を参照してください。 -## Using the `GITHUB_TOKEN` in a workflow +## ワークフロー内での`GITHUB_TOKEN`の利用 -You can use the `GITHUB_TOKEN` by using the standard syntax for referencing secrets: {%raw%}`${{ secrets.GITHUB_TOKEN }}`{% endraw %}. Examples of using the `GITHUB_TOKEN` include passing the token as an input to an action, or using it to make an authenticated {% ifversion fpt or ghec %}{% data variables.product.prodname_dotcom %}{% else %}{% data variables.product.product_name %}{% endif %} API request. +シークレットを参照するための標準構文 {%raw%}`${{ secrets.GITHUB_TOKEN }}`{% endraw %} を使用して、`GITHUB_TOKEN` を使用できます。 Examples of using the `GITHUB_TOKEN` include passing the token as an input to an action, or using it to make an authenticated {% ifversion fpt or ghec %}{% data variables.product.prodname_dotcom %}{% else %}{% data variables.product.product_name %}{% endif %} API request. {% ifversion fpt or ghes > 3.1 or ghae or ghec %} {% note %} -**Important:** An action can access the `GITHUB_TOKEN` through the `github.token` context even if the workflow does not explicitly pass the `GITHUB_TOKEN` to the action. As a good security practice, you should always make sure that actions only have the minimum access they require by limiting the permissions granted to the `GITHUB_TOKEN`. For more information, see "[Permissions for the `GITHUB_TOKEN`](#permissions-for-the-github_token)." +**重要:** ワークフローが `GITHUB_TOKEN` をアクションに明示的に渡さない場合でも、アクションは `github.token` コンテキストを介して `GITHUB_TOKEN` にアクセスできます。 セキュリティを強化するには、`GITHUB_TOKEN` に付与されるアクセス許可を制限することにより、アクションに必要な最小限のアクセスのみが含まれるようにする必要があります。 詳しい情報については「[`GITHUB_TOKEN`の権限](#permissions-for-the-github_token)」を参照してください。 {% endnote %} {% endif %} {% data reusables.actions.actions-do-not-trigger-workflows %} -### Example 1: passing the `GITHUB_TOKEN` as an input +### 例 1: `GITHUB_TOKEN` を入力として渡す {% data reusables.actions.github_token-input-example %} -### Example 2: calling the REST API +### 例 2: REST API を呼び出す -You can use the `GITHUB_TOKEN` to make authenticated API calls. This example workflow creates an issue using the {% data variables.product.prodname_dotcom %} REST API: +`GITHUB_TOKEN`を使って、認証されたAPIコールを発行できます。 以下のワークフローの例では、{% data variables.product.prodname_dotcom %} REST APIを使ってIssueを作成しています。 ```yaml name: Create issue on commit @@ -73,74 +73,72 @@ jobs: --fail ``` -## Permissions for the `GITHUB_TOKEN` +## `GITHUB_TOKEN`の権限 -For information about the API endpoints {% data variables.product.prodname_github_apps %} can access with each permission, see "[{% data variables.product.prodname_github_app %} Permissions](/rest/reference/permissions-required-for-github-apps)." +{% data variables.product.prodname_github_apps %} が各権限でアクセスできる API エンドポイントについては、「[{% data variables.product.prodname_github_app %} の権限](/rest/reference/permissions-required-for-github-apps)」を参照してください。 {% ifversion fpt or ghes > 3.1 or ghae or ghec %} -The following table shows the permissions granted to the `GITHUB_TOKEN` by default. People with admin permissions to an {% ifversion not ghes %}enterprise, organization, or repository,{% else %}organization or repository{% endif %} can set the default permissions to be either permissive or restricted. For information on how to set the default permissions for the `GITHUB_TOKEN` for your enterprise, organization, or repository, see "[Enforcing policies for {% data variables.product.prodname_actions %} in your enterprise](/admin/policies/enforcing-policies-for-your-enterprise/enforcing-github-actions-policies-for-your-enterprise#enforcing-a-policy-for-workflow-permissions-in-your-enterprise)," "[Disabling or limiting {% data variables.product.prodname_actions %} for your organization](/github/setting-up-and-managing-organizations-and-teams/disabling-or-limiting-github-actions-for-your-organization#setting-the-permissions-of-the-github_token-for-your-organization)," or "[Managing {% data variables.product.prodname_actions %} settings for a repository](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#setting-the-permissions-of-the-github_token-for-your-repository)." +次の表は、デフォルトで `GITHUB_TOKEN` に付与される権限を示しています。 People with admin permissions to an {% ifversion not ghes %}enterprise, organization, or repository,{% else %}organization or repository{% endif %} can set the default permissions to be either permissive or restricted. For information on how to set the default permissions for the `GITHUB_TOKEN` for your enterprise, organization, or repository, see "[Enforcing policies for {% data variables.product.prodname_actions %} in your enterprise](/admin/policies/enforcing-policies-for-your-enterprise/enforcing-github-actions-policies-for-your-enterprise#enforcing-a-policy-for-workflow-permissions-in-your-enterprise)," "[Disabling or limiting {% data variables.product.prodname_actions %} for your organization](/github/setting-up-and-managing-organizations-and-teams/disabling-or-limiting-github-actions-for-your-organization#setting-the-permissions-of-the-github_token-for-your-organization)," or "[Managing {% data variables.product.prodname_actions %} settings for a repository](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#setting-the-permissions-of-the-github_token-for-your-repository)." -| Scope | Default access
(permissive) | Default access
(restricted) | Maximum access
by forked repos | -|---------------|-----------------------------|-----------------------------|--------------------------------| -| actions | read/write | none | read | -| checks | read/write | none | read | -| contents | read/write | read | read | -| deployments | read/write | none | read |{% ifversion fpt or ghec %} -| id-token | none | none | read |{% endif %} -| issues | read/write | none | read | -| metadata | read | read | read | -| packages | read/write | none | read | +| スコープ | デフォルトアクセス
(許可) | デフォルトアクセス
(制限付き) | フォークされたリポジトリ
による最大アクセス | +| ----------- | ----------------------- | ------------------------- | --------------------------------- | +| actions | 読み取り/書き込み | なし | 読み取り | +| checks | 読み取り/書き込み | なし | 読み取り | +| contents | 読み取り/書き込み | 読み取り | 読み取り | +| deployments | 読み取り/書き込み | なし | read |{% ifversion fpt or ghec %} +| id-token | なし | なし | read +{% endif %} +| issues | 読み取り/書き込み | なし | 読み取り | +| メタデータ | 読み取り | 読み取り | 読み取り | +| パッケージ | 読み取り/書き込み | なし | 読み取り | {%- ifversion fpt or ghec or ghes > 3.2 or ghae-issue-6187 %} | pages | read/write | none | read | {%- endif %} -| pull-requests | read/write | none | read | -| repository-projects | read/write | none | read | -| security-events | read/write | none | read | -| statuses | read/write | none | read | +| pull-requests | read/write | none | read | | repository-projects | read/write | none | read | | security-events | read/write | none | read | | statuses | read/write | none | read | {% else %} -| Scope | Access type | Access by forked repos | -|----------|-------------|--------------------------| -| actions | read/write | read | -| checks | read/write | read | -| contents | read/write | read | -| deployments | read/write | read | -| issues | read/write | read | -| metadata | read | read | -| packages | read/write | read | -| pull-requests | read/write | read | -| repository-projects | read/write | read | -| statuses | read/write | read | +| スコープ | アクセスタイプ | フォークしたリポジトリからのアクセス | +| ------------------- | --------- | ------------------ | +| actions | 読み取り/書き込み | 読み取り | +| checks | 読み取り/書き込み | 読み取り | +| contents | 読み取り/書き込み | 読み取り | +| deployments | 読み取り/書き込み | 読み取り | +| issues | 読み取り/書き込み | 読み取り | +| メタデータ | 読み取り | 読み取り | +| パッケージ | 読み取り/書き込み | 読み取り | +| pull-requests | 読み取り/書き込み | 読み取り | +| repository-projects | 読み取り/書き込み | 読み取り | +| statuses | 読み取り/書き込み | 読み取り | {% endif %} {% data reusables.actions.workflow-runs-dependabot-note %} {% ifversion fpt or ghes > 3.1 or ghae or ghec %} -### Modifying the permissions for the `GITHUB_TOKEN` +### `GITHUB_TOKEN` の権限を変更する -You can modify the permissions for the `GITHUB_TOKEN` in individual workflow files. If the default permissions for the `GITHUB_TOKEN` are restrictive, you may have to elevate the permissions to allow some actions and commands to run successfully. If the default permissions are permissive, you can edit the workflow file to remove some permissions from the `GITHUB_TOKEN`. As a good security practice, you should grant the `GITHUB_TOKEN` the least required access. +個々のワークフローファイルの `GITHUB_TOKEN` の権限を変更できます。 `GITHUB_TOKEN` のデフォルトの権限が制限付きの場合は、一部のアクションとコマンドを正常に実行できるように、権限を昇格させる必要がある場合があります。 デフォルトの権限が許可の場合は、ワークフローファイルを編集して、`GITHUB_TOKEN` から一部の権限を削除できます。 セキュリティを強化するには、`GITHUB_TOKEN` に必要最小限のアクセスを許可する必要があります。 -You can see the permissions that `GITHUB_TOKEN` had for a specific job in the "Set up job" section of the workflow run log. For more information, see "[Using workflow run logs](/actions/managing-workflow-runs/using-workflow-run-logs)." +`GITHUB_TOKEN` が特定のジョブに対して保持していた権限は、ワークフロー実行ログの [Set up job] セクションで確認できます。 詳しい情報については、「[ワークフロー実行ログを使用する](/actions/managing-workflow-runs/using-workflow-run-logs)」を参照してください。 -You can use the `permissions` key in your workflow file to modify permissions for the `GITHUB_TOKEN` for an entire workflow or for individual jobs. This allows you to configure the minimum required permissions for a workflow or job. When the `permissions` key is used, all unspecified permissions are set to no access, with the exception of the `metadata` scope, which always gets read access. +ワークフローファイルの `permissions` キーを使用して、ワークフロー全体または個々のジョブの `GITHUB_TOKEN` の権限を変更できます。 これにより、ワークフローまたはジョブに最低限必要な権限を設定できます。 `permissions` キーを使用すると、常に読み取りアクセスを取得する `metadata` スコープを除いて、指定されていないすべての権限が権限なしに設定されます。 {% data reusables.actions.forked-write-permission %} -The two workflow examples earlier in this article show the `permissions` key being used at the workflow level, and at the job level. In [Example 1](#example-1-passing-the-github_token-as-an-input) the two permissions are specified for the entire workflow. In [Example 2](#example-2-calling-the-rest-api) write access is granted for one scope for a single job. +この記事の前半の 2 つのワークフロー例は、ワークフローレベルとジョブレベルで使用されている `permissions` キーを示しています。 [例 1](#example-1-passing-the-github_token-as-an-input) では、ワークフロー全体に対して 2 つの権限が指定されています。 [例 2](#example-2-calling-the-rest-api) では、1 つのジョブに対し 1 つのスコープに書き込み権限が付与されています。 -For full details of the `permissions` key, see "[Workflow syntax for {% data variables.product.prodname_actions %}](/actions/reference/workflow-syntax-for-github-actions#permissions)." +`permissions` キーの詳細については、「[{% data variables.product.prodname_actions %} のワークフロー構文](/actions/reference/workflow-syntax-for-github-actions#permissions)」を参照してください。 -#### How the permissions are calculated for a workflow job +#### ワークフロージョブの権限の計算方法 -The permissions for the `GITHUB_TOKEN` are initially set to the default setting for the enterprise, organization, or repository. If the default is set to the restricted permissions at any of these levels then this will apply to the relevant repositories. For example, if you choose the restricted default at the organization level then all repositories in that organization will use the restricted permissions as the default. The permissions are then adjusted based on any configuration within the workflow file, first at the workflow level and then at the job level. Finally, if the workflow was triggered by a pull request from a forked repository, and the **Send write tokens to workflows from pull requests** setting is not selected, the permissions are adjusted to change any write permissions to read only. +`GITHUB_TOKEN` の権限は、最初は Enterprise、Organization、またはリポジトリのデフォルトに設定されています。 デフォルトがこれらのレベルのいずれかで制限付きの権限に設定されている場合、これは関連するリポジトリに適用されます。 たとえば、Organization レベルで制限付きのデフォルトを選択した場合、その Organization 内のすべてのリポジトリは、制限付きの権限をデフォルトとして使用します。 次に、ワークフローファイル内の構成に基づいて、最初にワークフローレベルで、次にジョブレベルで権限が調整されます。 最後に、ワークフローがフォークされたリポジトリからのプルリクエストによってトリガーされ、[**Send write tokens to workflows from pull requests**](プルリクエストから書き込みトークンをワークフローに送信) 設定が選択されていない場合、権限が調整され、書き込み権限が読み取り専用に変更されます。 -### Granting additional permissions +### 追加の権限を付与する {% endif %} -If you need a token that requires permissions that aren't available in the `GITHUB_TOKEN`, you can create a personal access token and set it as a secret in your repository: +`GITHUB_TOKEN`で利用できない権限を要求するトークンが必要な場合は、個人アクセストークンを生成して、それをリポジトリのシークレットに設定できます。 -1. Use or create a token with the appropriate permissions for that repository. For more information, see "[Creating a personal access token](/github/authenticating-to-github/creating-a-personal-access-token)." -1. Add the token as a secret in your workflow's repository, and refer to it using the {%raw%}`${{ secrets.SECRET_NAME }}`{% endraw %} syntax. For more information, see "[Creating and using encrypted secrets](/github/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets)." +1. リポジトリに対して適切な権限を持つトークンを利用もしくは生成してください。 詳しい情報については、「[個人アクセストークンを作成する](/github/authenticating-to-github/creating-a-personal-access-token)」を参照してください。 +1. ワークフローのリポジトリにそのトークンをシークレットとして追加し、 {%raw%}`${{ secrets.SECRET_NAME }}`{% endraw %}構文でそれを参照してください。 詳しい情報については、「[暗号化されたシークレットの作成と利用](/github/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets)」を参照してください。 -### Further reading +### 参考リンク - "[Resources in the REST API](/rest/overview/resources-in-the-rest-api#rate-limiting)" diff --git a/translations/ja-JP/content/admin/configuration/configuring-network-settings/network-ports.md b/translations/ja-JP/content/admin/configuration/configuring-network-settings/network-ports.md index e815c6b10f..ec8cf46782 100644 --- a/translations/ja-JP/content/admin/configuration/configuring-network-settings/network-ports.md +++ b/translations/ja-JP/content/admin/configuration/configuring-network-settings/network-ports.md @@ -1,5 +1,5 @@ --- -title: ネットワークポート +title: Network ports redirect_from: - /enterprise/admin/articles/configuring-firewalls - /enterprise/admin/articles/firewall @@ -8,7 +8,7 @@ redirect_from: - /enterprise/admin/installation/network-ports - /enterprise/admin/configuration/network-ports - /admin/configuration/network-ports -intro: オープンするネットワークポートは、管理者、エンドユーザ、メールサポートへ公開する必要があるネットワークサービスに応じて選択してください。 +intro: 'Open network ports selectively based on the network services you need to expose for administrators, end users, and email support.' versions: ghes: '*' type: reference @@ -18,37 +18,51 @@ topics: - Networking - Security --- +## Administrative ports -## 管理ポート +Some administrative ports are required to configure {% data variables.product.product_location %} and run certain features. Administrative ports are not required for basic application use by end users. -{% data variables.product.product_location %}を設定し、一部の機能を実行するためにはいくつかの管理ポートが必要です。 管理ポートは、エンドユーザが基本的なアプリケーションを利用するためには必要ありません。 +| Port | Service | Description | +|---|---|---| +| 8443 | HTTPS | Secure web-based {% data variables.enterprise.management_console %}. Required for basic installation and configuration. | +| 8080 | HTTP | Plain-text web-based {% data variables.enterprise.management_console %}. Not required unless TLS is disabled manually. | +| 122 | SSH | Shell access for {% data variables.product.product_location %}. Required to be open to incoming connections between all nodes in a high availability configuration. The default SSH port (22) is dedicated to Git and SSH application network traffic. | +| 1194/UDP | VPN | Secure replication network tunnel in high availability configuration. Required to be open for communication between all nodes in the configuration.| +| 123/UDP| NTP | Required for time protocol operation. | +| 161/UDP | SNMP | Required for network monitoring protocol operation. | -| ポート | サービス | 説明 | -| -------- | ----- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| 8443 | HTTPS | 安全な Web ベースの {% data variables.enterprise.management_console %}。 基本的なインストールと設定に必要です。 | -| 8080 | HTTP | プレーンテキストの Web ベースの {% data variables.enterprise.management_console %}。 SSL を手動で無効にしない限り必要ありません。 | -| 122 | SSH | {% data variables.product.product_location %} 用のシェルアクセス。 Required to be open to incoming connections between all nodes in a high availability configuration. デフォルトの SSHポート (22) は Git と SSH のアプリケーションネットワークトラフィック専用です。 | -| 1194/UDP | VPN | High Availability設定でのセキュアなレプリケーションネットワークトンネル。 Required to be open for communication between all nodes in the configuration. | -| 123/UDP | NTP | timeプロトコルの処理に必要。 | -| 161/UDP | SNMP | ネットワークモニタリングプロトコルの処理に必要。 | +## Application ports for end users -## エンドユーザーのためのアプリケーションポート +Application ports provide web application and Git access for end users. -アプリケーションのポートは、エンドユーザーにWebアプリケーションとGitへのアクセスを提供します。 - -| ポート | サービス | 説明 | -| ---- | ----- | ---------------------------------------------------------------------------------------------------------------------------------- | -| 443 | HTTPS | WebアプリケーションとGit over HTTPSのアクセス。 | -| 80 | HTTP | Web アプリケーションへのアクセス。 SSL が有効な場合にすべての要求は HTTPS ポートにリダイレクトされます。 | -| 22 | SSH | Git over SSH へのアクセス。 パブリックとプライベートリポジトリへの clone、fetch、push 操作をサポートします。 | -| 9418 | Git | Gitプロトコルのポート。暗号化されないネットワーク通信でのパブリックなリポジトリへのclone及びfetch操作をサポートする。 {% data reusables.enterprise_installation.when-9418-necessary %} +| Port | Service | Description | +|---|---|---| +| 443 | HTTPS | Access to the web application and Git over HTTPS. | +| 80 | HTTP | Access to the web application. All requests are redirected to the HTTPS port if TLS is configured. | +| 22 | SSH | Access to Git over SSH. Supports clone, fetch, and push operations to public and private repositories. | +| 9418 | Git | Git protocol port supports clone and fetch operations to public repositories with unencrypted network communication. {% data reusables.enterprise_installation.when-9418-necessary %} | {% data reusables.enterprise_installation.terminating-tls %} -## メールのポート +## Email ports -メールのポートは直接あるいはエンドユーザ用のインバウンドメールサポートのリレーを経由してアクセスできなければなりません。 +Email ports must be accessible directly or via relay for inbound email support for end users. -| ポート | サービス | 説明 | -| --- | ---- | -------------------------- | -| 25 | SMTP | 暗号化ありのSMTP(STARTTLS)のサポート。 | +| Port | Service | Description | +|---|---|---| +| 25 | SMTP | Support for SMTP with encryption (STARTTLS). | + +## {% data variables.product.prodname_actions %} ports + +{% data variables.product.prodname_actions %} ports must be accessible for self-hosted runners to connect to {% data variables.product.product_location %}. For more information, see "[About self-hosted runners](/actions/hosting-your-own-runners/about-self-hosted-runners#communication-between-self-hosted-runners-and-github-enterprise-server)." + +| Port | Service | Description | +|---|---|---| +| 443 | HTTPS | Self-hosted runners connect to {% data variables.product.product_location %} to receive job assignments and to download new versions of the runner application. Required if TLS is configured. +| 80 | HTTP | Self-hosted runners connect to {% data variables.product.product_location %} to receive job assignments and to download new versions of the runner application. Required if TLS is not configured. + +If you enable automatic access to {% data variables.product.prodname_dotcom_the_website %} actions, {% data variables.product.prodname_actions %} will always search for an action on {% data variables.product.product_location %} first, via these ports, before checking {% data variables.product.prodname_dotcom_the_website %}. For more information, see "[Enabling automatic access to {% data variables.product.prodname_dotcom_the_website %} actions using {% data variables.product.prodname_github_connect %}](/admin/github-actions/managing-access-to-actions-from-githubcom/enabling-automatic-access-to-githubcom-actions-using-github-connect#about-resolution-for-actions-using-github-connect)." + +## Further reading + +- "[Configuring TLS](/admin/configuration/configuring-network-settings/configuring-tls)" diff --git a/translations/ja-JP/content/admin/github-actions/getting-started-with-github-actions-for-your-enterprise/about-github-actions-for-enterprises.md b/translations/ja-JP/content/admin/github-actions/getting-started-with-github-actions-for-your-enterprise/about-github-actions-for-enterprises.md index b07878188c..b0313604d2 100644 --- a/translations/ja-JP/content/admin/github-actions/getting-started-with-github-actions-for-your-enterprise/about-github-actions-for-enterprises.md +++ b/translations/ja-JP/content/admin/github-actions/getting-started-with-github-actions-for-your-enterprise/about-github-actions-for-enterprises.md @@ -33,7 +33,7 @@ topics: {% data variables.product.prodname_actions %} helps your team work faster at scale. When large repositories start using {% data variables.product.prodname_actions %}, teams merge significantly more pull requests per day, and the pull requests are merged significantly faster. For more information, see "[Writing and shipping code faster](https://octoverse.github.com/writing-code-faster/#scale-through-automation)" in the State of the Octoverse. -You can create your own unique automations, or you can use and adapt workflows from our ecosystem of over 10,000 actions built by industry leaders and the open source community. For more information, see "[Finding and customizing actions](/actions/learn-github-actions/finding-and-customizing-actions)." +You can create your own unique automations, or you can use and adapt workflows from our ecosystem of over 10,000 actions built by industry leaders and the open source community. {% ifversion ghec %}For more information, see "[Finding and customizing actions](/actions/learn-github-actions/finding-and-customizing-actions)."{% else %}You can restrict your developers to using actions that exist on {% data variables.product.product_location %}, or you can allow your developers to access actions on {% data variables.product.prodname_dotcom_the_website %}. For more information, see "[About using actions in your enterprise](/admin/github-actions/managing-access-to-actions-from-githubcom/about-using-actions-in-your-enterprise)."{% endif %} {% data variables.product.prodname_actions %} is developer friendly, because it's integrated directly into the familiar {% data variables.product.product_name %} experience. diff --git a/translations/ja-JP/content/admin/github-actions/managing-access-to-actions-from-githubcom/about-using-actions-in-your-enterprise.md b/translations/ja-JP/content/admin/github-actions/managing-access-to-actions-from-githubcom/about-using-actions-in-your-enterprise.md index 0574bc0877..b507720da4 100644 --- a/translations/ja-JP/content/admin/github-actions/managing-access-to-actions-from-githubcom/about-using-actions-in-your-enterprise.md +++ b/translations/ja-JP/content/admin/github-actions/managing-access-to-actions-from-githubcom/about-using-actions-in-your-enterprise.md @@ -13,7 +13,7 @@ type: overview topics: - Actions - Enterprise -shortTitle: Add actions in your enterprise +shortTitle: About actions in your enterprise --- {% data reusables.actions.enterprise-beta %} @@ -23,13 +23,24 @@ shortTitle: Add actions in your enterprise {% data variables.product.prodname_actions %} workflows can use _actions_, which are individual tasks that you can combine to create jobs and customize your workflow. You can create your own actions, or use and customize actions shared by the {% data variables.product.prodname_dotcom %} community. -{% data reusables.actions.enterprise-no-internet-actions %} +{% data reusables.actions.enterprise-no-internet-actions %} You can restrict your developers to using actions that are stored on {% data variables.product.product_location %}, which includes most official {% data variables.product.company_short %}-authored actions, as well as any actions your developers create. Alternatively, to allow your developers to benefit from the full ecosystem of actions built by industry leaders and the open source community, you can configure access to other actions from {% data variables.product.prodname_dotcom_the_website %}. + +We recommend allowing automatic access to all actions from {% data variables.product.prodname_dotcom_the_website %}. {% ifversion ghes %}However, this does require {% data variables.product.product_name %} to make outbound connections to {% data variables.product.prodname_dotcom_the_website %}. If you don't want to allow these connections, or{% else %}If{% endif %} you want to have greater control over which actions are used on your enterprise, you can manually sync specific actions from {% data variables.product.prodname_dotcom_the_website %}. ## Official actions bundled with your enterprise instance {% data reusables.actions.actions-bundled-with-ghes %} -The bundled official actions include `actions/checkout`, `actions/upload-artifact`, `actions/download-artifact`, `actions/labeler`, and various `actions/setup-` actions, among others. To see all the official actions included on your enterprise instance, browse to the `actions` organization on your instance: https://HOSTNAME/actions. +The bundled official actions include the following, among others. +- `actions/checkout` +- `actions/upload-artifact` +- `actions/download-artifact` +- `actions/labeler` +- Various `actions/setup-` actions + +To see all the official actions included on your enterprise instance, browse to the `actions` organization on your instance: https://HOSTNAME/actions. + +There is no connection required between {% data variables.product.product_location %} and {% data variables.product.prodname_dotcom_the_website %} to use these actions. Each action is a repository in the `actions` organization, and each action repository includes the necessary tags, branches, and commit SHAs that your workflows can use to reference the action. For information on how to update the bundled official actions, see "[Using the latest version of the official bundled actions](/admin/github-actions/using-the-latest-version-of-the-official-bundled-actions)." @@ -43,14 +54,21 @@ Each action is a repository in the `actions` organization, and each action repos ## Configuring access to actions on {% data variables.product.prodname_dotcom_the_website %} -{% ifversion ghes %} -Before you can configure access to actions on {% data variables.product.prodname_dotcom_the_website %}, you must configure {% data variables.product.product_location %} to use {% data variables.product.prodname_actions %}. For more information, see "[Getting started with {% data variables.product.prodname_actions %} for GitHub Enterprise Server](/admin/github-actions/enabling-github-actions-for-github-enterprise-server/getting-started-with-github-actions-for-github-enterprise-server)." -{% endif %} - {% data reusables.actions.access-actions-on-dotcom %} The recommended approach is to enable automatic access to all actions from {% data variables.product.prodname_dotcom_the_website %}. You can do this by using {% data variables.product.prodname_github_connect %} to integrate {% data variables.product.product_name %} with {% data variables.product.prodname_ghe_cloud %}. For more information, see "[Enabling automatic access to {% data variables.product.prodname_dotcom_the_website %} actions using {% data variables.product.prodname_github_connect %}](/enterprise/admin/github-actions/enabling-automatic-access-to-githubcom-actions-using-github-connect)". +{% ifversion ghes %} +{% note %} + +**Note:** Before you can configure access to actions on {% data variables.product.prodname_dotcom_the_website %}, you must configure {% data variables.product.product_location %} to use {% data variables.product.prodname_actions %}. For more information, see "[Getting started with {% data variables.product.prodname_actions %} for GitHub Enterprise Server](/admin/github-actions/enabling-github-actions-for-github-enterprise-server/getting-started-with-github-actions-for-github-enterprise-server)." + + +{% endnote %} +{% endif %} + +{% data reusables.actions.self-hosted-runner-networking-to-dotcom %} + {% data reusables.actions.enterprise-limit-actions-use %} -Alternatively, if you want stricter control over which actions are allowed in your enterprise, you can manually download and sync actions onto your enterprise instance using the `actions-sync` tool. For more information, see "[Manually syncing actions from {% data variables.product.prodname_dotcom_the_website %}](/enterprise/admin/github-actions/manually-syncing-actions-from-githubcom)." +Alternatively, if you want stricter control over which actions are allowed in your enterprise, or you do not want to allow outbound connections to {% data variables.product.prodname_dotcom_the_website %}, you can manually download and sync actions onto your enterprise instance using the `actions-sync` tool. For more information, see "[Manually syncing actions from {% data variables.product.prodname_dotcom_the_website %}](/enterprise/admin/github-actions/manually-syncing-actions-from-githubcom)." diff --git a/translations/ja-JP/content/admin/github-actions/managing-access-to-actions-from-githubcom/enabling-automatic-access-to-githubcom-actions-using-github-connect.md b/translations/ja-JP/content/admin/github-actions/managing-access-to-actions-from-githubcom/enabling-automatic-access-to-githubcom-actions-using-github-connect.md index 3dc27dc3ff..f539aeca8d 100644 --- a/translations/ja-JP/content/admin/github-actions/managing-access-to-actions-from-githubcom/enabling-automatic-access-to-githubcom-actions-using-github-connect.md +++ b/translations/ja-JP/content/admin/github-actions/managing-access-to-actions-from-githubcom/enabling-automatic-access-to-githubcom-actions-using-github-connect.md @@ -21,11 +21,18 @@ shortTitle: Use GitHub Connect for actions ## About automatic access to {% data variables.product.prodname_dotcom_the_website %} actions -By default, {% data variables.product.prodname_actions %} workflows on {% data variables.product.product_name %} cannot use actions directly from {% data variables.product.prodname_dotcom_the_website %} or [{% data variables.product.prodname_marketplace %}](https://github.com/marketplace?type=actions). +By default, {% data variables.product.prodname_actions %} workflows on {% data variables.product.product_name %} cannot use actions directly from {% data variables.product.prodname_dotcom_the_website %} or [{% data variables.product.prodname_marketplace %}](https://github.com/marketplace?type=actions). To make all actions from {% data variables.product.prodname_dotcom_the_website %} available on your enterprise instance, you can use {% data variables.product.prodname_github_connect %} to integrate {% data variables.product.product_name %} with {% data variables.product.prodname_ghe_cloud %}. -To make all actions from {% data variables.product.prodname_dotcom_the_website %} available on your enterprise instance, you can use {% data variables.product.prodname_github_connect %} to integrate {% data variables.product.product_name %} with {% data variables.product.prodname_ghe_cloud %}. For other ways of accessing actions from {% data variables.product.prodname_dotcom_the_website %}, see "[About using actions in your enterprise](/admin/github-actions/about-using-actions-in-your-enterprise)." +{% data reusables.actions.self-hosted-runner-networking-to-dotcom %} -To use actions from {% data variables.product.prodname_dotcom_the_website %}, your self-hosted runners must be able to download public actions from `api.github.com`. +Alternatively, if you want stricter control over which actions are allowed in your enterprise, you can manually download and sync actions onto your enterprise instance using the `actions-sync` tool. For more information, see "[Manually syncing actions from {% data variables.product.prodname_dotcom_the_website %}](/enterprise/admin/github-actions/manually-syncing-actions-from-githubcom)." + +## About resolution for actions using {% data variables.product.prodname_github_connect %} + +{% data reusables.actions.github-connect-resolution %} + +If a user has already created an organization and repository in your enterprise that matches an organization and repository name on {% data variables.product.prodname_dotcom_the_website %}, the repository on your enterprise will be used instead of the {% data variables.product.prodname_dotcom_the_website %} repository. {% ifversion ghes < 3.3 or ghae %}A malicious user could take advantage of this behavior to run code as part of a workflow{% else %}For more information, see "[Automatic retirement of namespaces for actions accessed on {% data variables.product.prodname_dotcom_the_website%}](#automatic-retirement-of-namespaces-for-actions-accessed-on-githubcom)." +{% endif %} ## Enabling automatic access to all {% data variables.product.prodname_dotcom_the_website %} actions @@ -33,8 +40,6 @@ Before enabling access to all actions from {% data variables.product.prodname_do - Configure {% data variables.product.product_location %} to use {% data variables.product.prodname_actions %}. For more information, see "[Getting started with {% data variables.product.prodname_actions %} for GitHub Enterprise Server](/admin/github-actions/enabling-github-actions-for-github-enterprise-server/getting-started-with-github-actions-for-github-enterprise-server)." - Enable{% else %} enable{% endif %} {% data variables.product.prodname_github_connect %}. For more information, see "[Managing {% data variables.product.prodname_github_connect %}](/admin/configuration/configuring-github-connect/managing-github-connect)." -{% data reusables.actions.enterprise-github-connect-warning %} - {% data reusables.enterprise-accounts.access-enterprise %} {% data reusables.enterprise-accounts.github-connect-tab %} 1. Under "Users can utilize actions from GitHub.com in workflow runs", use the drop-down menu and select **Enabled**. diff --git a/translations/ja-JP/data/reusables/actions/enterprise-github-connect-warning.md b/translations/ja-JP/data/reusables/actions/enterprise-github-connect-warning.md deleted file mode 100644 index 3543165079..0000000000 --- a/translations/ja-JP/data/reusables/actions/enterprise-github-connect-warning.md +++ /dev/null @@ -1,15 +0,0 @@ -{% ifversion ghes > 3.2 or ghae-issue-4815 %} -{% note %} - -**Note:** When a workflow uses an action by referencing the repository where the action is stored, {% data variables.product.prodname_actions %} will try to find the repository on your {% data variables.product.prodname_ghe_server %} instance first before falling back to {% data variables.product.prodname_dotcom_the_website %}. If a user has already created an organization and repository in your enterprise that matches an organization and repository name on {% data variables.product.prodname_dotcom %}, the repository on your enterprise will be used in place of the {% data variables.product.prodname_dotcom %} repository. For more information, see "[Automatic retirement of namespaces for actions accessed on {% data variables.product.prodname_dotcom_the_website%}](#automatic-retirement-of-namespaces-for-actions-accessed-on-githubcom)." - -{% endnote %} -{% endif %} - -{% ifversion ghes < 3.3 or ghae %} -{% note %} - -**Note:** When a workflow uses an action by referencing the repository where the action is stored, {% data variables.product.prodname_actions %} will try to find the repository on your {% data variables.product.prodname_ghe_server %} instance first before falling back to {% data variables.product.prodname_dotcom_the_website %}. ユーザが、{% data variables.product.prodname_dotcom %}上のOrganization及びリポジトリの名前に一致するOrganizationとリポジトリをEnterprise上に作成すると、{% data variables.product.prodname_dotcom %}リポジトリのところではEnterprise上のリポジトリが使用されます。 悪意あるユーザは、ワークフローの一部としてコードを実行するのに、この動作を利用できるかもしれません。 - -{% endnote %} -{% endif %} diff --git a/translations/ja-JP/data/reusables/actions/github-connect-resolution.md b/translations/ja-JP/data/reusables/actions/github-connect-resolution.md new file mode 100644 index 0000000000..816e314a30 --- /dev/null +++ b/translations/ja-JP/data/reusables/actions/github-connect-resolution.md @@ -0,0 +1 @@ +When a workflow uses an action by referencing the repository where the action is stored, {% data variables.product.prodname_actions %} will first try to find the repository on {% data variables.product.product_location %}. If the repository does not exist on {% data variables.product.product_location %}, and if you have automatic access to {% data variables.product.prodname_dotcom_the_website %} enabled, {% data variables.product.prodname_actions %} will try to find the repository on {% data variables.product.prodname_dotcom_the_website %}. \ No newline at end of file diff --git a/translations/ja-JP/data/reusables/actions/self-hosted-runner-communications-for-ghae.md b/translations/ja-JP/data/reusables/actions/self-hosted-runner-communications-for-ghae.md deleted file mode 100644 index 052be44951..0000000000 --- a/translations/ja-JP/data/reusables/actions/self-hosted-runner-communications-for-ghae.md +++ /dev/null @@ -1,7 +0,0 @@ -{% ifversion ghae %} - -You must ensure that the self-hosted runner has appropriate network access to communicate with your {% data variables.product.prodname_ghe_managed %} URL and its subdomains. For example, if your instance name is `octoghae`, then you will need to allow the self-hosted runner to access `octoghae.githubenterprise.com`, `api.octoghae.githubenterprise.com`, and `codeload.octoghae.githubenterprise.com`. - -If you use an IP address allow list for your organization or enterprise account on {% data variables.product.prodname_dotcom %}, you must add your self-hosted runner's IP address to the allow list. 詳細は「[ Organization に対する許可 IP アドレスを管理する](/organizations/keeping-your-organization-secure/managing-allowed-ip-addresses-for-your-organization#using-github-actions-with-an-ip-allow-list)」を参照してください。 - -{% endif %} diff --git a/translations/ja-JP/data/reusables/actions/self-hosted-runner-networking-to-dotcom.md b/translations/ja-JP/data/reusables/actions/self-hosted-runner-networking-to-dotcom.md new file mode 100644 index 0000000000..56a88617bd --- /dev/null +++ b/translations/ja-JP/data/reusables/actions/self-hosted-runner-networking-to-dotcom.md @@ -0,0 +1 @@ +To use actions from {% data variables.product.prodname_dotcom_the_website %},{% ifversion ghes %} both {% data variables.product.product_location %} and{% endif %} your self-hosted runners must be able to make outbound connections to {% data variables.product.prodname_dotcom_the_website %}. No inbound connections from {% data variables.product.prodname_dotcom_the_website %} are required. For more information. 詳しい情報については、「[セルフホストランナーについて](/actions/hosting-your-own-runners/about-self-hosted-runners#communication-betweens-self-hosted-runners-and-githubcom)」を参照してください。 \ No newline at end of file diff --git a/translations/ja-JP/data/reusables/actions/self-hosted-runner-ports-protocols.md b/translations/ja-JP/data/reusables/actions/self-hosted-runner-ports-protocols.md index 57f16b0906..a24c445d1b 100644 --- a/translations/ja-JP/data/reusables/actions/self-hosted-runner-ports-protocols.md +++ b/translations/ja-JP/data/reusables/actions/self-hosted-runner-ports-protocols.md @@ -1 +1,3 @@ -Self-hosted runners must be able to communicate with {% ifversion ghae %}your enterprise on {% data variables.product.product_name %}{% elsif fpt or ghec or ghes %}{% data variables.product.product_location %}{% endif %} over HTTP (port 80) and HTTPS (port 443). +{% ifversion ghes or ghae %} +The connection between self-hosted runners and {% data variables.product.product_name %} is over {% ifversion ghes %}HTTP (port 80) or {% endif %}HTTPS (port 443). {% ifversion ghes %}To ensure connectivity over HTTPS, configure TLS for {% data variables.product.product_location %}. For more information, see "[Configuring TLS](/admin/configuration/configuring-network-settings/configuring-tls)."{% endif %} +{% endif %} diff --git a/translations/ja-JP/data/reusables/secret-scanning/partner-secret-list-public-repo.md b/translations/ja-JP/data/reusables/secret-scanning/partner-secret-list-public-repo.md index 331f9b03bb..185cff6f75 100644 --- a/translations/ja-JP/data/reusables/secret-scanning/partner-secret-list-public-repo.md +++ b/translations/ja-JP/data/reusables/secret-scanning/partner-secret-list-public-repo.md @@ -58,6 +58,7 @@ | メタ情報 | Facebook Access Token | | npm | npm Access Token | | NuGet | NuGet API Key | +| Octopus Deploy | Octopus Deploy API Key | | OpenAI | OpenAI API Key | | Palantir | Palantir JSON Web Token | | PlanetScale | PlanetScale Database Password | diff --git a/translations/log/ja-resets.csv b/translations/log/ja-resets.csv index f57fd583fe..3c84e83d56 100644 --- a/translations/log/ja-resets.csv +++ b/translations/log/ja-resets.csv @@ -17,11 +17,11 @@ translations/ja-JP/content/actions/learn-github-actions/finding-and-customizing- translations/ja-JP/content/actions/managing-workflow-runs/removing-workflow-artifacts.md,broken liquid tags translations/ja-JP/content/actions/publishing-packages/about-packaging-with-github-actions.md,broken liquid tags translations/ja-JP/content/actions/quickstart.md,broken liquid tags -translations/ja-JP/content/actions/security-guides/automatic-token-authentication.md,parsing error translations/ja-JP/content/actions/using-github-hosted-runners/about-github-hosted-runners.md,broken liquid tags translations/ja-JP/content/actions/using-workflows/storing-workflow-data-as-artifacts.md,broken liquid tags translations/ja-JP/content/admin/code-security/managing-github-advanced-security-for-your-enterprise/configuring-code-scanning-for-your-appliance.md,broken liquid tags translations/ja-JP/content/admin/code-security/managing-github-advanced-security-for-your-enterprise/configuring-secret-scanning-for-your-appliance.md,broken liquid tags +translations/ja-JP/content/admin/configuration/configuring-network-settings/network-ports.md,broken liquid tags translations/ja-JP/content/admin/configuration/configuring-your-enterprise/accessing-the-management-console.md,broken liquid tags translations/ja-JP/content/admin/configuration/configuring-your-enterprise/command-line-utilities.md,broken liquid tags translations/ja-JP/content/admin/configuration/configuring-your-enterprise/configuring-backups-on-your-appliance.md,broken liquid tags @@ -31,7 +31,7 @@ translations/ja-JP/content/admin/configuration/configuring-your-enterprise/initi translations/ja-JP/content/admin/configuration/configuring-your-enterprise/managing-github-mobile-for-your-enterprise.md,broken liquid tags translations/ja-JP/content/admin/configuration/configuring-your-enterprise/site-admin-dashboard.md,broken liquid tags translations/ja-JP/content/admin/enterprise-management/configuring-clustering/monitoring-cluster-nodes.md,Listed in localization-support#489 -translations/ja-JP/content/admin/enterprise-management/configuring-clustering/monitoring-cluster-nodes.md,parsing error +translations/ja-JP/content/admin/enterprise-management/configuring-clustering/monitoring-cluster-nodes.md,rendering error translations/ja-JP/content/admin/enterprise-management/updating-the-virtual-machine-and-physical-resources/increasing-cpu-or-memory-resources.md,broken liquid tags translations/ja-JP/content/admin/enterprise-management/updating-the-virtual-machine-and-physical-resources/upgrade-requirements.md,broken liquid tags translations/ja-JP/content/admin/github-actions/advanced-configuration-and-troubleshooting/index.md,broken liquid tags @@ -78,7 +78,7 @@ translations/ja-JP/content/authentication/keeping-your-account-and-data-secure/u translations/ja-JP/content/authentication/managing-commit-signature-verification/about-commit-signature-verification.md,broken liquid tags translations/ja-JP/content/authentication/troubleshooting-ssh/error-permission-denied-publickey.md,Listed in localization-support#489 translations/ja-JP/content/billing/managing-billing-for-github-advanced-security/viewing-your-github-advanced-security-usage.md,Listed in localization-support#489 -translations/ja-JP/content/billing/managing-billing-for-github-advanced-security/viewing-your-github-advanced-security-usage.md,parsing error +translations/ja-JP/content/billing/managing-billing-for-github-advanced-security/viewing-your-github-advanced-security-usage.md,rendering error translations/ja-JP/content/billing/managing-billing-for-github-packages/about-billing-for-github-packages.md,broken liquid tags translations/ja-JP/content/billing/managing-billing-for-your-github-account/how-does-upgrading-or-downgrading-affect-the-billing-process.md,broken liquid tags translations/ja-JP/content/billing/managing-licenses-for-visual-studio-subscriptions-with-github-enterprise/about-visual-studio-subscriptions-with-github-enterprise.md,broken liquid tags @@ -143,7 +143,7 @@ translations/ja-JP/content/education/manage-coursework-with-github-classroom/tea translations/ja-JP/content/get-started/customizing-your-github-workflow/exploring-integrations/about-github-marketplace.md,broken liquid tags translations/ja-JP/content/get-started/getting-started-with-git/updating-credentials-from-the-macos-keychain.md,broken liquid tags translations/ja-JP/content/get-started/learning-about-github/about-github-advanced-security.md,Listed in localization-support#489 -translations/ja-JP/content/get-started/learning-about-github/about-github-advanced-security.md,parsing error +translations/ja-JP/content/get-started/learning-about-github/about-github-advanced-security.md,rendering error translations/ja-JP/content/get-started/privacy-on-github/managing-data-use-settings-for-your-private-repository.md,broken liquid tags translations/ja-JP/content/get-started/quickstart/git-and-github-learning-resources.md,broken liquid tags translations/ja-JP/content/get-started/using-github/github-mobile.md,broken liquid tags @@ -238,9 +238,9 @@ translations/ja-JP/data/reusables/education/apply-for-team.md,broken liquid tags translations/ja-JP/data/reusables/enterprise-accounts/actions-packages-report-download-enterprise-accounts.md,broken liquid tags translations/ja-JP/data/reusables/enterprise-accounts/actions-tab.md,broken liquid tags translations/ja-JP/data/reusables/enterprise-accounts/hooks-tab.md,Listed in localization-support#489 -translations/ja-JP/data/reusables/enterprise-accounts/hooks-tab.md,parsing error +translations/ja-JP/data/reusables/enterprise-accounts/hooks-tab.md,broken liquid tags translations/ja-JP/data/reusables/enterprise-accounts/messages-tab.md,Listed in localization-support#489 -translations/ja-JP/data/reusables/enterprise-accounts/messages-tab.md,parsing error +translations/ja-JP/data/reusables/enterprise-accounts/messages-tab.md,broken liquid tags translations/ja-JP/data/reusables/enterprise-accounts/pages-tab.md,broken liquid tags translations/ja-JP/data/reusables/enterprise_installation/download-appliance.md,broken liquid tags translations/ja-JP/data/reusables/enterprise_installation/hardware-considerations-all-platforms.md,broken liquid tags From ed0c8a9b909bc0fafe596ff0f1d7831672143d2e Mon Sep 17 00:00:00 2001 From: docubot <67483024+docubot@users.noreply.github.com> Date: Sun, 20 Mar 2022 08:14:33 -0700 Subject: [PATCH 39/52] New translation batch for cn (#26347) * Add crowdin translations * Run script/i18n/homogenize-frontmatter.js * Run script/i18n/lint-translation-files.js --check rendering * run script/i18n/reset-files-with-broken-liquid-tags.js --language=cn * run script/i18n/reset-known-broken-translation-files.js * Check in cn CSV report --- translations/log/cn-resets.csv | 31 +-- ...analysis-settings-for-your-user-account.md | 2 +- .../releasing-and-maintaining-actions.md | 78 +++---- .../about-continuous-deployment.md | 30 +-- .../deploying-with-github-actions.md | 52 ++--- .../deployment/about-deployments/index.md | 6 +- ...ing-to-amazon-elastic-container-service.md | 8 +- .../deploying-to-your-cloud-provider/index.md | 6 +- .../deploying-xcode-applications/index.md | 4 +- .../managing-your-deployments/index.md | 6 +- .../viewing-deployment-history.md | 4 +- .../about-self-hosted-runners.md | 47 +++-- .../security-guides/encrypted-secrets.md | 2 +- .../actions/using-jobs/using-concurrency.md | 4 +- .../network-ports.md | 66 +++--- .../about-github-actions-for-enterprises.md | 2 +- .../about-using-actions-in-your-enterprise.md | 34 ++- ...-githubcom-actions-using-github-connect.md | 15 +- .../viewing-and-updating-dependabot-alerts.md | 2 +- .../about-dependabot-version-updates.md | 2 +- ...ndencies-configured-for-version-updates.md | 2 +- .../troubleshooting-dependabot-errors.md | 4 +- .../about-the-security-overview.md | 16 +- ...loring-the-dependencies-of-a-repository.md | 12 +- ...ating-a-github-app-using-url-parameters.md | 38 ++-- .../quickstart/contributing-to-projects.md | 54 ++--- .../get-started/quickstart/hello-world.md | 104 +++++----- ...-up-a-trial-of-github-enterprise-server.md | 2 +- .../get-started/using-git/about-git.md | 100 ++++----- ...ing-the-audit-log-for-your-organization.md | 24 +-- .../repository-roles-for-an-organization.md | 196 +++++++++--------- ...ership-continuity-for-your-organization.md | 2 +- ...-security-managers-in-your-organization.md | 38 ++-- .../roles-in-an-organization.md | 58 +++--- .../zh-CN/content/pages/quickstart.md | 12 +- ...r-github-pages-site-locally-with-jekyll.md | 2 +- .../working-with-non-code-files.md | 34 +-- .../enterprise-github-connect-warning.md | 15 -- .../actions/github-connect-resolution.md | 1 + ...f-hosted-runner-communications-for-ghae.md | 7 - ...self-hosted-runner-networking-to-dotcom.md | 1 + .../self-hosted-runner-ports-protocols.md | 4 +- .../getting-started/managing-team-settings.md | 2 +- .../partner-secret-list-public-repo.md | 1 + 44 files changed, 585 insertions(+), 545 deletions(-) delete mode 100644 translations/zh-CN/data/reusables/actions/enterprise-github-connect-warning.md create mode 100644 translations/zh-CN/data/reusables/actions/github-connect-resolution.md delete mode 100644 translations/zh-CN/data/reusables/actions/self-hosted-runner-communications-for-ghae.md create mode 100644 translations/zh-CN/data/reusables/actions/self-hosted-runner-networking-to-dotcom.md diff --git a/translations/log/cn-resets.csv b/translations/log/cn-resets.csv index 1e79aca6e7..10f59a540c 100644 --- a/translations/log/cn-resets.csv +++ b/translations/log/cn-resets.csv @@ -5,7 +5,7 @@ translations/zh-CN/content/account-and-profile/setting-up-and-managing-your-gith translations/zh-CN/content/account-and-profile/setting-up-and-managing-your-github-profile/managing-contribution-graphs-on-your-profile/viewing-contributions-on-your-profile.md,broken liquid tags translations/zh-CN/content/account-and-profile/setting-up-and-managing-your-github-profile/managing-contribution-graphs-on-your-profile/why-are-my-contributions-not-showing-up-on-my-profile.md,broken liquid tags translations/zh-CN/content/account-and-profile/setting-up-and-managing-your-github-user-account/managing-user-account-settings/about-your-personal-dashboard.md,broken liquid tags -translations/zh-CN/content/account-and-profile/setting-up-and-managing-your-github-user-account/managing-user-account-settings/changing-your-github-username.md,parsing error +translations/zh-CN/content/account-and-profile/setting-up-and-managing-your-github-user-account/managing-user-account-settings/changing-your-github-username.md,rendering error translations/zh-CN/content/account-and-profile/setting-up-and-managing-your-github-user-account/managing-user-account-settings/managing-the-default-branch-name-for-your-repositories.md,broken liquid tags translations/zh-CN/content/account-and-profile/setting-up-and-managing-your-github-user-account/managing-your-membership-in-organizations/about-organization-membership.md,broken liquid tags translations/zh-CN/content/actions/automating-builds-and-tests/about-continuous-integration.md,broken liquid tags @@ -15,7 +15,7 @@ translations/zh-CN/content/actions/hosting-your-own-runners/adding-self-hosted-r translations/zh-CN/content/actions/hosting-your-own-runners/monitoring-and-troubleshooting-self-hosted-runners.md,Listed in localization-support#489 translations/zh-CN/content/actions/hosting-your-own-runners/monitoring-and-troubleshooting-self-hosted-runners.md,broken liquid tags translations/zh-CN/content/actions/learn-github-actions/usage-limits-billing-and-administration.md,broken liquid tags -translations/zh-CN/content/actions/managing-workflow-runs/re-running-workflows-and-jobs.md,parsing error +translations/zh-CN/content/actions/managing-workflow-runs/re-running-workflows-and-jobs.md,rendering error translations/zh-CN/content/actions/managing-workflow-runs/removing-workflow-artifacts.md,broken liquid tags translations/zh-CN/content/actions/managing-workflow-runs/reviewing-deployments.md,Listed in localization-support#489 translations/zh-CN/content/actions/security-guides/security-hardening-for-github-actions.md,broken liquid tags @@ -24,6 +24,7 @@ translations/zh-CN/content/actions/using-workflows/storing-workflow-data-as-arti translations/zh-CN/content/admin/code-security/managing-github-advanced-security-for-your-enterprise/configuring-code-scanning-for-your-appliance.md,broken liquid tags translations/zh-CN/content/admin/code-security/managing-github-advanced-security-for-your-enterprise/configuring-secret-scanning-for-your-appliance.md,broken liquid tags translations/zh-CN/content/admin/configuration/configuring-network-settings/configuring-an-outbound-web-proxy-server.md,broken liquid tags +translations/zh-CN/content/admin/configuration/configuring-network-settings/network-ports.md,broken liquid tags translations/zh-CN/content/admin/configuration/configuring-your-enterprise/accessing-the-management-console.md,broken liquid tags translations/zh-CN/content/admin/configuration/configuring-your-enterprise/command-line-utilities.md,broken liquid tags translations/zh-CN/content/admin/configuration/configuring-your-enterprise/configuring-backups-on-your-appliance.md,broken liquid tags @@ -60,7 +61,7 @@ translations/zh-CN/content/admin/identity-and-access-management/managing-iam-for translations/zh-CN/content/admin/index.md,broken liquid tags translations/zh-CN/content/admin/installation/setting-up-a-github-enterprise-server-instance/installing-github-enterprise-server-on-aws.md,broken liquid tags translations/zh-CN/content/admin/overview/about-enterprise-accounts.md,Listed in localization-support#489 -translations/zh-CN/content/admin/overview/about-enterprise-accounts.md,parsing error +translations/zh-CN/content/admin/overview/about-enterprise-accounts.md,rendering error translations/zh-CN/content/admin/packages/enabling-github-packages-with-aws.md,broken liquid tags translations/zh-CN/content/admin/packages/enabling-github-packages-with-azure-blob-storage.md,broken liquid tags translations/zh-CN/content/admin/packages/enabling-github-packages-with-minio.md,broken liquid tags @@ -72,7 +73,7 @@ translations/zh-CN/content/admin/policies/enforcing-policy-with-pre-receive-hook translations/zh-CN/content/admin/user-management/managing-organizations-in-your-enterprise/creating-teams.md,broken liquid tags translations/zh-CN/content/admin/user-management/managing-repositories-in-your-enterprise/configuring-git-large-file-storage-for-your-enterprise.md,broken liquid tags translations/zh-CN/content/admin/user-management/managing-users-in-your-enterprise/promoting-or-demoting-a-site-administrator.md,broken liquid tags -translations/zh-CN/content/admin/user-management/managing-users-in-your-enterprise/roles-in-an-enterprise.md,parsing error +translations/zh-CN/content/admin/user-management/managing-users-in-your-enterprise/roles-in-an-enterprise.md,rendering error translations/zh-CN/content/admin/user-management/managing-users-in-your-enterprise/suspending-and-unsuspending-users.md,broken liquid tags translations/zh-CN/content/admin/user-management/migrating-data-to-and-from-your-enterprise/exporting-migration-data-from-githubcom.md,broken liquid tags translations/zh-CN/content/admin/user-management/migrating-data-to-and-from-your-enterprise/exporting-migration-data-from-your-enterprise.md,broken liquid tags @@ -88,18 +89,18 @@ translations/zh-CN/content/authentication/keeping-your-account-and-data-secure/r translations/zh-CN/content/authentication/managing-commit-signature-verification/about-commit-signature-verification.md,broken liquid tags translations/zh-CN/content/authentication/securing-your-account-with-two-factor-authentication-2fa/accessing-github-using-two-factor-authentication.md,broken liquid tags translations/zh-CN/content/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication.md,broken liquid tags -translations/zh-CN/content/billing/managing-billing-for-github-advanced-security/about-billing-for-github-advanced-security.md,parsing error +translations/zh-CN/content/billing/managing-billing-for-github-advanced-security/about-billing-for-github-advanced-security.md,rendering error translations/zh-CN/content/billing/managing-billing-for-github-advanced-security/viewing-your-github-advanced-security-usage.md,broken liquid tags translations/zh-CN/content/billing/managing-billing-for-github-packages/about-billing-for-github-packages.md,broken liquid tags translations/zh-CN/content/billing/managing-billing-for-your-github-account/about-billing-for-your-enterprise.md,broken liquid tags translations/zh-CN/content/billing/managing-billing-for-your-github-account/discounted-subscriptions-for-github-accounts.md,broken liquid tags translations/zh-CN/content/billing/managing-billing-for-your-github-account/index.md,broken liquid tags -translations/zh-CN/content/billing/managing-billing-for-your-github-account/upgrading-your-github-subscription.md,parsing error -translations/zh-CN/content/billing/managing-billing-for-your-github-account/viewing-the-subscription-and-usage-for-your-enterprise-account.md,parsing error +translations/zh-CN/content/billing/managing-billing-for-your-github-account/upgrading-your-github-subscription.md,rendering error +translations/zh-CN/content/billing/managing-billing-for-your-github-account/viewing-the-subscription-and-usage-for-your-enterprise-account.md,rendering error translations/zh-CN/content/billing/managing-licenses-for-visual-studio-subscriptions-with-github-enterprise/about-visual-studio-subscriptions-with-github-enterprise.md,broken liquid tags translations/zh-CN/content/billing/managing-your-license-for-github-enterprise/about-licenses-for-github-enterprise.md,broken liquid tags -translations/zh-CN/content/billing/managing-your-license-for-github-enterprise/downloading-your-license-for-github-enterprise.md,parsing error -translations/zh-CN/content/billing/managing-your-license-for-github-enterprise/syncing-license-usage-between-github-enterprise-server-and-github-enterprise-cloud.md,parsing error +translations/zh-CN/content/billing/managing-your-license-for-github-enterprise/downloading-your-license-for-github-enterprise.md,rendering error +translations/zh-CN/content/billing/managing-your-license-for-github-enterprise/syncing-license-usage-between-github-enterprise-server-and-github-enterprise-cloud.md,rendering error translations/zh-CN/content/billing/managing-your-license-for-github-enterprise/uploading-a-new-license-to-github-enterprise-server.md,broken liquid tags translations/zh-CN/content/billing/managing-your-license-for-github-enterprise/viewing-license-usage-for-github-enterprise.md,broken liquid tags translations/zh-CN/content/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning-with-codeql.md,broken liquid tags @@ -118,7 +119,7 @@ translations/zh-CN/content/code-security/code-scanning/using-codeql-code-scannin translations/zh-CN/content/code-security/code-scanning/using-codeql-code-scanning-with-your-existing-ci-system/configuring-codeql-cli-in-your-ci-system.md,broken liquid tags translations/zh-CN/content/code-security/code-scanning/using-codeql-code-scanning-with-your-existing-ci-system/installing-codeql-cli-in-your-ci-system.md,broken liquid tags translations/zh-CN/content/code-security/code-scanning/using-codeql-code-scanning-with-your-existing-ci-system/running-codeql-runner-in-your-ci-system.md,broken liquid tags -translations/zh-CN/content/code-security/dependabot/dependabot-alerts/about-dependabot-alerts.md,parsing error +translations/zh-CN/content/code-security/dependabot/dependabot-alerts/about-dependabot-alerts.md,rendering error translations/zh-CN/content/code-security/dependabot/dependabot-alerts/browsing-security-vulnerabilities-in-the-github-advisory-database.md,broken liquid tags translations/zh-CN/content/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates.md,broken liquid tags translations/zh-CN/content/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates.md,broken liquid tags @@ -167,7 +168,7 @@ translations/zh-CN/content/get-started/customizing-your-github-workflow/explorin translations/zh-CN/content/get-started/getting-started-with-git/about-remote-repositories.md,broken liquid tags translations/zh-CN/content/get-started/getting-started-with-git/updating-credentials-from-the-macos-keychain.md,broken liquid tags translations/zh-CN/content/get-started/learning-about-github/about-github-advanced-security.md,broken liquid tags -translations/zh-CN/content/get-started/learning-about-github/githubs-products.md,parsing error +translations/zh-CN/content/get-started/learning-about-github/githubs-products.md,rendering error translations/zh-CN/content/get-started/learning-about-github/types-of-github-accounts.md,broken liquid tags translations/zh-CN/content/get-started/onboarding/getting-started-with-github-ae.md,broken liquid tags translations/zh-CN/content/get-started/onboarding/getting-started-with-github-enterprise-cloud.md,broken liquid tags @@ -179,7 +180,7 @@ translations/zh-CN/content/get-started/quickstart/communicating-on-github.md,bro translations/zh-CN/content/get-started/quickstart/git-and-github-learning-resources.md,broken liquid tags translations/zh-CN/content/get-started/quickstart/github-flow.md,broken liquid tags translations/zh-CN/content/get-started/quickstart/set-up-git.md,broken liquid tags -translations/zh-CN/content/get-started/signing-up-for-github/setting-up-a-trial-of-github-enterprise-cloud.md,parsing error +translations/zh-CN/content/get-started/signing-up-for-github/setting-up-a-trial-of-github-enterprise-cloud.md,rendering error translations/zh-CN/content/get-started/signing-up-for-github/signing-up-for-a-new-github-account.md,broken liquid tags translations/zh-CN/content/get-started/signing-up-for-github/verifying-your-email-address.md,broken liquid tags translations/zh-CN/content/get-started/using-git/dealing-with-non-fast-forward-errors.md,broken liquid tags @@ -191,7 +192,7 @@ translations/zh-CN/content/organizations/managing-membership-in-your-organizatio translations/zh-CN/content/organizations/managing-membership-in-your-organization/reinstating-a-former-member-of-your-organization.md,broken liquid tags translations/zh-CN/content/organizations/managing-organization-settings/managing-the-default-branch-name-for-repositories-in-your-organization.md,broken liquid tags translations/zh-CN/content/organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization.md,Listed in localization-support#489 -translations/zh-CN/content/organizations/managing-peoples-access-to-your-organization-with-roles/adding-a-billing-manager-to-your-organization.md,parsing error +translations/zh-CN/content/organizations/managing-peoples-access-to-your-organization-with-roles/adding-a-billing-manager-to-your-organization.md,rendering error translations/zh-CN/content/organizations/organizing-members-into-teams/about-teams.md,broken liquid tags translations/zh-CN/content/packages/learn-github-packages/installing-a-package.md,broken liquid tags translations/zh-CN/content/packages/learn-github-packages/introduction-to-github-packages.md,broken liquid tags @@ -222,7 +223,7 @@ translations/zh-CN/content/rest/overview/other-authentication-methods.md,broken translations/zh-CN/content/rest/overview/resources-in-the-rest-api.md,Listed in localization-support#489 translations/zh-CN/content/rest/reference/enterprise-admin.md,broken liquid tags translations/zh-CN/content/search-github/getting-started-with-searching-on-github/about-searching-on-github.md,broken liquid tags -translations/zh-CN/content/search-github/getting-started-with-searching-on-github/enabling-githubcom-repository-search-from-your-private-enterprise-environment.md,parsing error +translations/zh-CN/content/search-github/getting-started-with-searching-on-github/enabling-githubcom-repository-search-from-your-private-enterprise-environment.md,rendering error translations/zh-CN/content/sponsors/getting-started-with-github-sponsors/about-github-sponsors.md,broken liquid tags translations/zh-CN/content/sponsors/receiving-sponsorships-through-github-sponsors/about-github-sponsors-for-open-source-contributors.md,broken liquid tags translations/zh-CN/content/support/contacting-github-support/creating-a-support-ticket.md,broken liquid tags @@ -269,7 +270,7 @@ translations/zh-CN/data/reusables/rest-reference/activity/events.md,broken liqui translations/zh-CN/data/reusables/rest-reference/apps/marketplace.md,broken liquid tags translations/zh-CN/data/reusables/rest-reference/packages/packages.md,broken liquid tags translations/zh-CN/data/reusables/saml/you-must-periodically-authenticate.md,Listed in localization-support#489 -translations/zh-CN/data/reusables/saml/you-must-periodically-authenticate.md,parsing error +translations/zh-CN/data/reusables/saml/you-must-periodically-authenticate.md,broken liquid tags translations/zh-CN/data/reusables/scim/after-you-configure-saml.md,broken liquid tags translations/zh-CN/data/reusables/secret-scanning/enterprise-enable-secret-scanning.md,broken liquid tags translations/zh-CN/data/reusables/sponsors/feedback.md,broken liquid tags diff --git a/translations/zh-CN/content/account-and-profile/setting-up-and-managing-your-github-user-account/managing-user-account-settings/managing-security-and-analysis-settings-for-your-user-account.md b/translations/zh-CN/content/account-and-profile/setting-up-and-managing-your-github-user-account/managing-user-account-settings/managing-security-and-analysis-settings-for-your-user-account.md index 19419b8e5c..6ca63900e4 100644 --- a/translations/zh-CN/content/account-and-profile/setting-up-and-managing-your-github-user-account/managing-user-account-settings/managing-security-and-analysis-settings-for-your-user-account.md +++ b/translations/zh-CN/content/account-and-profile/setting-up-and-managing-your-github-user-account/managing-user-account-settings/managing-security-and-analysis-settings-for-your-user-account.md @@ -50,5 +50,5 @@ shortTitle: 管理安全和分析 ## 延伸阅读 - “[关于依赖关系图](/github/visualizing-repository-data-with-graphs/about-the-dependency-graph)” -- "[About {% data variables.product.prodname_dependabot_alerts %}](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)" +- "[关于 {% data variables.product.prodname_dependabot_alerts %}](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)" - "[自动更新依赖项](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically)" diff --git a/translations/zh-CN/content/actions/creating-actions/releasing-and-maintaining-actions.md b/translations/zh-CN/content/actions/creating-actions/releasing-and-maintaining-actions.md index 835ef553ff..e50b3ad25c 100644 --- a/translations/zh-CN/content/actions/creating-actions/releasing-and-maintaining-actions.md +++ b/translations/zh-CN/content/actions/creating-actions/releasing-and-maintaining-actions.md @@ -1,7 +1,7 @@ --- -title: Releasing and maintaining actions -shortTitle: Releasing and maintaining actions -intro: You can leverage automation and open source best practices to release and maintain actions. +title: 发布和维护操作 +shortTitle: 发布和维护操作 +intro: 您可以利用自动化和开源最佳实践来发布和维护操作。 type: tutorial topics: - Action development @@ -19,77 +19,77 @@ versions: ## 简介 -After you create an action, you'll want to continue releasing new features while working with community contributions. This tutorial describes an example process you can follow to release and maintain actions in open source. The example: +创建操作后,您需要继续发布新功能,同时处理社区贡献。 本教程介绍了一个示例过程,您可以遵循该过程在开源中发布和维护操作。 示例: -* Leverages {% data variables.product.prodname_actions %} for continuous integration, dependency updates, release management, and task automation. -* Provides confidence through automated tests and build badges. -* Indicates how the action can be used, ideally as part of a broader workflow. -* Signal what type of community contributions you welcome. (For example, issues, pull requests, or vulnerability reports.) +* 利用 {% data variables.product.prodname_actions %} 实现持续集成、依赖项更新、版本管理和任务自动化。 +* 通过自动化测试和构建徽章提供信心。 +* 指示如何使用操作,理想情况下,作为更广泛的工作流程的一部分。 +* 表明您欢迎哪种类型的社区贡献。 (例如,议题、拉取请求或漏洞报告。) -For an applied example of this process, see [github-developer/javascript-action](https://github.com/github-developer/javascript-action). +有关此过程的应用示例,请参阅 [github-developer/javascript-action](https://github.com/github-developer/javascript-action)。 -## Developing and releasing actions +## 开发和发布操作 -In this section, we discuss an example process for developing and releasing actions and show how to use {% data variables.product.prodname_actions %} to automate the process. +在本节中,我们将讨论开发和发布操作的示例流程,并演示如何使用 {% data variables.product.prodname_actions %} 自动执行该过程。 -### About JavaScript actions +### 关于 JavaScript 操作 -JavaScript actions are Node.js repositories with metadata. However, JavaScript actions have additional properties compared to traditional Node.js projects: +JavaScript 操作是具有元数据的 Node.js 存储库。 但是,与传统的 Node.js 项目相比,JavaScript 操作具有其他属性: -* Dependent packages are committed alongside the code, typically in a compiled and minified form. This means that automated builds and secure community contributions are important. +* Dependent 包与代码一起提交,通常采用编译和缩小的形式。 这意味着自动化构建和安全的社区贡献非常重要。 {% ifversion fpt or ghec %} -* Tagged releases can be published directly to {% data variables.product.prodname_marketplace %} and consumed by workflows across {% data variables.product.prodname_dotcom %}. +* 标记的版本可以直接发布到 {% data variables.product.prodname_marketplace %} ,并由跨 {% data variables.product.prodname_dotcom %} 工作流程使用。 {% endif %} -* Many actions make use of {% data variables.product.prodname_dotcom %}'s APIs and third party APIs, so we encourage robust end-to-end testing. +* 许多操作都使用 {% data variables.product.prodname_dotcom %} 的 API 和第三方 API,因此我们鼓励进行强大的端到端测试。 -### Setting up {% data variables.product.prodname_actions %} workflows +### 设置 {% data variables.product.prodname_actions %} 工作流程 -To support the developer process in the next section, add two {% data variables.product.prodname_actions %} workflows to your repository: +要在下一节中支持开发人员流程,请将两个 {% data variables.product.prodname_actions %} 工作流程添加到存储库中: -1. Add a workflow that triggers when a commit is pushed to a feature branch or to `main` or when a pull request is created. Configure the workflow to run your unit and integration tests. For an example, see [this workflow](https://github.com/github-developer/javascript-action/blob/963a3b9a9c662fd499419a240ed8c49411ff5add/.github/workflows/test.yml). -2. Add a workflow that triggers when a release is published or edited. Configure the workflow to ensure semantic tags are in place. You can use an action like [JasonEtco/build-and-tag-action](https://github.com/JasonEtco/build-and-tag-action) to compile and bundle the JavaScript and metadata file and force push semantic major, minor, and patch tags. For an example, see [this workflow](https://github.com/github-developer/javascript-action/blob/963a3b9a9c662fd499419a240ed8c49411ff5add/.github/workflows/publish.yml). For more information about semantic tags, see "[About semantic versioning](https://docs.npmjs.com/about-semantic-versioning)." +1. 添加在将提交推送到功能分支或 `main` 分支或者创建拉取请求时触发的工作流程。 配置工作流程以运行单元和集成测试。 有关示例,请参阅[此工作流程](https://github.com/github-developer/javascript-action/blob/963a3b9a9c662fd499419a240ed8c49411ff5add/.github/workflows/test.yml)。 +2. 添加在发布或编辑发布时触发的工作流程。 配置工作流程以确保语义标记已就位。 您可以使用像 [JasonEtco/build-and-tag-action](https://github.com/JasonEtco/build-and-tag-action) 这样的操作来编译和捆绑 JavaScript 和元数据文件,并强制推送语义主要、次要和补丁标记。 有关示例,请参阅[此工作流程](https://github.com/github-developer/javascript-action/blob/963a3b9a9c662fd499419a240ed8c49411ff5add/.github/workflows/publish.yml)。 有关语义标记的详细信息,请参阅“[关于语义版本控制](https://docs.npmjs.com/about-semantic-versioning)”。 -### Example developer process +### 示例开发者流程 -Here is an example process that you can follow to automatically run tests, create a release{% ifversion fpt or ghec%} and publish to {% data variables.product.prodname_marketplace %}{% endif %}, and publish your action. +下面是一个示例过程,您可以遵循该过程来自动运行测试、创建发行版{% ifversion fpt or ghec%}并发布到 {% data variables.product.prodname_marketplace %}{% endif %},然后发布您的操作。 -1. Do feature work in branches per GitHub flow. For more information, see "[GitHub flow](/get-started/quickstart/github-flow)." - * Whenever a commit is pushed to the feature branch, your testing workflow will automatically run the tests. +1. 在每个 GitHub 流程的分支中执行功能工作。 更多信息请参阅“[GitHub 流](/get-started/quickstart/github-flow)”。 + * 每当将提交推送到功能分支时,测试工作流程将自动运行测试。 -2. Create pull requests to the `main` branch to initiate discussion and review, merging when ready. +2. 创建对 `main` 分支的拉取请求,以启动讨论和审阅,并在准备就绪时合并。 - * When a pull request is opened, either from a branch or a fork, your testing workflow will again run the tests, this time with the merge commit. + * 当从分支或复刻打开拉取请求时,测试工作流将再次运行测试,这次是合并提交。 - * **Note:** for security reasons, workflows triggered by `pull_request` from forks have restricted `GITHUB_TOKEN` permissions and do not have access to secrets. If your tests or other workflows triggered upon pull request require access to secrets, consider using a different event like a [manual trigger](/actions/reference/events-that-trigger-workflows#manual-events) or a [`pull_request_target`](/actions/reference/events-that-trigger-workflows#pull_request_target). Read more [here](/actions/reference/events-that-trigger-workflows#pull-request-events-for-forked-repositories). + * **注意:**出于安全原因,由复刻中的 `pull_request` 触发的工作流程限制了 `GITHUB_TOKEN` 权限,并且无法访问机密。 如果在拉取请求时触发的测试或其他工作流程需要访问机密,请考虑使用其他事件,如 [manual trigger](/actions/reference/events-that-trigger-workflows#manual-events) 或 [`pull_request_target`](/actions/reference/events-that-trigger-workflows#pull_request_target)。 [在此](/actions/reference/events-that-trigger-workflows#pull-request-events-for-forked-repositories)处阅读更多。 -3. Create a semantically tagged release. {% ifversion fpt or ghec %} You may also publish to {% data variables.product.prodname_marketplace %} with a simple checkbox. {% endif %} For more information, see "[Managing releases in a repository](/github/administering-a-repository/managing-releases-in-a-repository#creating-a-release)"{% ifversion fpt or ghec %} and "[Publishing actions in {% data variables.product.prodname_marketplace %}](/actions/creating-actions/publishing-actions-in-github-marketplace#publishing-an-action)"{% endif %}. +3. 创建语义标记的版本。 {% ifversion fpt or ghec %} 您也可以使用简单的复选框发布到 {% data variables.product.prodname_marketplace %}。 {% endif %} 更多信息请参阅“[管理存储库中的版本](/github/administering-a-repository/managing-releases-in-a-repository#creating-a-release)”{% ifversion fpt or ghec %}和“[在 {% data variables.product.prodname_marketplace %} 中发布操作](/actions/creating-actions/publishing-actions-in-github-marketplace#publishing-an-action)”{% endif %}。 - * When a release is published or edited, your release workflow will automatically take care of compilation and adjusting tags. + * 发布或编辑版本时,发行版工作流程将自动负责编译和调整标记。 - * We recommend creating releases using semantically versioned tags – for example, `v1.1.3` – and keeping major (`v1`) and minor (`v1.1`) tags current to the latest appropriate commit. For more information, see "[About custom actions](/actions/creating-actions/about-custom-actions#using-release-management-for-actions)" and "[About semantic versioning](https://docs.npmjs.com/about-semantic-versioning). + * 我们建议使用语义版本化的标记(例如,`v1.1.3` )创建版本,并将主要(`v1`)和次要(`v1.1`)标记保持最新适当的提交。 更多信息请参阅“[关于自定义操作](/actions/creating-actions/about-custom-actions#using-release-management-for-actions)”和“[关于语义版本控制](https://docs.npmjs.com/about-semantic-versioning)”。 ### 结果 -Unlike some other automated release management strategies, this process intentionally does not commit dependencies to the `main` branch, only to the tagged release commits. By doing so, you encourage users of your action to reference named tags or `sha`s, and you help ensure the security of third party pull requests by doing the build yourself during a release. +与其他一些自动化版本管理策略不同,此过程有意不将依赖项提交到 `main` 分支,而只提交到标记的版本提交。 这样可以鼓励操作的用户引用命名标记或 `sha`s,并且通过在发布期间自己执行构建来帮助确保第三方拉取请求的安全性。 -Using semantic releases means that the users of your actions can pin their workflows to a version and know that they might continue to receive the latest stable, non-breaking features, depending on their comfort level: +使用语义发行版意味着操作的用户可以将其工作流程固定到某个版本,并且知道他们可能会继续接收最新的稳定、不间断功能,具体取决于他们的舒适度: -## Working with the community +## 与社区合作 -{% data variables.product.product_name %} provides tools and guides to help you work with the open source community. Here are a few tools we recommend setting up for healthy bidirectional communication. By providing the following signals to the community, you encourage others to use, modify, and contribute to your action: +{% data variables.product.product_name %} 提供工具和指南,帮助您与开源社区合作。 以下是我们建议为健康的双向通信设置的一些工具。 通过向社区提供以下信号,您可以鼓励其他人使用、修改和参与您的操作: -* Maintain a `README` with plenty of usage examples and guidance. 更多信息请参阅“[关于自述文件](/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-readmes)”。 -* Include a workflow status badge in your `README` file. 更多信息请参阅“[添加工作流程状态徽章](/actions/managing-workflow-runs/adding-a-workflow-status-badge)”。 Also visit [shields.io](https://shields.io/) to learn about other badges that you can add.{% ifversion fpt or ghec %} -* Add community health files like `CODE_OF_CONDUCT`, `CONTRIBUTING`, and `SECURITY`. For more information, see "[Creating a default community health file](/github/building-a-strong-community/creating-a-default-community-health-file#supported-file-types)."{% endif %} -* Keep issues current by utilizing actions like [actions/stale](https://github.com/actions/stale). +* 维护一个其中包含大量使用示例和指南的 `README`。 更多信息请参阅“[关于自述文件](/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-readmes)”。 +* 在 `README` 文件中包括工作流程状态徽章。 更多信息请参阅“[添加工作流程状态徽章](/actions/managing-workflow-runs/adding-a-workflow-status-badge)”。 另请访问 [shields.io](https://shields.io/),了解您可以添加的其他徽章。{% ifversion fpt or ghec %} +* 添加社区健康文件,如 `CODE_OF_CONDUCT`、`CONTRIBUTING` 和 `SECURITY`。 更多信息请参阅“[创建默认社区健康文件](/github/building-a-strong-community/creating-a-default-community-health-file#supported-file-types)”。{% endif %} +* 利用 [actions/stale](https://github.com/actions/stale)等操作使议题保持最新。 ## 延伸阅读 -Examples where similar patterns are employed include: +采用类似模式的示例包括: * [github/super-linter](https://github.com/github/super-linter) * [octokit/request-action](https://github.com/octokit/request-action) diff --git a/translations/zh-CN/content/actions/deployment/about-deployments/about-continuous-deployment.md b/translations/zh-CN/content/actions/deployment/about-deployments/about-continuous-deployment.md index d419866754..715aeb3218 100644 --- a/translations/zh-CN/content/actions/deployment/about-deployments/about-continuous-deployment.md +++ b/translations/zh-CN/content/actions/deployment/about-deployments/about-continuous-deployment.md @@ -1,6 +1,6 @@ --- -title: About continuous deployment -intro: 'You can create custom continuous deployment (CD) workflows directly in your {% data variables.product.prodname_dotcom %} repository with {% data variables.product.prodname_actions %}.' +title: 关于持续部署 +intro: '您可以直接在 {% data variables.product.prodname_dotcom %} 仓库中通过 {% data variables.product.prodname_actions %} 创建自定义持续部署 (CD) 工作流程。' versions: fpt: '*' ghes: '*' @@ -11,41 +11,41 @@ redirect_from: - /actions/deployment/about-continuous-deployment topics: - CD -shortTitle: About continuous deployment +shortTitle: 关于持续部署 --- {% data reusables.actions.enterprise-beta %} {% data reusables.actions.enterprise-github-hosted-runners %} -## About continuous deployment +## 关于持续部署 -_Continuous deployment_ (CD) is the practice of using automation to publish and deploy software updates. As part of the typical CD process, the code is automatically built and tested before deployment. +_持续部署_ (CD) 是使用自动化发布和部署软件更新的做法。 作为典型 CD 过程的一部分,代码在部署之前会自动构建并测试。 -Continuous deployment is often coupled with continuous integration. For more information about continuous integration, see "[About continuous integration](/actions/guides/about-continuous-integration)". +持续部署通常与持续集成相结合。 有关持续集成的更多信息,请参阅“[关于持续集成](/actions/guides/about-continuous-integration)”。 -## About continuous deployment using {% data variables.product.prodname_actions %} +## 关于使用 {% data variables.product.prodname_actions %} 的持续部署 -You can set up a {% data variables.product.prodname_actions %} workflow to deploy your software product. To verify that your product works as expected, your workflow can build the code in your repository and run your tests before deploying. +您可以设置 {% data variables.product.prodname_actions %} 工作流程来部署软件产品。 要验证产品是否按预期工作,您的工作流程可以在存储库中构建代码,并在部署之前运行测试。 -You can configure your CD workflow to run when a {% data variables.product.product_name %} event occurs (for example, when new code is pushed to the default branch of your repository), on a set schedule, manually, or when an external event occurs using the repository dispatch webhook. For more information about when your workflow can run, see "[Events that trigger workflows](/actions/reference/events-that-trigger-workflows)." +您可以配置 CD 工作流程在发生 {% data variables.product.product_name %} 事件(例如,将新代码推送到存储库的默认分支)时运行、按设定的时间表运行、手动运行或者在使用存储库分发 web 挂钩的外部事件发生时运行。 有关工作流程何时可以运行的更多信息,请参阅“[触发工作流程的事件](/actions/reference/events-that-trigger-workflows)”。 -{% data variables.product.prodname_actions %} provides features that give you more control over deployments. For example, you can use environments to require approval for a job to proceed, restrict which branches can trigger a workflow, or limit access to secrets. {% ifversion fpt or ghae or ghes > 3.1 or ghec %}You can use concurrency to limit your CD pipeline to a maximum of one in-progress deployment and one pending deployment. {% endif %}For more information about these features, see "[Deploying with GitHub Actions](/actions/deployment/deploying-with-github-actions)" and "[Using environments for deployment](/actions/deployment/using-environments-for-deployment)." +{% data variables.product.prodname_actions %} 提供的功能使您可以更好地控制部署。 例如,您可以使用环境来要求批准才能继续作业,限制哪些分支可以触发工作流程,或限制对机密的访问。 {% ifversion fpt or ghae or ghes > 3.1 or ghec %} 可以使用并发性将 CD 管道限制为最多一个正在进行的部署和一个挂起的部署。 {% endif %}有关这些功能的详细信息,请参阅“[使用 GitHub Actions 进行部署](/actions/deployment/deploying-with-github-actions)”和“[使用环境进行部署](/actions/deployment/using-environments-for-deployment)”。 {% ifversion fpt or ghec or ghae-issue-4856 %} -## Using OpenID Connect to access cloud resources +## 使用 OpenID Connect 访问云资源 {% data reusables.actions.about-oidc-short-overview %} {% endif %} -## Starter workflows and third party actions +## 初学者工作流程和第三方操作 {% data reusables.actions.cd-templates-actions %} ## 延伸阅读 -- [Deploying with GitHub Actions](/actions/deployment/deploying-with-github-actions) -- [Using environments for deployment](/actions/deployment/using-environments-for-deployment){% ifversion fpt or ghec %} -- "[Managing billing for {% data variables.product.prodname_actions %}](/billing/managing-billing-for-github-actions)"{% endif %} +- [使用 GitHub Actions 进行部署](/actions/deployment/deploying-with-github-actions) +- [使用环境进行部署](/actions/deployment/using-environments-for-deployment){% ifversion fpt or ghec %} +- "[管理 {% data variables.product.prodname_actions %} 的计费](/billing/managing-billing-for-github-actions)"{% endif %} diff --git a/translations/zh-CN/content/actions/deployment/about-deployments/deploying-with-github-actions.md b/translations/zh-CN/content/actions/deployment/about-deployments/deploying-with-github-actions.md index c93b5c3c42..04e2fe7d7f 100644 --- a/translations/zh-CN/content/actions/deployment/about-deployments/deploying-with-github-actions.md +++ b/translations/zh-CN/content/actions/deployment/about-deployments/deploying-with-github-actions.md @@ -1,6 +1,6 @@ --- -title: Deploying with GitHub Actions -intro: Learn how to control deployments with features like environments and concurrency. +title: 使用 GitHub Actions 进行部署 +intro: 了解如何使用环境和并发性等功能控制部署。 versions: fpt: '*' ghes: '*' @@ -11,7 +11,7 @@ redirect_from: - /actions/deployment/deploying-with-github-actions topics: - CD -shortTitle: Deploy with GitHub Actions +shortTitle: 使用 GitHub Actions 进行部署 --- {% data reusables.actions.enterprise-beta %} @@ -19,27 +19,27 @@ shortTitle: Deploy with GitHub Actions ## 简介 -{% data variables.product.prodname_actions %} offers features that let you control deployments. 您可以: +{% data variables.product.prodname_actions %} 提供了允许您控制部署的功能。 您可以: -- Trigger workflows with a variety of events. -- Configure environments to set rules before a job can proceed and to limit access to secrets. -- Use concurrency to control the number of deployments running at a time. +- 使用各种事件触发工作流程。 +- 配置环境以在作业可以继续之前设置规则,并限制对机密的访问。 +- 使用并发性来控制一次运行的部署数。 -For more information about continuous deployment, see "[About continuous deployment](/actions/deployment/about-continuous-deployment)." +有关持续部署的更多信息,请参阅“[关于持续部署](/actions/deployment/about-continuous-deployment)”。 ## 基本要求 -You should be familiar with the syntax for {% data variables.product.prodname_actions %}. 更多信息请参阅“[Learn {% data variables.product.prodname_actions %}](/actions/learn-github-actions)”。 +您应该熟悉 {% data variables.product.prodname_actions %} 的语法。 更多信息请参阅“[Learn {% data variables.product.prodname_actions %}](/actions/learn-github-actions)”。 -## Triggering your deployment +## 触发部署 -You can use a variety of events to trigger your deployment workflow. Some of the most common are: `pull_request`, `push`, and `workflow_dispatch`. +您可以使用各种事件来触发您的部署工作流程。 最常见的有:`pull_request`、`put` 和 `Workflow_paid`。 -For example, a workflow with the following triggers runs whenever: +例如,具有以下触发器的工作流在以下情况下会运行: -- There is a push to the `main` branch. -- A pull request targeting the `main` branch is opened, synchronized, or reopened. -- Someone manually triggers it. +- 有人推送到 `main` 分支。 +- 打开、同步或重新打开面向 `main` 分支的拉取请求。 +- 有人手动触发它。 ```yaml on: @@ -58,17 +58,17 @@ on: {% data reusables.actions.about-environments %} -## Using concurrency +## 使用并发 -Concurrency 确保只有使用相同并发组的单一作业或工作流程才会同时运行。 您可以使用并发,以便环境中每次最多有一个正在进行的部署和一个待处理的部署。 +并发确保只有使用相同并发组的单一作业或工作流程才会同时运行。 您可以使用并发,以便环境中每次最多有一个正在进行的部署和一个待处理的部署。 {% note %} -**Note:** `concurrency` and `environment` are not connected. The concurrency value can be any string; it does not need to be an environment name. Additionally, if another workflow uses the same environment but does not specify concurrency, that workflow will not be subject to any concurrency rules. +**注意**:`concurrency` 和 `environment` 未连接。 并发值可以是任何字符串;它无需是环境名称。 此外,如果另一个工作流程使用相同的环境,但未指定并发性,则该工作流程将不受任何并发规则的约束。 {% endnote %} -For example, when the following workflow runs, it will be paused with the status `pending` if any job or workflow that uses the `production` concurrency group is in progress. It will also cancel any job or workflow that uses the `production` concurrency group and has the status `pending`. This means that there will be a maximum of one running and one pending job or workflow in that uses the `production` concurrency group. +例如,当以下工作流程运行时,如果正在进行使用 `production` 并发组的任何作业或工作流程,则该工作流程将暂停,且状态为 `pending`。 它还将取消使用 `production` 并发组并且状态为 `pending` 的任何作业或工作流程。 这意味着最多将有一个正在运行的作业或工作流程和一个使用 `production` 并发组的挂起作业或工作流程。 ```yaml name: Deployment @@ -89,7 +89,7 @@ jobs: # ...deployment-specific steps ``` -You can also specify concurrency at the job level. This will allow other jobs in the workflow to proceed even if the concurrent job is `pending`. +您也可以在作业级别指定并发性。 这将允许工作流中的其他作业继续,即使并发作业状态为 `pending`。 ```yaml name: Deployment @@ -109,7 +109,7 @@ jobs: # ...deployment-specific steps ``` -You can also use `cancel-in-progress` to cancel any currently running job or workflow in the same concurrency group. +还可以使用 `cancel-in-progress` 取消同一并发组中任何当前正在运行的作业或工作流程。 ```yaml name: Deployment @@ -132,19 +132,19 @@ jobs: # ...deployment-specific steps ``` -For guidance on writing deployment-specific steps, see "[Finding deployment examples](#finding-deployment-examples)." +有关编写特定于部署的步骤的指导,请参阅“[查找部署示例](#finding-deployment-examples)”。 ## 查看部署历史记录 When a {% data variables.product.prodname_actions %} workflow deploys to an environment, the environment is displayed on the main page of the repository. For more information about viewing deployments to environments, see "[Viewing deployment history](/developers/overview/viewing-deployment-history)." -## Monitoring workflow runs +## 监控工作流程运行 -每个工作流程运行都会生成一个实时图表,说明运行进度。 You can use this graph to monitor and debug deployments. For more information see, "[Using the visualization graph](/actions/monitoring-and-troubleshooting-workflows/using-the-visualization-graph)." +每个工作流程运行都会生成一个实时图表,说明运行进度。 您可以使用此图表来监控和调试部署。 更多信息请参阅“[使用可视化图](/actions/monitoring-and-troubleshooting-workflows/using-the-visualization-graph)”。 -You can also view the logs of each workflow run and the history of workflow runs. 更多信息请参阅“[查看工作流程运行历史记录](/actions/monitoring-and-troubleshooting-workflows/viewing-workflow-run-history)”。 +您还可以查看每个工作流程运行的日志和工作流程运行的历史记录。 更多信息请参阅“[查看工作流程运行历史记录](/actions/monitoring-and-troubleshooting-workflows/viewing-workflow-run-history)”。 -## Tracking deployments through apps +## 通过应用跟踪部署 {% ifversion fpt or ghec %} If your personal account or organization on {% ifversion ghae %}{% data variables.product.product_name %}{% else %}{% data variables.product.product_location %}{% endif %} is integrated with Microsoft Teams or Slack, you can track deployments that use environments through Microsoft Teams or Slack. For example, you can receive notifications through the app when a deployment is pending approval, when a deployment is approved, or when the deployment status changes. For more information about integrating Microsoft Teams or Slack, see "[GitHub extensions and integrations](/github/customizing-your-github-workflow/exploring-integrations/github-extensions-and-integrations#team-communication-tools)." diff --git a/translations/zh-CN/content/actions/deployment/about-deployments/index.md b/translations/zh-CN/content/actions/deployment/about-deployments/index.md index 921a8c1fbd..fae4e48330 100644 --- a/translations/zh-CN/content/actions/deployment/about-deployments/index.md +++ b/translations/zh-CN/content/actions/deployment/about-deployments/index.md @@ -1,7 +1,7 @@ --- -title: About deployments -shortTitle: About deployments -intro: 'Learn how deployments can run with {% data variables.product.prodname_actions %} workflows.' +title: 关于部署 +shortTitle: 关于部署 +intro: '了解如何使用 {% data variables.product.prodname_actions %} 工作流程运行部署。' versions: fpt: '*' ghes: '*' diff --git a/translations/zh-CN/content/actions/deployment/deploying-to-your-cloud-provider/deploying-to-amazon-elastic-container-service.md b/translations/zh-CN/content/actions/deployment/deploying-to-your-cloud-provider/deploying-to-amazon-elastic-container-service.md index 4d9cac1104..1c706cab39 100644 --- a/translations/zh-CN/content/actions/deployment/deploying-to-your-cloud-provider/deploying-to-amazon-elastic-container-service.md +++ b/translations/zh-CN/content/actions/deployment/deploying-to-your-cloud-provider/deploying-to-amazon-elastic-container-service.md @@ -22,15 +22,15 @@ shortTitle: 部署到 Amazon ECS ## 简介 -This guide explains how to use {% data variables.product.prodname_actions %} to build a containerized application, push it to [Amazon Elastic Container Registry (ECR)](https://aws.amazon.com/ecr/), and deploy it to [Amazon Elastic Container Service (ECS)](https://aws.amazon.com/ecs/) when there is a push to the `main` branch. +本指南介绍如何使用 {% data variables.product.prodname_actions %} 构建容器化应用程序,将其推送到 [Amazon Elastic Container Registry (ECR)](https://aws.amazon.com/ecr/),以及要推送到 `main` 分支时将其部署到 [Amazon Elastic Container Service (ECS)](https://aws.amazon.com/ecs/)。 -On every new push to `main` in your {% data variables.product.company_short %} repository, the {% data variables.product.prodname_actions %} workflow builds and pushes a new container image to Amazon ECR, and then deploys a new task definition to Amazon ECS. +在每次推送到 {% data variables.product.company_short %} 仓库中的 `main` 时,{% data variables.product.prodname_actions %} 工作流程将构建新的容器映像并将其推送到 Amazon ECR,然后将新的任务定义部署到 Amazon ECS。 {% ifversion fpt or ghec or ghae-issue-4856 %} {% note %} -**Note**: {% data reusables.actions.about-oidc-short-overview %} and ["Configuring OpenID Connect in Amazon Web Services"](/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services). +**注意**:{% data reusables.actions.about-oidc-short-overview %} 和[“在 Amazon Web Services 中配置 OpenID Connect”](/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services)。 {% endnote %} @@ -161,7 +161,7 @@ jobs: ## 其他资源 -For the original starter workflow, see [`aws.yml`](https://github.com/actions/starter-workflows/blob/main/deployments/aws.yml) in the {% data variables.product.prodname_actions %} `starter-workflows` repository. +有关原始入门工作流程,请参阅 {% data variables.product.prodname_actions %} `starter-workflows` 仓库中的 [`aws.yml`](https://github.com/actions/starter-workflows/blob/main/deployments/aws.yml)。 有关这些示例中使用的服务的详细信息,请参阅以下文档: diff --git a/translations/zh-CN/content/actions/deployment/deploying-to-your-cloud-provider/index.md b/translations/zh-CN/content/actions/deployment/deploying-to-your-cloud-provider/index.md index a31cb4f532..1e0568977e 100644 --- a/translations/zh-CN/content/actions/deployment/deploying-to-your-cloud-provider/index.md +++ b/translations/zh-CN/content/actions/deployment/deploying-to-your-cloud-provider/index.md @@ -1,7 +1,7 @@ --- -title: Deploying to your cloud provider -shortTitle: Deploying to your cloud provider -intro: 'You can deploy to various cloud providers, such as AWS, Azure, and GKE.' +title: 部署到云提供商 +shortTitle: 部署到云提供商 +intro: 您可以部署到各种云提供商,例如 AWS、Azure 和 GKE。 versions: fpt: '*' ghae: '*' diff --git a/translations/zh-CN/content/actions/deployment/deploying-xcode-applications/index.md b/translations/zh-CN/content/actions/deployment/deploying-xcode-applications/index.md index 857ef66b1e..ccbd0e8bb4 100644 --- a/translations/zh-CN/content/actions/deployment/deploying-xcode-applications/index.md +++ b/translations/zh-CN/content/actions/deployment/deploying-xcode-applications/index.md @@ -1,6 +1,6 @@ --- -title: Deploying Xcode applications -shortTitle: Deploying Xcode applications +title: 部署 Xcode 应用程序 +shortTitle: 部署 Xcode 应用程序 intro: '您可以在 {% data variables.product.prodname_actions %} 运行器上安装 Apple 代码签名证书,以在持续集成 (CI) 工作流程中对 Xcode 应用签名。' versions: fpt: '*' diff --git a/translations/zh-CN/content/actions/deployment/managing-your-deployments/index.md b/translations/zh-CN/content/actions/deployment/managing-your-deployments/index.md index 46b6374261..518435c120 100644 --- a/translations/zh-CN/content/actions/deployment/managing-your-deployments/index.md +++ b/translations/zh-CN/content/actions/deployment/managing-your-deployments/index.md @@ -1,7 +1,7 @@ --- -title: Managing your deployments -shortTitle: Managing your deployments -intro: You can review the past activity of your deployments. +title: 管理部署 +shortTitle: 管理部署 +intro: 您可以查看您的部署中过去的活动。 versions: fpt: '*' ghes: '*' diff --git a/translations/zh-CN/content/actions/deployment/managing-your-deployments/viewing-deployment-history.md b/translations/zh-CN/content/actions/deployment/managing-your-deployments/viewing-deployment-history.md index 142e2755d9..6772eedef4 100644 --- a/translations/zh-CN/content/actions/deployment/managing-your-deployments/viewing-deployment-history.md +++ b/translations/zh-CN/content/actions/deployment/managing-your-deployments/viewing-deployment-history.md @@ -15,14 +15,14 @@ redirect_from: --- -You can deliver deployments through {% data variables.product.prodname_actions %} and environments or with the REST API and third party apps. {% ifversion fpt or ghae ghes > 3.0 or ghec %}For more information about using environments to deploy with {% data variables.product.prodname_actions %}, see "[Using environments for deployment](/actions/deployment/using-environments-for-deployment)." {% endif %}有关使用 REST API 进行部署的更多信息,请参阅“[仓库](/rest/reference/repos#deployments)”。 +您可以通过 {% data variables.product.prodname_actions %} 和环境或使用 REST API 和第三方应用交付部署。 {% ifversion fpt or ghae ghes > 3.0 or ghec %}有关使用环境进行部署 {% data variables.product.prodname_actions %}的详细信息,请参阅“[使用环境进行部署](/actions/deployment/using-environments-for-deployment)”。 {% endif %}有关使用 REST API 进行部署的更多信息,请参阅“[仓库](/rest/reference/repos#deployments)”。 要查看当前和过去的部署,请在仓库的主页上单击 **Environments(环境)**。 {% ifversion ghae %} ![环境](/assets/images/enterprise/2.22/environments-sidebar.png){% else %} ![Environments](/assets/images/environments-sidebar.png){% endif %} -部署页显示仓库中每个环境的最新活动部署。 If the deployment includes an environment URL, a **View deployment** button that links to the URL is shown next to the deployment. +部署页显示仓库中每个环境的最新活动部署。 如果部署包含环境 URL,则部署旁边将显示链接到 URL 的 **View deployment(查看部署)**按钮。 活动日志显示环境的部署历史记录。 默认情况下,只有环境的最新部署具有 `Active` 状态;所有先前的活动部署具有 `Inactive` 状态。 有关自动失活部署的更多信息,请参阅“[非活动部署](/rest/reference/deployments#inactive-deployments)”。 diff --git a/translations/zh-CN/content/actions/hosting-your-own-runners/about-self-hosted-runners.md b/translations/zh-CN/content/actions/hosting-your-own-runners/about-self-hosted-runners.md index f2904902c9..472e15ed55 100644 --- a/translations/zh-CN/content/actions/hosting-your-own-runners/about-self-hosted-runners.md +++ b/translations/zh-CN/content/actions/hosting-your-own-runners/about-self-hosted-runners.md @@ -133,16 +133,30 @@ Some extra configuration might be required to use actions from {% data variables ## Communication between self-hosted runners and {% data variables.product.product_name %} -The self-hosted runner polls {% data variables.product.product_name %} to retrieve application updates and to check if any jobs are queued for processing. The self-hosted runner uses a HTTPS _long poll_ that opens a connection to {% data variables.product.product_name %} for 50 seconds, and if no response is received, it then times out and creates a new long poll. The application must be running on the machine to accept and run {% data variables.product.prodname_actions %} jobs. +The self-hosted runner connects to {% data variables.product.product_name %} to receive job assignments and to download new versions of the runner application. The self-hosted runner uses an {% ifversion ghes %}HTTP(S){% else %}HTTPS{% endif %} _long poll_ that opens a connection to {% data variables.product.product_name %} for 50 seconds, and if no response is received, it then times out and creates a new long poll. The application must be running on the machine to accept and run {% data variables.product.prodname_actions %} jobs. {% data reusables.actions.self-hosted-runner-ports-protocols %} -{% data reusables.actions.self-hosted-runner-communications-for-ghae %} +{% ifversion fpt or ghec %} +Since the self-hosted runner opens a connection to {% data variables.product.product_location %}, you do not need to allow {% data variables.product.prodname_dotcom %} to make inbound connections to your self-hosted runner. +{% elsif ghes or ghae %} +Only an outbound connection from the runner to {% data variables.product.product_location %} is required. There is no need for an inbound connection from {% data variables.product.product_location %} to the runner. +{%- endif %} + +{% ifversion ghes %} + +{% data variables.product.product_name %} must accept inbound connections from your runners over {% ifversion ghes %}HTTP(S){% else %}HTTPS{% endif %} at {% data variables.product.product_location %}'s hostname and API subdomain, and your runners must allow outbound connections over {% ifversion ghes %}HTTP(S){% else %}HTTPS{% endif %} to {% data variables.product.product_location %}'s hostname and API subdomain. + +{% elsif ghae %} + +You must ensure that the self-hosted runner has appropriate network access to communicate with your {% data variables.product.product_name %} URL and its subdomains. For example, if your subdomain for {% data variables.product.product_name %} is `octoghae`, then you will need to allow the self-hosted runner to access `octoghae.githubenterprise.com`, `api.octoghae.githubenterprise.com`, and `codeload.octoghae.githubenterprise.com`. + +If you use an IP address allow list, you must add your self-hosted runner's IP address to the allow list. For more information, see "[Managing allowed IP addresses for your organization](/organizations/keeping-your-organization-secure/managing-allowed-ip-addresses-for-your-organization#using-github-actions-with-an-ip-allow-list)." + +{% endif %} {% ifversion fpt or ghec %} -Since the self-hosted runner opens a connection to {% data variables.product.prodname_dotcom %}, you do not need to allow {% data variables.product.prodname_dotcom %} to make inbound connections to your self-hosted runner. - You must ensure that the machine has the appropriate network access to communicate with the {% data variables.product.prodname_dotcom %} hosts listed below. Some hosts are required for essential runner operations, while other hosts are only required for certain functionality. {% note %} @@ -191,27 +205,25 @@ If you use an IP address allow list for your {% data variables.product.prodname_ {% else %} -You must ensure that the machine has the appropriate network access to communicate with {% data variables.product.product_location %}.{% ifversion ghes %} Self-hosted runners connect directly to {% data variables.product.product_location %} and do not require any external internet access in order to function. As a result, you can use network routing to direct communication between the self-hosted runner and {% data variables.product.product_location %}. For example, you can assign a private IP address to your self-hosted runner and configure routing to send traffic to {% data variables.product.product_location %}, with no need for traffic to traverse a public network.{% endif %} +{% ifversion ghes %}Self-hosted runners do not require any external internet access in order to function. As a result, you can use network routing to direct communication between the self-hosted runner and {% data variables.product.product_location %}. For example, you can assign a private IP address to your self-hosted runner and configure routing to send traffic to {% data variables.product.product_location %}, with no need for traffic to traverse a public network.{% endif %} {% endif %} +{% ifversion ghae %} +If you use an IP address allow list for your {% data variables.product.prodname_dotcom %} organization or enterprise account, you must add your self-hosted runner's IP address to the allow list. For more information, see "[Managing allowed IP addresses for your organization](/organizations/keeping-your-organization-secure/managing-allowed-ip-addresses-for-your-organization#using-github-actions-with-an-ip-allow-list)." +{% endif %} + You can also use self-hosted runners with a proxy server. For more information, see "[Using a proxy server with self-hosted runners](/actions/automating-your-workflow-with-github-actions/using-a-proxy-server-with-self-hosted-runners)." For more information about troubleshooting common network connectivity issues, see "[Monitoring and troubleshooting self-hosted runners](/actions/hosting-your-own-runners/monitoring-and-troubleshooting-self-hosted-runners#troubleshooting-network-connectivity)." -{% ifversion ghes %} +{% ifversion ghes or ghae %} ## Communication between self-hosted runners and {% data variables.product.prodname_dotcom_the_website %} -Self-hosted runners do not need to connect to {% data variables.product.prodname_dotcom_the_website %} unless you have [enabled automatic access to {% data variables.product.prodname_dotcom_the_website %} actions using {% data variables.product.prodname_github_connect %}](/admin/github-actions/managing-access-to-actions-from-githubcom/enabling-automatic-access-to-githubcom-actions-using-github-connect). +Self-hosted runners do not need to connect to {% data variables.product.prodname_dotcom_the_website %} unless you have enabled automatic access to {% data variables.product.prodname_dotcom_the_website %} actions for {% data variables.product.product_location %}. For more information, see "[About using actions in your enterprise](/admin/github-actions/managing-access-to-actions-from-githubcom/about-using-actions-in-your-enterprise)." -If you have enabled automatic access to {% data variables.product.prodname_dotcom_the_website %} actions using {% data variables.product.prodname_github_connect %}, then the self-hosted runner will connect directly to {% data variables.product.prodname_dotcom_the_website %} to download actions. You must ensure that the machine has the appropriate network access to communicate with the {% data variables.product.prodname_dotcom %} URLs listed below. - -{% note %} - -**Note:** Some of the domains listed below are configured using `CNAME` records. Some firewalls might require you to add rules recursively for all `CNAME` records. Note that the `CNAME` records might change in the future, and that only the domains listed below will remain constant. - -{% endnote %} +If you have enabled automatic access to {% data variables.product.prodname_dotcom_the_website %} actions, then the self-hosted runner will connect directly to {% data variables.product.prodname_dotcom_the_website %} to download actions. You must ensure that the machine has the appropriate network access to communicate with the {% data variables.product.prodname_dotcom %} URLs listed below. ``` github.com @@ -219,6 +231,13 @@ api.github.com codeload.github.com ``` +{% note %} + +**Note:** Some of the domains listed above are configured using `CNAME` records. Some firewalls might require you to add rules recursively for all `CNAME` records. Note that the `CNAME` records might change in the future, and that only the domains listed above will remain constant. + +{% endnote %} + + {% endif %} ## Self-hosted runner security diff --git a/translations/zh-CN/content/actions/security-guides/encrypted-secrets.md b/translations/zh-CN/content/actions/security-guides/encrypted-secrets.md index 68eaff9bfe..230b6290e4 100644 --- a/translations/zh-CN/content/actions/security-guides/encrypted-secrets.md +++ b/translations/zh-CN/content/actions/security-guides/encrypted-secrets.md @@ -226,7 +226,7 @@ steps: ``` {% endraw %} -Secrets cannot be directly referenced in `if:` conditionals. Instead, consider setting secrets as job-level environment variables, then referencing the environment variables to conditionally run steps in the job. For more information, see "[Context availability](/actions/learn-github-actions/contexts#context-availability)" and [`jobs..steps[*].if`](/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsif). +Secrets cannot be directly referenced in `if:` conditionals. Instead, consider setting secrets as job-level environment variables, then referencing the environment variables to conditionally run steps in the job. 更多信息请参阅“[上下文可用性](/actions/learn-github-actions/contexts#context-availability)”和 [`jobs..steps[*].if`](/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsif)。 If a secret has not been set, the return value of an expression referencing the secret (such as {% raw %}`${{ secrets.SuperSecret }}`{% endraw %} in the example) will be an empty string. diff --git a/translations/zh-CN/content/actions/using-jobs/using-concurrency.md b/translations/zh-CN/content/actions/using-jobs/using-concurrency.md index 9fcc88997f..a9e3f10284 100644 --- a/translations/zh-CN/content/actions/using-jobs/using-concurrency.md +++ b/translations/zh-CN/content/actions/using-jobs/using-concurrency.md @@ -1,6 +1,6 @@ --- -title: Using concurrency -shortTitle: Using concurrency +title: 使用并发 +shortTitle: 使用并发 intro: Run a single job at a time. versions: fpt: '*' diff --git a/translations/zh-CN/content/admin/configuration/configuring-network-settings/network-ports.md b/translations/zh-CN/content/admin/configuration/configuring-network-settings/network-ports.md index bad6b8e5a9..ec8cf46782 100644 --- a/translations/zh-CN/content/admin/configuration/configuring-network-settings/network-ports.md +++ b/translations/zh-CN/content/admin/configuration/configuring-network-settings/network-ports.md @@ -1,5 +1,5 @@ --- -title: 网络端口 +title: Network ports redirect_from: - /enterprise/admin/articles/configuring-firewalls - /enterprise/admin/articles/firewall @@ -8,7 +8,7 @@ redirect_from: - /enterprise/admin/installation/network-ports - /enterprise/admin/configuration/network-ports - /admin/configuration/network-ports -intro: 根据您需要为管理员、最终用户和电子邮件支持显示的网络服务有选择地打开网络端口。 +intro: 'Open network ports selectively based on the network services you need to expose for administrators, end users, and email support.' versions: ghes: '*' type: reference @@ -18,37 +18,51 @@ topics: - Networking - Security --- +## Administrative ports -## 管理端口 +Some administrative ports are required to configure {% data variables.product.product_location %} and run certain features. Administrative ports are not required for basic application use by end users. -需要使用一些管理端口来配置 {% data variables.product.product_location %} 和运行某些功能。 最终用户在使用基本应用程序时不需要管理端口。 +| Port | Service | Description | +|---|---|---| +| 8443 | HTTPS | Secure web-based {% data variables.enterprise.management_console %}. Required for basic installation and configuration. | +| 8080 | HTTP | Plain-text web-based {% data variables.enterprise.management_console %}. Not required unless TLS is disabled manually. | +| 122 | SSH | Shell access for {% data variables.product.product_location %}. Required to be open to incoming connections between all nodes in a high availability configuration. The default SSH port (22) is dedicated to Git and SSH application network traffic. | +| 1194/UDP | VPN | Secure replication network tunnel in high availability configuration. Required to be open for communication between all nodes in the configuration.| +| 123/UDP| NTP | Required for time protocol operation. | +| 161/UDP | SNMP | Required for network monitoring protocol operation. | -| 端口 | 服务 | 描述 | -| -------- | ----- | ---------------------------------------------------------------------------------------------------------------------------- | -| 8443 | HTTPS | 基于安全 Web 的 {% data variables.enterprise.management_console %}。 进行基本安装和配置时需要。 | -| 8080 | HTTP | 基于纯文本 Web 的 {% data variables.enterprise.management_console %}。 除非手动禁用 SSL,否则不需要。 | -| 122 | SSH | 对 {% data variables.product.product_location %} 进行 Shell 访问。 需要对高可用性配置中所有节点之间的传入连接开放。 默认 SSH 端口 (22) 专用于 Git 和 SSH 应用程序网络流量。 | -| 1194/UDP | VPN | 采用高可用性配置的安全复制网络隧道。 需要对配置中所有节点之间的通信开放。 | -| 123/UDP | NTP | 为时间协议操作所需。 | -| 161/UDP | SNMP | 为网络监视协议操作所需。 | +## Application ports for end users -## 最终用户的应用程序端口 +Application ports provide web application and Git access for end users. -应用程序端口为最终用户提供 Web 应用程序和 Git 访问。 - -| 端口 | 服务 | 描述 | -| ---- | ----- | --------------------------------------------------------------------------------------------------- | -| 443 | HTTPS | 通过 HTTPS 访问 Web 应用程序和 Git。 | -| 80 | HTTP | 访问 Web 应用程序。 当 SSL 启用时,所有请求都会重定向到 HTTPS 端口。 | -| 22 | SSH | 通过 SSH 访问 Git。 支持对公共和私有仓库执行克隆、提取和推送操作。 | -| 9418 | Git | Git 协议端口支持通过未加密网络通信对公共仓库执行克隆和提取操作。 {% data reusables.enterprise_installation.when-9418-necessary %} +| Port | Service | Description | +|---|---|---| +| 443 | HTTPS | Access to the web application and Git over HTTPS. | +| 80 | HTTP | Access to the web application. All requests are redirected to the HTTPS port if TLS is configured. | +| 22 | SSH | Access to Git over SSH. Supports clone, fetch, and push operations to public and private repositories. | +| 9418 | Git | Git protocol port supports clone and fetch operations to public repositories with unencrypted network communication. {% data reusables.enterprise_installation.when-9418-necessary %} | {% data reusables.enterprise_installation.terminating-tls %} -## 电子邮件端口 +## Email ports -电子邮件端口必须可直接访问或通过中继访问,以便为最终用户提供入站电子邮件支持。 +Email ports must be accessible directly or via relay for inbound email support for end users. -| 端口 | 服务 | 描述 | -| -- | ---- | ------------------------ | -| 25 | SMTP | 支持采用加密的 SMTP (STARTTLS)。 | +| Port | Service | Description | +|---|---|---| +| 25 | SMTP | Support for SMTP with encryption (STARTTLS). | + +## {% data variables.product.prodname_actions %} ports + +{% data variables.product.prodname_actions %} ports must be accessible for self-hosted runners to connect to {% data variables.product.product_location %}. For more information, see "[About self-hosted runners](/actions/hosting-your-own-runners/about-self-hosted-runners#communication-between-self-hosted-runners-and-github-enterprise-server)." + +| Port | Service | Description | +|---|---|---| +| 443 | HTTPS | Self-hosted runners connect to {% data variables.product.product_location %} to receive job assignments and to download new versions of the runner application. Required if TLS is configured. +| 80 | HTTP | Self-hosted runners connect to {% data variables.product.product_location %} to receive job assignments and to download new versions of the runner application. Required if TLS is not configured. + +If you enable automatic access to {% data variables.product.prodname_dotcom_the_website %} actions, {% data variables.product.prodname_actions %} will always search for an action on {% data variables.product.product_location %} first, via these ports, before checking {% data variables.product.prodname_dotcom_the_website %}. For more information, see "[Enabling automatic access to {% data variables.product.prodname_dotcom_the_website %} actions using {% data variables.product.prodname_github_connect %}](/admin/github-actions/managing-access-to-actions-from-githubcom/enabling-automatic-access-to-githubcom-actions-using-github-connect#about-resolution-for-actions-using-github-connect)." + +## Further reading + +- "[Configuring TLS](/admin/configuration/configuring-network-settings/configuring-tls)" diff --git a/translations/zh-CN/content/admin/github-actions/getting-started-with-github-actions-for-your-enterprise/about-github-actions-for-enterprises.md b/translations/zh-CN/content/admin/github-actions/getting-started-with-github-actions-for-your-enterprise/about-github-actions-for-enterprises.md index b07878188c..b0313604d2 100644 --- a/translations/zh-CN/content/admin/github-actions/getting-started-with-github-actions-for-your-enterprise/about-github-actions-for-enterprises.md +++ b/translations/zh-CN/content/admin/github-actions/getting-started-with-github-actions-for-your-enterprise/about-github-actions-for-enterprises.md @@ -33,7 +33,7 @@ topics: {% data variables.product.prodname_actions %} helps your team work faster at scale. When large repositories start using {% data variables.product.prodname_actions %}, teams merge significantly more pull requests per day, and the pull requests are merged significantly faster. For more information, see "[Writing and shipping code faster](https://octoverse.github.com/writing-code-faster/#scale-through-automation)" in the State of the Octoverse. -You can create your own unique automations, or you can use and adapt workflows from our ecosystem of over 10,000 actions built by industry leaders and the open source community. For more information, see "[Finding and customizing actions](/actions/learn-github-actions/finding-and-customizing-actions)." +You can create your own unique automations, or you can use and adapt workflows from our ecosystem of over 10,000 actions built by industry leaders and the open source community. {% ifversion ghec %}For more information, see "[Finding and customizing actions](/actions/learn-github-actions/finding-and-customizing-actions)."{% else %}You can restrict your developers to using actions that exist on {% data variables.product.product_location %}, or you can allow your developers to access actions on {% data variables.product.prodname_dotcom_the_website %}. For more information, see "[About using actions in your enterprise](/admin/github-actions/managing-access-to-actions-from-githubcom/about-using-actions-in-your-enterprise)."{% endif %} {% data variables.product.prodname_actions %} is developer friendly, because it's integrated directly into the familiar {% data variables.product.product_name %} experience. diff --git a/translations/zh-CN/content/admin/github-actions/managing-access-to-actions-from-githubcom/about-using-actions-in-your-enterprise.md b/translations/zh-CN/content/admin/github-actions/managing-access-to-actions-from-githubcom/about-using-actions-in-your-enterprise.md index 0574bc0877..b507720da4 100644 --- a/translations/zh-CN/content/admin/github-actions/managing-access-to-actions-from-githubcom/about-using-actions-in-your-enterprise.md +++ b/translations/zh-CN/content/admin/github-actions/managing-access-to-actions-from-githubcom/about-using-actions-in-your-enterprise.md @@ -13,7 +13,7 @@ type: overview topics: - Actions - Enterprise -shortTitle: Add actions in your enterprise +shortTitle: About actions in your enterprise --- {% data reusables.actions.enterprise-beta %} @@ -23,13 +23,24 @@ shortTitle: Add actions in your enterprise {% data variables.product.prodname_actions %} workflows can use _actions_, which are individual tasks that you can combine to create jobs and customize your workflow. You can create your own actions, or use and customize actions shared by the {% data variables.product.prodname_dotcom %} community. -{% data reusables.actions.enterprise-no-internet-actions %} +{% data reusables.actions.enterprise-no-internet-actions %} You can restrict your developers to using actions that are stored on {% data variables.product.product_location %}, which includes most official {% data variables.product.company_short %}-authored actions, as well as any actions your developers create. Alternatively, to allow your developers to benefit from the full ecosystem of actions built by industry leaders and the open source community, you can configure access to other actions from {% data variables.product.prodname_dotcom_the_website %}. + +We recommend allowing automatic access to all actions from {% data variables.product.prodname_dotcom_the_website %}. {% ifversion ghes %}However, this does require {% data variables.product.product_name %} to make outbound connections to {% data variables.product.prodname_dotcom_the_website %}. If you don't want to allow these connections, or{% else %}If{% endif %} you want to have greater control over which actions are used on your enterprise, you can manually sync specific actions from {% data variables.product.prodname_dotcom_the_website %}. ## Official actions bundled with your enterprise instance {% data reusables.actions.actions-bundled-with-ghes %} -The bundled official actions include `actions/checkout`, `actions/upload-artifact`, `actions/download-artifact`, `actions/labeler`, and various `actions/setup-` actions, among others. To see all the official actions included on your enterprise instance, browse to the `actions` organization on your instance: https://HOSTNAME/actions. +The bundled official actions include the following, among others. +- `actions/checkout` +- `actions/upload-artifact` +- `actions/download-artifact` +- `actions/labeler` +- Various `actions/setup-` actions + +To see all the official actions included on your enterprise instance, browse to the `actions` organization on your instance: https://HOSTNAME/actions. + +There is no connection required between {% data variables.product.product_location %} and {% data variables.product.prodname_dotcom_the_website %} to use these actions. Each action is a repository in the `actions` organization, and each action repository includes the necessary tags, branches, and commit SHAs that your workflows can use to reference the action. For information on how to update the bundled official actions, see "[Using the latest version of the official bundled actions](/admin/github-actions/using-the-latest-version-of-the-official-bundled-actions)." @@ -43,14 +54,21 @@ Each action is a repository in the `actions` organization, and each action repos ## Configuring access to actions on {% data variables.product.prodname_dotcom_the_website %} -{% ifversion ghes %} -Before you can configure access to actions on {% data variables.product.prodname_dotcom_the_website %}, you must configure {% data variables.product.product_location %} to use {% data variables.product.prodname_actions %}. For more information, see "[Getting started with {% data variables.product.prodname_actions %} for GitHub Enterprise Server](/admin/github-actions/enabling-github-actions-for-github-enterprise-server/getting-started-with-github-actions-for-github-enterprise-server)." -{% endif %} - {% data reusables.actions.access-actions-on-dotcom %} The recommended approach is to enable automatic access to all actions from {% data variables.product.prodname_dotcom_the_website %}. You can do this by using {% data variables.product.prodname_github_connect %} to integrate {% data variables.product.product_name %} with {% data variables.product.prodname_ghe_cloud %}. For more information, see "[Enabling automatic access to {% data variables.product.prodname_dotcom_the_website %} actions using {% data variables.product.prodname_github_connect %}](/enterprise/admin/github-actions/enabling-automatic-access-to-githubcom-actions-using-github-connect)". +{% ifversion ghes %} +{% note %} + +**Note:** Before you can configure access to actions on {% data variables.product.prodname_dotcom_the_website %}, you must configure {% data variables.product.product_location %} to use {% data variables.product.prodname_actions %}. For more information, see "[Getting started with {% data variables.product.prodname_actions %} for GitHub Enterprise Server](/admin/github-actions/enabling-github-actions-for-github-enterprise-server/getting-started-with-github-actions-for-github-enterprise-server)." + + +{% endnote %} +{% endif %} + +{% data reusables.actions.self-hosted-runner-networking-to-dotcom %} + {% data reusables.actions.enterprise-limit-actions-use %} -Alternatively, if you want stricter control over which actions are allowed in your enterprise, you can manually download and sync actions onto your enterprise instance using the `actions-sync` tool. For more information, see "[Manually syncing actions from {% data variables.product.prodname_dotcom_the_website %}](/enterprise/admin/github-actions/manually-syncing-actions-from-githubcom)." +Alternatively, if you want stricter control over which actions are allowed in your enterprise, or you do not want to allow outbound connections to {% data variables.product.prodname_dotcom_the_website %}, you can manually download and sync actions onto your enterprise instance using the `actions-sync` tool. For more information, see "[Manually syncing actions from {% data variables.product.prodname_dotcom_the_website %}](/enterprise/admin/github-actions/manually-syncing-actions-from-githubcom)." diff --git a/translations/zh-CN/content/admin/github-actions/managing-access-to-actions-from-githubcom/enabling-automatic-access-to-githubcom-actions-using-github-connect.md b/translations/zh-CN/content/admin/github-actions/managing-access-to-actions-from-githubcom/enabling-automatic-access-to-githubcom-actions-using-github-connect.md index 3dc27dc3ff..f539aeca8d 100644 --- a/translations/zh-CN/content/admin/github-actions/managing-access-to-actions-from-githubcom/enabling-automatic-access-to-githubcom-actions-using-github-connect.md +++ b/translations/zh-CN/content/admin/github-actions/managing-access-to-actions-from-githubcom/enabling-automatic-access-to-githubcom-actions-using-github-connect.md @@ -21,11 +21,18 @@ shortTitle: Use GitHub Connect for actions ## About automatic access to {% data variables.product.prodname_dotcom_the_website %} actions -By default, {% data variables.product.prodname_actions %} workflows on {% data variables.product.product_name %} cannot use actions directly from {% data variables.product.prodname_dotcom_the_website %} or [{% data variables.product.prodname_marketplace %}](https://github.com/marketplace?type=actions). +By default, {% data variables.product.prodname_actions %} workflows on {% data variables.product.product_name %} cannot use actions directly from {% data variables.product.prodname_dotcom_the_website %} or [{% data variables.product.prodname_marketplace %}](https://github.com/marketplace?type=actions). To make all actions from {% data variables.product.prodname_dotcom_the_website %} available on your enterprise instance, you can use {% data variables.product.prodname_github_connect %} to integrate {% data variables.product.product_name %} with {% data variables.product.prodname_ghe_cloud %}. -To make all actions from {% data variables.product.prodname_dotcom_the_website %} available on your enterprise instance, you can use {% data variables.product.prodname_github_connect %} to integrate {% data variables.product.product_name %} with {% data variables.product.prodname_ghe_cloud %}. For other ways of accessing actions from {% data variables.product.prodname_dotcom_the_website %}, see "[About using actions in your enterprise](/admin/github-actions/about-using-actions-in-your-enterprise)." +{% data reusables.actions.self-hosted-runner-networking-to-dotcom %} -To use actions from {% data variables.product.prodname_dotcom_the_website %}, your self-hosted runners must be able to download public actions from `api.github.com`. +Alternatively, if you want stricter control over which actions are allowed in your enterprise, you can manually download and sync actions onto your enterprise instance using the `actions-sync` tool. For more information, see "[Manually syncing actions from {% data variables.product.prodname_dotcom_the_website %}](/enterprise/admin/github-actions/manually-syncing-actions-from-githubcom)." + +## About resolution for actions using {% data variables.product.prodname_github_connect %} + +{% data reusables.actions.github-connect-resolution %} + +If a user has already created an organization and repository in your enterprise that matches an organization and repository name on {% data variables.product.prodname_dotcom_the_website %}, the repository on your enterprise will be used instead of the {% data variables.product.prodname_dotcom_the_website %} repository. {% ifversion ghes < 3.3 or ghae %}A malicious user could take advantage of this behavior to run code as part of a workflow{% else %}For more information, see "[Automatic retirement of namespaces for actions accessed on {% data variables.product.prodname_dotcom_the_website%}](#automatic-retirement-of-namespaces-for-actions-accessed-on-githubcom)." +{% endif %} ## Enabling automatic access to all {% data variables.product.prodname_dotcom_the_website %} actions @@ -33,8 +40,6 @@ Before enabling access to all actions from {% data variables.product.prodname_do - Configure {% data variables.product.product_location %} to use {% data variables.product.prodname_actions %}. For more information, see "[Getting started with {% data variables.product.prodname_actions %} for GitHub Enterprise Server](/admin/github-actions/enabling-github-actions-for-github-enterprise-server/getting-started-with-github-actions-for-github-enterprise-server)." - Enable{% else %} enable{% endif %} {% data variables.product.prodname_github_connect %}. For more information, see "[Managing {% data variables.product.prodname_github_connect %}](/admin/configuration/configuring-github-connect/managing-github-connect)." -{% data reusables.actions.enterprise-github-connect-warning %} - {% data reusables.enterprise-accounts.access-enterprise %} {% data reusables.enterprise-accounts.github-connect-tab %} 1. Under "Users can utilize actions from GitHub.com in workflow runs", use the drop-down menu and select **Enabled**. diff --git a/translations/zh-CN/content/code-security/dependabot/dependabot-alerts/viewing-and-updating-dependabot-alerts.md b/translations/zh-CN/content/code-security/dependabot/dependabot-alerts/viewing-and-updating-dependabot-alerts.md index 376d857cde..e185a70656 100644 --- a/translations/zh-CN/content/code-security/dependabot/dependabot-alerts/viewing-and-updating-dependabot-alerts.md +++ b/translations/zh-CN/content/code-security/dependabot/dependabot-alerts/viewing-and-updating-dependabot-alerts.md @@ -26,7 +26,7 @@ topics: {% data reusables.dependabot.beta-security-and-version-updates %} {% data reusables.dependabot.enterprise-enable-dependabot %} -仓库的 {% data variables.product.prodname_dependabot_alerts %} 选项卡列出所有打开和关闭的 {% data variables.product.prodname_dependabot_alerts %}{% ifversion fpt or ghec or ghes > 3.2 %} 以及对应的 {% data variables.product.prodname_dependabot_security_updates %}{% endif %}。 可以{% ifversion fpt or ghec or ghes > 3.4 or ghae-issue-5638 %} 按程序包、生态系统或清单筛选警报。 您还可以{% endif %} 对警报列表进行排序,单击特定警报以获取更多详细信息。 For more information, see "[About {% data variables.product.prodname_dependabot_alerts %}](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)." +仓库的 {% data variables.product.prodname_dependabot_alerts %} 选项卡列出所有打开和关闭的 {% data variables.product.prodname_dependabot_alerts %}{% ifversion fpt or ghec or ghes > 3.2 %} 以及对应的 {% data variables.product.prodname_dependabot_security_updates %}{% endif %}。 可以{% ifversion fpt or ghec or ghes > 3.4 or ghae-issue-5638 %} 按程序包、生态系统或清单筛选警报。 您还可以{% endif %} 对警报列表进行排序,单击特定警报以获取更多详细信息。 更多信息请参阅“[关于 {% data variables.product.prodname_dependabot_alerts %} 警报](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)”。 {% ifversion fpt or ghec or ghes > 3.2 %} 您可以为使用 {% data variables.product.prodname_dependabot_alerts %} 和依赖关系图的任何仓库启用自动安全更新。 更多信息请参阅“[关于 {% data variables.product.prodname_dependabot_security_updates %}](/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-dependabot-security-updates)“。 diff --git a/translations/zh-CN/content/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates.md b/translations/zh-CN/content/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates.md index f00db06940..195a53404f 100644 --- a/translations/zh-CN/content/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates.md +++ b/translations/zh-CN/content/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates.md @@ -32,7 +32,7 @@ shortTitle: Dependabot 版本更新 通过将配置文件检入仓库,可启用 {% data variables.product.prodname_dependabot_version_updates %}。 配置文件指定存储在仓库中的清单或其他包定义文件的位置。 {% data variables.product.prodname_dependabot %} 使用此信息来检查过时的软件包和应用程序。 {% data variables.product.prodname_dependabot %} 确定依赖项是否有新版本,它通过查看依赖的语义版本 ([semver](https://semver.org/)) 来决定是否应更新该版本。 对于某些软件包管理器,{% data variables.product.prodname_dependabot_version_updates %} 也支持供应。 供应(或缓存)的依赖项是检入仓库中特定目录的依赖项,而不是在清单中引用的依赖项。 即使包服务器不可用,供应的依赖项在生成时也可用。 {% data variables.product.prodname_dependabot_version_updates %} 可以配置为检查为新版本供应的依赖项,并在必要时更新它们。 -当 {% data variables.product.prodname_dependabot %} 发现过时的依赖项时,它会发起拉取请求以将清单更新到依赖项的最新版本。 对于供应和依赖项,{% data variables.product.prodname_dependabot %} 提出拉取请求以直接将过时的依赖项替换为新版本。 检查测试是否通过,查看拉取请求摘要中包含的更改日志和发行说明,然后合并它。 For more information, see "[Configuring {% data variables.product.prodname_dependabot %} version updates](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-dependabot-version-updates)." +当 {% data variables.product.prodname_dependabot %} 发现过时的依赖项时,它会发起拉取请求以将清单更新到依赖项的最新版本。 对于供应和依赖项,{% data variables.product.prodname_dependabot %} 提出拉取请求以直接将过时的依赖项替换为新版本。 检查测试是否通过,查看拉取请求摘要中包含的更改日志和发行说明,然后合并它。 更多信息请参阅“[配置 {% data variables.product.prodname_dependabot %} 版本更新](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-dependabot-version-updates)”。 如果启用_安全更新_,{% data variables.product.prodname_dependabot %} 还会发起拉取请求以更新易受攻击依赖项。 更多信息请参阅“[关于 {% data variables.product.prodname_dependabot_security_updates %}](/github/managing-security-vulnerabilities/about-dependabot-security-updates)”。 diff --git a/translations/zh-CN/content/code-security/dependabot/dependabot-version-updates/listing-dependencies-configured-for-version-updates.md b/translations/zh-CN/content/code-security/dependabot/dependabot-version-updates/listing-dependencies-configured-for-version-updates.md index c1705785c9..4f734ca024 100644 --- a/translations/zh-CN/content/code-security/dependabot/dependabot-version-updates/listing-dependencies-configured-for-version-updates.md +++ b/translations/zh-CN/content/code-security/dependabot/dependabot-version-updates/listing-dependencies-configured-for-version-updates.md @@ -23,7 +23,7 @@ shortTitle: 列出已配置的依赖项 ## 查看由 {% data variables.product.prodname_dependabot %} 监视的依赖项 -启用版本更新后,可以使用仓库依赖关系图中的 **{% data variables.product.prodname_dependabot %}** 选项卡确认配置是否正确。 For more information, see "[Configuring {% data variables.product.prodname_dependabot %} version updates](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-dependabot-version-updates)." +启用版本更新后,可以使用仓库依赖关系图中的 **{% data variables.product.prodname_dependabot %}** 选项卡确认配置是否正确。 更多信息请参阅“[配置 {% data variables.product.prodname_dependabot %} 版本更新](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-dependabot-version-updates)”。 {% data reusables.repositories.navigate-to-repo %} {% data reusables.repositories.accessing-repository-graphs %} diff --git a/translations/zh-CN/content/code-security/dependabot/working-with-dependabot/troubleshooting-dependabot-errors.md b/translations/zh-CN/content/code-security/dependabot/working-with-dependabot/troubleshooting-dependabot-errors.md index b59867579c..bfadb577b7 100644 --- a/translations/zh-CN/content/code-security/dependabot/working-with-dependabot/troubleshooting-dependabot-errors.md +++ b/translations/zh-CN/content/code-security/dependabot/working-with-dependabot/troubleshooting-dependabot-errors.md @@ -77,7 +77,7 @@ topics: 每个具有依赖项的应用程序都有一个依赖关系图,即应用程序直接或间接依赖的每个包版本的定向非循环图。 每次更新依赖项时,必须解决此图,否则将无法构建应用程序。 当生态系统具有深刻而复杂的依赖关系图(例如 npm 和 RubyGems)时,如果不升级整个生态系统,往往难以升级单个依赖项。 -避免这个问题的最佳办法是跟上最新发布的版本,例如启用版本更新。 这增加了通过不破坏依赖关系图的简单升级解决一个依赖项中的漏洞的可能性。 For more information, see "[Configuring {% data variables.product.prodname_dependabot %} version updates](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-dependabot-version-updates)." +避免这个问题的最佳办法是跟上最新发布的版本,例如启用版本更新。 这增加了通过不破坏依赖关系图的简单升级解决一个依赖项中的漏洞的可能性。 更多信息请参阅“[配置 {% data variables.product.prodname_dependabot %} 版本更新](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-dependabot-version-updates)”。 ### {% data variables.product.prodname_dependabot %} 无法更新到所需的版本,因为已经为最新版本打开了拉取请求 @@ -91,7 +91,7 @@ topics: 此错误难以解决。 如果版本更新超时,您可以使用 `allow` 参数来指定更新最重要的依赖项,或者使用 `ignore` 参数从更新中排除某些依赖项。 更新配置可能使 {% data variables.product.prodname_dependabot %} 能够在规定时间内检查版本更新并生成请求。 -如果安全更新超时,您可以通过保持依赖项更新(例如,启用版本更新)来减少更新需要。 For more information, see "[Configuring {% data variables.product.prodname_dependabot %} version updates](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-dependabot-version-updates)." +如果安全更新超时,您可以通过保持依赖项更新(例如,启用版本更新)来减少更新需要。 更多信息请参阅“[配置 {% data variables.product.prodname_dependabot %} 版本更新](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-dependabot-version-updates)”。 ### {% data variables.product.prodname_dependabot %} 无法再打开拉取请求 diff --git a/translations/zh-CN/content/code-security/security-overview/about-the-security-overview.md b/translations/zh-CN/content/code-security/security-overview/about-the-security-overview.md index 2e5433afbc..474b6ea1a3 100644 --- a/translations/zh-CN/content/code-security/security-overview/about-the-security-overview.md +++ b/translations/zh-CN/content/code-security/security-overview/about-the-security-overview.md @@ -28,7 +28,7 @@ shortTitle: 关于安全概述 您可以使用安全概述来简要了解组织的安全状态,或识别需要干预的问题仓库。 您可以在安全概述中查看综合或存储库特定的安全信息。 您还可以使用安全概述来查看为存储库启用了哪些安全功能,并配置当前未使用的任何可用安全功能。 -The security overview indicates whether {% ifversion fpt or ghes > 3.1 or ghec %}security{% endif %}{% ifversion ghae %}{% data variables.product.prodname_GH_advanced_security %}{% endif %} features are enabled for repositories owned by your organization and consolidates alerts for each feature.{% ifversion fpt or ghes > 3.1 or ghec %} Security features include {% data variables.product.prodname_GH_advanced_security %} features, such as {% data variables.product.prodname_code_scanning %} and {% data variables.product.prodname_secret_scanning %}, as well as {% data variables.product.prodname_dependabot_alerts %}.{% endif %} For more information about {% data variables.product.prodname_GH_advanced_security %} features, see "[About {% data variables.product.prodname_GH_advanced_security %}](/get-started/learning-about-github/about-github-advanced-security)."{% ifversion fpt or ghes > 3.1 or ghec %} For more information about {% data variables.product.prodname_dependabot_alerts %}, see "[About {% data variables.product.prodname_dependabot_alerts %}](/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-alerts-for-vulnerable-dependencies#dependabot-alerts-for-vulnerable-dependencies)."{% endif %} +安全概述指示是否为组织拥有的存储库启用了 {% ifversion fpt or ghes > 3.1 or ghec %}安全{% endif %}{% ifversion ghae %}{% data variables.product.prodname_GH_advanced_security %}{% endif %} 功能,并合并每个功能的警报。{% ifversion fpt or ghes > 3.1 or ghec %} 安全功能包括 {% data variables.product.prodname_GH_advanced_security %} 功能,例如 {% data variables.product.prodname_code_scanning %} 和 {% data variables.product.prodname_secret_scanning %}以及 {% data variables.product.prodname_dependabot_alerts %}。{% endif %} 有关 {% data variables.product.prodname_GH_advanced_security %} 功能的详细信息,请参阅“[关于 {% data variables.product.prodname_GH_advanced_security %}](/get-started/learning-about-github/about-github-advanced-security)”。{% ifversion fpt or ghes > 3.1 or ghec %} 有关 {% data variables.product.prodname_dependabot_alerts %} 的详细信息,请参阅“[关于 {% data variables.product.prodname_dependabot_alerts %}](/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-alerts-for-vulnerable-dependencies#dependabot-alerts-for-vulnerable-dependencies)”。{% endif %} 有关在存储库和组织级别保护代码的详细信息,请参阅“[保护存储库](/code-security/getting-started/securing-your-repository)”和“[保护组织](/code-security/getting-started/securing-your-organization)”。 @@ -50,13 +50,13 @@ The security overview indicates whether {% ifversion fpt or ghes > 3.1 or ghec % ![安全概述中的图标](/assets/images/help/organizations/security-overview-icons.png) -| 图标 | 含义 | -| ------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| {% octicon "code-square" aria-label="Code scanning alerts" %} | {% data variables.product.prodname_code_scanning_capc %} 警报. 更多信息请参阅“[关于 {% data variables.product.prodname_code_scanning %}](/code-security/secure-coding/about-code-scanning)”。 | -| {% octicon "key" aria-label="Secret scanning alerts" %} | {% data variables.product.prodname_secret_scanning_caps %} 警报. 更多信息请参阅“[关于 {% data variables.product.prodname_secret_scanning %}](/code-security/secret-security/about-secret-scanning)”。 | -| {% octicon "hubot" aria-label="Dependabot alerts" %} | {% data variables.product.prodname_dependabot_alerts %} 的通知。 For more information, see "[About {% data variables.product.prodname_dependabot_alerts %}](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)." | -| {% octicon "check" aria-label="Check" %} | 安全功能已启用,但不会在此存储库中引发警报。 | -| {% octicon "x" aria-label="x" %} | 此存储库不支持该安全功能。 | +| 图标 | 含义 | +| ------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| {% octicon "code-square" aria-label="Code scanning alerts" %} | {% data variables.product.prodname_code_scanning_capc %} 警报. 更多信息请参阅“[关于 {% data variables.product.prodname_code_scanning %}](/code-security/secure-coding/about-code-scanning)”。 | +| {% octicon "key" aria-label="Secret scanning alerts" %} | {% data variables.product.prodname_secret_scanning_caps %} 警报. 更多信息请参阅“[关于 {% data variables.product.prodname_secret_scanning %}](/code-security/secret-security/about-secret-scanning)”。 | +| {% octicon "hubot" aria-label="Dependabot alerts" %} | {% data variables.product.prodname_dependabot_alerts %} 的通知。 更多信息请参阅“[关于 {% data variables.product.prodname_dependabot_alerts %} 警报](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)”。 | +| {% octicon "check" aria-label="Check" %} | 安全功能已启用,但不会在此存储库中引发警报。 | +| {% octicon "x" aria-label="x" %} | 此存储库不支持该安全功能。 | 安全概述显示由安全功能引发的活动警报。 如果仓库的安全概述中没有警报,则可能仍然存在未检测到的安全漏洞或代码错误。 diff --git a/translations/zh-CN/content/code-security/supply-chain-security/understanding-your-software-supply-chain/exploring-the-dependencies-of-a-repository.md b/translations/zh-CN/content/code-security/supply-chain-security/understanding-your-software-supply-chain/exploring-the-dependencies-of-a-repository.md index e054f9a13c..ccc0f56758 100644 --- a/translations/zh-CN/content/code-security/supply-chain-security/understanding-your-software-supply-chain/exploring-the-dependencies-of-a-repository.md +++ b/translations/zh-CN/content/code-security/supply-chain-security/understanding-your-software-supply-chain/exploring-the-dependencies-of-a-repository.md @@ -40,7 +40,7 @@ shortTitle: 探索依赖项 ### 依赖项视图 {% ifversion fpt or ghec %} -依赖项按生态系统分组。 您可以展开依赖项以查看其依赖项。 私有仓库、私有包或无法识别文件上的依赖项以纯文本显示。 If the package manager for the dependency is in a public repository, {% data variables.product.product_name %} will display a link to that repository. +依赖项按生态系统分组。 您可以展开依赖项以查看其依赖项。 私有仓库、私有包或无法识别文件上的依赖项以纯文本显示。 如果依赖项的包管理器位于公共存储库中,{% data variables.product.product_name %} 将显示指向该存储库的链接。 如果在仓库中检测到漏洞,这些漏洞将显示在视图顶部,供有权访问 {% data variables.product.prodname_dependabot_alerts %} 的用户查看。 @@ -83,10 +83,10 @@ shortTitle: 探索依赖项 ## 更改“Used by(使用者)”包 -You may notice some repositories have a "Used by" section in the sidebar of the **Code** tab. Your repository will have a "Used by" section if: - * The dependency graph is enabled for the repository (see the above section for more details). - * Your repository contains a package that is published on a [supported package ecosystem](/github/visualizing-repository-data-with-graphs/about-the-dependency-graph#supported-package-ecosystems). - * Within the ecosystem, your package has a link to a _public_ repository where the source is stored. +您可能会注意到,某些存储库在 **Code(代码)**选项卡的边栏中有一个“Used by(使用者)”部分。 在以下情况下,您的存储库将具有“Used by(使用者)”部分: + * 为存储库启用了依赖关系图(有关更多详细信息,请参阅上一节)。 + * 您的存储库包含一个包,该包发布在[受支持的包生态系统](/github/visualizing-repository-data-with-graphs/about-the-dependency-graph#supported-package-ecosystems)上。 + * 在生态系统中,您的包具有指向存储源代码的_公共_存储库的链接。 “Used by(使用者)”部分显示已发现对包的公开引用数量,并显示某些依赖项所有者的头像。 @@ -115,7 +115,7 @@ You may notice some repositories have a "Used by" section in the sidebar of the ## 延伸阅读 - “[关于依赖关系图](/github/visualizing-repository-data-with-graphs/about-the-dependency-graph)” -- "[Viewing {% data variables.product.prodname_dependabot_alerts %} for vulnerable dependencies](/github/managing-security-vulnerabilities/viewing-and-updating-vulnerable-dependencies-in-your-repository)"{% ifversion fpt or ghec %} +- "[查看漏洞依赖项的 {% data variables.product.prodname_dependabot_alerts %}](/github/managing-security-vulnerabilities/viewing-and-updating-vulnerable-dependencies-in-your-repository)"{% ifversion fpt or ghec %} - "[查看用于组织的洞见](/organizations/collaborating-with-groups-in-organizations/viewing-insights-for-your-organization)" - "[了解 {% data variables.product.prodname_dotcom %} 如何使用和保护数据](/get-started/privacy-on-github)" {% endif %} diff --git a/translations/zh-CN/content/developers/apps/building-github-apps/creating-a-github-app-using-url-parameters.md b/translations/zh-CN/content/developers/apps/building-github-apps/creating-a-github-app-using-url-parameters.md index 68cc79642c..4872dac8ec 100644 --- a/translations/zh-CN/content/developers/apps/building-github-apps/creating-a-github-app-using-url-parameters.md +++ b/translations/zh-CN/content/developers/apps/building-github-apps/creating-a-github-app-using-url-parameters.md @@ -59,39 +59,39 @@ shortTitle: 应用程序创建查询参数 您可以在查询字符串中选择权限:使用下表中的权限名称作为查询参数名称,使用权限类型作为查询值。 例如,要在用户界面中为 `contents` 选择 `Read & write` 权限,您的查询字符串将包括 `&contents=write`。 要在用户界面中为 `blocking` 选择 `Read-only` 权限,您的查询字符串将包括 `&blocking=read`。 要在用户界面中为 `checks` 选择 `no-access` ,您的查询字符串将包括 `checks` 权限。 -| 权限 | 描述 | -| -------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | +| 权限 | 描述 | +| -------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | [`管理`](/rest/reference/permissions-required-for-github-apps/#permission-on-administration) | 对用于组织和仓库管理的各种端点授予访问权限。 可以是以下项之一:`none`、`read` 或 `write`。{% ifversion fpt or ghec %} | [`blocking`](/rest/reference/permissions-required-for-github-apps/#permission-on-blocking) | 授予对[阻止用户 API](/rest/reference/users#blocking) 的访问权限。 可以是以下项之一:`none`、`read` 或 `write`。{% endif %} | [`检查`](/rest/reference/permissions-required-for-github-apps/#permission-on-checks) | 授予对[检查 API](/rest/reference/checks) 的访问权限。 可以是以下项之一:`none`、`read` 或 `write`。{% ifversion ghes < 3.4 %} | `content_references` | 授予对“[创建内容附件](/rest/reference/apps#create-a-content-attachment)”端点的访问权限。 可以是以下项之一:`none`、`read` 或 `write`。{% endif %} -| [`内容`](/rest/reference/permissions-required-for-github-apps/#permission-on-contents) | 对用于修改仓库内容的各种端点授予访问权限。 可以是以下项之一:`none`、`read` 或 `write`。 | +| [`内容`](/rest/reference/permissions-required-for-github-apps/#permission-on-contents) | 对用于修改仓库内容的各种端点授予访问权限。 可以是以下项之一:`none`、`read` 或 `write`。 | | [`部署`](/rest/reference/permissions-required-for-github-apps/#permission-on-deployments) | 授予对[部署 API](/rest/reference/repos#deployments) 的访问权限。 可以是以下项之一:`none`、`read` 或 `write`。{% ifversion fpt or ghes or ghec %} | [`emails`](/rest/reference/permissions-required-for-github-apps/#permission-on-emails) | 授予对[电子邮件 API](/rest/reference/users#emails) 的访问权限。 可以是以下项之一:`none`、`read` 或 `write`。{% endif %} -| [`关注者`](/rest/reference/permissions-required-for-github-apps/#permission-on-followers) | 授予对[关注者 API](/rest/reference/users#followers) 的访问权限。 可以是以下项之一:`none`、`read` 或 `write`。 | -| [`gpg_keys`](/rest/reference/permissions-required-for-github-apps/#permission-on-gpg-keys) | 授予对[GPG 密钥 API](/rest/reference/users#gpg-keys) 的访问权限。 可以是以下项之一:`none`、`read` 或 `write`。 | -| [`议题`](/rest/reference/permissions-required-for-github-apps/#permission-on-issues) | 授予对[议题 API](/rest/reference/issues) 的访问权限。 可以是以下项之一:`none`、`read` 或 `write`。 | -| [`键`](/rest/reference/permissions-required-for-github-apps/#permission-on-keys) | 授予对[公钥 API](/rest/reference/users#keys) 的访问权限。 可以是以下项之一:`none`、`read` 或 `write`。 | +| [`关注者`](/rest/reference/permissions-required-for-github-apps/#permission-on-followers) | 授予对[关注者 API](/rest/reference/users#followers) 的访问权限。 可以是以下项之一:`none`、`read` 或 `write`。 | +| [`gpg_keys`](/rest/reference/permissions-required-for-github-apps/#permission-on-gpg-keys) | 授予对[GPG 密钥 API](/rest/reference/users#gpg-keys) 的访问权限。 可以是以下项之一:`none`、`read` 或 `write`。 | +| [`议题`](/rest/reference/permissions-required-for-github-apps/#permission-on-issues) | 授予对[议题 API](/rest/reference/issues) 的访问权限。 可以是以下项之一:`none`、`read` 或 `write`。 | +| [`键`](/rest/reference/permissions-required-for-github-apps/#permission-on-keys) | 授予对[公钥 API](/rest/reference/users#keys) 的访问权限。 可以是以下项之一:`none`、`read` 或 `write`。 | | [`members`](/rest/reference/permissions-required-for-github-apps/#permission-on-members) | 授予管理组织成员的访问权限。 可以是以下项之一:`none`、`read` 或 `write`。{% ifversion fpt or ghec %} -| [`元数据`](/rest/reference/permissions-required-for-github-apps/#metadata-permissions) | 授予对不泄漏敏感数据的只读端点的访问权限。 可以是 `read` 或 `none`。 设置任何权限时,默认值为 `read`;没有为 {% data variables.product.prodname_github_app %} 指定任何权限时,默认值为 `none`。 | +| [`元数据`](/rest/reference/permissions-required-for-github-apps/#metadata-permissions) | 授予对不泄漏敏感数据的只读端点的访问权限。 可以是 `read` 或 `none`。 设置任何权限时,默认值为 `read`;没有为 {% data variables.product.prodname_github_app %} 指定任何权限时,默认值为 `none`。 | | [`organization_administration`](/rest/reference/permissions-required-for-github-apps/#permission-on-organization-administration) | 授予对“[更新组织](/rest/reference/orgs#update-an-organization)”端点和[组织交互限制 API](/rest/reference/interactions#set-interaction-restrictions-for-an-organization) 的访问权限。 可以是以下项之一:`none`、`read` 或 `write`。{% endif %} -| [`organization_hooks`](/rest/reference/permissions-required-for-github-apps/#permission-on-organization-hooks) | 授予对[组织 web 挂钩 API](/rest/reference/orgs#webhooks/) 的访问权限。 可以是以下项之一:`none`、`read` 或 `write`。 | -| `organization_plan` | 授予使用“[获取组织](/rest/reference/orgs#get-an-organization)”端点获取有关组织计划的信息的权限。 可以是以下项之一:`none` 或 `read`。 | +| [`organization_hooks`](/rest/reference/permissions-required-for-github-apps/#permission-on-organization-hooks) | 授予对[组织 web 挂钩 API](/rest/reference/orgs#webhooks/) 的访问权限。 可以是以下项之一:`none`、`read` 或 `write`。 | +| `organization_plan` | 授予使用“[获取组织](/rest/reference/orgs#get-an-organization)”端点获取有关组织计划的信息的权限。 可以是以下项之一:`none` 或 `read`。 | | [`organization_projects`](/rest/reference/permissions-required-for-github-apps/#permission-on-organization-projects) | 授予对[项目 API](/rest/reference/projects) 的访问权限。 可以是以下项之一:`none`、`read`、`write` 或 `admin`。{% ifversion fpt or ghec %} | [`organization_user_blocking`](/rest/reference/permissions-required-for-github-apps/#permission-on-organization-projects) | 授予对[阻止组织用户 API](/rest/reference/orgs#blocking) 的访问权限。 可以是以下项之一:`none`、`read` 或 `write`。{% endif %} -| [`页面`](/rest/reference/permissions-required-for-github-apps/#permission-on-pages) | 授予对[页面 API](/rest/reference/repos#pages) 的访问权限。 可以是以下项之一:`none`、`read` 或 `write`。 | -| `plan` | 授予使用“[获取用户](/rest/reference/users#get-a-user)”端点获取有关用户 GitHub 计划的信息的权限。 可以是以下项之一:`none` 或 `read`。 | -| [`pull_requests`](/rest/reference/permissions-required-for-github-apps/#permission-on-pull-requests) | 授予对各种拉取请求端点的访问权限。 可以是以下项之一:`none`、`read` 或 `write`。 | -| [`repository_hooks`](/rest/reference/permissions-required-for-github-apps/#permission-on-repository-hooks) | 授予对[仓库 web 挂钩 API](/rest/reference/repos#hooks) 的访问权限。 可以是以下项之一:`none`、`read` 或 `write`。 | +| [`页面`](/rest/reference/permissions-required-for-github-apps/#permission-on-pages) | 授予对[页面 API](/rest/reference/repos#pages) 的访问权限。 可以是以下项之一:`none`、`read` 或 `write`。 | +| `plan` | 授予使用“[获取用户](/rest/reference/users#get-a-user)”端点获取有关用户 GitHub 计划的信息的权限。 可以是以下项之一:`none` 或 `read`。 | +| [`pull_requests`](/rest/reference/permissions-required-for-github-apps/#permission-on-pull-requests) | 授予对各种拉取请求端点的访问权限。 可以是以下项之一:`none`、`read` 或 `write`。 | +| [`repository_hooks`](/rest/reference/permissions-required-for-github-apps/#permission-on-repository-hooks) | 授予对[仓库 web 挂钩 API](/rest/reference/repos#hooks) 的访问权限。 可以是以下项之一:`none`、`read` 或 `write`。 | | [`repository_projects`](/rest/reference/permissions-required-for-github-apps/#permission-on-repository-projects) | 授予对[项目 API](/rest/reference/projects) 的访问权限。 可以是以下项之一:`none`、`read`、`write` 或 `admin`。{% ifversion fpt or ghes or ghec %} | [`secret_scanning_alerts`](/rest/reference/permissions-required-for-github-apps/#permission-on-secret-scanning-alerts) | 授予对[密钥扫描 API](/rest/reference/secret-scanning) 的访问权限。 可以是以下项之一:`none`、`read` 或 `write`。{% endif %}{% ifversion fpt or ghes or ghec %} | [`security_events`](/rest/reference/permissions-required-for-github-apps/#permission-on-security-events) | 授予对[代码扫描 API](/rest/reference/code-scanning/) 的访问权限。 可以是以下项之一:`none`、`read` 或 `write`。{% endif %} -| [`single_file`](/rest/reference/permissions-required-for-github-apps/#permission-on-single-file) | 授予对[内容 API](/rest/reference/repos#contents) 的访问权限。 可以是以下项之一:`none`、`read` 或 `write`。 | -| [`标星`](/rest/reference/permissions-required-for-github-apps/#permission-on-starring) | 授予对[标星 API](/rest/reference/activity#starring) 的访问权限。 可以是以下项之一:`none`、`read` 或 `write`。 | -| [`状态`](/rest/reference/permissions-required-for-github-apps/#permission-on-statuses) | 授予对[状态 API](/rest/reference/commits#commit-statuses) 的访问权限。 可以是以下项之一:`none`、`read` 或 `write`。 | +| [`single_file`](/rest/reference/permissions-required-for-github-apps/#permission-on-single-file) | 授予对[内容 API](/rest/reference/repos#contents) 的访问权限。 可以是以下项之一:`none`、`read` 或 `write`。 | +| [`标星`](/rest/reference/permissions-required-for-github-apps/#permission-on-starring) | 授予对[标星 API](/rest/reference/activity#starring) 的访问权限。 可以是以下项之一:`none`、`read` 或 `write`。 | +| [`状态`](/rest/reference/permissions-required-for-github-apps/#permission-on-statuses) | 授予对[状态 API](/rest/reference/commits#commit-statuses) 的访问权限。 可以是以下项之一:`none`、`read` 或 `write`。 | | [`team_discussions`](/rest/reference/permissions-required-for-github-apps/#permission-on-team-discussions) | 授予对[团队讨论 API](/rest/reference/teams#discussions) 和[团队讨论注释 API](/rest/reference/teams#discussion-comments) 的访问权限。 可以是以下项之一:`none`、`read` 或 `write`。{% ifversion fpt or ghes or ghae-issue-4864 or ghec %} -| `vulnerability_alerts` | Grants access to receive {% data variables.product.prodname_dependabot_alerts %} for vulnerable dependencies in a repository. See "[About {% data variables.product.prodname_dependabot_alerts %}](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies/)" to learn more. 可以是以下项之一:`none` 或 `read`。{% endif %} -| `关注` | 授予列出和更改用户订阅的仓库的权限。 可以是以下项之一:`none`、`read` 或 `write`。 | +| `vulnerability_alerts` | 授予接收存储库中易受攻击的依赖项 {% data variables.product.prodname_dependabot_alerts %}。 请参阅“[关于 {% data variables.product.prodname_dependabot_alerts %}](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies/)”以了解更多信息。 可以是以下项之一:`none` 或 `read`。{% endif %} +| `关注` | 授予列出和更改用户订阅的仓库的权限。 可以是以下项之一:`none`、`read` 或 `write`。 | ## {% data variables.product.prodname_github_app %} web 挂钩事件 diff --git a/translations/zh-CN/content/get-started/quickstart/contributing-to-projects.md b/translations/zh-CN/content/get-started/quickstart/contributing-to-projects.md index 467afad64f..8f3eeaf8ae 100644 --- a/translations/zh-CN/content/get-started/quickstart/contributing-to-projects.md +++ b/translations/zh-CN/content/get-started/quickstart/contributing-to-projects.md @@ -1,6 +1,6 @@ --- title: 参与项目 -intro: Learn how to contribute to a project through forking. +intro: 了解如何通过复刻参与项目。 permissions: '{% data reusables.enterprise-accounts.emu-permission-fork %}' versions: fpt: '*' @@ -14,25 +14,25 @@ topics: - Open Source --- -## About forking +## 关于复刻 -After using GitHub by yourself for a while, you may find yourself wanting to contribute to someone else’s project. Or maybe you’d like to use someone’s project as the starting point for your own. This process is known as forking. +在自己使用 GitHub 一段时间后,您可能会发现自己也想参与别人的项目。 或者,也许您想使用某人的项目作为自己项目的起点。 此过程称为复刻。 -Creating a "fork" is producing a personal copy of someone else's project. Forks act as a sort of bridge between the original repository and your personal copy. You can submit pull requests to help make other people's projects better by offering your changes up to the original project. Forking is at the core of social coding at GitHub. 更多信息请参阅“[复刻仓库](/get-started/quickstart/fork-a-repo)”。 +创建“复刻”就是生成他人项目的个人副本。 复刻可作为原始存储库和个人副本之间的桥梁。 您可以提交拉取请求,通过提供对原始项目的更改来帮助改善其他人的项目。 复刻是 GitHub 社交编码的核心。 更多信息请参阅“[复刻仓库](/get-started/quickstart/fork-a-repo)”。 ## 复刻仓库 -This tutorial uses [the Spoon-Knife project](https://github.com/octocat/Spoon-Knife), a test repository that's hosted on {% data variables.product.prodname_dotcom_the_website %} that lets you test the fork and pull request workflow. +本教程使用 [Spoon-Knife 项目](https://github.com/octocat/Spoon-Knife),这是一个托管在 {% data variables.product.prodname_dotcom_the_website %} 上的测试存储库,可让您测试复刻和拉取请求工作流程。 -1. Navigate to the `Spoon-Knife` project at https://github.com/octocat/Spoon-Knife. -2. Click **Fork**. ![复刻按钮](/assets/images/help/repository/fork_button.jpg) -1. {% data variables.product.product_name %} will take you to your copy (your fork) of the Spoon-Knife repository. +1. 导航到 `Spoon-Knife` project at https://github.com/octocat/Spoon-Knife。 +2. 单击 **Fork(复刻)**。 ![复刻按钮](/assets/images/help/repository/fork_button.jpg) +1. {% data variables.product.product_name %} 将带您进入 Spoon-Knife 存储库的副本(您的复刻)。 -## Cloning a fork +## 克隆复刻 -You've successfully forked the Spoon-Knife repository, but so far, it only exists on {% data variables.product.product_name %}. To be able to work on the project, you will need to clone it to your computer. +您已经成功复刻了 Spoon-Knife 存储库,但到目前为止,它仅存在于 {% data variables.product.product_name %} 上。 为了能够处理该项目,您需要将其克隆到您的计算机。 -You can clone your fork with the command line, {% data variables.product.prodname_cli %}, or {% data variables.product.prodname_desktop %}. +您可以使用命令行、{% data variables.product.prodname_cli %} 或 {% data variables.product.prodname_desktop %} 克隆复刻。 {% webui %} @@ -79,11 +79,11 @@ gh repo fork repository --clone=true {% enddesktop %} -## Making and pushing changes +## 创建和推送更改 -Go ahead and make a few changes to the project using your favorite text editor, like [Atom](https://atom.io). You could, for example, change the text in `index.html` to add your GitHub username. +继续使用您喜欢的文本编辑器对项目进行一些更改,例如 [Atom](https://atom.io)。 例如,您可以更改 `index.html` 中的文本以添加您的 GitHub 用户名。 -When you're ready to submit your changes, stage and commit your changes. `git add .` tells Git that you want to include all of your changes in the next commit. `git commit` takes a snapshot of those changes. +当您准备好提交更改时,请暂存并提交更改。 `git add .` 告诉 Git 您希望在下一次提交中包含所有更改。 `git commit` 会拍摄这些更改的快照。 {% webui %} @@ -105,13 +105,13 @@ git commit -m "a short description of the change" {% desktop %} -For more information about how to stage and commit changes in {% data variables.product.prodname_desktop %}, see "[Committing and reviewing changes to your project](/desktop/contributing-and-collaborating-using-github-desktop/making-changes-in-a-branch/committing-and-reviewing-changes-to-your-project#selecting-changes-to-include-in-a-commit)." +有关如何在 {% data variables.product.prodname_desktop %} 中暂存和提交更改的详细信息,请参阅“[提交和审阅对项目的更改](/desktop/contributing-and-collaborating-using-github-desktop/making-changes-in-a-branch/committing-and-reviewing-changes-to-your-project#selecting-changes-to-include-in-a-commit)”。 {% enddesktop %} -When you stage and commit files, you essentially tell Git, "Okay, take a snapshot of my changes!" You can continue to make more changes, and take more commit snapshots. +暂存和提交文件时,您主要是告诉 Git:“好吧,拍摄我的更改快照!” 您可以继续进行更多更改,并拍摄更多提交快照。 -Right now, your changes only exist locally. When you're ready to push your changes up to {% data variables.product.product_name %}, push your changes to the remote. +目前,您的更改仅存在于本地。 当您准备好将更改推送到 {% data variables.product.product_name %} 时,请将更改推送到远程。 {% webui %} @@ -131,24 +131,24 @@ git push {% desktop %} -For more information about how to push changes in {% data variables.product.prodname_desktop %}, see "[Pushing changes to GitHub](/desktop/contributing-and-collaborating-using-github-desktop/making-changes-in-a-branch/pushing-changes-to-github)." +有关如何在 {% data variables.product.prodname_desktop %} 中推送更改的详细信息,请参阅“[将更改推送到 GitHub](/desktop/contributing-and-collaborating-using-github-desktop/making-changes-in-a-branch/pushing-changes-to-github)”。 {% enddesktop %} -## Making a pull request +## 创建拉取请求 -At last, you're ready to propose changes into the main project! This is the final step in producing a fork of someone else's project, and arguably the most important. If you've made a change that you feel would benefit the community as a whole, you should definitely consider contributing back. +最后,您可以对主项目提出更改建议了! 这是产生他人项目复刻的最后一步,可以说是最重要的一步。 如果您做了您认为有益于整个社区的改变,绝对应该考虑回馈社区。 -To do so, head on over to the repository on {% data variables.product.product_name %} where your project lives. For this example, it would be at `https://www.github.com//Spoon-Knife`. You'll see a banner indicating that your branch is one commit ahead of `octocat:main`. Click **Contribute** and then **Open a pull request**. +为此,请转到项目所在的 {% data variables.product.product_name %} 存储库。 对于此示例,它将位于 `https://www.github.com//Spoon-Knife`。 您将看到一个横幅,指示您的分支是 `octocat:main` 之前的一个提交。 单击 **Contribute(贡献)**,然后单击 **Open a pull request(打开拉取请求)**。 -{% data variables.product.product_name %} will bring you to a page that shows the differences between your fork and the `octocat/Spoon-Knife` repository. 单击 **Create pull request(创建拉取请求)**。 +{% data variables.product.product_name %} 将带您进入一个页面,其中显示了您的复刻与 `octocat/Spoon-Knife` 存储库之间的差异。 单击 **Create pull request(创建拉取请求)**。 -{% data variables.product.product_name %} will bring you to a page where you can enter a title and a description of your changes. It's important to provide as much useful information and a rationale for why you're making this pull request in the first place. The project owner needs to be able to determine whether your change is as useful to everyone as you think it is. Finally, click **Create pull request**. +{% data variables.product.product_name %} 将带您进入一个页面,您可以在其中输入更改的标题和说明。 重要的是要提供尽可能多的有用信息,在首要位置说明您提出此拉取请求的理由。 项目所有者需要能够确定您的更改是否像您认为的那样对每个人都有用。 最后,单击 **Create pull request(创建拉取请求)**。 -## Managing feedback +## 管理反馈 -Pull Requests are an area for discussion. In this case, the Octocat is very busy, and probably won't merge your changes. For other projects, don't be offended if the project owner rejects your pull request, or asks for more information on why it's been made. It may even be that the project owner chooses not to merge your pull request, and that's totally okay. Your copy will exist in infamy on the Internet. And who knows--maybe someone you've never met will find your changes much more valuable than the original project. +拉取请求是一个讨论区域。 在这种情况下,Octocat 非常繁忙,可能不会合并您的更改。 对于其他项目,如果项目所有者拒绝您的拉取请求,或者要求提供有关请求原因的更多信息,请不要生气。 甚至可能是项目所有者选择不合并您的拉取请求,这完全没问题。 您的副本将存在于互联网上。 谁知道呢 - 也许您从未见过的人会发现您的更改比原始项目更有价值。 -## Finding projects +## 查找项目 -You've successfully forked and contributed back to a repository. Go forth, and contribute some more!{% ifversion fpt %} For more information, see "[Finding ways to contribute to open source on GitHub](/get-started/exploring-projects-on-github/finding-ways-to-contribute-to-open-source-on-github)."{% endif %} +您已成功复刻并回馈存储库。 去吧, 再贡献一些!{% ifversion fpt %} 更多信息请参阅“[在 GitHub上查找为开源做出贡献的方法](/get-started/exploring-projects-on-github/finding-ways-to-contribute-to-open-source-on-github)”。{% endif %} diff --git a/translations/zh-CN/content/get-started/quickstart/hello-world.md b/translations/zh-CN/content/get-started/quickstart/hello-world.md index b9735dea46..cfd87b1125 100644 --- a/translations/zh-CN/content/get-started/quickstart/hello-world.md +++ b/translations/zh-CN/content/get-started/quickstart/hello-world.md @@ -47,104 +47,104 @@ miniTocMaxHeadingLevel: 3 通过分支,您可以同时拥有不同版本的存储库。 -默认情况下,存储库有一个名为 `main` 的分支,被视为最终分支。 您可以在存储库中创建 `main` 以外的其他分支。 You can use branches to have different versions of a project at one time. This is helpful when you want to add new features to a project without changing the main source of code. The work done on different branches will not show up on the main branch until you merge it, which we will cover later in this guide. You can use branches to experiment and make edits before committing them to `main`. +默认情况下,存储库有一个名为 `main` 的分支,被视为最终分支。 您可以在存储库中创建 `main` 以外的其他分支。 您可以使用分支一次拥有项目的不同版本。 当您想要在不更改主要代码源的情况下向项目添加新功能时,这非常有用。 在合并主分支之前,在不同分支上完成的工作不会显示在主分支上,我们将在本指南的后面部分介绍。 您可以使用分支进行试验和编辑,然后再将其提交到 `main`。 -When you create a branch off the `main` branch, you're making a copy, or snapshot, of `main` as it was at that point in time. If someone else made changes to the `main` branch while you were working on your branch, you could pull in those updates. +当您创建 `main` 分支以外的分支时,创建的是 `main` 在当时的副本或快照。 如果其他人在您处理分支时对 `main` 分支进行了更改,您可以拉入这些更新。 -This diagram shows: +此图显示: -* The `main` branch -* A new branch called `feature` -* The journey that `feature` takes before it's merged into `main` +* `main` 分支 +* 一个名为 `feature` 的新分支 +* `feature` 在合并到 `main` 之前的历程 -![branching diagram](/assets/images/help/repository/branching.png) +![分支图](/assets/images/help/repository/branching.png) -Have you ever saved different versions of a file? Something like: +您是否曾经保存过文件的不同版本? 像这样: * `story.txt` * `story-edit.txt` * `story-edit-reviewed.txt` -Branches accomplish similar goals in {% data variables.product.product_name %} repositories. +分支在 {% data variables.product.product_name %} 存储库中实现了类似的目标。 -Here at {% data variables.product.product_name %}, our developers, writers, and designers use branches for keeping bug fixes and feature work separate from our `main` (production) branch. When a change is ready, they merge their branch into `main`. +在 {% data variables.product.product_name %},我们的开发人员、编写者和设计师使用分支将错误修复和功能工作与我们的 `main`(生产)分支分开。 当更改准备就绪时,他们会将其分支合并到 `main`。 ### 创建分支 -1. Click the **Code** tab of your `hello-world` repository. -2. Click the drop down at the top of the file list that says **main**. ![Branch menu](/assets/images/help/branch/branch-selection-dropdown.png) -4. Type a branch name, `readme-edits`, into the text box. -5. Click **Create branch: readme-edits from main**. +1. 单击 `hello-world` 存储库的 **Code(代码)**选项卡。 +2. 单击其中显示 **main** 的文件列表顶部的下拉列表。 ![分支菜单](/assets/images/help/branch/branch-selection-dropdown.png) +4. 在文本框中键入分支名称 `readme-edits`。 +5. 单击 **Create branch: readme-edits from main(创建分支:从 main 创建 readme-edits)**。 -![Branch menu](/assets/images/help/repository/new-branch.png) +![分支菜单](/assets/images/help/repository/new-branch.png) -Now you have two branches, `main` and `readme-edits`. Right now, they look exactly the same. Next you'll add changes to the new branch. +此时您有两个分支:`main` 和 `readme-edits`。 现在,它们看起来完全相同。 接下来,您将向新分支添加更改。 -## Making and committing changes +## 创建和提交更改 -When you created a new branch in the previous step, {% data variables.product.product_name %} brought you to the code page for your new `readme-edits` branch, which is a copy of `main`. +在上一步中创建新分支时, {% data variables.product.product_name %} 会将您带到作为 `main` 副本的新 `readme-edits` 分支的代码页。 -You can make and save changes to the files in your repository. On {% data variables.product.product_name %}, saved changes are called commits. Each commit has an associated commit message, which is a description explaining why a particular change was made. Commit messages capture the history of your changes so that other contributors can understand what you’ve done and why. +您可以对存储库中的文件进行更改并保存更改。 在 {% data variables.product.product_name %} 上,保存的更改称为提交。 每个提交都有一个关联的提交消息,该消息是解释为什么进行特定更改的说明。 提交消息会捕获您更改的历史记录,以便其他参与者可以了解您执行了哪些操作及其原因。 -1. Under the `readme-edits` branch you created, click the _README.md_ file. +1. 在您创建的 `readme-edits` 分支下,单击 _README.md_ 文件。 2. 单击 {% octicon "pencil" aria-label="The edit icon" %} 编辑文件。 -3. In the editor, write a bit about yourself. Try using different Markdown elements. -4. In the **Commit changes** box, write a commit message that describes your changes. +3. 在编辑器中,编写一些关于您自己的内容。 尝试使用不同的 Markdown 元素。 +4. 在 **Commit changes(提交更改)** 框中,编写描述更改的提交消息。 5. 单击 **Commit changes(提交更改)**。 - ![Commit example](/assets/images/help/repository/first-commit.png) + ![提交示例](/assets/images/help/repository/first-commit.png) -These changes will be made only to the README file on your `readme-edits` branch, so now this branch contains content that's different from `main`. +这些更改将仅适用于 `readme-edits` 分支上的 README 文件,所以这个分支现在包含不同于 `main` 的内容。 ## 打开拉取请求 -Now that you have changes in a branch off of `main`, you can open a pull request. +现在,您在 `main` 以外的分支中进行了更改,可以打开拉取请求。 -Pull requests are the heart of collaboration on {% data variables.product.product_name %}. When you open a pull request, you're proposing your changes and requesting that someone review and pull in your contribution and merge them into their branch. Pull requests show diffs, or differences, of the content from both branches. The changes, additions, and subtractions are shown in different colors. +拉取请求是 {% data variables.product.product_name %} 上协作的核心。 打开拉取请求后,可以提出更改,要求某人审查和提取您的贡献并将其合并到其分支中。 拉取请求显示两个分支中内容的差异。 变化、增减以不同的颜色显示。 -As soon as you make a commit, you can open a pull request and start a discussion, even before the code is finished. +只要进行提交,便可打开拉取请求并开始讨论,即使在代码完成之前亦可。 -By using {% data variables.product.product_name %}'s `@mention` feature in your pull request message, you can ask for feedback from specific people or teams, whether they're down the hall or 10 time zones away. +通过在拉取请求消息中使用 {% data variables.product.product_name %} 的 `@提及`功能,您可以向特定人员或团队请求反馈,无论他们近在大厅还是远在 10 个时区之外。 -You can even open pull requests in your own repository and merge them yourself. It's a great way to learn the {% data variables.product.product_name %} flow before working on larger projects. +您甚至可以在自己的存储库中打开拉取请求并自行合并。 这是在处理大型项目之前了解 {% data variables.product.product_name %} 流程的好方法。 -1. Click the **Pull requests** tab of your `hello-world` repository. -2. Click **New pull request** -3. In the **Example Comparisons** box, select the branch you made, `readme-edits`, to compare with `main` (the original). -4. Look over your changes in the diffs on the Compare page, make sure they're what you want to submit. +1. 单击 `hello-world` 存储库的 **Pull requests(拉取请求)**选项卡。 +2. 单击 **New pull request(新拉取请求)**。 +3. 在 **Example Comparisons(示例比较)**框中,选择您创建的分支 `readme-edits` 以与 `main`(原始分支)进行比较。 +4. 在 Compare(比较)页面上的差异中查看您的更改,确保它们是您要提交的内容。 - ![diff example](/assets/images/help/repository/diffs.png) + ![差异示例](/assets/images/help/repository/diffs.png) 5. 单击 **Create pull request(创建拉取请求)**。 -6. Give your pull request a title and write a brief description of your changes. You can include emojis and drag and drop images and gifs. -7. Optionally, to the right of your title and description, click the {% octicon "gear" aria-label="The Gear icon" %} next to **Reviewers**. **Assignees**, **Labels**, **Projects**, or **Milestone** to add any of these options to your pull request. You do not need to add any yet, but these options offer different ways to collaborate using pull requests. 更多信息请参阅“[关于拉取请求](/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/about-pull-requests)”。 +6. 为拉取请求指定一个标题,并写下更改的简要说明。 您可以包含表情符号以及拖放图像和 gif。 +7. (可选)在标题和说明右侧,单击 **Reviewers(审查者)**旁边的 {% octicon "gear" aria-label="The Gear icon" %}。 单击 **Assignees(受理人)**、**Labels(标签)**、**Projects(项目)**或 **Milestone(里程碑)**以将这些选项添加到您的拉取请求。 您不需要添加任何内容,但这些选项提供了使用拉取请求进行协作的不同方式。 更多信息请参阅“[关于拉取请求](/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/about-pull-requests)”。 7. 单击 **Create pull request(创建拉取请求)**。 -Your collaborators can now review your edits and make suggestions. +您的协作者现在可以查看您的编辑内容并提出建议。 -## Merging your pull request +## 合并拉取请求 -In this final step, you will merge your `readme-edits` branch into the `main` branch. After you merge your pull request, the changes on your `readme-edits` branch will be incorporated into `main`. +在最后一步中,您将 `readme-edits` 分支合并到 `main` 分支中。 合并拉取请求后,`readme-edits` 分支上的更改将合并到 `main`。 -Sometimes, a pull request may introduce changes to code that conflict with the existing code on `main`. If there are any conflicts, {% data variables.product.product_name %} will alert you about the conflicting code and prevent merging until the conflicts are resolved. You can make a commit that resolves the conflicts or use comments in the pull request to discuss the conflicts with your team members. +有时,拉取请求可能会引入与 `main` 上现有代码冲突的代码更改。 如果存在任何冲突, {% data variables.product.product_name %} 将提醒您有关冲突代码的信息,并防止合并,直到冲突解决为止。 您可以进行解决冲突的提交,也可以使用拉取请求中的注释与团队成员讨论冲突。 -In this walk-through, you should not have any conflicts, so you are ready to merge your branch into the main branch. +在本演练中,应该没有任何冲突,因此您已准备好将分支合并到主分支中。 -1. Click **Merge pull request** to merge the changes into `main`. ![Screen shot of merge button.](/assets/images/help/pull_requests/pullrequest-mergebutton.png) -2. 单击 **Confirm merge(确认合并)**。 You will receive a message that the request was successfully merged and the request was closed. -3. Click **Delete branch**. Now that your pull request is merged and your changes are on `main`, you can safely delete the `readme-edits` branch. If you want to make more changes to your project, you can always create a new branch and repeat this process. +1. 单击 **Merge pull request(合并拉取请求)**,将更改合并到 `main`。 ![合并按钮的屏幕截图。](/assets/images/help/pull_requests/pullrequest-mergebutton.png) +2. 单击 **Confirm merge(确认合并)**。 您将收到一条消息,指出请求已成功合并且请求已关闭。 +3. 单击 **Delete branch(删除分支)**。 现在,您的拉取请求已合并,并且您的更改位于 `main` 上,您可以安全地删除 `readme-edits` 分支。 如果要对项目进行更多更改,可以随时创建新分支并重复此过程。 ## 后续步骤 -By completing this tutorial, you've learned to create a project and make a pull request on {% data variables.product.product_name %}. +通过完成本教程,您已经学会了创建项目和在 {% data variables.product.product_name %} 上发出拉取请求。 -Here's what you accomplished in this tutorial: +以下是您在本教程中完成的工作: -* Created an open source repository -* Started and managed a new branch -* Changed a file and committed those changes to {% data variables.product.product_name %} -* Opened and merged a pull request +* 创建了一个开源仓库 +* 启动并管理了新的分支 +* 更改了文件并将这些更改提交到 {% data variables.product.product_name %} +* 打开并合并了拉取请求 -Take a look at your {% data variables.product.product_name %} profile and you'll see your work reflected on your contribution graph. +查看您的 {% data variables.product.product_name %} 个人资料,将会看到您的工作反映在您的贡献图表上。 -For more information about the power of branches and pull requests, see "[GitHub flow](/get-started/quickstart/github-flow)." For more information about getting started with {% data variables.product.product_name %}, see the other guides in the [getting started quickstart](/get-started/quickstart). +有关分支和拉取请求的强大功能的更多信息,请参阅“[GitHub 流程](/get-started/quickstart/github-flow)”。 有关开始使用 {% data variables.product.product_name %} 的详细信息,请参阅[快速入门](/get-started/quickstart)中的其他指南。 diff --git a/translations/zh-CN/content/get-started/signing-up-for-github/setting-up-a-trial-of-github-enterprise-server.md b/translations/zh-CN/content/get-started/signing-up-for-github/setting-up-a-trial-of-github-enterprise-server.md index 0ac5b3a730..a909e38334 100644 --- a/translations/zh-CN/content/get-started/signing-up-for-github/setting-up-a-trial-of-github-enterprise-server.md +++ b/translations/zh-CN/content/get-started/signing-up-for-github/setting-up-a-trial-of-github-enterprise-server.md @@ -19,7 +19,7 @@ shortTitle: Enterprise Server 试用版 您可以申请 45 天试用版来试用 {% data variables.product.prodname_ghe_server %}。 您的试用版将作为虚拟设备安装,带有内部或云部署选项。 有关支持的可视化平台列表,请参阅“[设置 GitHub Enterprise Server 实例](/enterprise-server@latest/admin/installation/setting-up-a-github-enterprise-server-instance)”。 -{% ifversion ghes %}{% data variables.product.prodname_dependabot %}{% else %}安全{% endif %}警报和 {% data variables.product.prodname_github_connect %} 目前在 {% data variables.product.prodname_ghe_server %} 试用版中不可用。 要获取这些功能的演示,请联系 {% data variables.contact.contact_enterprise_sales %}。 For more information about these features, see "[About {% data variables.product.prodname_dependabot_alerts %}](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)" and "[Connecting your enterprise account to {% data variables.product.prodname_ghe_cloud %}](/enterprise-server@latest/admin/configuration/managing-connections-between-your-enterprise-accounts/connecting-your-enterprise-account-to-github-enterprise-cloud)." +{% ifversion ghes %}{% data variables.product.prodname_dependabot %}{% else %}安全{% endif %}警报和 {% data variables.product.prodname_github_connect %} 目前在 {% data variables.product.prodname_ghe_server %} 试用版中不可用。 要获取这些功能的演示,请联系 {% data variables.contact.contact_enterprise_sales %}。 有关这些功能的详细信息,请参阅“[关于 {% data variables.product.prodname_dependabot_alerts %}](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)”和“[将企业帐户连接到 {% data variables.product.prodname_ghe_cloud %}](/enterprise-server@latest/admin/configuration/managing-connections-between-your-enterprise-accounts/connecting-your-enterprise-account-to-github-enterprise-cloud)”。 试用版也可用于 {% data variables.product.prodname_ghe_cloud %}。 更多信息请参阅“[设置 {% data variables.product.prodname_ghe_cloud %} 的试用](/articles/setting-up-a-trial-of-github-enterprise-cloud)”。 diff --git a/translations/zh-CN/content/get-started/using-git/about-git.md b/translations/zh-CN/content/get-started/using-git/about-git.md index 8c86c9caac..c4509ea586 100644 --- a/translations/zh-CN/content/get-started/using-git/about-git.md +++ b/translations/zh-CN/content/get-started/using-git/about-git.md @@ -1,6 +1,6 @@ --- -title: About Git -intro: 'Learn about the version control system, Git, and how it works with {% data variables.product.product_name %}.' +title: 关于 Git +intro: '了解版本控制系统 Git 以及它如何与 {% data variables.product.product_name %} 配合使用。' versions: fpt: '*' ghes: '*' @@ -13,66 +13,66 @@ topics: miniTocMaxHeadingLevel: 3 --- -## About version control and Git +## 关于版本控制和 Git -A version control system, or VCS, tracks the history of changes as people and teams collaborate on projects together. As developers make changes to the project, any earlier version of the project can be recovered at any time. +版本控制系统(VCS)跟踪人员和团队在项目上进行协作时的更改历史记录。 当开发人员对项目进行更改时,可以随时恢复项目的任何早期版本。 -Developers can review project history to find out: +开发人员可以查看项目历史记录以找出: -- Which changes were made? -- Who made the changes? -- When were the changes made? -- Why were changes needed? +- 进行了哪些更改? +- 谁进行了更改? +- 何时进行了更改? +- 为什么需要更改? -VCSs give each contributor a unified and consistent view of a project, surfacing work that's already in progress. Seeing a transparent history of changes, who made them, and how they contribute to the development of a project helps team members stay aligned while working independently. +VCS 为每个贡献者提供统一且一致的项目视图,显示已经在进行中的工作。 查看透明的更改历史记录、谁进行了更改,以及它们如何为项目开发做出贡献,可帮助团队成员在独立工作时保持一致。 -In a distributed version control system, every developer has a full copy of the project and project history. Unlike once popular centralized version control systems, DVCSs don't need a constant connection to a central repository. Git is the most popular distributed version control system. Git is commonly used for both open source and commercial software development, with significant benefits for individuals, teams and businesses. +在分布式版本控制系统中,每个开发人员都有项目和项目历史记录的完整副本。 与曾经流行的集中式版本控制系统不同,DVCS 不需要与中央存储库的持续连接。 Git 是最流行的分布式版本控制系统。 Git 通常用于开源和商业软件开发,对个人、团队和企业都有明显的好处。 -- Git lets developers see the entire timeline of their changes, decisions, and progression of any project in one place. From the moment they access the history of a project, the developer has all the context they need to understand it and start contributing. +- Git 允许开发人员在一个地方查看任何项目的更改、决策和进度的整个时间线。 从他们访问项目历史记录的那一刻起,开发人员就拥有了理解它并开始参与所需的所有上下文。 -- Developers work in every time zone. With a DVCS like Git, collaboration can happen any time while maintaining source code integrity. Using branches, developers can safely propose changes to production code. +- 开发人员在每个时区工作。 使用像 Git 这样的 DVCS,协作可以随时随地进行,同时保持源代码的完整性。 使用分支,开发人员可以安全地提出对生产代码的更改建议。 -- Businesses using Git can break down communication barriers between teams and keep them focused on doing their best work. Plus, Git makes it possible to align experts across a business to collaborate on major projects. +- 使用 Git 的企业可以打破团队之间的沟通障碍,让他们专注于做好最好的工作。 此外,Git 还可以让整个企业的专家协调一致,在重大项目上进行协作。 ## 关于仓库 -A repository, or Git project, encompasses the entire collection of files and folders associated with a project, along with each file's revision history. The file history appears as snapshots in time called commits. The commits can be organized into multiple lines of development called branches. Because Git is a DVCS, repositories are self-contained units and anyone who has a copy of the repository can access the entire codebase and its history. Using the command line or other ease-of-use interfaces, a Git repository also allows for: interaction with the history, cloning the repository, creating branches, committing, merging, comparing changes across versions of code, and more. +存储库或 Git 项目包含与项目关联的文件和文件夹的整个集合,以及每个文件的修订历史记录。 文件历史记录在时间上显示为快照,称为提交。 提交可以组织成多个开发行,称为分支。 由于 Git 是 DVCS,因此存储库是独立的单元,任何拥有存储库副本的人都可以访问整个代码库及其历史记录。 使用命令行或其他易用性接口,Git 存储库还允许:与历史记录交互、克隆存储库、创建分支、提交、合并、比较不同版本的代码更改等。 -Through platforms like {% data variables.product.product_name %}, Git also provides more opportunities for project transparency and collaboration. Public repositories help teams work together to build the best possible final product. +通过像 {% data variables.product.product_name %} 这样的平台,Git 也为项目的透明度和协作提供了更多的机会。 公共存储库可帮助团队协同工作,以构建最佳的最终产品。 -## How {% data variables.product.product_name %} works +## {% data variables.product.product_name %} 的工作原理 -{% data variables.product.product_name %} hosts Git repositories and provides developers with tools to ship better code through command line features, issues (threaded discussions), pull requests, code review, or the use of a collection of free and for-purchase apps in the {% data variables.product.prodname_marketplace %}. With collaboration layers like the {% data variables.product.product_name %} flow, a community of 15 million developers, and an ecosystem with hundreds of integrations, {% data variables.product.product_name %} changes the way software is built. +{% data variables.product.product_name %} 托管 Git 存储库,并为开发人员提供工具,通过命令行功能、议题(线程讨论)、拉取请求、代码审查或使用 {% data variables.product.prodname_marketplace %} 中的一组免费和可购应用程序来交付更好的代码。 通过 {% data variables.product.product_name %} 流程等协作层、拥有 1500 万开发人员的社区以及具有数百个集成的生态系统,{% data variables.product.product_name %} 改变了软件的构建方式。 -{% data variables.product.product_name %} builds collaboration directly into the development process. Work is organized into repositories where developers can outline requirements or direction and set expectations for team members. Then, using the {% data variables.product.product_name %} flow, developers simply create a branch to work on updates, commit changes to save them, open a pull request to propose and discuss changes, and merge pull requests once everyone is on the same page. For more information, see "[GitHub flow](/get-started/quickstart/github-flow)." +{% data variables.product.product_name %} 将协作直接构建到开发过程中。 工作组织到存储库中,开发人员可以在其中概述要求或方向,并为团队成员设定期望。 然后,使用 {% data variables.product.product_name %} 流程,开发人员只需创建一个分支来处理更新,提交更改以保存它们,打开拉取请求以建议和讨论更改,并在每个人都在同一页面上时合并拉取请求。 更多信息请参阅“[GitHub 流](/get-started/quickstart/github-flow)”。 -## {% data variables.product.product_name %} and the command line +## {% data variables.product.product_name %} 和命令行 -### Basic Git commands +### 基本 Git 命令 -To use Git, developers use specific commands to copy, create, change, and combine code. These commands can be executed directly from the command line or by using an application like {% data variables.product.prodname_desktop %}. Here are some common commands for using Git: +为使用 Git,开发人员使用特定命令来复制、创建、更改和合并代码。 这些命令可以直接从命令行执行,也可以使用 {% data variables.product.prodname_desktop %}等应用程序执行。 以下是使用 Git 的一些常用命令: -- `git init` initializes a brand new Git repository and begins tracking an existing directory. It adds a hidden subfolder within the existing directory that houses the internal data structure required for version control. +- `git init` 初始化一个全新的 Git 存储库并开始跟踪现有目录。 它在现有目录中添加一个隐藏的子文件夹,该子文件夹包含版本控制所需的内部数据结构。 -- `git clone` creates a local copy of a project that already exists remotely. The clone includes all the project's files, history, and branches. +- `git clone` 创建远程已存在的项目的本地副本。 克隆包括项目的所有文件、历史记录和分支。 -- `git add` stages a change. Git tracks changes to a developer's codebase, but it's necessary to stage and take a snapshot of the changes to include them in the project's history. This command performs staging, the first part of that two-step process. Any changes that are staged will become a part of the next snapshot and a part of the project's history. Staging and committing separately gives developers complete control over the history of their project without changing how they code and work. +- `git add` 暂存更改。 Git 跟踪对开发人员代码库的更改,但有必要暂存更改并拍摄更改的快照,以将其包含在项目的历史记录中。 此命令执行暂存,即该两步过程的第一部分。 暂存的任何更改都将成为下一个快照的一部分,并成为项目历史记录的一部分。 通过单独暂存和提交,开发人员可以完全控制其项目的历史记录,而无需更改其编码和工作方式。 -- `git commit` saves the snapshot to the project history and completes the change-tracking process. In short, a commit functions like taking a photo. Anything that's been staged with `git add` will become a part of the snapshot with `git commit`. +- `git commit` 将快照保存到项目历史记录中并完成更改跟踪过程。 简言之,提交就像拍照一样。 任何使用 `git add` 暂存的内容都将成为使用 `git commit` 的快照的一部分。 -- `git status` shows the status of changes as untracked, modified, or staged. +- `git status` 将更改的状态显示为未跟踪、已修改或已暂存。 -- `git branch` shows the branches being worked on locally. +- `git branch` 显示正在本地处理的分支。 -- `git merge` merges lines of development together. This command is typically used to combine changes made on two distinct branches. For example, a developer would merge when they want to combine changes from a feature branch into the main branch for deployment. +- `git merge` 将开发线合并在一起。 此命令通常用于合并在两个不同分支上所做的更改。 例如,当开发人员想要将功能分支中的更改合并到主分支以进行部署时,他们会合并。 -- `git pull` updates the local line of development with updates from its remote counterpart. Developers use this command if a teammate has made commits to a branch on a remote, and they would like to reflect those changes in their local environment. +- `git pull` 使用远程对应项的更新来更新本地开发线。 如果队友已向远程上的分支进行了提交,并且他们希望将这些更改反映到其本地环境中,则开发人员将使用此命令。 -- `git push` updates the remote repository with any commits made locally to a branch. +- `git push` 使用本地对分支所做的任何提交来更新远程存储库。 -For more information, see the [full reference guide to Git commands](https://git-scm.com/docs). +更多信息请参阅 [Git 命令的完整参考指南](https://git-scm.com/docs)。 -### Example: Contribute to an existing repository +### 示例:参与现有存储库 ```bash # download a repository on {% data variables.product.product_name %} to our machine @@ -100,9 +100,9 @@ git commit -m "my snapshot" git push --set-upstream origin my-branch ``` -### Example: Start a new repository and publish it to {% data variables.product.product_name %} +### 示例:启动新存储库并将其发布到 {% data variables.product.product_name %} -First, you will need to create a new repository on {% data variables.product.product_name %}. For more information, see "[Hello World](/get-started/quickstart/hello-world)." **Do not** initialize the repository with a README, .gitignore or License file. This empty repository will await your code. +首先,您需要在 {% data variables.product.product_name %} 上创建一个新存储库。 更多信息请参阅“[Hello World](/get-started/quickstart/hello-world)”。 **不要**使用 README、.gitignore 或许可文件初始化存储库。 这个空存储库将等待您的代码。 ```bash # create a new directory, and initialize it with git-specific functions @@ -127,9 +127,9 @@ git remote add origin https://github.com/YOUR-USERNAME/YOUR-REPOSITORY-NAME.git git push --set-upstream origin main ``` -### Example: contribute to an existing branch on {% data variables.product.product_name %} +### 示例:为 {% data variables.product.product_name %} 的现有分支做出贡献 -This example assumes that you already have a project called `repo` on the machine and that a new branch has been pushed to {% data variables.product.product_name %} since the last time changes were made locally. +此示例假定您的计算机上已有一个名为 `repo` 的项目,并且自上次在本地进行更改以来,已将新分支推送到 {% data variables.product.product_name %}。 ```bash # change into the `repo` directory @@ -153,27 +153,27 @@ git commit -m "edit file1" git push ``` -## Models for collaborative development +## 协作开发模型 -There are two primary ways people collaborate on {% data variables.product.product_name %}: +人们在 {% data variables.product.product_name %} 上有两种主要协作方式: -1. Shared repository -2. Fork and pull +1. 共享存储库 +2. 复刻和拉取 -With a shared repository, individuals and teams are explicitly designated as contributors with read, write, or administrator access. This simple permission structure, combined with features like protected branches, helps teams progress quickly when they adopt {% data variables.product.product_name %}. +使用共享存储库,个人和团队被显式指定为具有读取、写入或管理员访问权限的参与者。 这种简单的权限结构与受保护的分支等功能相结合,可帮助团队在采用 {% data variables.product.product_name %} 时快速取得进展。 -For an open source project, or for projects to which anyone can contribute, managing individual permissions can be challenging, but a fork and pull model allows anyone who can view the project to contribute. A fork is a copy of a project under a developer's personal account. Every developer has full control of their fork and is free to implement a fix or a new feature. Work completed in forks is either kept separate, or is surfaced back to the original project via a pull request. There, maintainers can review the suggested changes before they're merged. For more information, see "[Contributing to projects](/get-started/quickstart/contributing-to-projects)." +对于开源项目,或者对于任何人都可以参与的项目,管理个人权限可能具有挑战性,但复刻和拉取模型允许任何可以查看项目的人做出贡献。 复刻是开发人员个人帐户下项目的副本。 每个开发人员都可以完全控制他们的分支,并可以自由地实现修复或新功能。 在复刻中完成的工作要么保持独立,要么通过拉取请求返回到原始项目。 在那里,维护者可以在合并之前查看建议的更改。 更多信息请参阅“[参与项目](/get-started/quickstart/contributing-to-projects)”。 ## 延伸阅读 -The {% data variables.product.product_name %} team has created a library of educational videos and guides to help users continue to develop their skills and build better software. +{% data variables.product.product_name %} 团队创建了一个教育视频和指南库,以帮助用户继续发展他们的技能并构建更好的软件。 -- [Beginner projects to explore](https://github.com/showcases/great-for-new-contributors) -- [{% data variables.product.product_name %} video guides](https://youtube.com/githubguides) +- [要探索的初学者项目](https://github.com/showcases/great-for-new-contributors) +- [{% data variables.product.product_name %} 视频指南](https://youtube.com/githubguides) -For a detailed look at Git practices, the videos below show how to get the most out of some Git commands. +有关 Git 实践的详细介绍,下面的视频展示了如何充分利用某些 Git 命令。 -- [Working locally](https://www.youtube.com/watch?v=rBbbOouhI-s&index=2&list=PLg7s6cbtAD17Gw5u8644bgKhgRLiJXdX4) +- [本地工作](https://www.youtube.com/watch?v=rBbbOouhI-s&index=2&list=PLg7s6cbtAD17Gw5u8644bgKhgRLiJXdX4) - [`git status`](https://www.youtube.com/watch?v=SxmveNrZb5k&list=PLg7s6cbtAD17Gw5u8644bgKhgRLiJXdX4&index=3) -- [Two-step commits](https://www.youtube.com/watch?v=Vb0Ghkkc2hk&index=4&list=PLg7s6cbtAD17Gw5u8644bgKhgRLiJXdX4) -- [`git pull` and `git push`](https://www.youtube.com/watch?v=-uQHV9GOA0w&index=5&list=PLg7s6cbtAD17Gw5u8644bgKhgRLiJXdX4) +- [两步提交](https://www.youtube.com/watch?v=Vb0Ghkkc2hk&index=4&list=PLg7s6cbtAD17Gw5u8644bgKhgRLiJXdX4) +- [`git pull` 和 `git push`](https://www.youtube.com/watch?v=-uQHV9GOA0w&index=5&list=PLg7s6cbtAD17Gw5u8644bgKhgRLiJXdX4) diff --git a/translations/zh-CN/content/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization.md b/translations/zh-CN/content/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization.md index 88ed019509..73c354afe7 100644 --- a/translations/zh-CN/content/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization.md +++ b/translations/zh-CN/content/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization.md @@ -746,18 +746,18 @@ By default, only events from the past three months are returned. To include olde ### `team` 类操作 -| 操作 | 描述 | -| ------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| `add_member` | 当组织成员被[添加到团队](/articles/adding-organization-members-to-a-team)时触发。 | -| `add_repository` | 当团队被授予控制仓库的权限时触发。 | -| `change_parent_team` | 在创建子团队或[更改子团队的父级](/articles/moving-a-team-in-your-organization-s-hierarchy)时触发。 | -| `change_privacy` | 当团队的隐私级别发生更改时触发。 | -| `create` | 在创建新团队时触发。 | -| `demote_maintainer` | Triggered when a user was demoted from a team maintainer to a team member. For more information, see "[Assigning the team maintainer role to a team member](/organizations/organizing-members-into-teams/assigning-the-team-maintainer-role-to-a-team-member)." | -| `destroy` | 从组织中删除团队时触发。 | -| `team.promote_maintainer` | Triggered when a user was promoted from a team member to a team maintainer. For more information, see "[Assigning the team maintainer role to a team member](/organizations/organizing-members-into-teams/assigning-the-team-maintainer-role-to-a-team-member)." | -| `remove_member` | [从团队中删除组织成员](/articles/removing-organization-members-from-a-team)时触发。 | -| `remove_repository` | 当仓库不再受团队控制时触发。 | +| 操作 | 描述 | +| ------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| `add_member` | 当组织成员被[添加到团队](/articles/adding-organization-members-to-a-team)时触发。 | +| `add_repository` | 当团队被授予控制仓库的权限时触发。 | +| `change_parent_team` | 在创建子团队或[更改子团队的父级](/articles/moving-a-team-in-your-organization-s-hierarchy)时触发。 | +| `change_privacy` | 当团队的隐私级别发生更改时触发。 | +| `create` | 在创建新团队时触发。 | +| `demote_maintainer` | Triggered when a user was demoted from a team maintainer to a team member. 更多信息请参阅“[将团队维护者角色分配给团队成员](/organizations/organizing-members-into-teams/assigning-the-team-maintainer-role-to-a-team-member)”。 | +| `destroy` | 从组织中删除团队时触发。 | +| `team.promote_maintainer` | Triggered when a user was promoted from a team member to a team maintainer. 更多信息请参阅“[将团队维护者角色分配给团队成员](/organizations/organizing-members-into-teams/assigning-the-team-maintainer-role-to-a-team-member)”。 | +| `remove_member` | [从团队中删除组织成员](/articles/removing-organization-members-from-a-team)时触发。 | +| `remove_repository` | 当仓库不再受团队控制时触发。 | ### `team_discussions` 类操作 diff --git a/translations/zh-CN/content/organizations/managing-access-to-your-organizations-repositories/repository-roles-for-an-organization.md b/translations/zh-CN/content/organizations/managing-access-to-your-organizations-repositories/repository-roles-for-an-organization.md index bf281764ec..00da4e4122 100644 --- a/translations/zh-CN/content/organizations/managing-access-to-your-organizations-repositories/repository-roles-for-an-organization.md +++ b/translations/zh-CN/content/organizations/managing-access-to-your-organizations-repositories/repository-roles-for-an-organization.md @@ -1,6 +1,6 @@ --- -title: Repository roles for an organization -intro: 'You can customize access to each repository in your organization by assigning granular roles, giving people access to the features and tasks they need.' +title: 组织的存储库角色 +intro: 您可以通过细化角色自定义组织中每个仓库的权限,从而为每个用户提供所需的功能和任务权限。 miniTocMaxHeadingLevel: 3 redirect_from: - /articles/repository-permission-levels-for-an-organization-early-access-program @@ -15,14 +15,14 @@ versions: topics: - Organizations - Teams -shortTitle: Repository roles +shortTitle: 存储库角色 --- -## Repository roles for organizations +## 组织的存储库角色 -You can give organization members, outside collaborators, and teams of people different levels of access to repositories owned by an organization by assigning them to roles. Choose the role that best fits each person or team's function in your project without giving people more access to the project than they need. +您可以通过分配角色,为组织成员、外部协作者和人员团队提供对组织仓库不同级别的权限。 选择最适合每个人或团队在项目中的职能的角色,而不是提供超过其需求的项目权限。 -From least access to most access, the roles for an organization repository are: +组织存储库的角色从低到高的权限级别分别为: - **读取**:建议授予要查看或讨论项目的非代码参与者 - **分类**:建议授予需要主动管理议题和拉取请求的参与者,无写入权限 - **写入**:建议授予积极向项目推送的参与者 @@ -30,16 +30,16 @@ From least access to most access, the roles for an organization repository are: - **管理员**:建议授予需要完全项目权限的人员,包括执行敏感和破坏性操作,例如管理安全性或删除仓库 {% ifversion fpt %} -If your organization uses {% data variables.product.prodname_ghe_cloud %}, you can create custom repository roles. For more information, see "[Managing custom repository roles for an organization](/enterprise-cloud@latest/organizations/managing-peoples-access-to-your-organization-with-roles/managing-custom-repository-roles-for-an-organization)" in the {% data variables.product.prodname_ghe_cloud %} documentation. +如果您的组织使用 {% data variables.product.prodname_ghe_cloud %},则可以创建自定义存储库角色。 更多信息请参阅 {% data variables.product.prodname_ghe_cloud %} 文档中的“[管理组织的自定义仓库角色](/enterprise-cloud@latest/organizations/managing-peoples-access-to-your-organization-with-roles/managing-custom-repository-roles-for-an-organization)”。 {% elsif ghec %} -You can create custom repository roles. 更多信息请参阅“[管理组织的自定义仓库角色](/organizations/managing-peoples-access-to-your-organization-with-roles/managing-custom-repository-roles-for-an-organization)”。 +您可以创建自定义存储库角色。 更多信息请参阅“[管理组织的自定义仓库角色](/organizations/managing-peoples-access-to-your-organization-with-roles/managing-custom-repository-roles-for-an-organization)”。 {% endif %} 组织所有者可以在访问组织的任何仓库时设置适用于组织所有成员的基本权限。 更多信息请参阅“[设置组织的基本权限](/organizations/managing-access-to-your-organizations-repositories/setting-base-permissions-for-an-organization#setting-base-permissions)”。 组织所有者还可以选择进一步限制对整个组织中某些设置和操作的权限。 有关特定设置选项的更多信息,请参阅“[管理组织设置](/articles/managing-organization-settings)”。 -In addition to managing organization-level settings, organization owners have admin access to every repository owned by the organization. 更多信息请参阅“[组织中的角色](/organizations/managing-peoples-access-to-your-organization-with-roles/roles-in-an-organization)”。 +除了管理组织级设置之外,组织所有者对组织拥有的每个存储库都具有管理员权限。 更多信息请参阅“[组织中的角色](/organizations/managing-peoples-access-to-your-organization-with-roles/roles-in-an-organization)”。 {% warning %} @@ -47,7 +47,7 @@ In addition to managing organization-level settings, organization owners have ad {% endwarning %} -## Permissions for each role +## 每个角色的权限 {% ifversion fpt %} 下面列出的一些功能仅限于使用 {% data variables.product.prodname_ghe_cloud %} 的组织。 {% data reusables.enterprise.link-to-ghec-trial %} @@ -56,107 +56,107 @@ In addition to managing organization-level settings, organization owners have ad {% ifversion fpt or ghes or ghec %} {% note %} -**Note:** The roles required to use security features are listed in "[Access requirements for security features](#access-requirements-for-security-features)" below. +**注意:** 用安全功能所需的角色在下面的“[安全功能的访问要求](#access-requirements-for-security-features)”中列出。 {% endnote %} {% endif %} -| 仓库操作 | 读取 | 分类 | 写入 | 维护 | 管理员 | -|:--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |:-----:|:-----:|:-----:|:-----:|:-------------------------------------------------------------------:| -| Manage [individual](/organizations/managing-access-to-your-organizations-repositories/managing-an-individuals-access-to-an-organization-repository), [team](/organizations/managing-access-to-your-organizations-repositories/managing-team-access-to-an-organization-repository), and [outside collaborator](/organizations/managing-access-to-your-organizations-repositories/adding-outside-collaborators-to-repositories-in-your-organization) access to the repository | | | | | **X** | -| 从人员或团队的已分配仓库拉取 | **X** | **X** | **X** | **X** | **X** | -| 复刻人员或团队的已分配仓库 | **X** | **X** | **X** | **X** | **X** | -| 编辑和删除自己的评论 | **X** | **X** | **X** | **X** | **X** | -| 打开议题 | **X** | **X** | **X** | **X** | **X** | -| 关闭自己打开的议题 | **X** | **X** | **X** | **X** | **X** | -| 重新打开自己关闭的议题 | **X** | **X** | **X** | **X** | **X** | -| 受理议题 | **X** | **X** | **X** | **X** | **X** | -| 从团队已分配仓库的复刻发送拉取请求 | **X** | **X** | **X** | **X** | **X** | -| 提交拉取请求审查 | **X** | **X** | **X** | **X** | **X** | -| 查看已发布的版本 | **X** | **X** | **X** | **X** | **X** |{% ifversion fpt or ghec %} -| 查看 [GitHub Actions 工作流程运行](/actions/automating-your-workflow-with-github-actions/managing-a-workflow-run) | **X** | **X** | **X** | **X** | **X** +| 仓库操作 | 读取 | 分类 | 写入 | 维护 | 管理员 | +|:---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |:-----:|:-----:|:-----:|:-----:|:-------------------------------------------------------------------:| +| 管理[个人](/organizations/managing-access-to-your-organizations-repositories/managing-an-individuals-access-to-an-organization-repository)、[团队](/organizations/managing-access-to-your-organizations-repositories/managing-team-access-to-an-organization-repository)和[外部协作者](/organizations/managing-access-to-your-organizations-repositories/adding-outside-collaborators-to-repositories-in-your-organization)的存储库访问权限 | | | | | **X** | +| 从人员或团队的已分配仓库拉取 | **X** | **X** | **X** | **X** | **X** | +| 复刻人员或团队的已分配仓库 | **X** | **X** | **X** | **X** | **X** | +| 编辑和删除自己的评论 | **X** | **X** | **X** | **X** | **X** | +| 打开议题 | **X** | **X** | **X** | **X** | **X** | +| 关闭自己打开的议题 | **X** | **X** | **X** | **X** | **X** | +| 重新打开自己关闭的议题 | **X** | **X** | **X** | **X** | **X** | +| 受理议题 | **X** | **X** | **X** | **X** | **X** | +| 从团队已分配仓库的复刻发送拉取请求 | **X** | **X** | **X** | **X** | **X** | +| 提交拉取请求审查 | **X** | **X** | **X** | **X** | **X** | +| 查看已发布的版本 | **X** | **X** | **X** | **X** | **X** |{% ifversion fpt or ghec %} +| 查看 [GitHub Actions 工作流程运行](/actions/automating-your-workflow-with-github-actions/managing-a-workflow-run) | **X** | **X** | **X** | **X** | **X** {% endif %} -| 编辑公共仓库中的 Wiki | **X** | **X** | **X** | **X** | **X** | -| 编辑私有仓库中的 Wiki | | | **X** | **X** | **X** |{% ifversion fpt or ghec %} -| [举报滥用或垃圾内容](/communities/maintaining-your-safety-on-github/reporting-abuse-or-spam) | **X** | **X** | **X** | **X** | **X** +| 编辑公共仓库中的 Wiki | **X** | **X** | **X** | **X** | **X** | +| 编辑私有仓库中的 Wiki | | | **X** | **X** | **X** |{% ifversion fpt or ghec %} +| [举报滥用或垃圾内容](/communities/maintaining-your-safety-on-github/reporting-abuse-or-spam) | **X** | **X** | **X** | **X** | **X** {% endif %} -| 应用/忽略标签 | | **X** | **X** | **X** | **X** | -| 创建、编辑、删除标签 | | | **X** | **X** | **X** | -| 关闭、重新打开和分配所有议题与拉取请求 | | **X** | **X** | **X** | **X** | -| [在拉取请求上启用和禁用自动合并](/github/administering-a-repository/managing-auto-merge-for-pull-requests-in-your-repository) | | | **X** | **X** | **X** | -| 应用里程碑 | | **X** | **X** | **X** | **X** | -| 标记[重复的议题和拉取请求](/articles/about-duplicate-issues-and-pull-requests) | | **X** | **X** | **X** | **X** | -| 申请[拉取请求审查](/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/requesting-a-pull-request-review) | | **X** | **X** | **X** | **X** | -| 合并[拉取请求](/github/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/about-pull-request-merges) | | | **X** | **X** | **X** | -| 推送到(写入)人员或团队的已分配仓库 | | | **X** | **X** | **X** | -| 编辑和删除任何人对提交、拉取请求和议题的评论 | | | **X** | **X** | **X** | -| [隐藏任何人的评论](/communities/moderating-comments-and-conversations/managing-disruptive-comments) | | | **X** | **X** | **X** | -| [锁定对话](/communities/moderating-comments-and-conversations/locking-conversations) | | | **X** | **X** | **X** | -| 转让议题(更多信息请参阅“[将议题转让给其他仓库](/articles/transferring-an-issue-to-another-repository)”) | | | **X** | **X** | **X** | -| [作为仓库的指定代码所有者](/articles/about-code-owners) | | | **X** | **X** | **X** | -| [将拉取请求草稿标记为可供审查](/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/changing-the-stage-of-a-pull-request) | | | **X** | **X** | **X** | -| [将拉取请求转换为草稿](/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/changing-the-stage-of-a-pull-request) | | | **X** | **X** | **X** | -| 提交影响拉取请求可合并性的审查 | | | **X** | **X** | **X** | -| 对拉取请求[应用建议的更改](/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/incorporating-feedback-in-your-pull-request) | | | **X** | **X** | **X** | -| 创建[状态检查](/pull-requests/collaborating-with-pull-requests/collaborating-on-repositories-with-code-quality-features/about-status-checks) | | | **X** | **X** | **X** |{% ifversion fpt or ghec %} -| 创建、编辑、运行、重新运行和取消 [GitHub Actions 工作流程](/actions/automating-your-workflow-with-github-actions/) | | | **X** | **X** | **X** +| 应用/忽略标签 | | **X** | **X** | **X** | **X** | +| 创建、编辑、删除标签 | | | **X** | **X** | **X** | +| 关闭、重新打开和分配所有议题与拉取请求 | | **X** | **X** | **X** | **X** | +| [在拉取请求上启用和禁用自动合并](/github/administering-a-repository/managing-auto-merge-for-pull-requests-in-your-repository) | | | **X** | **X** | **X** | +| 应用里程碑 | | **X** | **X** | **X** | **X** | +| 标记[重复的议题和拉取请求](/articles/about-duplicate-issues-and-pull-requests) | | **X** | **X** | **X** | **X** | +| 申请[拉取请求审查](/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/requesting-a-pull-request-review) | | **X** | **X** | **X** | **X** | +| 合并[拉取请求](/github/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/about-pull-request-merges) | | | **X** | **X** | **X** | +| 推送到(写入)人员或团队的已分配仓库 | | | **X** | **X** | **X** | +| 编辑和删除任何人对提交、拉取请求和议题的评论 | | | **X** | **X** | **X** | +| [隐藏任何人的评论](/communities/moderating-comments-and-conversations/managing-disruptive-comments) | | | **X** | **X** | **X** | +| [锁定对话](/communities/moderating-comments-and-conversations/locking-conversations) | | | **X** | **X** | **X** | +| 转让议题(更多信息请参阅“[将议题转让给其他仓库](/articles/transferring-an-issue-to-another-repository)”) | | | **X** | **X** | **X** | +| [作为仓库的指定代码所有者](/articles/about-code-owners) | | | **X** | **X** | **X** | +| [将拉取请求草稿标记为可供审查](/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/changing-the-stage-of-a-pull-request) | | | **X** | **X** | **X** | +| [将拉取请求转换为草稿](/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/changing-the-stage-of-a-pull-request) | | | **X** | **X** | **X** | +| 提交影响拉取请求可合并性的审查 | | | **X** | **X** | **X** | +| 对拉取请求[应用建议的更改](/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/incorporating-feedback-in-your-pull-request) | | | **X** | **X** | **X** | +| 创建[状态检查](/pull-requests/collaborating-with-pull-requests/collaborating-on-repositories-with-code-quality-features/about-status-checks) | | | **X** | **X** | **X** |{% ifversion fpt or ghec %} +| 创建、编辑、运行、重新运行和取消 [GitHub Actions 工作流程](/actions/automating-your-workflow-with-github-actions/) | | | **X** | **X** | **X** {% endif %} -| 创建和编辑发行版 | | | **X** | **X** | **X** | -| 查看发行版草稿 | | | **X** | **X** | **X** | -| 编辑仓库的说明 | | | | **X** | **X** |{% ifversion fpt or ghae or ghec %} -| [查看和安装包](/packages/publishing-and-managing-packages) | **X** | **X** | **X** | **X** | **X** | -| [发布包](/packages/publishing-and-managing-packages/publishing-a-package) | | | **X** | **X** | **X** | -| [删除和恢复包](/packages/learn-github-packages/deleting-and-restoring-a-package) | | | | | **X** |{% endif %} -| 管理[主题](/articles/classifying-your-repository-with-topics) | | | | **X** | **X** | -| 启用 wiki 和限制 wiki 编辑器 | | | | **X** | **X** | -| 启用项目板 | | | | **X** | **X** | -| 配置[拉取请求合并](/articles/configuring-pull-request-merges) | | | | **X** | **X** | -| 配置[ {% data variables.product.prodname_pages %} 的发布源](/articles/configuring-a-publishing-source-for-github-pages) | | | | **X** | **X** | -| [Manage branch protection rules](/repositories/configuring-branches-and-merges-in-your-repository/defining-the-mergeability-of-pull-requests/managing-a-branch-protection-rule) | | | | | **X** | -| [推送到受保护分支](/articles/about-protected-branches) | | | | **X** | **X** | -| 合并受保护分支上的拉取请求(即使没有批准审查) | | | | | **X** |{% ifversion fpt or ghes > 3.4 or ghae-issue-6337 or ghec %} -| Create tags that match a [tag protection rule](/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/configuring-tag-protection-rules) | | | | **X** | **X** | -| Delete tags that match a [tag protection rule](/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/configuring-tag-protection-rules) | | | | | **X** +| 创建和编辑发行版 | | | **X** | **X** | **X** | +| 查看发行版草稿 | | | **X** | **X** | **X** | +| 编辑仓库的说明 | | | | **X** | **X** |{% ifversion fpt or ghae or ghec %} +| [查看和安装包](/packages/publishing-and-managing-packages) | **X** | **X** | **X** | **X** | **X** | +| [发布包](/packages/publishing-and-managing-packages/publishing-a-package) | | | **X** | **X** | **X** | +| [删除和恢复包](/packages/learn-github-packages/deleting-and-restoring-a-package) | | | | | **X** |{% endif %} +| 管理[主题](/articles/classifying-your-repository-with-topics) | | | | **X** | **X** | +| 启用 wiki 和限制 wiki 编辑器 | | | | **X** | **X** | +| 启用项目板 | | | | **X** | **X** | +| 配置[拉取请求合并](/articles/configuring-pull-request-merges) | | | | **X** | **X** | +| 配置[ {% data variables.product.prodname_pages %} 的发布源](/articles/configuring-a-publishing-source-for-github-pages) | | | | **X** | **X** | +| [管理分支保护规则](/repositories/configuring-branches-and-merges-in-your-repository/defining-the-mergeability-of-pull-requests/managing-a-branch-protection-rule) | | | | | **X** | +| [推送到受保护分支](/articles/about-protected-branches) | | | | **X** | **X** | +| 合并受保护分支上的拉取请求(即使没有批准审查) | | | | | **X** |{% ifversion fpt or ghes > 3.4 or ghae-issue-6337 or ghec %} +| 创建与[标记保护规则](/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/configuring-tag-protection-rules)匹配的标记 | | | | **X** | **X** | +| 删除与[标记保护规则](/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/configuring-tag-protection-rules)匹配的标记 | | | | | **X** {% endif %} -| [创建和编辑仓库社交卡](/articles/customizing-your-repositorys-social-media-preview) | | | | **X** | **X** |{% ifversion fpt or ghec %} -| 限制[仓库中的交互](/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository) | | | | **X** | **X** +| [创建和编辑仓库社交卡](/articles/customizing-your-repositorys-social-media-preview) | | | | **X** | **X** |{% ifversion fpt or ghec %} +| 限制[仓库中的交互](/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository) | | | | **X** | **X** {% endif %} -| 删除议题(请参阅“[删除议题](/articles/deleting-an-issue)”) | | | | | **X** | -| [定义仓库的代码所有者](/articles/about-code-owners) | | | | | **X** | -| 将仓库添加到团队(详细信息请参阅“[管理团队对组织仓库的访问](/organizations/managing-access-to-your-organizations-repositories/managing-team-access-to-an-organization-repository#giving-a-team-access-to-a-repository)”) | | | | | **X** | -| [管理外部协作者对仓库的权限](/articles/adding-outside-collaborators-to-repositories-in-your-organization) | | | | | **X** | -| [更改仓库的可见性](/articles/restricting-repository-visibility-changes-in-your-organization) | | | | | **X** | -| 将仓库设为模板(请参阅“[创建模板仓库](/articles/creating-a-template-repository)”) | | | | | **X** | -| 更改仓库设置 | | | | | **X** | -| 管理团队和协作者对仓库的权限 | | | | | **X** | -| 编辑仓库的默认分支 | | | | | **X** | -| 重命名仓库的默认分支(请参阅“[重命名分支](/github/administering-a-repository/renaming-a-branch)”) | | | | | **X** | -| 重命名仓库默认分支以外的分支(请参阅“[重命名分支](/github/administering-a-repository/renaming-a-branch)”) | | | **X** | **X** | **X** | -| 管理 web 挂钩和部署密钥 | | | | | **X** |{% ifversion fpt or ghec %} -| [管理私有仓库的数据使用设置](/get-started/privacy-on-github/managing-data-use-settings-for-your-private-repository) | | | | | **X** +| 删除议题(请参阅“[删除议题](/articles/deleting-an-issue)”) | | | | | **X** | +| [定义仓库的代码所有者](/articles/about-code-owners) | | | | | **X** | +| 将仓库添加到团队(详细信息请参阅“[管理团队对组织仓库的访问](/organizations/managing-access-to-your-organizations-repositories/managing-team-access-to-an-organization-repository#giving-a-team-access-to-a-repository)”) | | | | | **X** | +| [管理外部协作者对仓库的权限](/articles/adding-outside-collaborators-to-repositories-in-your-organization) | | | | | **X** | +| [更改仓库的可见性](/articles/restricting-repository-visibility-changes-in-your-organization) | | | | | **X** | +| 将仓库设为模板(请参阅“[创建模板仓库](/articles/creating-a-template-repository)”) | | | | | **X** | +| 更改仓库设置 | | | | | **X** | +| 管理团队和协作者对仓库的权限 | | | | | **X** | +| 编辑仓库的默认分支 | | | | | **X** | +| 重命名仓库的默认分支(请参阅“[重命名分支](/github/administering-a-repository/renaming-a-branch)”) | | | | | **X** | +| 重命名仓库默认分支以外的分支(请参阅“[重命名分支](/github/administering-a-repository/renaming-a-branch)”) | | | **X** | **X** | **X** | +| 管理 web 挂钩和部署密钥 | | | | | **X** |{% ifversion fpt or ghec %} +| [管理私有仓库的数据使用设置](/get-started/privacy-on-github/managing-data-use-settings-for-your-private-repository) | | | | | **X** {% endif %} -| [管理仓库的复刻策略](/github/administering-a-repository/managing-the-forking-policy-for-your-repository) | | | | | **X** | -| [将仓库转让给组织](/articles/restricting-repository-creation-in-your-organization) | | | | | **X** | -| [删除仓库或将仓库转让到组织外部](/articles/setting-permissions-for-deleting-or-transferring-repositories) | | | | | **X** | -| [存档仓库](/articles/about-archiving-repositories) | | | | | **X** |{% ifversion fpt or ghec %} -| 显示赞助按钮(请参阅“[在仓库中显示赞助按钮](/articles/displaying-a-sponsor-button-in-your-repository)”)。 | | | | | **X** +| [管理仓库的复刻策略](/github/administering-a-repository/managing-the-forking-policy-for-your-repository) | | | | | **X** | +| [将仓库转让给组织](/articles/restricting-repository-creation-in-your-organization) | | | | | **X** | +| [删除仓库或将仓库转让到组织外部](/articles/setting-permissions-for-deleting-or-transferring-repositories) | | | | | **X** | +| [存档仓库](/articles/about-archiving-repositories) | | | | | **X** |{% ifversion fpt or ghec %} +| 显示赞助按钮(请参阅“[在仓库中显示赞助按钮](/articles/displaying-a-sponsor-button-in-your-repository)”)。 | | | | | **X** {% endif %} -| Create autolink references to external resources, like Jira or Zendesk (see "[Configuring autolinks to reference external resources](/articles/configuring-autolinks-to-reference-external-resources)") | | | | | **X** |{% ifversion fpt or ghec %} -| 在仓库中[启用 {% data variables.product.prodname_discussions %}](/github/administering-a-repository/enabling-or-disabling-github-discussions-for-a-repository) | | | | **X** | **X** | -| 为 {% data variables.product.prodname_discussions %} [创建和编辑类别](/discussions/managing-discussions-for-your-community/managing-categories-for-discussions-in-your-repository) | | | | **X** | **X** | -| [将讨论移动到其他类别](/discussions/managing-discussions-for-your-community/managing-discussions-in-your-repository) | | | **X** | **X** | **X** | -| [将讨论转移到](/discussions/managing-discussions-for-your-community/managing-discussions-in-your-repository)新仓库 | | | **X** | **X** | **X** | -| [管理置顶的讨论](/discussions/managing-discussions-for-your-community/managing-discussions-in-your-repository) | | | **X** | **X** | **X** | -| [批量将议题转换为讨论](/discussions/managing-discussions-for-your-community/managing-discussions-in-your-repository) | | | **X** | **X** | **X** | -| [锁定和解锁讨论](/discussions/managing-discussions-for-your-community/moderating-discussions) | | **X** | **X** | **X** | **X** | -| [单独将议题转换为讨论](/discussions/managing-discussions-for-your-community/moderating-discussions) | | **X** | **X** | **X** | **X** | -| [创建新的讨论并对现有讨论发表评论](/discussions/collaborating-with-your-community-using-discussions/participating-in-a-discussion) | **X** | **X** | **X** | **X** | **X** | -| [删除讨论](/discussions/managing-discussions-for-your-community/managing-discussions-in-your-repository#deleting-a-discussion) | | **X** | | **X** | **X** |{% endif %}{% ifversion fpt or ghec %} -| 创建 [codespaces](/codespaces/about-codespaces) | | | **X** | **X** | **X** +| 创建到外部资源的自动链接引用,如 Jira 或 Zendesk(请参阅“[配置自动链接以引用外部资源](/articles/configuring-autolinks-to-reference-external-resources)”) | | | | | **X** |{% ifversion fpt or ghec %} +| 在仓库中[启用 {% data variables.product.prodname_discussions %}](/github/administering-a-repository/enabling-or-disabling-github-discussions-for-a-repository) | | | | **X** | **X** | +| 为 {% data variables.product.prodname_discussions %} [创建和编辑类别](/discussions/managing-discussions-for-your-community/managing-categories-for-discussions-in-your-repository) | | | | **X** | **X** | +| [将讨论移动到其他类别](/discussions/managing-discussions-for-your-community/managing-discussions-in-your-repository) | | | **X** | **X** | **X** | +| [将讨论转移到](/discussions/managing-discussions-for-your-community/managing-discussions-in-your-repository)新仓库 | | | **X** | **X** | **X** | +| [管理置顶的讨论](/discussions/managing-discussions-for-your-community/managing-discussions-in-your-repository) | | | **X** | **X** | **X** | +| [批量将议题转换为讨论](/discussions/managing-discussions-for-your-community/managing-discussions-in-your-repository) | | | **X** | **X** | **X** | +| [锁定和解锁讨论](/discussions/managing-discussions-for-your-community/moderating-discussions) | | **X** | **X** | **X** | **X** | +| [单独将议题转换为讨论](/discussions/managing-discussions-for-your-community/moderating-discussions) | | **X** | **X** | **X** | **X** | +| [创建新的讨论并对现有讨论发表评论](/discussions/collaborating-with-your-community-using-discussions/participating-in-a-discussion) | **X** | **X** | **X** | **X** | **X** | +| [删除讨论](/discussions/managing-discussions-for-your-community/managing-discussions-in-your-repository#deleting-a-discussion) | | **X** | | **X** | **X** |{% endif %}{% ifversion fpt or ghec %} +| 创建 [codespaces](/codespaces/about-codespaces) | | | **X** | **X** | **X** {% endif %} -### Access requirements for security features +### 安全功能的访问要求 -In this section, you can find the access required for security features, such as {% data variables.product.prodname_advanced_security %} features. +在本节中,您可以找到一些安全功能所需的访问权限,例如 {% data variables.product.prodname_advanced_security %} 功能。 | 仓库操作 | 读取 | 分类 | 写入 | 维护 | 管理员 | |:--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |:-----:|:-----:|:------------------------------------------------------:|:------------------------------------------------------:|:-------------------------------------------------------------------------------------------------------:|{% ifversion fpt or ghes or ghae-issue-4864 or ghec %} diff --git a/translations/zh-CN/content/organizations/managing-peoples-access-to-your-organization-with-roles/maintaining-ownership-continuity-for-your-organization.md b/translations/zh-CN/content/organizations/managing-peoples-access-to-your-organization-with-roles/maintaining-ownership-continuity-for-your-organization.md index d876e0aa15..af681f668e 100644 --- a/translations/zh-CN/content/organizations/managing-peoples-access-to-your-organization-with-roles/maintaining-ownership-continuity-for-your-organization.md +++ b/translations/zh-CN/content/organizations/managing-peoples-access-to-your-organization-with-roles/maintaining-ownership-continuity-for-your-organization.md @@ -32,7 +32,7 @@ shortTitle: 保持所有权连续性 {% endnote %} {% if enterprise-owner-join-org %} -如果您的组织由企业帐户拥有,则任何企业所有者都可以将自己设为组织的所有者。 For more information, see "[Managing your role in an organization owned by your enterprise](/admin/user-management/managing-organizations-in-your-enterprise/managing-your-role-in-an-organization-owned-by-your-enterprise)." +如果您的组织由企业帐户拥有,则任何企业所有者都可以将自己设为组织的所有者。 更多信息请参阅“[在企业拥有的组织中管理您的角色](/admin/user-management/managing-organizations-in-your-enterprise/managing-your-role-in-an-organization-owned-by-your-enterprise)”。 {% endif %} ## 任命组织所有者 diff --git a/translations/zh-CN/content/organizations/managing-peoples-access-to-your-organization-with-roles/managing-security-managers-in-your-organization.md b/translations/zh-CN/content/organizations/managing-peoples-access-to-your-organization-with-roles/managing-security-managers-in-your-organization.md index 13e5bbeab4..0929dece62 100644 --- a/translations/zh-CN/content/organizations/managing-peoples-access-to-your-organization-with-roles/managing-security-managers-in-your-organization.md +++ b/translations/zh-CN/content/organizations/managing-peoples-access-to-your-organization-with-roles/managing-security-managers-in-your-organization.md @@ -1,6 +1,6 @@ --- -title: Managing security managers in your organization -intro: You can give your security team the least access they need to your organization by assigning a team to the security manager role. +title: 管理组织中的安全管理员 +intro: 通过将团队分配给安全管理员角色,您可以为安全团队提供他们对组织所需的最少访问权限。 versions: fpt: '*' ghes: '>=3.3' @@ -8,7 +8,7 @@ versions: topics: - Organizations - Teams -shortTitle: Security manager role +shortTitle: 安全管理员角色 permissions: Organization owners can assign the security manager role. --- @@ -16,40 +16,40 @@ permissions: Organization owners can assign the security manager role. {% data reusables.organizations.about-security-managers %} -## Permissions for the security manager role +## 安全管理员角色的权限 -Members of a team with the security manager role have only the permissions required to effectively manage security for the organization. +具有安全管理员角色的团队成员仅具有有效管理组织安全性所需的权限。 -- Read access on all repositories in the organization, in addition to any existing repository access -- Write access on all security alerts in the organization {% ifversion not fpt %} -- Access to the organization's security overview {% endif %} -- The ability to configure security settings at the organization level{% ifversion not fpt %}, including the ability to enable or disable {% data variables.product.prodname_GH_advanced_security %}{% endif %} -- The ability to configure security settings at the repository level{% ifversion not fpt %}, including the ability to enable or disable {% data variables.product.prodname_GH_advanced_security %}{% endif %} +- 除了任何现有的存储库访问外,还可以读取组织中的所有存储库 +- 对组织中所有安全警报的写入访问权限 {% ifversion not fpt %} +- 访问组织的安全概述 {% endif %} +- 能够在组织级配置安全设置{% ifversion not fpt %},包括启用或禁用 {% data variables.product.prodname_GH_advanced_security %}{% endif %} +- 能够在存储库级配置安全设置{% ifversion not fpt %},包括启用或禁用 {% data variables.product.prodname_GH_advanced_security %}{% endif %} {% ifversion fpt %} -Additional functionality, including a security overview for the organization, is available in organizations that use {% data variables.product.prodname_ghe_cloud %} with {% data variables.product.prodname_advanced_security %}. For more information, see the [{% data variables.product.prodname_ghe_cloud %} documentation](/enterprise-cloud@latest/organizations/managing-peoples-access-to-your-organization-with-roles/managing-security-managers-in-your-organization). +其他功能(包括组织的安全概述)在将 {% data variables.product.prodname_ghe_cloud %} 与 {% data variables.product.prodname_advanced_security %} 一起使用的组织中可用。 更多信息请参阅 [{% data variables.product.prodname_ghe_cloud %} 文档](/enterprise-cloud@latest/organizations/managing-peoples-access-to-your-organization-with-roles/managing-security-managers-in-your-organization)。 {% endif %} -If a team has the security manager role, people with admin access to the team and a specific repository can change the team's level of access to that repository but cannot remove the access. For more information, see "[Managing team access to an organization repository](/organizations/managing-access-to-your-organizations-repositories/managing-team-access-to-an-organization-repository){% ifversion ghes %}."{% else %} and "[Managing teams and people with access to your repository](/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/managing-teams-and-people-with-access-to-your-repository)."{% endif %} +如果团队具有安全管理员角色,则对团队和特定存储库具有管理员访问权限的人员可以更改团队对该存储库的访问级别,但不能删除访问权限。 更多信息请参阅“[管理团队对组织存储库的访问](/organizations/managing-access-to-your-organizations-repositories/managing-team-access-to-an-organization-repository){% ifversion ghes %}”。{% else %} 和“[管理可以访问存储库的团队和人员](/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/managing-teams-and-people-with-access-to-your-repository)”。{% endif %} - ![Manage repository access UI with security managers](/assets/images/help/organizations/repo-access-security-managers.png) + ![使用安全管理器管理存储库访问 UI](/assets/images/help/organizations/repo-access-security-managers.png) -## Assigning the security manager role to a team in your organization -You can assign the security manager role to a maximum of 10 teams in your organization. +## 将安全管理员角色分配给组织中的团队 +您可以将安全管理员角色分配给组织中最多 10 个团队。 {% data reusables.profile.access_org %} {% data reusables.profile.org_settings %} {% data reusables.organizations.security-and-analysis %} -1. Under **Security managers**, search for and select the team to give the role. Each team you select will appear in a list below the search bar. ![Add security manager](/assets/images/help/organizations/add-security-managers.png) -## Removing the security manager role from a team in your organization +1. 在 **Security managers(安全管理员)**下,搜索并选择要授予角色的团队。 您选择的每个团队都将显示在搜索栏下方的列表中。 ![添加安全管理员](/assets/images/help/organizations/add-security-managers.png) +## 从组织中的团队中删除安全管理员角色 {% warning %} -**Warning:** Removing the security manager role from a team will remove the team's ability to manage security alerts and settings across the organization, but the team will retain read access to repositories that was granted when the role was assigned. You must remove any unwanted read access manually. 更多信息请参阅“[管理团队的组织仓库访问权限](/organizations/managing-access-to-your-organizations-repositories/managing-team-access-to-an-organization-repository#removing-a-teams-access-to-a-repository)”。 +**警告:**从团队中删除安全管理员角色将删除团队在整个组织中管理安全警报和设置的能力,但团队将保留对分配角色时授予的存储库读取访问权限。 您必须手动删除任何不需要的读取访问权限。 更多信息请参阅“[管理团队的组织仓库访问权限](/organizations/managing-access-to-your-organizations-repositories/managing-team-access-to-an-organization-repository#removing-a-teams-access-to-a-repository)”。 {% endwarning %} {% data reusables.profile.access_org %} {% data reusables.profile.org_settings %} {% data reusables.organizations.security-and-analysis %} -1. Under **Security managers**, to the right of the team you want to remove as security managers, click {% octicon "x" aria-label="The X icon" %}. ![Remove security managers](/assets/images/help/organizations/remove-security-managers.png) +1. 在 **Security managers(安全管理员)**下,在要删除为安全管理员的团队右侧,单击" {% octicon "x" aria-label="The X icon" %}"。 ![删除安全管理员](/assets/images/help/organizations/remove-security-managers.png) diff --git a/translations/zh-CN/content/organizations/managing-peoples-access-to-your-organization-with-roles/roles-in-an-organization.md b/translations/zh-CN/content/organizations/managing-peoples-access-to-your-organization-with-roles/roles-in-an-organization.md index b3152f71bb..75674da5d9 100644 --- a/translations/zh-CN/content/organizations/managing-peoples-access-to-your-organization-with-roles/roles-in-an-organization.md +++ b/translations/zh-CN/content/organizations/managing-peoples-access-to-your-organization-with-roles/roles-in-an-organization.md @@ -1,6 +1,6 @@ --- -title: Roles in an organization -intro: Organization owners can assign roles to individuals and teams giving them different sets of permissions in the organization. +title: 组织中的角色 +intro: 组织所有者可以将角色分配给个人和团队,从而在组织中为他们提供不同的权限集。 redirect_from: - /articles/permission-levels-for-an-organization-early-access-program - /articles/permission-levels-for-an-organization @@ -14,46 +14,46 @@ versions: topics: - Organizations - Teams -shortTitle: Roles in an organization +shortTitle: 组织中的角色 --- -## About roles +## 关于角色 {% data reusables.organizations.about-roles %} -Repository-level roles give organization members, outside collaborators and teams of people varying levels of access to repositories. 更多信息请参阅“[组织的仓库角色](/organizations/managing-access-to-your-organizations-repositories/repository-roles-for-an-organization)”。 +存储库级别角色为组织成员、外部协作者和团队提供不同级别的存储库访问权限。 更多信息请参阅“[组织的仓库角色](/organizations/managing-access-to-your-organizations-repositories/repository-roles-for-an-organization)”。 -Team-level roles are roles that give permissions to manage a team. You can give any individual member of a team the team maintainer role, which gives the member a number of administrative permissions over a team. For more information, see "[Assigning the team maintainer role to a team member](/organizations/organizing-members-into-teams/assigning-the-team-maintainer-role-to-a-team-member)." +团队级别角色是授予管理团队的权限的角色。 您可以为团队的任何单个成员授予团队维护者角色,授予该成员对团队的诸多管理权限。 更多信息请参阅“[将团队维护者角色分配给团队成员](/organizations/organizing-members-into-teams/assigning-the-team-maintainer-role-to-a-team-member)”。 -Organization-level roles are sets of permissions that can be assigned to individuals or teams to manage an organization and the organization's repositories, teams, and settings. For more information about all the roles available at the organization level, see "[About organization roles](#about-organization-roles)." +组织级角色是可分配给个人或团队以管理组织及组织的存储库、团队和设置的权限集。 有关组织级可用的所有角色的详细信息,请参阅“[关于组织角色](#about-organization-roles)”。 -## About organization roles +## 关于组织角色 -You can assign individuals or teams to a variety of organization-level roles to control your members' access to your organization and its resources. For more details about the individual permissions included in each role, see "[Permissions for organization roles](#permissions-for-organization-roles)." +您可以将个人或团队分配到各种组织级角色,以控制成员对组织及其资源的访问权限。 有关每个角色中包含的各个权限的更多详细信息,请参阅“[组织角色的权限](#permissions-for-organization-roles)”。 {% if enterprise-owner-join-org %} -If your organization is owned by an enterprise account, enterprise owners can choose to join your organization with any role. For more information, see "[Managing your role in an organization owned by your enterprise](/admin/user-management/managing-organizations-in-your-enterprise/managing-your-role-in-an-organization-owned-by-your-enterprise)." +如果您的组织由企业帐户拥有,则企业所有者可以选择以任何角色加入您的组织。 更多信息请参阅“[在企业拥有的组织中管理您的角色](/admin/user-management/managing-organizations-in-your-enterprise/managing-your-role-in-an-organization-owned-by-your-enterprise)”。 {% endif %} -### Organization owners -Organization owners have complete administrative access to your organization. 此角色应限于组织中的少数几个人,但不少于两人。 更多信息请参阅“[管理组织的所有权连续性](/organizations/managing-peoples-access-to-your-organization-with-roles/maintaining-ownership-continuity-for-your-organization)”。 +### 组织所有者 +组织所有者对组织具有完全管理权限。 此角色应限于组织中的少数几个人,但不少于两人。 更多信息请参阅“[管理组织的所有权连续性](/organizations/managing-peoples-access-to-your-organization-with-roles/maintaining-ownership-continuity-for-your-organization)”。 ### 组织成员 -The default, non-administrative role for people in an organization is the organization member. By default, organization members have a number of permissions, including the ability to create repositories and project boards. +组织中人员的默认非管理角色是组织成员。 默认情况下,组织成员具有许多权限,包括能够创建存储库和项目板。 {% ifversion fpt or ghec %} ### 帐单管理员 -Billing managers are users who can manage the billing settings for your organization, such as payment information. This is a useful option if members of your organization don't usually have access to billing resources. For more information, see "[Adding a billing manager to your organization](/organizations/managing-peoples-access-to-your-organization-with-roles/adding-a-billing-manager-to-your-organization)." +帐单管理员是可以管理组织的帐单设置(如付款信息)的用户。 如果组织成员通常无权访问计费资源,则这是一个有用的选项。 更多信息请参阅“[为组织添加帐单管理员](/organizations/managing-peoples-access-to-your-organization-with-roles/adding-a-billing-manager-to-your-organization)”。 {% endif %} {% if security-managers %} -### Security managers +### 安全管理员 {% data reusables.organizations.security-manager-beta-note %} {% data reusables.organizations.about-security-managers %} -If your organization has a security team, you can use the security manager role to give members of the team the least access they need to the organization. For more information, see "[Managing security managers in your organization](/organizations/managing-peoples-access-to-your-organization-with-roles/managing-security-managers-in-your-organization)." +如果您的组织具有安全团队,则可以使用安全管理员角色为团队成员提供他们对组织所需的最少访问权限。 更多信息请参阅“[管理组织中的安全管理员](/organizations/managing-peoples-access-to-your-organization-with-roles/managing-security-managers-in-your-organization)”。 {% endif %} ### {% data variables.product.prodname_github_app %} 管理员 默认情况下,只有组织所有者才可管理组织拥有的 {% data variables.product.prodname_github_apps %} 的设置。 要允许其他用户管理组织拥有的 {% data variables.product.prodname_github_apps %},所有者可向他们授予 {% data variables.product.prodname_github_app %} 管理员权限。 @@ -66,7 +66,7 @@ If your organization has a security team, you can use the security manager role ### 外部协作者 在允许访问仓库时,为确保组织数据的安全,您可以添加*外部协作者*。 {% data reusables.organizations.outside_collaborators_description %} -## Permissions for organization roles +## 组织角色的权限 {% ifversion fpt %} 下面列出的一些功能仅限于使用 {% data variables.product.prodname_ghe_cloud %} 的组织。 {% data reusables.enterprise.link-to-ghec-trial %} @@ -75,7 +75,7 @@ If your organization has a security team, you can use the security manager role {% ifversion fpt or ghec %} -| Organization permission | 所有者 | 成员 | 帐单管理员 | Security managers | +| 组织权限 | 所有者 | 成员 | 帐单管理员 | 安全管理员 | |:--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |:-----:|:-----:|:-----:|:-------------------------------------:| | 创建仓库(详细信息请参阅“[限制在组织中创建仓库](/articles/restricting-repository-creation-in-your-organization)”) | **X** | **X** | | **X** | | 查看和编辑帐单信息 | **X** | | **X** | | @@ -113,7 +113,7 @@ If your organization has a security team, you can use the security manager role | 将您的赞助归因于另一个组织(更多信息请参阅“[将赞助归因于组织](/sponsors/sponsoring-open-source-contributors/attributing-sponsorships-to-your-organization)”) | **X** | | | | | 管理从组织中的仓库发布 {% data variables.product.prodname_pages %} 站点(请参阅“[管理组织的 {% data variables.product.prodname_pages %} 站点发布](/organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization)”了解详细信息) | **X** | | | | | 管理安全性和分析设置(详情请参阅“[管理组织的安全性和分析设置](/organizations/keeping-your-organization-secure/managing-security-and-analysis-settings-for-your-organization)”) | **X** | | | **X** | -| View the security overview for the organization (see "[About the security overview](/code-security/security-overview/about-the-security-overview)" for details) | **X** | | | **X** |{% ifversion ghec %} +| 查看组织的安全概述(有关详细信息,请参阅“[关于安全概述](/code-security/security-overview/about-the-security-overview)”) | **X** | | | **X** |{% ifversion ghec %} | 启用并实施 [SAML 单点登录](/articles/about-identity-and-access-management-with-saml-single-sign-on) | **X** | | | | | [管理用户对组织的 SAML 访问](/organizations/granting-access-to-your-organization-with-saml-single-sign-on/viewing-and-managing-a-members-saml-access-to-your-organization) | **X** | | | | | 管理组织的 SSH 认证中心(详细信息请参阅“[管理组织的 SSH 认证中心](/articles/managing-your-organizations-ssh-certificate-authorities)”) | **X** | | | @@ -125,8 +125,8 @@ If your organization has a security team, you can use the security manager role | 管理 {% data variables.product.prodname_dependabot_security_updates %}(请参阅“[关于 {% data variables.product.prodname_dependabot_security_updates %}](/github/managing-security-vulnerabilities/about-dependabot-security-updates)”) | **X** | | | **X** | | [管理复刻策略](/organizations/managing-organization-settings/managing-the-forking-policy-for-your-organization) | **X** | | | | | [限制组织中公共仓库的活动](/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization) | **X** | | | | -| Pull (read) *all repositories* in the organization | **X** | | | **X** | -| Push (write) and clone (copy) *all repositories* in the organization | **X** | | | | +| 拉取(读取)组织中的*所有存储库* | **X** | | | **X** | +| 推送(写入)和克隆(复制)组织中的*所有存储库* | **X** | | | | | 将组织成员转换为[外部协作者](#outside-collaborators) | **X** | | | | | [查看对组织仓库具有访问权限的人员](/articles/viewing-people-with-access-to-your-repository) | **X** | | | |{% ifversion ghec or ghes or ghae %} | [导出具有组织仓库访问权限人员的列表](/articles/viewing-people-with-access-to-your-repository/#exporting-a-list-of-people-with-access-to-your-repository) | **X** | | | @@ -135,12 +135,12 @@ If your organization has a security team, you can use the security manager role | 管理默认标签(请参阅“[管理组织中仓库的默认标签](/articles/managing-default-labels-for-repositories-in-your-organization)”) | **X** | | | |{% ifversion ghec %} | 启用团队同步(详情请参阅“[管理组织的团队同步](/organizations/managing-saml-single-sign-on-for-your-organization/managing-team-synchronization-for-your-organization)”) | **X** | | | {% endif %} -| Manage pull request reviews in the organization (see "[Managing pull request reviews in your organization](/organizations/managing-organization-settings/managing-pull-request-reviews-in-your-organization)") | **X** | | | | +| 管理组织中的拉取请求审核(请参阅“[管理组织中的拉取请求审核](/organizations/managing-organization-settings/managing-pull-request-reviews-in-your-organization)”) | **X** | | | | {% elsif ghes > 3.2 or ghae-issue-4999 %} -| 组织操作 | 所有者 | 成员 | Security managers | +| 组织操作 | 所有者 | 成员 | 安全管理员 | |:--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |:-----:|:-----:|:--------------------------------------------:| | 邀请人员加入组织 | **X** | | | | 编辑和取消邀请加入组织 | **X** | | | @@ -163,7 +163,7 @@ If your organization has a security team, you can use the security manager role | 可成为*团队维护员* | **X** | **X** | **X** | | 转让仓库 | **X** | | | | 管理安全性和分析设置(详情请参阅“[管理组织的安全性和分析设置](/organizations/keeping-your-organization-secure/managing-security-and-analysis-settings-for-your-organization)”) | **X** | | **X** |{% ifversion ghes > 3.1 %} -| View the security overview for the organization (see "[About the security overview](/code-security/security-overview/about-the-security-overview)" for details) | **X** | | **X** |{% endif %}{% ifversion ghes > 3.2 %} +| 查看组织的安全概述(有关详细信息,请参阅“[关于安全概述](/code-security/security-overview/about-the-security-overview)”) | **X** | | **X** |{% endif %}{% ifversion ghes > 3.2 %} | 管理 {% data variables.product.prodname_dependabot_security_updates %}(请参阅“[关于 {% data variables.product.prodname_dependabot_security_updates %}](/github/managing-security-vulnerabilities/about-dependabot-security-updates)”) | **X** | | **X** {% endif %} | 管理组织的 SSH 认证中心(详细信息请参阅“[管理组织的 SSH 认证中心](/articles/managing-your-organizations-ssh-certificate-authorities)”) | **X** | | | @@ -177,15 +177,15 @@ If your organization has a security team, you can use the security manager role | 管理从组织中的仓库发布 {% data variables.product.prodname_pages %} 站点(请参阅“[管理组织的 {% data variables.product.prodname_pages %} 站点发布](/organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization)”了解详细信息) | **X** | | {% endif %} | [在组织的层次结构中移动团队](/articles/moving-a-team-in-your-organization-s-hierarchy) | **X** | | | -| Pull (read) *all repositories* in the organization | **X** | | **X** | -| Push (write) and clone (copy) *all repositories* in the organization | **X** | | | +| 拉取(读取)组织中的*所有存储库* | **X** | | **X** | +| 推送(写入)和克隆(复制)组织中的*所有存储库* | **X** | | | | 将组织成员转换为[外部协作者](#outside-collaborators) | **X** | | | | [查看对组织仓库具有访问权限的人员](/articles/viewing-people-with-access-to-your-repository) | **X** | | | | [导出具有组织仓库访问权限人员的列表](/articles/viewing-people-with-access-to-your-repository/#exporting-a-list-of-people-with-access-to-your-repository) | **X** | | | | 管理默认标签(请参阅“[管理组织中仓库的默认标签](/articles/managing-default-labels-for-repositories-in-your-organization)”) | **X** | | |{% if pull-request-approval-limit %} -| Manage pull request reviews in the organization (see "[Managing pull request reviews in your organization](/organizations/managing-organization-settings/managing-pull-request-reviews-in-your-organization)") | **X** | | | +| 管理组织中的拉取请求审核(请参阅“[管理组织中的拉取请求审核](/organizations/managing-organization-settings/managing-pull-request-reviews-in-your-organization)”) | **X** | | | {% endif %} -{% ifversion ghae %}| Manage IP allow lists (see "[Restricting network traffic to your enterprise](/admin/configuration/restricting-network-traffic-to-your-enterprise)") | **X** | | |{% endif %} +{% ifversion ghae %}| 管理 IP 允许列表(请参阅“[限制到企业的网络流量](/admin/configuration/restricting-network-traffic-to-your-enterprise)”)| **X** | | |{% endif %} {% else %} @@ -199,7 +199,7 @@ If your organization has a security team, you can use the security manager role | 恢复组织的前成员 | **X** | | | | 添加和删除**所有团队**的人员 | **X** | | | 将组织成员升级为*团队维护员* | **X** | | -| Configure code review assignments (see "[Managing code review settings for your team](/organizations/organizing-members-into-teams/managing-code-review-settings-for-your-team)")) | **X** | | +| 配置代码审查分配(请参阅“[管理团队的代码审查设置](/organizations/organizing-members-into-teams/managing-code-review-settings-for-your-team)”) | **X** | | | 添加协作者到**所有仓库** | **X** | | | 访问组织审核日志 | **X** | | | 编辑组织的资料页面(详细信息请参阅“[关于组织的资料](/github/setting-up-and-managing-your-github-profile/customizing-your-profile/about-your-organizations-profile)”) | **X** | | |{% ifversion ghes > 3.1 %} diff --git a/translations/zh-CN/content/pages/quickstart.md b/translations/zh-CN/content/pages/quickstart.md index 07e08e7130..33bd9f080a 100644 --- a/translations/zh-CN/content/pages/quickstart.md +++ b/translations/zh-CN/content/pages/quickstart.md @@ -23,16 +23,16 @@ product: '{% data reusables.gated-features.pages %}' ## 创建网站 {% data reusables.repositories.create_new %} -1. 输入 `username.github.io` 作为存储库名称。 Replace `username` with your {% data variables.product.prodname_dotcom %} username. For example, if your username is `octocat`, the repository name should be `octocat.github.io`. ![存储库名称字段](/assets/images/help/pages/create-repository-name-pages.png) +1. 输入 `username.github.io` 作为存储库名称。 将 `username` 替换为您的 {% data variables.product.prodname_dotcom %} 用户名。 例如,如果您的用户名是 `octocat`,则存储库名称应为 `octocat.github.io`。 ![存储库名称字段](/assets/images/help/pages/create-repository-name-pages.png) {% data reusables.repositories.sidebar-settings %} {% data reusables.pages.sidebar-pages %} -1. Click **Choose a theme**. ![选择主题按钮](/assets/images/help/pages/choose-theme.png) -2. The Theme Chooser will open. Browse the available themes, then click **Select theme** to select a theme. It's easy to change your theme later, so if you're not sure, just choose one for now. ![主题选项和选择主题按钮](/assets/images/help/pages/select-theme.png) -3. After you select a theme, your repository's `README.md` file will open in the file editor. The `README.md` file is where you will write the content for your site. You can edit the file or keep the default content for now. +1. 单击 **Choose a theme(选择主题)**。 ![选择主题按钮](/assets/images/help/pages/choose-theme.png) +2. 主题选择器将打开。 浏览可用的主题,然后单击 **Select theme(选择主题)**以选择主题。 以后更改主题很容易,因此,如果您不确定,请暂时选择一个。 ![主题选项和选择主题按钮](/assets/images/help/pages/select-theme.png) +3. 选择主题后,存储库的 `README.md` 文件将在文件编辑器中打开。 `README.md` 文件是您将为网站编写内容的位置。 您可以编辑文件或暂时保留默认内容。 4. 编辑完文件后,单击 **Commit changes(提交更改)**。 -5. Visit `username.github.io` to view your new website. **注:**对站点的更改在推送到 {% data variables.product.product_name %} 后,最长可能需要 20 分钟才会发布。 +5. 访问 `username.github.io` 以查看您的新网站。 **注:**对站点的更改在推送到 {% data variables.product.product_name %} 后,最长可能需要 20 分钟才会发布。 -## Changing the title and description +## 更改标题和说明 默认情况下,网站的标题为 `username.github.io`。 您可以通过编辑存储库中的 `_config.yml` 文件来更改标题。 您还可以为您的网站添加说明。 diff --git a/translations/zh-CN/content/pages/setting-up-a-github-pages-site-with-jekyll/testing-your-github-pages-site-locally-with-jekyll.md b/translations/zh-CN/content/pages/setting-up-a-github-pages-site-with-jekyll/testing-your-github-pages-site-locally-with-jekyll.md index c89a26f9c9..c3d52b0409 100644 --- a/translations/zh-CN/content/pages/setting-up-a-github-pages-site-with-jekyll/testing-your-github-pages-site-locally-with-jekyll.md +++ b/translations/zh-CN/content/pages/setting-up-a-github-pages-site-with-jekyll/testing-your-github-pages-site-locally-with-jekyll.md @@ -52,7 +52,7 @@ shortTitle: 使用 Jekyll 本地测试站点 {% note %} -**Note:** If you are using Ruby 3.0 and Jekyll 4.2.x or older, you will need to add the `webrick` gem to your project's Gemfile prior to running `bundle install`. +**注意:** 如果您使用的是 Ruby 3.0 和 Jekyll 4.2.x 或更早版本,则需要在运行 `bundle install` 之前,将 `webrick` gem 添加到项目的 Gemfile 中。 {% endnote %} diff --git a/translations/zh-CN/content/repositories/working-with-files/using-files/working-with-non-code-files.md b/translations/zh-CN/content/repositories/working-with-files/using-files/working-with-non-code-files.md index bc03bf6a91..b98cc162b9 100644 --- a/translations/zh-CN/content/repositories/working-with-files/using-files/working-with-non-code-files.md +++ b/translations/zh-CN/content/repositories/working-with-files/using-files/working-with-non-code-files.md @@ -131,9 +131,9 @@ SVG 目前不支持内联脚本或动画。 {% endtip %} {% if mermaid %} -### Rendering in Markdown +### 在 Markdown 中渲染 -You can embed ASCII STL syntax directly in Markdown. For more information, see "[Creating diagrams](/get-started/writing-on-github/working-with-advanced-formatting/creating-diagrams#creating-stl-3d-models)." +您可以直接在 Markdown 中嵌入 ASCII STL 语法。 更多信息请参阅“[创建示意图](/get-started/writing-on-github/working-with-advanced-formatting/creating-diagrams#creating-stl-3d-models)”。 {% endif %} ## 呈现 CSV 和 TSV 数据 @@ -239,7 +239,7 @@ GitHub 支持呈现 PDF 文档。 ![源渲染切换屏幕截图](/assets/images/help/repository/source-render-toggle-geojson.png) -### Geometry types +### 几何类型 {% data variables.product.product_name %} 上的地图使用 [Leaflet.js](http://leafletjs.com),并且支持 [geoJSON 规格](http://www.geojson.org/geojson-spec.html)中列出的所有几何类型(Point、LineString、Polygon、MultiPoint、MultiLineString、MultiPolygon 和 GeometryCollection)。 TopoJSON 文件类型应为 "Topology"(拓扑),并且遵守 [topoJSON 规格](https://github.com/mbostock/topojson/wiki/Specification)。 @@ -281,9 +281,9 @@ GitHub 支持呈现 PDF 文档。 {% endtip %} {% if mermaid %} -### Mapping in Markdown +### 在 Markdown 嵌入地图 -You can embed geoJSON and topoJSON directly in Markdown. For more information, see "[Creating diagrams](/get-started/writing-on-github/working-with-advanced-formatting/creating-diagrams#creating-geojson-and-topojson-maps)." +您可以直接在 Markdown 中嵌入 geoJSON 和 topoJSON。 更多信息请参阅“[创建示意图](/get-started/writing-on-github/working-with-advanced-formatting/creating-diagrams#creating-geojson-and-topojson-maps)”。 {% endif %} ### 集群 @@ -334,11 +334,11 @@ $ jupyter nbconvert --to html NOTEBOOK-NAME.ipynb - [Jupyter Notebook 的图片库](https://github.com/jupyter/jupyter/wiki/A-gallery-of-interesting-Jupyter-Notebooks) {% if mermaid %} -## Displaying Mermaid files on {% data variables.product.prodname_dotcom %} +## 在 {% data variables.product.prodname_dotcom %} 上显示 Mermaid 文件 -{% data variables.product.product_name %} supports rendering Mermaid files within repositories. Commit the file as you would normally using a `.mermaid` or `.mmd` extension. Then, navigate to the path of the Mermaid file on {% data variables.product.prodname_dotcom %}. +{% data variables.product.product_name %} 支持在存储库中呈现 Mermaid 文件。 像往常一样使用 `.mermaid` 或 `.mmd` 扩展名提交文件。 然后,导航到 {% data variables.product.prodname_dotcom %}上的 Mermaid 文件的路径。 -For example, if you add a `.mmd` file with the following content to your repository: +例如,如果将包含以下内容的 `.mmd` 文件添加到存储库中: ``` graph TD @@ -349,27 +349,27 @@ graph TD C -->|Three| F[fa:fa-car Car] ``` -When you view the file in the repository, it is rendered as a flow chart. ![Rendered mermaid file diagram](/assets/images/help/repository/mermaid-file-diagram.png) +当您在存储库中查看文件时,它将呈现为流程图。 ![渲染的 mermaid 文件图](/assets/images/help/repository/mermaid-file-diagram.png) ### 疑难解答 -If your chart does not render at all, verify that it contains valid Mermaid Markdown syntax by checking your chart with the [Mermaid live editor](https://mermaid.live/edit). +如果您的图表根本没有呈现,请使用 [Mermaid 实时编辑器](https://mermaid.live/edit)检查您的图表,以验证它是否包含有效的 Mermaid Markdown 语法。 -If the chart displays, but does not appear as you'd expect, you can create a new [feedback discussion](https://github.com/github/feedback/discussions/categories/general-feedback), and add the `mermaid` tag. +如果图表显示,但未按预期显示,则可以创建新的[反馈讨论](https://github.com/github/feedback/discussions/categories/general-feedback),并添加 `mermaid` 标记。 #### 已知问题 -* Sequence diagram charts frequently render with additional padding below the chart, with more padding added as the chart size increases. This is a known issue with the Mermaid library. -* Actor nodes with popover menus do not work as expected within sequence diagram charts. This is due to a discrepancy in how JavaScript events are added to a chart when the Mermaid library's API is used to render a chart. -* Not all charts are a11y compliant. This may affect users who rely on a screen reader. +* 序列图图表经常在图表下方使用额外的填充进行呈现,随着图表大小的增加,还会添加更多的填充。 这是 Mermaid 库的已知问题。 +* 具有弹出菜单的执行组件节点在序列图图表中无法按预期工作。 这是由于当 Mermaid 库的 API 用于呈现图表时,JavaScript 事件添加到图表的方式存在差异。 +* 并非所有图表都符合 a11y 标准。 这可能会影响依赖屏幕阅读器的用户。 ### Mermaid in Markdown -You can embed Mermaid syntax directly in Markdown. For more information, see "[Creating diagrams](/get-started/writing-on-github/working-with-advanced-formatting/creating-diagrams#creating-mermaid-diagrams)." +您可以直接在 Markdown 中嵌入 Mermaid 语法。 更多信息请参阅“[创建示意图](/get-started/writing-on-github/working-with-advanced-formatting/creating-diagrams#creating-mermaid-diagrams)”。 ### 延伸阅读 -* [Mermaid.js documentation](https://mermaid-js.github.io/mermaid/#/) -* [Mermaid.js live editor](https://mermaid.live/edit) +* [Mermaid.js 文档](https://mermaid-js.github.io/mermaid/#/) +* [Mermaid.js 实时编辑器](https://mermaid.live/edit) {% endif %} diff --git a/translations/zh-CN/data/reusables/actions/enterprise-github-connect-warning.md b/translations/zh-CN/data/reusables/actions/enterprise-github-connect-warning.md deleted file mode 100644 index 2b048403c8..0000000000 --- a/translations/zh-CN/data/reusables/actions/enterprise-github-connect-warning.md +++ /dev/null @@ -1,15 +0,0 @@ -{% ifversion ghes > 3.2 or ghae-issue-4815 %} -{% note %} - -**Note:** When a workflow uses an action by referencing the repository where the action is stored, {% data variables.product.prodname_actions %} will try to find the repository on your {% data variables.product.prodname_ghe_server %} instance first before falling back to {% data variables.product.prodname_dotcom_the_website %}. If a user has already created an organization and repository in your enterprise that matches an organization and repository name on {% data variables.product.prodname_dotcom %}, the repository on your enterprise will be used in place of the {% data variables.product.prodname_dotcom %} repository. 更多信息请参阅“[自动停用在 {% data variables.product.prodname_dotcom_the_website%} 上访问的操作的命名空间](#automatic-retirement-of-namespaces-for-actions-accessed-on-githubcom)”。 - -{% endnote %} -{% endif %} - -{% ifversion ghes < 3.3 or ghae %} -{% note %} - -**Note:** When a workflow uses an action by referencing the repository where the action is stored, {% data variables.product.prodname_actions %} will try to find the repository on your {% data variables.product.prodname_ghe_server %} instance first before falling back to {% data variables.product.prodname_dotcom_the_website %}. 如果用户在企业中创建的组织和仓库与 {% data variables.product.prodname_dotcom %} 上的组织和仓库名称匹配,则将使用企业上的仓库代替 {% data variables.product.prodname_dotcom %} 仓库。 恶意用户可能利用此行为在工作流程中运行代码。 - -{% endnote %} -{% endif %} diff --git a/translations/zh-CN/data/reusables/actions/github-connect-resolution.md b/translations/zh-CN/data/reusables/actions/github-connect-resolution.md new file mode 100644 index 0000000000..816e314a30 --- /dev/null +++ b/translations/zh-CN/data/reusables/actions/github-connect-resolution.md @@ -0,0 +1 @@ +When a workflow uses an action by referencing the repository where the action is stored, {% data variables.product.prodname_actions %} will first try to find the repository on {% data variables.product.product_location %}. If the repository does not exist on {% data variables.product.product_location %}, and if you have automatic access to {% data variables.product.prodname_dotcom_the_website %} enabled, {% data variables.product.prodname_actions %} will try to find the repository on {% data variables.product.prodname_dotcom_the_website %}. \ No newline at end of file diff --git a/translations/zh-CN/data/reusables/actions/self-hosted-runner-communications-for-ghae.md b/translations/zh-CN/data/reusables/actions/self-hosted-runner-communications-for-ghae.md deleted file mode 100644 index 572fec5569..0000000000 --- a/translations/zh-CN/data/reusables/actions/self-hosted-runner-communications-for-ghae.md +++ /dev/null @@ -1,7 +0,0 @@ -{% ifversion ghae %} - -You must ensure that the self-hosted runner has appropriate network access to communicate with your {% data variables.product.prodname_ghe_managed %} URL and its subdomains. 例如,如果实例名称是s `octoghae`,则需要允许自托管运行器访问 `octoghae.githubenterprise.com`、`api.octoghae.githubenterprise.com` 和 `codeload.octoghae.githubenterprise.com`。 - -If you use an IP address allow list for your organization or enterprise account on {% data variables.product.prodname_dotcom %}, you must add your self-hosted runner's IP address to the allow list. 更多信息请参阅“[管理组织允许的 IP 地址](/organizations/keeping-your-organization-secure/managing-allowed-ip-addresses-for-your-organization#using-github-actions-with-an-ip-allow-list)”。 - -{% endif %} diff --git a/translations/zh-CN/data/reusables/actions/self-hosted-runner-networking-to-dotcom.md b/translations/zh-CN/data/reusables/actions/self-hosted-runner-networking-to-dotcom.md new file mode 100644 index 0000000000..1f4a16995c --- /dev/null +++ b/translations/zh-CN/data/reusables/actions/self-hosted-runner-networking-to-dotcom.md @@ -0,0 +1 @@ +To use actions from {% data variables.product.prodname_dotcom_the_website %},{% ifversion ghes %} both {% data variables.product.product_location %} and{% endif %} your self-hosted runners must be able to make outbound connections to {% data variables.product.prodname_dotcom_the_website %}. No inbound connections from {% data variables.product.prodname_dotcom_the_website %} are required. For more information. 更多信息请参阅“[关于自托管的运行器](/actions/hosting-your-own-runners/about-self-hosted-runners#communication-betweens-self-hosted-runners-and-githubcom)”。 \ No newline at end of file diff --git a/translations/zh-CN/data/reusables/actions/self-hosted-runner-ports-protocols.md b/translations/zh-CN/data/reusables/actions/self-hosted-runner-ports-protocols.md index 57f16b0906..a24c445d1b 100644 --- a/translations/zh-CN/data/reusables/actions/self-hosted-runner-ports-protocols.md +++ b/translations/zh-CN/data/reusables/actions/self-hosted-runner-ports-protocols.md @@ -1 +1,3 @@ -Self-hosted runners must be able to communicate with {% ifversion ghae %}your enterprise on {% data variables.product.product_name %}{% elsif fpt or ghec or ghes %}{% data variables.product.product_location %}{% endif %} over HTTP (port 80) and HTTPS (port 443). +{% ifversion ghes or ghae %} +The connection between self-hosted runners and {% data variables.product.product_name %} is over {% ifversion ghes %}HTTP (port 80) or {% endif %}HTTPS (port 443). {% ifversion ghes %}To ensure connectivity over HTTPS, configure TLS for {% data variables.product.product_location %}. For more information, see "[Configuring TLS](/admin/configuration/configuring-network-settings/configuring-tls)."{% endif %} +{% endif %} diff --git a/translations/zh-CN/data/reusables/getting-started/managing-team-settings.md b/translations/zh-CN/data/reusables/getting-started/managing-team-settings.md index e93be75abb..640a3dea33 100644 --- a/translations/zh-CN/data/reusables/getting-started/managing-team-settings.md +++ b/translations/zh-CN/data/reusables/getting-started/managing-team-settings.md @@ -1,3 +1,3 @@ -You can designate a "team maintainer" to manage team settings and discussions, among other privileges. For more information, see "[Assigning the team maintainer role to a team member](/organizations/organizing-members-into-teams/assigning-the-team-maintainer-role-to-a-team-member)." +You can designate a "team maintainer" to manage team settings and discussions, among other privileges. 更多信息请参阅“[将团队维护者角色分配给团队成员](/organizations/organizing-members-into-teams/assigning-the-team-maintainer-role-to-a-team-member)”。 You can manage code review assignments for your team, change team visibility, manage scheduled reminders for your team, and more in your team's settings. For more information, see "[Organizing members into teams](/organizations/organizing-members-into-teams)." diff --git a/translations/zh-CN/data/reusables/secret-scanning/partner-secret-list-public-repo.md b/translations/zh-CN/data/reusables/secret-scanning/partner-secret-list-public-repo.md index 3439f26415..a2d894498c 100644 --- a/translations/zh-CN/data/reusables/secret-scanning/partner-secret-list-public-repo.md +++ b/translations/zh-CN/data/reusables/secret-scanning/partner-secret-list-public-repo.md @@ -58,6 +58,7 @@ | 元数据 | Facebook Access Token | | npm | npm 访问令牌 | | NuGet | NuGet API 密钥 | +| Octopus Deploy | Octopus Deploy API Key | | OpenAI | OpenAI API 密钥 | | Palantir | Palantir JSON Web 令牌 | | PlanetScale | PlanetScale Database Password | From cc937c4233780a6cc8e905e61283365e01ec55b3 Mon Sep 17 00:00:00 2001 From: docubot <67483024+docubot@users.noreply.github.com> Date: Sun, 20 Mar 2022 09:26:09 -0700 Subject: [PATCH 40/52] New translation batch for es (#26346) * Add crowdin translations * Run script/i18n/homogenize-frontmatter.js * Run script/i18n/fix-translation-errors.js * Run script/i18n/lint-translation-files.js --check rendering * run script/i18n/reset-files-with-broken-liquid-tags.js --language=es * run script/i18n/reset-known-broken-translation-files.js * Check in es CSV report Co-authored-by: Peter Bengtsson --- .../creating-a-javascript-action.md | 2 +- .../about-self-hosted-runners.md | 47 ++++++++++++----- ...-hosted-runner-application-as-a-service.md | 2 +- ...ess-to-self-hosted-runners-using-groups.md | 52 +++++++++---------- .../network-ports.md | 19 ++++++- .../about-github-actions-for-enterprises.md | 2 +- ...self-hosted-runners-for-your-enterprise.md | 2 +- .../about-using-actions-in-your-enterprise.md | 34 +++++++++--- ...-githubcom-actions-using-github-connect.md | 15 ++++-- .../deleting-an-organization-account.md | 2 +- .../es-ES/content/packages/quickstart.md | 2 +- ...r-github-pages-site-locally-with-jekyll.md | 2 +- .../content/rest/reference/secret-scanning.md | 2 +- .../es-ES/data/learning-tracks/actions.yml | 4 +- .../es-ES/data/learning-tracks/admin.yml | 4 +- .../enterprise-github-connect-warning.md | 15 ------ .../actions/github-connect-resolution.md | 1 + .../runner-group-assign-policy-workflow.md | 2 +- .../self-hosted-runner-add-to-enterprise.md | 2 +- ...f-hosted-runner-communications-for-ghae.md | 7 --- ...self-hosted-runner-networking-to-dotcom.md | 1 + .../self-hosted-runner-ports-protocols.md | 4 +- .../apps/optional_feature_activation.md | 2 +- .../code-scanning/upload-sarif-alert-limit.md | 2 +- .../partner-secret-list-private-repo.md | 8 +-- .../partner-secret-list-public-repo.md | 1 + translations/log/es-resets.csv | 2 +- 27 files changed, 139 insertions(+), 99 deletions(-) delete mode 100644 translations/es-ES/data/reusables/actions/enterprise-github-connect-warning.md create mode 100644 translations/es-ES/data/reusables/actions/github-connect-resolution.md delete mode 100644 translations/es-ES/data/reusables/actions/self-hosted-runner-communications-for-ghae.md create mode 100644 translations/es-ES/data/reusables/actions/self-hosted-runner-networking-to-dotcom.md diff --git a/translations/es-ES/content/actions/creating-actions/creating-a-javascript-action.md b/translations/es-ES/content/actions/creating-actions/creating-a-javascript-action.md index 693a37adeb..33d0fda72e 100644 --- a/translations/es-ES/content/actions/creating-actions/creating-a-javascript-action.md +++ b/translations/es-ES/content/actions/creating-actions/creating-a-javascript-action.md @@ -263,6 +263,6 @@ jobs: ``` {% endraw %} -Desde tu repositorio, da clic en la pestaña de **Acciones** y selecciona la última ejecución de flujo de trabajo. Under **Jobs** or in the visualization graph, click **A job to say hello**. Deberías ver "Hello Mona the Octocat" o el nombre que usaste para la entrada `who-to-greet` y la marcación de hora impresa en el registro. +Desde tu repositorio, da clic en la pestaña de **Acciones** y selecciona la última ejecución de flujo de trabajo. Debajo de **Jobs** o en la gráfica de visualización, haz clic en **A job to say hello**. Deberías ver "Hello Mona the Octocat" o el nombre que usaste para la entrada `who-to-greet` y la marcación de hora impresa en el registro. ![Captura de pantalla del uso de tu acción en un flujo de trabajo](/assets/images/help/repository/javascript-action-workflow-run-updated-2.png) diff --git a/translations/es-ES/content/actions/hosting-your-own-runners/about-self-hosted-runners.md b/translations/es-ES/content/actions/hosting-your-own-runners/about-self-hosted-runners.md index f2904902c9..472e15ed55 100644 --- a/translations/es-ES/content/actions/hosting-your-own-runners/about-self-hosted-runners.md +++ b/translations/es-ES/content/actions/hosting-your-own-runners/about-self-hosted-runners.md @@ -133,16 +133,30 @@ Some extra configuration might be required to use actions from {% data variables ## Communication between self-hosted runners and {% data variables.product.product_name %} -The self-hosted runner polls {% data variables.product.product_name %} to retrieve application updates and to check if any jobs are queued for processing. The self-hosted runner uses a HTTPS _long poll_ that opens a connection to {% data variables.product.product_name %} for 50 seconds, and if no response is received, it then times out and creates a new long poll. The application must be running on the machine to accept and run {% data variables.product.prodname_actions %} jobs. +The self-hosted runner connects to {% data variables.product.product_name %} to receive job assignments and to download new versions of the runner application. The self-hosted runner uses an {% ifversion ghes %}HTTP(S){% else %}HTTPS{% endif %} _long poll_ that opens a connection to {% data variables.product.product_name %} for 50 seconds, and if no response is received, it then times out and creates a new long poll. The application must be running on the machine to accept and run {% data variables.product.prodname_actions %} jobs. {% data reusables.actions.self-hosted-runner-ports-protocols %} -{% data reusables.actions.self-hosted-runner-communications-for-ghae %} +{% ifversion fpt or ghec %} +Since the self-hosted runner opens a connection to {% data variables.product.product_location %}, you do not need to allow {% data variables.product.prodname_dotcom %} to make inbound connections to your self-hosted runner. +{% elsif ghes or ghae %} +Only an outbound connection from the runner to {% data variables.product.product_location %} is required. There is no need for an inbound connection from {% data variables.product.product_location %} to the runner. +{%- endif %} + +{% ifversion ghes %} + +{% data variables.product.product_name %} must accept inbound connections from your runners over {% ifversion ghes %}HTTP(S){% else %}HTTPS{% endif %} at {% data variables.product.product_location %}'s hostname and API subdomain, and your runners must allow outbound connections over {% ifversion ghes %}HTTP(S){% else %}HTTPS{% endif %} to {% data variables.product.product_location %}'s hostname and API subdomain. + +{% elsif ghae %} + +You must ensure that the self-hosted runner has appropriate network access to communicate with your {% data variables.product.product_name %} URL and its subdomains. For example, if your subdomain for {% data variables.product.product_name %} is `octoghae`, then you will need to allow the self-hosted runner to access `octoghae.githubenterprise.com`, `api.octoghae.githubenterprise.com`, and `codeload.octoghae.githubenterprise.com`. + +If you use an IP address allow list, you must add your self-hosted runner's IP address to the allow list. For more information, see "[Managing allowed IP addresses for your organization](/organizations/keeping-your-organization-secure/managing-allowed-ip-addresses-for-your-organization#using-github-actions-with-an-ip-allow-list)." + +{% endif %} {% ifversion fpt or ghec %} -Since the self-hosted runner opens a connection to {% data variables.product.prodname_dotcom %}, you do not need to allow {% data variables.product.prodname_dotcom %} to make inbound connections to your self-hosted runner. - You must ensure that the machine has the appropriate network access to communicate with the {% data variables.product.prodname_dotcom %} hosts listed below. Some hosts are required for essential runner operations, while other hosts are only required for certain functionality. {% note %} @@ -191,27 +205,25 @@ If you use an IP address allow list for your {% data variables.product.prodname_ {% else %} -You must ensure that the machine has the appropriate network access to communicate with {% data variables.product.product_location %}.{% ifversion ghes %} Self-hosted runners connect directly to {% data variables.product.product_location %} and do not require any external internet access in order to function. As a result, you can use network routing to direct communication between the self-hosted runner and {% data variables.product.product_location %}. For example, you can assign a private IP address to your self-hosted runner and configure routing to send traffic to {% data variables.product.product_location %}, with no need for traffic to traverse a public network.{% endif %} +{% ifversion ghes %}Self-hosted runners do not require any external internet access in order to function. As a result, you can use network routing to direct communication between the self-hosted runner and {% data variables.product.product_location %}. For example, you can assign a private IP address to your self-hosted runner and configure routing to send traffic to {% data variables.product.product_location %}, with no need for traffic to traverse a public network.{% endif %} {% endif %} +{% ifversion ghae %} +If you use an IP address allow list for your {% data variables.product.prodname_dotcom %} organization or enterprise account, you must add your self-hosted runner's IP address to the allow list. For more information, see "[Managing allowed IP addresses for your organization](/organizations/keeping-your-organization-secure/managing-allowed-ip-addresses-for-your-organization#using-github-actions-with-an-ip-allow-list)." +{% endif %} + You can also use self-hosted runners with a proxy server. For more information, see "[Using a proxy server with self-hosted runners](/actions/automating-your-workflow-with-github-actions/using-a-proxy-server-with-self-hosted-runners)." For more information about troubleshooting common network connectivity issues, see "[Monitoring and troubleshooting self-hosted runners](/actions/hosting-your-own-runners/monitoring-and-troubleshooting-self-hosted-runners#troubleshooting-network-connectivity)." -{% ifversion ghes %} +{% ifversion ghes or ghae %} ## Communication between self-hosted runners and {% data variables.product.prodname_dotcom_the_website %} -Self-hosted runners do not need to connect to {% data variables.product.prodname_dotcom_the_website %} unless you have [enabled automatic access to {% data variables.product.prodname_dotcom_the_website %} actions using {% data variables.product.prodname_github_connect %}](/admin/github-actions/managing-access-to-actions-from-githubcom/enabling-automatic-access-to-githubcom-actions-using-github-connect). +Self-hosted runners do not need to connect to {% data variables.product.prodname_dotcom_the_website %} unless you have enabled automatic access to {% data variables.product.prodname_dotcom_the_website %} actions for {% data variables.product.product_location %}. For more information, see "[About using actions in your enterprise](/admin/github-actions/managing-access-to-actions-from-githubcom/about-using-actions-in-your-enterprise)." -If you have enabled automatic access to {% data variables.product.prodname_dotcom_the_website %} actions using {% data variables.product.prodname_github_connect %}, then the self-hosted runner will connect directly to {% data variables.product.prodname_dotcom_the_website %} to download actions. You must ensure that the machine has the appropriate network access to communicate with the {% data variables.product.prodname_dotcom %} URLs listed below. - -{% note %} - -**Note:** Some of the domains listed below are configured using `CNAME` records. Some firewalls might require you to add rules recursively for all `CNAME` records. Note that the `CNAME` records might change in the future, and that only the domains listed below will remain constant. - -{% endnote %} +If you have enabled automatic access to {% data variables.product.prodname_dotcom_the_website %} actions, then the self-hosted runner will connect directly to {% data variables.product.prodname_dotcom_the_website %} to download actions. You must ensure that the machine has the appropriate network access to communicate with the {% data variables.product.prodname_dotcom %} URLs listed below. ``` github.com @@ -219,6 +231,13 @@ api.github.com codeload.github.com ``` +{% note %} + +**Note:** Some of the domains listed above are configured using `CNAME` records. Some firewalls might require you to add rules recursively for all `CNAME` records. Note that the `CNAME` records might change in the future, and that only the domains listed above will remain constant. + +{% endnote %} + + {% endif %} ## Self-hosted runner security diff --git a/translations/es-ES/content/actions/hosting-your-own-runners/configuring-the-self-hosted-runner-application-as-a-service.md b/translations/es-ES/content/actions/hosting-your-own-runners/configuring-the-self-hosted-runner-application-as-a-service.md index 3a13506466..27d41fffa7 100644 --- a/translations/es-ES/content/actions/hosting-your-own-runners/configuring-the-self-hosted-runner-application-as-a-service.md +++ b/translations/es-ES/content/actions/hosting-your-own-runners/configuring-the-self-hosted-runner-application-as-a-service.md @@ -78,7 +78,7 @@ Puedes administrar el servicio de ejecutor en la aplicación de **Servicios** de ``` {% endmac %} -The command takes an optional `user` argument to install the service as a different user. +El comando toma un argumento de `user` opcional para instalar el servicio como un usuario diferente. ```shell ./svc.sh install --user USERNAME diff --git a/translations/es-ES/content/actions/hosting-your-own-runners/managing-access-to-self-hosted-runners-using-groups.md b/translations/es-ES/content/actions/hosting-your-own-runners/managing-access-to-self-hosted-runners-using-groups.md index cf04803576..827d0d646c 100644 --- a/translations/es-ES/content/actions/hosting-your-own-runners/managing-access-to-self-hosted-runners-using-groups.md +++ b/translations/es-ES/content/actions/hosting-your-own-runners/managing-access-to-self-hosted-runners-using-groups.md @@ -9,7 +9,7 @@ versions: ghae: '*' ghec: '*' type: tutorial -shortTitle: Manage access to runners +shortTitle: Administrar el acceso a los ejecutores --- {% data reusables.actions.enterprise-beta %} @@ -32,10 +32,10 @@ Si utilizas {% endif %} {% ifversion ghec or ghes or ghae %} -Los grupos de ejecutores auto-hospedados se utilizan para controlar el acceso a los ejecutores auto-hospedados a nivel de empresas y organizaciones. Enterprise owners can configure access policies that control which organizations -{% if restrict-groups-to-workflows %}and workflows {% endif %}in an enterprise have access to the runner group. Organization owners can configure access policies that control which repositories{% if restrict-groups-to-workflows %} and workflows{% endif %} in an organization have access to the runner group. +Los grupos de ejecutores auto-hospedados se utilizan para controlar el acceso a los ejecutores auto-hospedados a nivel de empresas y organizaciones. Los propietarios de empresas pueden configurar políticas de acceso que controlan qué organizaciones +{% if restrict-groups-to-workflows %}y flujos de trabajo {% endif %}en una empresa tienen acceso al grupo de ejecutores. Los propietarios de las organizaciones pueden configurar las políticas de acceso que controlan qué repositorios{% if restrict-groups-to-workflows %} y flujos de trabajo{% endif %} en una organización tienen aceso al grupo de ejecutores. -When an enterprise owner grants an organization access to a runner group, organization owners can see the runner group listed in the organization's self-hosted runner settings. The organization owners can then assign additional granular repository{% if restrict-groups-to-workflows %} and workflow{% endif %} access policies to the enterprise runner group. +Cuando un propietario de empresa otorga un acceso organizacional a un grupo de ejecutores, los propietarios de organizaciones pueden verlo listado en los ajustes del ejecutor auto-hospedado de la organización. Los propietarios organizacionales pueden entonces asignar políticas de acceso adicionales y granulares para los repositorios{% if restrict-groups-to-workflows %} y flujos de trabajo{% endif %} al grupo ejecutor de la empresa. Cuando se crean nuevos ejecutores, se asignan automáticamente al grupo predeterminado. Los ejecutores solo pueden estar en un grupo a la vez. Puedes mover los ejecutores del grupo predeterminado a otro grupo. Para obtener más información, consulta la sección "[Mover un ejecutor auto-hospedado a un grupo](#moving-a-self-hosted-runner-to-a-group)". @@ -45,14 +45,14 @@ Todas las organizaciones tienen un solo grupo predeterminado de ejecutores auto- Los ejecutores auto-hospedados se asignan automáticamente al grupo predeterminado cuando se crean y solo pueden ser mimebros de un grupo a la vez. Puedes mover un ejecutor del grupo predeterminado a cualquier grupo que crees. -When creating a group, you must choose a policy that defines which repositories{% if restrict-groups-to-workflows %} and workflows{% endif %} have access to the runner group. +Cuando creas un grupo, debes elegir la política que define qué reositorios{% if restrict-groups-to-workflows %} y flujos de trabajo{% endif %} tienen acceso al grupo ejecutor. {% ifversion ghec or ghes > 3.3 or ghae-issue-5091 %} {% data reusables.organizations.navigate-to-org %} {% data reusables.organizations.org_settings %} {% data reusables.actions.settings-sidebar-actions-runner-groups %} 1. En la sección de "Grupos de ejecutores", haz clic en **Grupo de ejecutores nuevo**. -1. Enter a name for your runner group. +1. Ingresa un nombre para tu grupo ejecutor. {% data reusables.actions.runner-group-assign-policy-repo %} {% warning %} @@ -62,7 +62,7 @@ When creating a group, you must choose a policy that defines which repositories{ Para obtener más información, consulta "[Acerca de los ejecutores autoalojados](/actions/hosting-your-own-runners/about-self-hosted-runners#self-hosted-runner-security-with-public-repositories)." {% endwarning %} -{% data reusables.actions.runner-group-assign-policy-workflow %}{%- if restrict-groups-to-workflows %} Organization-owned runner groups cannot access workflows from a different organization in the enterprise; instead, you must create an enterprise-owned runner group.{% endif %} +{% data reusables.actions.runner-group-assign-policy-workflow %}{%- if restrict-groups-to-workflows %}Los grupos ejecutores que pertenecen a las organizaciones no pueden acceder a los flujos de trabajo de una organización diferente en la empresa. En vez de esto, debes crear un grupo de ejecutores que pertenezca a la empresa.{% endif %} {% data reusables.actions.self-hosted-runner-create-group %} {% elsif ghae or ghes < 3.4 %} {% data reusables.organizations.navigate-to-org %} @@ -73,12 +73,12 @@ When creating a group, you must choose a policy that defines which repositories{ ![Agregar un grupo de ejecutores](/assets/images/help/settings/actions-org-add-runner-group.png) 1. Ingresa un nombre para tu grupo de ejecutores y asigna una política para el acceso al repositorio. - You can configure a runner group to be accessible to a specific list of repositories, or to all repositories in the organization.{% ifversion ghec or ghes %} By default, only private repositories can access runners in a runner group, but you can override this. Esta configuración no puede anularse si se configura un grupo ejecutor de la organización que haya compartido una empresa.{% endif %} + Puedes configurar un grupo de ejecutores para que sea accesible a una lista específica de repositorios o a todos ellos en la organización.{% ifversion ghec or ghes %} Predeterminadamente, solo los repositorios privados pueden acceder a los ejecutores en un grupo ejecutor. Pero esto se puede anular. Esta configuración no puede anularse si se configura un grupo ejecutor de la organización que haya compartido una empresa.{% endif %} {%- ifversion ghes %} {% warning %} - **Warning**: + **Advertencia**: {% indented_data_reference reusables.actions.self-hosted-runner-security spaces=3 %} @@ -93,19 +93,19 @@ When creating a group, you must choose a policy that defines which repositories{ ## Crear un grupo de ejecutores auto-hospedados para una empresa -Las empresas pueden agregar sus ejecutores auto-hospedados a grupos para su administración de accesos. Enterprises can create groups of self-hosted runners that are accessible to specific organizations in the enterprise account{% if restrict-groups-to-workflows %} or to specific workflows{% endif %}. Organization owners can then assign additional granular repository{% if restrict-groups-to-workflows %} or workflow{% endif %} access policies to the enterprise runner groups. Para obtener más información sobre cómo crear un grupo de ejecutores auto-hospedados con la API de REST, consulta las terminales empresariales en la [API de REST de {% data variables.product.prodname_actions %}](/rest/reference/actions#self-hosted-runner-groups). +Las empresas pueden agregar sus ejecutores auto-hospedados a grupos para su administración de accesos. Las empresas pueden crear grupos de ejecutores auto-hospedados que son accesibles para organizaciones específicas en la cuenta empresarial{% if restrict-groups-to-workflows %} o para flujos de trabajo específicos{% endif %}. Los propietarios de organizaciones pueden entonces asignar políticas de acceso adicionales y granulares para los repositorios{% if restrict-groups-to-workflows %} o flujos de trabajo{% endif %} a los grupos de ejecutores empresariales. Para obtener más información sobre cómo crear un grupo de ejecutores auto-hospedados con la API de REST, consulta las terminales empresariales en la [API de REST de {% data variables.product.prodname_actions %}](/rest/reference/actions#self-hosted-runner-groups). Los ejecutores auto-hospedados se asignan automáticamente al grupo predeterminado cuando se crean y solo pueden ser mimebros de un grupo a la vez. Puedes asignar el ejecutor a un grupo específico durante el proceso de registro o puedes moverlo después desde el grupo predeterminado a un grupo personalizado. Cuando creas un grupo, debes elegir la política que defina qué organizaciones tienen acceso al grupo de ejecutores. {% data reusables.actions.self-hosted-runner-groups-add-to-enterprise-first-steps %} -1. To choose a policy for organization access, select the **Organization access** drop-down, and click a policy. You can configure a runner group to be accessible to a specific list of organizations, or all organizations in the enterprise.{% ifversion ghes %} By default, only private repositories can access runners in a runner group, but you can override this.{% endif %} +1. Para elegir una política para el acceso organizacional, selecciona el menú desplegable **Acceso organizacional** y haz clic en una política. Puedes configurar un grupo de ejecutores para que sea accesible a una lista de organizaciones específica o a todas las organizaciones en la empresa.{% ifversion ghes %} Predeterminadamente, solo los repositorios privados pueden acceder a los ejecutores en un grupo, pero esto se puede anular.{% endif %} {%- ifversion ghec or ghes %} {% warning %} - **Warning**: + **Advertencia**: {% indented_data_reference reusables.actions.self-hosted-runner-security spaces=3 %} @@ -127,19 +127,19 @@ Cuando creas un grupo, debes elegir la política que defina qué organizaciones ## Cambiar la política de acceso de un grupo de ejecutores auto-hospedados -For runner groups in an enterprise, you can change what organizations in the enterprise can access a runner group{% if restrict-groups-to-workflows %} or restrict what workflows a runner group can run{% endif %}. For runner groups in an organization, you can change what repositories in the organization can access a runner group{% if restrict-groups-to-workflows %} or restrict what workflows a runner group can run{% endif %}. +En el caso de los grupos de ejecutores en una empresa, puedes cambiar qué organizaciones dentro de ella pueden acceder a un grupo de ejecutores{% if restrict-groups-to-workflows %} o restringir qué flujos de trabajo puede ejecutar un grupo de ejecutores{% endif %}. En el caso de los grupos de ejecutores en una organización, puedes cambiar qué repositorios en ella pueden acceder a un grupo de ejecutores{% if restrict-groups-to-workflows %} o restringir qué flujos de trabajo puede ejecutar un grupo de ejecutores{% endif %}. -### Changing what organizations or repositories can access a runner group +### Cambiar qué organizaciones o repositorios pueden acceder a un grupo de ejecutores {% ifversion fpt or ghec or ghes > 3.3 or ghae-issue-5091 %} {% data reusables.actions.self-hosted-runner-groups-navigate-to-repo-org-enterprise %} {% data reusables.actions.settings-sidebar-actions-runner-groups-selection %} -1. For runner groups in an enterprise, under **Organization access**, modify what organizations can access the runner group. For runner groups in an organization, under **Repository access**, modify what repositories can access the runner group. +1. En el caso de los grupos de ejecutores en una empresa, debajo de **Acceso organizacional**, modifica qué organizaciones pueden acceder al grupo de ejecutores. En el caso de los grupos de ejecutores en una organización, debajo de **Acceso al repositorio**, modifica aquellos a los que puede acceder este grupo. {%- ifversion fpt or ghec or ghes %} {% warning %} - **Warning**: + **Advertencia**: {% indented_data_reference reusables.actions.self-hosted-runner-security spaces=3 %} @@ -152,32 +152,32 @@ For runner groups in an enterprise, you can change what organizations in the ent {% endif %} {% if restrict-groups-to-workflows %} -### Changing what workflows can access a runner group -You can configure a self-hosted runner group to run either selected workflows or all workflows. For example, you might use this setting to protect secrets that are stored on self-hosted runners or to standardize deployment workflows by restricting a runner group to run only a specific reusable workflow. This setting cannot be overridden if you are configuring an organization's runner group that was shared by an enterprise. +### Cambiar los flujos de trabajo a los cuales puede acceder un grupo de ejecutores +Puedes configurar un grupo de ejecutores auto-hospedado para que ejecute ya sea flujos selectos o todos ellos. Por ejemplo, podrías utilizar este ajuste para proteger secretos almacenados en los ejecutores auto-hospedados o estandarizar los flujos de trabajo de despliegue restringiendo un grupo de ellos para que ejecute solo un flujo de trabajo reutilizable específico. Este ajuste no se puede anular si estás configurando un grupo de ejecutores de una organización que haya compartido una empresa. {% data reusables.actions.self-hosted-runner-groups-navigate-to-repo-org-enterprise %} {% data reusables.actions.settings-sidebar-actions-runner-groups-selection %} -1. Under **Workflow access**, select the dropdown menu and click **Selected workflows**. +1. Debajo de **Acceso al flujo de trabajo**, selecciona el menú desplegable y haz clic en **Flujos de trabajo selectos**. 1. Da clic en {% octicon "gear" aria-label="the gear icon" %}. -1. Enter a comma separated list of the workflows that can access the runner group. Use the full path, including the repository name and owner. Pin the workflow to a branch, tag, or full SHA. For example: `octo-org/octo-repo/.github/workflows/build.yml@v2, octo-org/octo-repo/.github/workflows/deploy.yml@d6dc6c96df4f32fa27b039f2084f576ed2c5c2a5, monalisa/octo-test/.github/workflows/test.yml@main`. +1. Ingresa una lista separada por comas de los flujos de trabajo que pueden acceder al grupo de ejecutores. Utiliza la ruta completa, incluyendo el nombre y propietario del repositorio. Fija el flujo de trabajo a una rama, etiqueta o SHA completo. Por ejemplo: `octo-org/octo-repo/.github/workflows/build.yml@v2, octo-org/octo-repo/.github/workflows/deploy.yml@d6dc6c96df4f32fa27b039f2084f576ed2c5c2a5, monalisa/octo-test/.github/workflows/test.yml@main`. - Only jobs directly defined within the selected workflows will have access to the runner group. + Solo los jobs que se definan directamente dentro de los flujos de trabajo seleccionados tendrán acceso al grupo de ejecutores. - Organization-owned runner groups cannot access workflows from a different organization in the enterprise; instead, you must create an enterprise-owned runner group. + Los grupos de ejecutores que pertenecen a la organización no pueden acceder a los flujos de trabajo de otra organización de la empresa; en vez de esto, debes crear un grupo de ejecutores que pertenezca a la empresa. 1. Haz clic en **Save ** (guardar). {% endif %} -## Changing the name of a runner group +## Cambiar el nombre de un grupo de ejectuores {% ifversion fpt or ghec or ghes > 3.3 or ghae-issue-5091 %} {% data reusables.actions.self-hosted-runner-groups-navigate-to-repo-org-enterprise %} {% data reusables.actions.settings-sidebar-actions-runner-groups-selection %} -1. Change the runner group name. +1. Cambia el nombre del grupo de ejecutores. {% elsif ghae or ghes < 3.4 %} {% data reusables.actions.self-hosted-runner-configure-runner-group %} -1. Change the runner group name. +1. Cambia el nombre del grupo de ejecutores. {% endif %} {% ifversion ghec or ghes or ghae %} @@ -202,7 +202,7 @@ Si no especificas un grupo de ejecutores durante el proceso de registro, tus eje {% data reusables.actions.self-hosted-runner-navigate-to-org-enterprise %} {% ifversion ghec or ghes > 3.3 or ghae-issue-5091 %} 1. En la lista de "Ejecutores", haz clic en aquél que quieras configurar. -2. Select the **Runner group** drop-down. +2. Selecciona el menú desplegable de **Grupo de ejecutores**. 3. En "Mover el ejecutor al grupo", elige un grupo destino para el ejecutor. {% elsif ghae or ghes < 3.4 %} 1. En la sección de {% ifversion ghes > 3.1 or ghae %}"Grupos de ejecutores"{% elsif ghes < 3.2 %}"Ejecutores auto-hospedados"{% endif %} de la página de ajustes, ubica al grupo actual del ejecutor que quieres mover y expande la lista de sus miembros. ![Ver los miembros de un grupo de ejecutores](/assets/images/help/settings/actions-org-runner-group-members.png) diff --git a/translations/es-ES/content/admin/configuration/configuring-network-settings/network-ports.md b/translations/es-ES/content/admin/configuration/configuring-network-settings/network-ports.md index dddba3a203..245d1aa573 100644 --- a/translations/es-ES/content/admin/configuration/configuring-network-settings/network-ports.md +++ b/translations/es-ES/content/admin/configuration/configuring-network-settings/network-ports.md @@ -26,7 +26,7 @@ Se requieren algunos puertos administrativos para configurar {% data variables.p | Port (Puerto) | Servicio | Descripción | | ------------- | -------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | 8443 | HTTPS | {% data variables.enterprise.management_console %} segura basada en la web. Requerida para la instalación y la configuración básicas. | -| 8080 | HTTP | {% data variables.enterprise.management_console %} basada en la web de texto simple. No se requiere excepto que el SSL esté inhabilitado de forma manual. | +| 8080 | HTTP | {% data variables.enterprise.management_console %} basada en la web de texto simple. Not required unless TLS is disabled manually. | | 122 | SSH | Acceso shell para {% data variables.product.product_location %}. Se necesita abierto a las conexiones entrantes entre todos los nodos en una configuración de disponibilidad alta. El puerto SSH predeterminado (22) está destinado al tráfico de red de la aplicación SSH y Git. | | 1194/UDP | VPN | Túnel de red de replicación segura en la configuración de alta disponibilidad. Se requiere abierto a las comunicaciones entre todos los nodos en la configuración. | | 123/UDP | NTP | Se requiere para operar el protocolo de tiempo. | @@ -39,7 +39,7 @@ Los puertos de la aplicación permiten que los usuarios finales accedan a Git y | Port (Puerto) | Servicio | Descripción | | ------------- | -------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | | 443 | HTTPS | Acceso a la aplicación web y a Git por HTTPS. | -| 80 | HTTP | Acceso a la aplicación web. Todas las solicitudes se redireccionan al puerto HTTPS cuando se habilita SSL. | +| 80 | HTTP | Acceso a la aplicación web. All requests are redirected to the HTTPS port if TLS is configured. | | 22 | SSH | Acceso a Git por SSH. Admite las operaciones clonar, extraer y subir a los repositorios privados y públicos. | | 9418 | Git | El puerto de protocolo Git admite las operaciones clonar y extraer a los repositorios públicos con comunicación de red desencriptada. {% data reusables.enterprise_installation.when-9418-necessary %} @@ -52,3 +52,18 @@ Los puertos de correo electrónico deben ser accesibles directamente o por medio | Port (Puerto) | Servicio | Descripción | | ------------- | -------- | ---------------------------------------------- | | 25 | SMTP | Soporte para SMTP con encriptación (STARTTLS). | + +## {% data variables.product.prodname_actions %} ports + +{% data variables.product.prodname_actions %} ports must be accessible for self-hosted runners to connect to {% data variables.product.product_location %}. Para obtener más información, consulta la sección "[Acerca de los ejecutores auto-hospedados](/actions/hosting-your-own-runners/about-self-hosted-runners#communication-between-self-hosted-runners-and-github-enterprise-server)". + +| Port (Puerto) | Servicio | Descripción | +| ------------- | -------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| 443 | HTTPS | Self-hosted runners connect to {% data variables.product.product_location %} to receive job assignments and to download new versions of the runner application. Required if TLS is configured. | +| 80 | HTTP | Self-hosted runners connect to {% data variables.product.product_location %} to receive job assignments and to download new versions of the runner application. Required if TLS is not configured. | + +If you enable automatic access to {% data variables.product.prodname_dotcom_the_website %} actions, {% data variables.product.prodname_actions %} will always search for an action on {% data variables.product.product_location %} first, via these ports, before checking {% data variables.product.prodname_dotcom_the_website %}. Para obtener más información, consulta la sección "[Habilitar el acceso automático a las acciones de {% data variables.product.prodname_dotcom_the_website %} utilizando{% data variables.product.prodname_github_connect %}](/admin/github-actions/managing-access-to-actions-from-githubcom/enabling-automatic-access-to-githubcom-actions-using-github-connect#about-resolution-for-actions-using-github-connect)". + +## Leer más + +- "[Configuring TLS](/admin/configuration/configuring-network-settings/configuring-tls)" diff --git a/translations/es-ES/content/admin/github-actions/getting-started-with-github-actions-for-your-enterprise/about-github-actions-for-enterprises.md b/translations/es-ES/content/admin/github-actions/getting-started-with-github-actions-for-your-enterprise/about-github-actions-for-enterprises.md index 3337006bd0..9d4e2026ec 100644 --- a/translations/es-ES/content/admin/github-actions/getting-started-with-github-actions-for-your-enterprise/about-github-actions-for-enterprises.md +++ b/translations/es-ES/content/admin/github-actions/getting-started-with-github-actions-for-your-enterprise/about-github-actions-for-enterprises.md @@ -33,7 +33,7 @@ topics: {% data variables.product.prodname_actions %} helps your team work faster at scale. When large repositories start using {% data variables.product.prodname_actions %}, teams merge significantly more pull requests per day, and the pull requests are merged significantly faster. For more information, see "[Writing and shipping code faster](https://octoverse.github.com/writing-code-faster/#scale-through-automation)" in the State of the Octoverse. -You can create your own unique automations, or you can use and adapt workflows from our ecosystem of over 10,000 actions built by industry leaders and the open source community. Para obtener más información, consulta la sección "[Encontrar y personalizar las acciones](/actions/learn-github-actions/finding-and-customizing-actions)". +You can create your own unique automations, or you can use and adapt workflows from our ecosystem of over 10,000 actions built by industry leaders and the open source community. {% ifversion ghec %}For more information, see "[Finding and customizing actions](/actions/learn-github-actions/finding-and-customizing-actions)."{% else %}You can restrict your developers to using actions that exist on {% data variables.product.product_location %}, or you can allow your developers to access actions on {% data variables.product.prodname_dotcom_the_website %}. For more information, see "[About using actions in your enterprise](/admin/github-actions/managing-access-to-actions-from-githubcom/about-using-actions-in-your-enterprise)."{% endif %} {% data variables.product.prodname_actions %} is developer friendly, because it's integrated directly into the familiar {% data variables.product.product_name %} experience. diff --git a/translations/es-ES/content/admin/github-actions/getting-started-with-github-actions-for-your-enterprise/getting-started-with-self-hosted-runners-for-your-enterprise.md b/translations/es-ES/content/admin/github-actions/getting-started-with-github-actions-for-your-enterprise/getting-started-with-self-hosted-runners-for-your-enterprise.md index 7dcab8d65c..052dd9d3cb 100644 --- a/translations/es-ES/content/admin/github-actions/getting-started-with-github-actions-for-your-enterprise/getting-started-with-self-hosted-runners-for-your-enterprise.md +++ b/translations/es-ES/content/admin/github-actions/getting-started-with-github-actions-for-your-enterprise/getting-started-with-self-hosted-runners-for-your-enterprise.md @@ -88,7 +88,7 @@ You can create a runner group to manage access to the runner that you added to y {% warning %} - **Warning**: + **Advertencia**: {% indented_data_reference reusables.actions.self-hosted-runner-security spaces=3 %} diff --git a/translations/es-ES/content/admin/github-actions/managing-access-to-actions-from-githubcom/about-using-actions-in-your-enterprise.md b/translations/es-ES/content/admin/github-actions/managing-access-to-actions-from-githubcom/about-using-actions-in-your-enterprise.md index 321e4bb03f..0a688ba9f8 100644 --- a/translations/es-ES/content/admin/github-actions/managing-access-to-actions-from-githubcom/about-using-actions-in-your-enterprise.md +++ b/translations/es-ES/content/admin/github-actions/managing-access-to-actions-from-githubcom/about-using-actions-in-your-enterprise.md @@ -13,7 +13,7 @@ type: overview topics: - Actions - Enterprise -shortTitle: Agregar acciones en tu empresa +shortTitle: About actions in your enterprise --- {% data reusables.actions.enterprise-beta %} @@ -23,13 +23,24 @@ shortTitle: Agregar acciones en tu empresa Los flujos de trabajo de {% data variables.product.prodname_actions %} pueden utilizar _acciones_, las cuales son tareas individuales que puedes combinar para crear jobs y personalizar tu flujo de trabajo. Puedes crear tus propias acciones, o utilizar y personalizar a quellas que comparte la comunidad de {% data variables.product.prodname_dotcom %}. -{% data reusables.actions.enterprise-no-internet-actions %} +{% data reusables.actions.enterprise-no-internet-actions %} You can restrict your developers to using actions that are stored on {% data variables.product.product_location %}, which includes most official {% data variables.product.company_short %}-authored actions, as well as any actions your developers create. Alternatively, to allow your developers to benefit from the full ecosystem of actions built by industry leaders and the open source community, you can configure access to other actions from {% data variables.product.prodname_dotcom_the_website %}. + +We recommend allowing automatic access to all actions from {% data variables.product.prodname_dotcom_the_website %}. {% ifversion ghes %}However, this does require {% data variables.product.product_name %} to make outbound connections to {% data variables.product.prodname_dotcom_the_website %}. If you don't want to allow these connections, or{% else %}If{% endif %} you want to have greater control over which actions are used on your enterprise, you can manually sync specific actions from {% data variables.product.prodname_dotcom_the_website %}. ## Acciones oficiales que se incluyen en tu instancia empresarial {% data reusables.actions.actions-bundled-with-ghes %} -Las acciones agrupadas oficiales incluyen a `actions/checkout`, `actions/upload-artifact`, `actions/download-artifact`, `actions/labeler`, y varias acciones de `actions/setup-`, entre otras. Para ver todas las acciones oficiales que se incluyen en tu instancia empresarial, navega hasta la organización `actions` en tu instancia: https://HOSTNAME/actions. +The bundled official actions include the following, among others. +- `actions/checkout` +- `actions/upload-artifact` +- `actions/download-artifact` +- `actions/labeler` +- Various `actions/setup-` actions + +Para ver todas las acciones oficiales que se incluyen en tu instancia empresarial, navega hasta la organización `actions` en tu instancia: https://HOSTNAME/actions. + +There is no connection required between {% data variables.product.product_location %} and {% data variables.product.prodname_dotcom_the_website %} to use these actions. Cada acción es un repositorio en la organización `actions` y cada repositorio de acción incluye las etiquetas, ramas y SHA de confirmación necesarios que tu flujo de trabajo puede utilizar para referenciar la acción. Para obtener más información sobre cómo actualizar las acciones oficiales empaquetadas, consulta la sección "[Utilizar la versión más reciente de las acciones oficiales incluídas](/admin/github-actions/using-the-latest-version-of-the-official-bundled-actions)". @@ -43,14 +54,21 @@ Cada acción es un repositorio en la organización `actions` y cada repositorio ## Configurar el acceso a las acciones en {% data variables.product.prodname_dotcom_the_website %} -{% ifversion ghes %} -Antes de que puedas configurar el acceso a las acciones en {% data variables.product.prodname_dotcom_the_website %}, debes configurar {% data variables.product.product_location %} para que utilice {% data variables.product.prodname_actions %}. Para obtener más información, consulta la sección "[Iniciar con las {% data variables.product.prodname_actions %} para GitHub Enterprise Server](/admin/github-actions/enabling-github-actions-for-github-enterprise-server/getting-started-with-github-actions-for-github-enterprise-server)". -{% endif %} - {% data reusables.actions.access-actions-on-dotcom %} El acercamiento recomendado es habilitar el acceso automático a todas las acciones desde {% data variables.product.prodname_dotcom_the_website %}. Puedes hacer esto si utilizas {% data variables.product.prodname_github_connect %} para integrar a {% data variables.product.product_name %} con {% data variables.product.prodname_ghe_cloud %}. Para obtener más información, consulta la sección "[Habilitar el acceso automático a las acciones de {% data variables.product.prodname_dotcom_the_website %} utilizando {% data variables.product.prodname_github_connect %}](/enterprise/admin/github-actions/enabling-automatic-access-to-githubcom-actions-using-github-connect)". +{% ifversion ghes %} +{% note %} + +**Note:** Before you can configure access to actions on {% data variables.product.prodname_dotcom_the_website %}, you must configure {% data variables.product.product_location %} to use {% data variables.product.prodname_actions %}. Para obtener más información, consulta la sección "[Iniciar con las {% data variables.product.prodname_actions %} para GitHub Enterprise Server](/admin/github-actions/enabling-github-actions-for-github-enterprise-server/getting-started-with-github-actions-for-github-enterprise-server)". + + +{% endnote %} +{% endif %} + +{% data reusables.actions.self-hosted-runner-networking-to-dotcom %} + {% data reusables.actions.enterprise-limit-actions-use %} -Como alternativa, si quieres tener un control más estricto sobre qué acciones se permiten en tu empresa, puedes descargar y sincronizar las acciones manualmente en tu instancia empresarial utilizando la herramienta `actions-sync`. Para obtener más información, consulta la sección "[Sincronizar acciones manualmente desde {% data variables.product.prodname_dotcom_the_website %}](/enterprise/admin/github-actions/manually-syncing-actions-from-githubcom)". +Alternatively, if you want stricter control over which actions are allowed in your enterprise, or you do not want to allow outbound connections to {% data variables.product.prodname_dotcom_the_website %}, you can manually download and sync actions onto your enterprise instance using the `actions-sync` tool. Para obtener más información, consulta la sección "[Sincronizar acciones manualmente desde {% data variables.product.prodname_dotcom_the_website %}](/enterprise/admin/github-actions/manually-syncing-actions-from-githubcom)". diff --git a/translations/es-ES/content/admin/github-actions/managing-access-to-actions-from-githubcom/enabling-automatic-access-to-githubcom-actions-using-github-connect.md b/translations/es-ES/content/admin/github-actions/managing-access-to-actions-from-githubcom/enabling-automatic-access-to-githubcom-actions-using-github-connect.md index 3dc27dc3ff..f539aeca8d 100644 --- a/translations/es-ES/content/admin/github-actions/managing-access-to-actions-from-githubcom/enabling-automatic-access-to-githubcom-actions-using-github-connect.md +++ b/translations/es-ES/content/admin/github-actions/managing-access-to-actions-from-githubcom/enabling-automatic-access-to-githubcom-actions-using-github-connect.md @@ -21,11 +21,18 @@ shortTitle: Use GitHub Connect for actions ## About automatic access to {% data variables.product.prodname_dotcom_the_website %} actions -By default, {% data variables.product.prodname_actions %} workflows on {% data variables.product.product_name %} cannot use actions directly from {% data variables.product.prodname_dotcom_the_website %} or [{% data variables.product.prodname_marketplace %}](https://github.com/marketplace?type=actions). +By default, {% data variables.product.prodname_actions %} workflows on {% data variables.product.product_name %} cannot use actions directly from {% data variables.product.prodname_dotcom_the_website %} or [{% data variables.product.prodname_marketplace %}](https://github.com/marketplace?type=actions). To make all actions from {% data variables.product.prodname_dotcom_the_website %} available on your enterprise instance, you can use {% data variables.product.prodname_github_connect %} to integrate {% data variables.product.product_name %} with {% data variables.product.prodname_ghe_cloud %}. -To make all actions from {% data variables.product.prodname_dotcom_the_website %} available on your enterprise instance, you can use {% data variables.product.prodname_github_connect %} to integrate {% data variables.product.product_name %} with {% data variables.product.prodname_ghe_cloud %}. For other ways of accessing actions from {% data variables.product.prodname_dotcom_the_website %}, see "[About using actions in your enterprise](/admin/github-actions/about-using-actions-in-your-enterprise)." +{% data reusables.actions.self-hosted-runner-networking-to-dotcom %} -To use actions from {% data variables.product.prodname_dotcom_the_website %}, your self-hosted runners must be able to download public actions from `api.github.com`. +Alternatively, if you want stricter control over which actions are allowed in your enterprise, you can manually download and sync actions onto your enterprise instance using the `actions-sync` tool. For more information, see "[Manually syncing actions from {% data variables.product.prodname_dotcom_the_website %}](/enterprise/admin/github-actions/manually-syncing-actions-from-githubcom)." + +## About resolution for actions using {% data variables.product.prodname_github_connect %} + +{% data reusables.actions.github-connect-resolution %} + +If a user has already created an organization and repository in your enterprise that matches an organization and repository name on {% data variables.product.prodname_dotcom_the_website %}, the repository on your enterprise will be used instead of the {% data variables.product.prodname_dotcom_the_website %} repository. {% ifversion ghes < 3.3 or ghae %}A malicious user could take advantage of this behavior to run code as part of a workflow{% else %}For more information, see "[Automatic retirement of namespaces for actions accessed on {% data variables.product.prodname_dotcom_the_website%}](#automatic-retirement-of-namespaces-for-actions-accessed-on-githubcom)." +{% endif %} ## Enabling automatic access to all {% data variables.product.prodname_dotcom_the_website %} actions @@ -33,8 +40,6 @@ Before enabling access to all actions from {% data variables.product.prodname_do - Configure {% data variables.product.product_location %} to use {% data variables.product.prodname_actions %}. For more information, see "[Getting started with {% data variables.product.prodname_actions %} for GitHub Enterprise Server](/admin/github-actions/enabling-github-actions-for-github-enterprise-server/getting-started-with-github-actions-for-github-enterprise-server)." - Enable{% else %} enable{% endif %} {% data variables.product.prodname_github_connect %}. For more information, see "[Managing {% data variables.product.prodname_github_connect %}](/admin/configuration/configuring-github-connect/managing-github-connect)." -{% data reusables.actions.enterprise-github-connect-warning %} - {% data reusables.enterprise-accounts.access-enterprise %} {% data reusables.enterprise-accounts.github-connect-tab %} 1. Under "Users can utilize actions from GitHub.com in workflow runs", use the drop-down menu and select **Enabled**. diff --git a/translations/es-ES/content/organizations/managing-organization-settings/deleting-an-organization-account.md b/translations/es-ES/content/organizations/managing-organization-settings/deleting-an-organization-account.md index 5f13e4f882..b736ad7852 100644 --- a/translations/es-ES/content/organizations/managing-organization-settings/deleting-an-organization-account.md +++ b/translations/es-ES/content/organizations/managing-organization-settings/deleting-an-organization-account.md @@ -12,7 +12,7 @@ versions: topics: - Organizations - Teams -shortTitle: Delete organization +shortTitle: Borrar organización --- {% ifversion fpt or ghec %} diff --git a/translations/es-ES/content/packages/quickstart.md b/translations/es-ES/content/packages/quickstart.md index 65f3200932..e83cb3abaa 100644 --- a/translations/es-ES/content/packages/quickstart.md +++ b/translations/es-ES/content/packages/quickstart.md @@ -18,7 +18,7 @@ En esta guía, crearás un flujo de trabajo de {% data variables.product.prodnam ## Publicar tu paquete -1. Crea un repositorio nuevo en {% data variables.product.prodname_dotcom %}, agregando el `.gitignore` para Node. For more information, see "[Creating a new repository](/github/creating-cloning-and-archiving-repositories/creating-a-new-repository)." +1. Crea un repositorio nuevo en {% data variables.product.prodname_dotcom %}, agregando el `.gitignore` para Node. Para obtener más información, consulta la sección "[Crear un repositorio nuevo](/github/creating-cloning-and-archiving-repositories/creating-a-new-repository)". 2. Clona el repositorio en tu máquina local. ```shell $ git clone https://{% ifversion ghae %}YOUR-HOSTNAME{% else %}github.com{% endif %}/YOUR-USERNAME/YOUR-REPOSITORY.git diff --git a/translations/es-ES/content/pages/setting-up-a-github-pages-site-with-jekyll/testing-your-github-pages-site-locally-with-jekyll.md b/translations/es-ES/content/pages/setting-up-a-github-pages-site-with-jekyll/testing-your-github-pages-site-locally-with-jekyll.md index 6c4bb22f84..60fc4f2778 100644 --- a/translations/es-ES/content/pages/setting-up-a-github-pages-site-with-jekyll/testing-your-github-pages-site-locally-with-jekyll.md +++ b/translations/es-ES/content/pages/setting-up-a-github-pages-site-with-jekyll/testing-your-github-pages-site-locally-with-jekyll.md @@ -52,7 +52,7 @@ Antes de que puedas usar Jekyll para probar un sitio, debes hacer lo siguiente: {% note %} -**Note:** If you are using Ruby 3.0 and Jekyll 4.2.x or older, you will need to add the `webrick` gem to your project's Gemfile prior to running `bundle install`. +**Nota:** Si estás utilizando Ruby 3.0 y Jekyll 4.2.x o anterior, necesitarás agregar la gema de `webrick` al Gemfile de tu proyecto antes de ejecutar `bundle install`. {% endnote %} diff --git a/translations/es-ES/content/rest/reference/secret-scanning.md b/translations/es-ES/content/rest/reference/secret-scanning.md index 07419944d5..ffdc5f95b9 100644 --- a/translations/es-ES/content/rest/reference/secret-scanning.md +++ b/translations/es-ES/content/rest/reference/secret-scanning.md @@ -1,6 +1,6 @@ --- title: Escaneo de secretos -intro: Use the secret scanning API to retrieve and update secret alerts from a repository. +intro: Utiliza la API de escaneo de secretos para recuperar y actualizar las alertas secretas de un repositorio. versions: fpt: '*' ghes: '*' diff --git a/translations/es-ES/data/learning-tracks/actions.yml b/translations/es-ES/data/learning-tracks/actions.yml index 2454c612e5..3f4d88a6bc 100644 --- a/translations/es-ES/data/learning-tracks/actions.yml +++ b/translations/es-ES/data/learning-tracks/actions.yml @@ -39,7 +39,7 @@ deploy_to_the_cloud: - /actions/deployment/deploying-to-google-kubernetes-engine adopting_github_actions_for_your_enterprise_ghec: title: 'Adoptar GitHub Actions para tu empresa' - description: 'Learn how to plan and implement a rollout of {% data variables.product.prodname_actions %} in your enterprise.' + description: 'Aprende a planear y hacer una implementación de {% data variables.product.prodname_actions %} en tu empresa.' versions: ghec: '*' guides: @@ -52,7 +52,7 @@ adopting_github_actions_for_your_enterprise_ghec: - /billing/managing-billing-for-github-actions/about-billing-for-github-actions adopting_github_actions_for_your_enterprise_ghes_and_ghae: title: 'Adoptar GitHub Actions para tu empresa' - description: 'Learn how to plan and implement a rollout of {% data variables.product.prodname_actions %} in your enterprise.' + description: 'Aprende a planear y hacer una implementación de {% data variables.product.prodname_actions %} en tu empresa.' versions: ghes: '*' ghae: '*' diff --git a/translations/es-ES/data/learning-tracks/admin.yml b/translations/es-ES/data/learning-tracks/admin.yml index 5319746d62..3e94b82af3 100644 --- a/translations/es-ES/data/learning-tracks/admin.yml +++ b/translations/es-ES/data/learning-tracks/admin.yml @@ -39,7 +39,7 @@ upgrade_your_instance: - /admin/enterprise-management/upgrading-github-enterprise-server adopting_github_actions_for_your_enterprise_ghec: title: 'Adoptar GitHub Actions para tu empresa' - description: 'Learn how to plan and implement a rollout of {% data variables.product.prodname_actions %} in your enterprise.' + description: 'Aprende a planear y hacer una implementación de {% data variables.product.prodname_actions %} en tu empresa.' versions: ghec: '*' guides: @@ -52,7 +52,7 @@ adopting_github_actions_for_your_enterprise_ghec: - /billing/managing-billing-for-github-actions/about-billing-for-github-actions adopting_github_actions_for_your_enterprise_ghes_and_ghae: title: 'Adoptar GitHub Actions para tu empresa' - description: 'Learn how to plan and implement a rollout of {% data variables.product.prodname_actions %} in your enterprise.' + description: 'Aprende a planear y hacer una implementación de {% data variables.product.prodname_actions %} en tu empresa.' versions: ghes: '*' ghae: '*' diff --git a/translations/es-ES/data/reusables/actions/enterprise-github-connect-warning.md b/translations/es-ES/data/reusables/actions/enterprise-github-connect-warning.md deleted file mode 100644 index e748ab734d..0000000000 --- a/translations/es-ES/data/reusables/actions/enterprise-github-connect-warning.md +++ /dev/null @@ -1,15 +0,0 @@ -{% ifversion ghes > 3.2 or ghae-issue-4815 %} -{% note %} - -**Nota:** Cuando un flujo de trabajo utiliza una acción referenciando el repositorio en donde esta se almacena, {% data variables.product.prodname_actions %} intentará encontrarlo en tu instancia de {% data variables.product.prodname_ghe_server %} primero, antes de revertirse a {% data variables.product.prodname_dotcom_the_website %}. Si un usuario ya creó una organización y repositorio en tu empresa, el cual empate con un nombre de organización y repositorio en {% data variables.product.prodname_dotcom %}, el repositorio de tu empresa se utilizará en vez del de {% data variables.product.prodname_dotcom %}. Para obtener más información, consulta la sección "[Jubilación automática de designadores de espacio para las acciones a las cuales se accede en {% data variables.product.prodname_dotcom_the_website%}](#automatic-retirement-of-namespaces-for-actions-accessed-on-githubcom)". - -{% endnote %} -{% endif %} - -{% ifversion ghes < 3.3 or ghae %} -{% note %} - -**Nota:** Cuando un flujo de trabajo utiliza una acción referenciando el repositorio en donde esta se almacena, {% data variables.product.prodname_actions %} intentará encontrarlo en tu instancia de {% data variables.product.prodname_ghe_server %} primero, antes de revertirse a {% data variables.product.prodname_dotcom_the_website %}. Si un usuario crea una organización y repositorio en tu empresa, los cuales empaten con un nombre de organzación y repositorio en {% data variables.product.prodname_dotcom %}, el repositorio de tu empresa se utilizará en vez del repositorio de {% data variables.product.prodname_dotcom %}. Un usuario malintencionado podría sacar provecho de este comportamiento para ejecutar código como parte de un flujo de trabajo. - -{% endnote %} -{% endif %} diff --git a/translations/es-ES/data/reusables/actions/github-connect-resolution.md b/translations/es-ES/data/reusables/actions/github-connect-resolution.md new file mode 100644 index 0000000000..816e314a30 --- /dev/null +++ b/translations/es-ES/data/reusables/actions/github-connect-resolution.md @@ -0,0 +1 @@ +When a workflow uses an action by referencing the repository where the action is stored, {% data variables.product.prodname_actions %} will first try to find the repository on {% data variables.product.product_location %}. If the repository does not exist on {% data variables.product.product_location %}, and if you have automatic access to {% data variables.product.prodname_dotcom_the_website %} enabled, {% data variables.product.prodname_actions %} will try to find the repository on {% data variables.product.prodname_dotcom_the_website %}. \ No newline at end of file diff --git a/translations/es-ES/data/reusables/actions/runner-group-assign-policy-workflow.md b/translations/es-ES/data/reusables/actions/runner-group-assign-policy-workflow.md index 27cb070783..af555af9d4 100644 --- a/translations/es-ES/data/reusables/actions/runner-group-assign-policy-workflow.md +++ b/translations/es-ES/data/reusables/actions/runner-group-assign-policy-workflow.md @@ -1,6 +1,6 @@ {%- if restrict-groups-to-workflows %} 1. Assign a policy for workflow access. - You can configure a runner group to be accessible to a specific list of workflows, or to all workflows. This setting can't be overridden if you are configuring an organization's runner group that was shared by an enterprise. If you specify what workflow can access the runner group, you must use the full path to the workflow, including the repository name and owner, and you must pin the workflow to a branch, tag, or full SHA. For example: `octo-org/octo-repo/.github/workflows/build.yml@v2, octo-org/octo-repo/.github/workflows/deploy.yml@d6dc6c96df4f32fa27b039f2084f576ed2c5c2a5, monalisa/octo-test/.github/workflows/test.yml@main`. + You can configure a runner group to be accessible to a specific list of workflows, or to all workflows. This setting can't be overridden if you are configuring an organization's runner group that was shared by an enterprise. If you specify what workflow can access the runner group, you must use the full path to the workflow, including the repository name and owner, and you must pin the workflow to a branch, tag, or full SHA. Por ejemplo: `octo-org/octo-repo/.github/workflows/build.yml@v2, octo-org/octo-repo/.github/workflows/deploy.yml@d6dc6c96df4f32fa27b039f2084f576ed2c5c2a5, monalisa/octo-test/.github/workflows/test.yml@main`. Only jobs directly defined within the selected workflows will have access to the runner group.{%- endif %} diff --git a/translations/es-ES/data/reusables/actions/self-hosted-runner-add-to-enterprise.md b/translations/es-ES/data/reusables/actions/self-hosted-runner-add-to-enterprise.md index 2a62159957..9d6c8982fa 100644 --- a/translations/es-ES/data/reusables/actions/self-hosted-runner-add-to-enterprise.md +++ b/translations/es-ES/data/reusables/actions/self-hosted-runner-add-to-enterprise.md @@ -6,7 +6,7 @@ 1. Haz clic en **Ejecutor nuevo**. {% data reusables.actions.self-hosted-runner-configure %} {%- elsif ghae or ghes < 3.4 %} -To add a self-hosted runner to an enterprise, you must be an enterprise owner. +Para agregar un ejecutor auto-hospedado a una empresa, debes ser el propietario de la misma. {% data reusables.enterprise-accounts.access-enterprise %} {% data reusables.enterprise-accounts.policies-tab %} {% data reusables.enterprise-accounts.actions-tab %} diff --git a/translations/es-ES/data/reusables/actions/self-hosted-runner-communications-for-ghae.md b/translations/es-ES/data/reusables/actions/self-hosted-runner-communications-for-ghae.md deleted file mode 100644 index 9d96dd0710..0000000000 --- a/translations/es-ES/data/reusables/actions/self-hosted-runner-communications-for-ghae.md +++ /dev/null @@ -1,7 +0,0 @@ -{% ifversion ghae %} - -You must ensure that the self-hosted runner has appropriate network access to communicate with your {% data variables.product.prodname_ghe_managed %} URL and its subdomains. Pro ejemplo, si el nombre de tu instancia es `octoghae`, entonces necesitarás permitir que el ejecutor auto-hospedado acceda a `octoghae.githubenterprise.com`, `api.octoghae.githubenterprise.com` y `codeload.octoghae.githubenterprise.com`. - -If you use an IP address allow list for your organization or enterprise account on {% data variables.product.prodname_dotcom %}, you must add your self-hosted runner's IP address to the allow list. Para obtener más información, consulta "[Administrar las direcciones IP permitidas en tu organización](/organizations/keeping-your-organization-secure/managing-allowed-ip-addresses-for-your-organization#using-github-actions-with-an-ip-allow-list)". - -{% endif %} diff --git a/translations/es-ES/data/reusables/actions/self-hosted-runner-networking-to-dotcom.md b/translations/es-ES/data/reusables/actions/self-hosted-runner-networking-to-dotcom.md new file mode 100644 index 0000000000..55c66796b0 --- /dev/null +++ b/translations/es-ES/data/reusables/actions/self-hosted-runner-networking-to-dotcom.md @@ -0,0 +1 @@ +To use actions from {% data variables.product.prodname_dotcom_the_website %},{% ifversion ghes %} both {% data variables.product.product_location %} and{% endif %} your self-hosted runners must be able to make outbound connections to {% data variables.product.prodname_dotcom_the_website %}. No inbound connections from {% data variables.product.prodname_dotcom_the_website %} are required. For more information. Para obtener más información, consulta la sección "[Acerca de los ejecutores auto-hospedados](/actions/hosting-your-own-runners/about-self-hosted-runners#communication-betweens-self-hosted-runners-and-githubcom)". \ No newline at end of file diff --git a/translations/es-ES/data/reusables/actions/self-hosted-runner-ports-protocols.md b/translations/es-ES/data/reusables/actions/self-hosted-runner-ports-protocols.md index 57f16b0906..a24c445d1b 100644 --- a/translations/es-ES/data/reusables/actions/self-hosted-runner-ports-protocols.md +++ b/translations/es-ES/data/reusables/actions/self-hosted-runner-ports-protocols.md @@ -1 +1,3 @@ -Self-hosted runners must be able to communicate with {% ifversion ghae %}your enterprise on {% data variables.product.product_name %}{% elsif fpt or ghec or ghes %}{% data variables.product.product_location %}{% endif %} over HTTP (port 80) and HTTPS (port 443). +{% ifversion ghes or ghae %} +The connection between self-hosted runners and {% data variables.product.product_name %} is over {% ifversion ghes %}HTTP (port 80) or {% endif %}HTTPS (port 443). {% ifversion ghes %}To ensure connectivity over HTTPS, configure TLS for {% data variables.product.product_location %}. For more information, see "[Configuring TLS](/admin/configuration/configuring-network-settings/configuring-tls)."{% endif %} +{% endif %} diff --git a/translations/es-ES/data/reusables/apps/optional_feature_activation.md b/translations/es-ES/data/reusables/apps/optional_feature_activation.md index c13f030366..53e9b85759 100644 --- a/translations/es-ES/data/reusables/apps/optional_feature_activation.md +++ b/translations/es-ES/data/reusables/apps/optional_feature_activation.md @@ -1,2 +1,2 @@ 4. In the left sidebar, click **Optional Features**. ![Optional features tab](/assets/images/github-apps/optional-features-option.png) -5. Next to the optional feature you want to enable for your app, click **Opt-in**. ![Botón de unirse para habilitar una característica opcional](/assets/images/github-apps/enable-optional-features.png) +5. Junto a la característica opcional que quieres habilitar para tu app, haz clic en **Decidir participar**. ![Botón de unirse para habilitar una característica opcional](/assets/images/github-apps/enable-optional-features.png) diff --git a/translations/es-ES/data/reusables/code-scanning/upload-sarif-alert-limit.md b/translations/es-ES/data/reusables/code-scanning/upload-sarif-alert-limit.md index 2fc7fd7615..6552a32f70 100644 --- a/translations/es-ES/data/reusables/code-scanning/upload-sarif-alert-limit.md +++ b/translations/es-ES/data/reusables/code-scanning/upload-sarif-alert-limit.md @@ -1,7 +1,7 @@ {% note %} **Notas:** -- SARIF upload supports a maximum of 5000 results per upload. Cualquier resultado que sobrepase este límite se ignorará. Si una herramienta genera demasiados resultados, debes actualizar la configuración para enfocarte en los resultados de las reglas o consultas más importantes. +- La carga de SARIF es compatible con un máximo de 5000 resultados por carga. Cualquier resultado que sobrepase este límite se ignorará. Si una herramienta genera demasiados resultados, debes actualizar la configuración para enfocarte en los resultados de las reglas o consultas más importantes. - Para cada carga, la carga de SARIF es compatible con un tamaño máximo de 10 MB para el archivo comprimido de `gzip`. Cualquier carga que esté sobre este límite, se rechazará. Si tu archivo SARIF es demasiado grande porque contiene demasiados resultados, debes actualizar la configuración para enfocarte en los resultados de las reglas o consultas más importantes. diff --git a/translations/es-ES/data/reusables/secret-scanning/partner-secret-list-private-repo.md b/translations/es-ES/data/reusables/secret-scanning/partner-secret-list-private-repo.md index 6374ddd8cc..8547b19ac2 100644 --- a/translations/es-ES/data/reusables/secret-scanning/partner-secret-list-private-repo.md +++ b/translations/es-ES/data/reusables/secret-scanning/partner-secret-list-private-repo.md @@ -36,13 +36,13 @@ Checkout.com | Llave Secreta de Pruebas de Checkout.com | checkout_test_secret_k {%- ifversion fpt or ghec or ghes > 3.1 or ghae %} CloudBees CodeShip | Credencial de CodeShip de CloudBees | codeship_credential{% endif %} {%- ifversion fpt or ghec or ghes > 3.2 %} -Contentful | Contentful Personal Access Token | contentful_personal_access_token{% endif %} Databricks | Databricks Access Token | databricks_access_token Discord | Discord Bot Token | discord_bot_token Doppler | Doppler Personal Token | doppler_personal_token Doppler | Doppler Service Token | doppler_service_token Doppler | Doppler CLI Token | doppler_cli_token Doppler | Doppler SCIM Token | doppler_scim_token +Contentful | Token de Acceso Personal de Contentful | contentful_personal_access_token{% endif %} Databricks | Token de Acceso de Databricks | databricks_access_token Discord | Token del Bot de Discord | discord_bot_token Doppler | Token Personal de Doppler | doppler_personal_token Doppler | Token de Servicio de Doppler | doppler_service_token Doppler | Token de CLI de Doppler | doppler_cli_token Doppler | Token de SCIM de Doppler | doppler_scim_token {%- ifversion fpt or ghec or ghes > 3.1 or ghae %} Doppler | Token de Auditoría de Doppler | doppler_audit_token{% endif %} Dropbox | Token de Acceso a Dropbox | dropbox_access_token Dropbox | Token de Acceso de Vida Corta a Dropbox | dropbox_short_lived_access_token {%- ifversion fpt or ghec or ghes > 3.1 or ghae %} Duffel | Token de Acceso en Vivo de Duffel | duffel_live_access_token{% endif %} {%- ifversion fpt or ghec or ghes > 3.1 or ghae %} -Duffel | Duffel Test Access Token | duffel_test_access_token{% endif %} Dynatrace | Dynatrace Access Token | dynatrace_access_token Dynatrace | Dynatrace Internal Token | dynatrace_internal_token +Duffel | Token de Acceso de Pruebas de Duffel | duffel_test_access_token{% endif %} Dynatrace | Token de Acceso de Dynatrace | dynatrace_access_token Dynatrace | Token Interno de Dynatrace | dynatrace_internal_token {%- ifversion fpt or ghec or ghes > 3.1 or ghae %} EasyPost | Llave de la API de Producción de EasyPost | easypost_production_api_key{% endif %} {%- ifversion fpt or ghec or ghes > 3.1 or ghae %} @@ -90,7 +90,7 @@ Ionic | Token de Acceso Personal de Ionic | ionic_personal_access_token{% endif {%- ifversion fpt or ghec or ghes > 3.1 or ghae %} Ionic | Token de Actualización de Ionic | ionic_refresh_token{% endif %} {%- ifversion fpt or ghec or ghes > 3.4 %} -JD Cloud | JD Cloud Access Key | jd_cloud_access_key{% endif %} +JD Cloud | Llave de Acceso de JD Cloud | jd_cloud_access_key{% endif %} {%- ifversion fpt or ghec or ghes > 3.2 %} JFrog | Token de Acceso a la Plataforma de JFrog | jfrog_platform_access_token{% endif %} {%- ifversion fpt or ghec or ghes > 3.2 %} @@ -164,7 +164,7 @@ Square | Token de Acceso a Square | square_access_token{% endif %} {%- ifversion fpt or ghec or ghes > 3.3 %} Square | Secreto de la Aplicación de Producción de Square | square_production_application_secret{% endif %} {%- ifversion fpt or ghec or ghes > 3.3 %} -Square | Square Sandbox Application Secret | square_sandbox_application_secret{% endif %} SSLMate | SSLMate API Key | sslmate_api_key SSLMate | SSLMate Cluster Secret | sslmate_cluster_secret Stripe | Stripe API Key | stripe_api_key Stripe | Stripe Live API Secret Key | stripe_live_secret_key Stripe | Stripe Test API Secret Key | stripe_test_secret_key Stripe | Stripe Live API Restricted Key | stripe_live_restricted_key Stripe | Stripe Test API Restricted Key | stripe_test_restricted_key +Square | Secreto de Aplicación de Pruebas de Square | square_sandbox_application_secret{% endif %} SSLMate | Llave de la API de SSLMate | sslmate_api_key SSLMate | Secreto de Clúster de SSLMate | sslmate_cluster_secret Stripe | Llave de la API de Stripe | stripe_api_key Stripe | Llave del Secreto de la API en Vivo de Stripe | stripe_live_secret_key Stripe | Llave del Secreto de la API de Pruebas de Stripe | stripe_test_secret_key Stripe | Llave Restringida de la API en Vivo de Stripe | stripe_live_restricted_key Stripe | Llave Restringida de la API de Pruebas de Stripe | stripe_test_restricted_key {%- ifversion fpt or ghec or ghes > 3.1 or ghae %} Stripe | Secreto de Firmado de Webhook de Stripe | stripe_webhook_signing_secret{% endif %} {%- ifversion fpt or ghec or ghes > 3.1 or ghae %} diff --git a/translations/es-ES/data/reusables/secret-scanning/partner-secret-list-public-repo.md b/translations/es-ES/data/reusables/secret-scanning/partner-secret-list-public-repo.md index 6e22b46630..7c946e7bea 100644 --- a/translations/es-ES/data/reusables/secret-scanning/partner-secret-list-public-repo.md +++ b/translations/es-ES/data/reusables/secret-scanning/partner-secret-list-public-repo.md @@ -58,6 +58,7 @@ | Meta | Token de Acceso a Facebook | | npm | Token de Acceso de npm | | NuGet | Clave de API de NuGet | +| Octopus Deploy | Octopus Deploy API Key | | OpenAI | Clave de la API de OpenAI | | Palantir | Token Web de JSON de Palantir | | PlanetScale | Contraseña de base de datos de PlanetScale | diff --git a/translations/log/es-resets.csv b/translations/log/es-resets.csv index 008987b785..81e64c7d78 100644 --- a/translations/log/es-resets.csv +++ b/translations/log/es-resets.csv @@ -140,7 +140,7 @@ translations/es-ES/content/codespaces/setting-up-your-project-for-codespaces/set translations/es-ES/content/codespaces/setting-up-your-project-for-codespaces/setting-up-your-python-project-for-codespaces.md,Listed in localization-support#489 translations/es-ES/content/codespaces/troubleshooting/exporting-changes-to-a-branch.md,Listed in localization-support#489 translations/es-ES/content/communities/documenting-your-project-with-wikis/about-wikis.md,Listed in localization-support#489 -translations/es-ES/content/communities/documenting-your-project-with-wikis/about-wikis.md,parsing error +translations/es-ES/content/communities/documenting-your-project-with-wikis/about-wikis.md,rendering error translations/es-ES/content/communities/using-templates-to-encourage-useful-issues-and-pull-requests/configuring-issue-templates-for-your-repository.md,Listed in localization-support#489 translations/es-ES/content/communities/using-templates-to-encourage-useful-issues-and-pull-requests/syntax-for-issue-forms.md,Listed in localization-support#489 translations/es-ES/content/desktop/contributing-and-collaborating-using-github-desktop/adding-and-cloning-repositories/cloning-and-forking-repositories-from-github-desktop.md,Listed in localization-support#489 From aa3323b6c5da3466fb314d84b7bff06279488a37 Mon Sep 17 00:00:00 2001 From: docubot <67483024+docubot@users.noreply.github.com> Date: Sun, 20 Mar 2022 10:31:02 -0700 Subject: [PATCH 41/52] New translation batch for pt (#26353) * Add crowdin translations * Run script/i18n/homogenize-frontmatter.js * Run script/i18n/fix-translation-errors.js * Run script/i18n/lint-translation-files.js --check rendering * run script/i18n/reset-files-with-broken-liquid-tags.js --language=pt * run script/i18n/reset-known-broken-translation-files.js From b7bd9bdc75e26ccc2cf740812615a10645b25871 Mon Sep 17 00:00:00 2001 From: docubot <67483024+docubot@users.noreply.github.com> Date: Sun, 20 Mar 2022 11:08:06 -0700 Subject: [PATCH 42/52] New translation batch for es (#26354) * Add crowdin translations * Run script/i18n/homogenize-frontmatter.js * Run script/i18n/fix-translation-errors.js * Run script/i18n/lint-translation-files.js --check rendering * run script/i18n/reset-files-with-broken-liquid-tags.js --language=es * run script/i18n/reset-known-broken-translation-files.js --- .../network-ports.md | 16 ++++++++-------- .../creating-a-github-app-from-a-manifest.md | 2 +- .../creating-a-github-app.md | 2 +- ...ying-and-authorizing-users-for-github-apps.md | 8 ++++---- .../refreshing-user-to-server-access-tokens.md | 2 +- .../building-oauth-apps/creating-an-oauth-app.md | 2 +- .../modifying-a-github-app.md | 2 +- .../removing-a-member-from-your-organization.md | 4 ++-- .../deleting-an-organization-account.md | 4 ++-- ...ownership-continuity-for-your-organization.md | 2 +- .../apps/optional_feature_activation.md | 2 +- 11 files changed, 23 insertions(+), 23 deletions(-) diff --git a/translations/es-ES/content/admin/configuration/configuring-network-settings/network-ports.md b/translations/es-ES/content/admin/configuration/configuring-network-settings/network-ports.md index 245d1aa573..2c9bb5a2ca 100644 --- a/translations/es-ES/content/admin/configuration/configuring-network-settings/network-ports.md +++ b/translations/es-ES/content/admin/configuration/configuring-network-settings/network-ports.md @@ -26,7 +26,7 @@ Se requieren algunos puertos administrativos para configurar {% data variables.p | Port (Puerto) | Servicio | Descripción | | ------------- | -------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | 8443 | HTTPS | {% data variables.enterprise.management_console %} segura basada en la web. Requerida para la instalación y la configuración básicas. | -| 8080 | HTTP | {% data variables.enterprise.management_console %} basada en la web de texto simple. Not required unless TLS is disabled manually. | +| 8080 | HTTP | {% data variables.enterprise.management_console %} basada en la web de texto simple. No se requiere a menos de que el TLS se inhabilite manualmente. | | 122 | SSH | Acceso shell para {% data variables.product.product_location %}. Se necesita abierto a las conexiones entrantes entre todos los nodos en una configuración de disponibilidad alta. El puerto SSH predeterminado (22) está destinado al tráfico de red de la aplicación SSH y Git. | | 1194/UDP | VPN | Túnel de red de replicación segura en la configuración de alta disponibilidad. Se requiere abierto a las comunicaciones entre todos los nodos en la configuración. | | 123/UDP | NTP | Se requiere para operar el protocolo de tiempo. | @@ -39,7 +39,7 @@ Los puertos de la aplicación permiten que los usuarios finales accedan a Git y | Port (Puerto) | Servicio | Descripción | | ------------- | -------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | | 443 | HTTPS | Acceso a la aplicación web y a Git por HTTPS. | -| 80 | HTTP | Acceso a la aplicación web. All requests are redirected to the HTTPS port if TLS is configured. | +| 80 | HTTP | Acceso a la aplicación web. Todas las solicitudes se redirigen al puerto HTTPS si se configura el TLS. | | 22 | SSH | Acceso a Git por SSH. Admite las operaciones clonar, extraer y subir a los repositorios privados y públicos. | | 9418 | Git | El puerto de protocolo Git admite las operaciones clonar y extraer a los repositorios públicos con comunicación de red desencriptada. {% data reusables.enterprise_installation.when-9418-necessary %} @@ -53,14 +53,14 @@ Los puertos de correo electrónico deben ser accesibles directamente o por medio | ------------- | -------- | ---------------------------------------------- | | 25 | SMTP | Soporte para SMTP con encriptación (STARTTLS). | -## {% data variables.product.prodname_actions %} ports +## Puertos de las {% data variables.product.prodname_actions %} -{% data variables.product.prodname_actions %} ports must be accessible for self-hosted runners to connect to {% data variables.product.product_location %}. Para obtener más información, consulta la sección "[Acerca de los ejecutores auto-hospedados](/actions/hosting-your-own-runners/about-self-hosted-runners#communication-between-self-hosted-runners-and-github-enterprise-server)". +Los puertos de las {% data variables.product.prodname_actions %} deben ser accesibles para que los ejecutores auto-hospedados se conecten a {% data variables.product.product_location %}. Para obtener más información, consulta la sección "[Acerca de los ejecutores auto-hospedados](/actions/hosting-your-own-runners/about-self-hosted-runners#communication-between-self-hosted-runners-and-github-enterprise-server)". -| Port (Puerto) | Servicio | Descripción | -| ------------- | -------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| 443 | HTTPS | Self-hosted runners connect to {% data variables.product.product_location %} to receive job assignments and to download new versions of the runner application. Required if TLS is configured. | -| 80 | HTTP | Self-hosted runners connect to {% data variables.product.product_location %} to receive job assignments and to download new versions of the runner application. Required if TLS is not configured. | +| Port (Puerto) | Servicio | Descripción | +| ------------- | -------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| 443 | HTTPS | Los ejecutores auto-hospedados se conectan a {% data variables.product.product_location %} para recibir asignaciones de jobs y para descargar versiones nuevas de la aplicación ejecutora. Requerido si se configura TLS. | +| 80 | HTTP | Los ejecutores auto-hospedados se conectan a {% data variables.product.product_location %} para recibir asignaciones de jobs y para descargar versiones nuevas de la aplicación ejecutora. Requerido si no se configura TLS. | If you enable automatic access to {% data variables.product.prodname_dotcom_the_website %} actions, {% data variables.product.prodname_actions %} will always search for an action on {% data variables.product.product_location %} first, via these ports, before checking {% data variables.product.prodname_dotcom_the_website %}. Para obtener más información, consulta la sección "[Habilitar el acceso automático a las acciones de {% data variables.product.prodname_dotcom_the_website %} utilizando{% data variables.product.prodname_github_connect %}](/admin/github-actions/managing-access-to-actions-from-githubcom/enabling-automatic-access-to-githubcom-actions-using-github-connect#about-resolution-for-actions-using-github-connect)". diff --git a/translations/es-ES/content/developers/apps/building-github-apps/creating-a-github-app-from-a-manifest.md b/translations/es-ES/content/developers/apps/building-github-apps/creating-a-github-app-from-a-manifest.md index caf538d658..da096bda77 100644 --- a/translations/es-ES/content/developers/apps/building-github-apps/creating-a-github-app-from-a-manifest.md +++ b/translations/es-ES/content/developers/apps/building-github-apps/creating-a-github-app-from-a-manifest.md @@ -61,7 +61,7 @@ Se redirigirá al creador de la app a una página de GitHub en donde encontrará | `name (nombre)` | `secuencia` | El nombre dela GitHub App. | | `url` | `secuencia` | **Requerido.** La página principal de tu GitHub App. | | `hook_attributes` | `objeto` | La configuración del webhook de la GitHub App. | - | `redirect_url` | `secuencia` | The full URL to redirect to after a user initiates the creation of a GitHub App from a manifest. | + | `redirect_url` | `secuencia` | La URL completa a la cual redireccionar después de que un usuario inicie la creación de una GitHub App desde un manifiesto. | | `callback_urls` | `conjunto de secuencias` | Una URL completa a la cual redirigir cuando alguien autorice una instalación. Puedes proporcionar hasta 10 URL de rellamado. | | `descripción` | `secuencia` | Una descripción de la GitHub App. | | `public` | `boolean` | Configúralo como `true` cuando tu GitHub App esté disponible al público o como `false` si solo puede acceder el propietario de la misma. | diff --git a/translations/es-ES/content/developers/apps/building-github-apps/creating-a-github-app.md b/translations/es-ES/content/developers/apps/building-github-apps/creating-a-github-app.md index 735e2871a3..5d79ff297e 100644 --- a/translations/es-ES/content/developers/apps/building-github-apps/creating-a-github-app.md +++ b/translations/es-ES/content/developers/apps/building-github-apps/creating-a-github-app.md @@ -47,7 +47,7 @@ topics: {% endif %} 1. Predeterminadamente, para mejorar la seguridad de tu app, ésta utilizará un token de autorización de usuario con una vida útil limitada. Para elegir no utilizar estos tokens de usuario, debes deseleccionar la opción "Limitar la vida útil de los tokens de autorización de usuario". Para conocer más acerca de configurar un flujo de rehabilitación de tokens y acerca de los beeficios de que éstos tenga una vida útil limitada, consulta la sección "[Rehabilitar los tokens de acceso de usuario a servidor](/apps/building-github-apps/refreshing-user-to-server-access-tokens/)". ![Opción para unirse a los tokens de usuario con caducidad durante la configuración de las GitHub Apps](/assets/images/github-apps/expire-user-tokens-selection.png) 1. Si tu app autoriza a los usuarios que utilizan el flujo de OAuth, puedes seleccionar la opción **Solicitar la autorización del usuario (OAuth) durante la instalación** para permitir que las personas den autorización a la app cuando la instalen, lo cual te ahorra un paso. Si seleccionas esta opción, la "URL de configuración" dejará de estar disponible y se redirigirá a los usuarios a tu "URL de rellamado para autorización del usuario" después de que instalen la app. Consulta la sección "[Autorizar a los usuarios durante la instalación](/apps/installing-github-apps/#authorizing-users-during-installation)" para obtener más información. ![Request user authorization during installation](/assets/images/github-apps/github_apps_request_auth_upon_install.png){% if device-flow-is-opt-in %} -1. If your GitHub App will use the device flow to identify and authorize users, click **Enable Device Flow**. For more information about the device flow, see "[Authorizing OAuth Apps](/developers/apps/building-oauth-apps/authorizing-oauth-apps#device-flow)." ![Screenshot showing field for enabling device flow](/assets/images/oauth-apps/enable-device-flow.png){% endif %} +1. If your GitHub App will use the device flow to identify and authorize users, click **Enable Device Flow**. Para obtener más información sobre el flujo de dispositivos, consulta la sección "[Autorizar las Apps de OAuth](/developers/apps/building-oauth-apps/authorizing-oauth-apps#device-flow)". ![Screenshot showing field for enabling device flow](/assets/images/oauth-apps/enable-device-flow.png){% endif %} 1. Si se requiere hacer ajustes adicionales después de la instalación, agrega una "URL de configuración" para redireccionar a los usuarios después de que instalen tu app. ![Campo para configurar la URL de tu GitHub App ](/assets/images/github-apps/github_apps_setup_url.png) {% note %} diff --git a/translations/es-ES/content/developers/apps/building-github-apps/identifying-and-authorizing-users-for-github-apps.md b/translations/es-ES/content/developers/apps/building-github-apps/identifying-and-authorizing-users-for-github-apps.md index d0562c7272..2889288c1a 100644 --- a/translations/es-ES/content/developers/apps/building-github-apps/identifying-and-authorizing-users-for-github-apps.md +++ b/translations/es-ES/content/developers/apps/building-github-apps/identifying-and-authorizing-users-for-github-apps.md @@ -71,9 +71,9 @@ Si el usuario acepta tu solicitud, GitHub te redirecciona de regreso a tu sitio {% endnote %} -Exchange this `code` for an access token. Cuando se habilita el vencimiento de tokens, el token de acceso vence en 8 horas y el token de actualización en 6 meses. Cada que actualizas el token, obtienes un nuevo token de actualización. For more information, see "[Refreshing user-to-server access tokens](/developers/apps/refreshing-user-to-server-access-tokens)." +Exchange this `code` for an access token. Cuando se habilita el vencimiento de tokens, el token de acceso vence en 8 horas y el token de actualización en 6 meses. Cada que actualizas el token, obtienes un nuevo token de actualización. Para obtener más información, consulta la sección "[Actualziar los tokens de acceso usuario-servidor](/developers/apps/refreshing-user-to-server-access-tokens)". -Los tokens de usuario con vigencia determinada son una característica opcional actualmente y están sujetos a cambios. To opt-in to the user-to-server token expiration feature, see "[Activating optional features for apps](/developers/apps/activating-optional-features-for-apps)." +Los tokens de usuario con vigencia determinada son una característica opcional actualmente y están sujetos a cambios. Para decidir participar en la característica de vencimiento de tokens usuario-servidor, consulta la sección "[Activar las características opcionales para las apps](/developers/apps/activating-optional-features-for-apps)". Haz una solicitud a la siguiente terminal para recibir un token de acceso: @@ -91,7 +91,7 @@ Haz una solicitud a la siguiente terminal para recibir un token de acceso: #### Respuesta -By default, the response takes the following form. Los parámetros de respuesta `expires_in`, `refresh_token`, y `refresh_token_expires_in` solo se devuelven cuando habilitas la vigencia determinada para los tokens de acceso de usuario a servidor. +Predeterminadametne, la respuesta lleva el siguiente formato. Los parámetros de respuesta `expires_in`, `refresh_token`, y `refresh_token_expires_in` solo se devuelven cuando habilitas la vigencia determinada para los tokens de acceso de usuario a servidor. ```json { @@ -127,7 +127,7 @@ curl -H "Authorization: token OAUTH-TOKEN" {% data variables.product.api_url_pre Este flujo de dispositivos te permite autorizar usuarios para una app sin encabezado, tal como una herramienta de CLI o un administrador de credenciales de Git. -{% if device-flow-is-opt-in %}Before you can use the device flow to identify and authorize users, you must first enable it in your app's settings. For more information on enabling device flow, see "[Modifying a GitHub App](/developers/apps/managing-github-apps/modifying-a-github-app)." {% endif %}For more information about authorizing users using the device flow, see "[Authorizing OAuth Apps](/developers/apps/authorizing-oauth-apps#device-flow)." +{% if device-flow-is-opt-in %}Antes de que puedas utilizar el flujo de dispositivos para identificar y autorizar usuarios, primero debes habilitarlo en los ajustes de tu app. Para obtener más información sobre cómo habilitar el flujo de dispositivos, consulta la sección "[Modificar una GitHub App](/developers/apps/managing-github-apps/modifying-a-github-app)". {% endif %}Para obtener más información sobre cómo autorizar usuarios utilizando el flujo de dispositivos, consulta la sección "[Autorizar las Apps de OAuth](/developers/apps/authorizing-oauth-apps#device-flow)". ## Revisar a qué recursos de instalación puede acceder un usuario diff --git a/translations/es-ES/content/developers/apps/building-github-apps/refreshing-user-to-server-access-tokens.md b/translations/es-ES/content/developers/apps/building-github-apps/refreshing-user-to-server-access-tokens.md index b2d0050f07..5bfc78103e 100644 --- a/translations/es-ES/content/developers/apps/building-github-apps/refreshing-user-to-server-access-tokens.md +++ b/translations/es-ES/content/developers/apps/building-github-apps/refreshing-user-to-server-access-tokens.md @@ -59,7 +59,7 @@ Puedes habilitar o inhabilitar los tokens de autorización de usuario a servidor {% data reusables.user-settings.developer_settings %} {% data reusables.user-settings.github_apps %} 4. Da clic en la opción**Editar** junto a la {% data variables.product.prodname_github_app %} que escogiste. ![Configuración para editar una GitHub App](/assets/images/github-apps/edit-test-app.png) -5. In the left sidebar, click **Optional Features**. ![Optional features tab](/assets/images/github-apps/optional-features-option.png) +5. En la barra lateral izquierda, haz clic en **Características opcionales**. ![Pestaña de características opcionales](/assets/images/github-apps/optional-features-option.png) 6. Junto a "caducidad de token de usuario a servidor", da clic en **Unirse** o en **No unirse**. Esta característica podría tardar un par de segundos para su aplicación. ## Decidir no unirse a los tokens con caducidad para las GitHub Apps nuevas diff --git a/translations/es-ES/content/developers/apps/building-oauth-apps/creating-an-oauth-app.md b/translations/es-ES/content/developers/apps/building-oauth-apps/creating-an-oauth-app.md index cf57a1d97a..cdf62c3a11 100644 --- a/translations/es-ES/content/developers/apps/building-oauth-apps/creating-an-oauth-app.md +++ b/translations/es-ES/content/developers/apps/building-oauth-apps/creating-an-oauth-app.md @@ -50,5 +50,5 @@ topics: {% endnote %} {% endif %}{% if device-flow-is-opt-in %} -1. If your OAuth App will use the device flow to identify and authorize users, click **Enable Device Flow**. For more information about the device flow, see "[Authorizing OAuth Apps](/developers/apps/building-oauth-apps/authorizing-oauth-apps#device-flow)." ![Screenshot showing field for enabling device flow](/assets/images/oauth-apps/enable-device-flow.png){% endif %} +1. If your OAuth App will use the device flow to identify and authorize users, click **Enable Device Flow**. Para obtener más información sobre el flujo de dispositivos, consulta la sección "[Autorizar las Apps de OAuth](/developers/apps/building-oauth-apps/authorizing-oauth-apps#device-flow)". ![Screenshot showing field for enabling device flow](/assets/images/oauth-apps/enable-device-flow.png){% endif %} 2. Haz clic en **Register application** (Registrar aplicación). ![Botón para registrar una aplicación](/assets/images/oauth-apps/oauth_apps_register_application.png) diff --git a/translations/es-ES/content/developers/apps/managing-github-apps/modifying-a-github-app.md b/translations/es-ES/content/developers/apps/managing-github-apps/modifying-a-github-app.md index 7e97141357..59c799c6dd 100644 --- a/translations/es-ES/content/developers/apps/managing-github-apps/modifying-a-github-app.md +++ b/translations/es-ES/content/developers/apps/managing-github-apps/modifying-a-github-app.md @@ -19,5 +19,5 @@ topics: {% data reusables.user-settings.github_apps %} {% data reusables.user-settings.modify_github_app %} 5. En "Información básica", modifica la información que quieras cambiar para la GitHub App. ![Basic information section for your GitHub App](/assets/images/github-apps/github_apps_basic_information.png){% if device-flow-is-opt-in %} -1. If your GitHub App will use the device flow to identify and authorize users, click **Enable device flow**. For more information about the device flow, see "[Authorizing OAuth Apps](/developers/apps/building-oauth-apps/authorizing-oauth-apps#device-flow)." ![Screenshot showing field for enabling device flow](/assets/images/oauth-apps/enable-device-flow.png){% endif %} +1. Si tu GitHub App utilizará el flujo de dispositivos para identificar y autorizar usuarios, haz clic en **Habilitar flujo de dispositivos**. Para obtener más información sobre el flujo de dispositivos, consulta la sección "[Autorizar las Apps de OAuth](/developers/apps/building-oauth-apps/authorizing-oauth-apps#device-flow)". ![Screenshot showing field for enabling device flow](/assets/images/oauth-apps/enable-device-flow.png){% endif %} 6. Haz clic en **Guardar cambios**. ![Botón para guardar los cambios en tu GitHub App](/assets/images/github-apps/github_apps_save_changes.png) diff --git a/translations/es-ES/content/organizations/managing-membership-in-your-organization/removing-a-member-from-your-organization.md b/translations/es-ES/content/organizations/managing-membership-in-your-organization/removing-a-member-from-your-organization.md index 99c14b1007..0b32f562f6 100644 --- a/translations/es-ES/content/organizations/managing-membership-in-your-organization/removing-a-member-from-your-organization.md +++ b/translations/es-ES/content/organizations/managing-membership-in-your-organization/removing-a-member-from-your-organization.md @@ -62,5 +62,5 @@ Para ayudar con la transición de la persona que estás eliminando de tu organiz ## Leer más -- "[Removing organization members from a team](/articles/removing-organization-members-from-a-team)"{% if remove-enterprise-members %} -- "[Removing a member from your enterprise](/admin/user-management/managing-users-in-your-enterprise/removing-a-member-from-your-enterprise)"{% endif %} +- "[Eliminar a los miembros organizacionales de un equipo](/articles/removing-organization-members-from-a-team)"{% if remove-enterprise-members %} +- "[Eliminar a um miembro de tu empresa](/admin/user-management/managing-users-in-your-enterprise/removing-a-member-from-your-enterprise)"{% endif %} diff --git a/translations/es-ES/content/organizations/managing-organization-settings/deleting-an-organization-account.md b/translations/es-ES/content/organizations/managing-organization-settings/deleting-an-organization-account.md index b736ad7852..193fecde5f 100644 --- a/translations/es-ES/content/organizations/managing-organization-settings/deleting-an-organization-account.md +++ b/translations/es-ES/content/organizations/managing-organization-settings/deleting-an-organization-account.md @@ -26,12 +26,12 @@ shortTitle: Borrar organización ## 1. Haz una copia de respaldo del contenido de tu organización -{% ifversion not ghes %} After you delete an organization, {% data variables.product.company_short %} **cannot restore your content**. Therefore, before{% else %}Before{% endif %} you delete your organization, make sure you have a copy of all repositories, wikis, issues, and project boards from the account. +{% ifversion not ghes %} Después de borrar una organización, {% data variables.product.company_short %} **no puede restablecer tu contenido**. Por lo tanto, antes{% else %}Anes{% endif %} de que borres tu organización, asegúrate de que tienes una copia de todos los repositorios, wikis, propuestas y tableros de proyecto de la cuenta. {% ifversion ghes %} {% note %} -**Note:** If necessary, a site administrator for {% data variables.product.product_location %} may be able to partially restore a deleted organization. For more information, see "[Restoring a deleted organization](/admin/user-management/managing-organizations-in-your-enterprise/restoring-a-deleted-organization)." +**Nota:** De ser necesario, un administrador de sitio de {% data variables.product.product_location %} podría restablecer parcialmente una organización borrada. Para obtener más información, consulta la sección "[Restablecer una organización borrada](/admin/user-management/managing-organizations-in-your-enterprise/restoring-a-deleted-organization)". {% endnote %} {% endif %} diff --git a/translations/es-ES/content/organizations/managing-peoples-access-to-your-organization-with-roles/maintaining-ownership-continuity-for-your-organization.md b/translations/es-ES/content/organizations/managing-peoples-access-to-your-organization-with-roles/maintaining-ownership-continuity-for-your-organization.md index 0165c96d3c..303c85fe0e 100644 --- a/translations/es-ES/content/organizations/managing-peoples-access-to-your-organization-with-roles/maintaining-ownership-continuity-for-your-organization.md +++ b/translations/es-ES/content/organizations/managing-peoples-access-to-your-organization-with-roles/maintaining-ownership-continuity-for-your-organization.md @@ -32,7 +32,7 @@ Los propietarios de una organización tienen acceso administrativo completo a la {% endnote %} {% if enterprise-owner-join-org %} -If your organization is owned by an enterprise account, any enterprise owner can make themself an owner of your organization. For more information, see "[Managing your role in an organization owned by your enterprise](/admin/user-management/managing-organizations-in-your-enterprise/managing-your-role-in-an-organization-owned-by-your-enterprise)." +Si tu organización le pertenece a una cuenta empresarial, cualquier propietario de empresa podrá hacerse propietario de esta. For more information, see "[Managing your role in an organization owned by your enterprise](/admin/user-management/managing-organizations-in-your-enterprise/managing-your-role-in-an-organization-owned-by-your-enterprise)." {% endif %} ## Designar un propietario de organización diff --git a/translations/es-ES/data/reusables/apps/optional_feature_activation.md b/translations/es-ES/data/reusables/apps/optional_feature_activation.md index 53e9b85759..220420271a 100644 --- a/translations/es-ES/data/reusables/apps/optional_feature_activation.md +++ b/translations/es-ES/data/reusables/apps/optional_feature_activation.md @@ -1,2 +1,2 @@ -4. In the left sidebar, click **Optional Features**. ![Optional features tab](/assets/images/github-apps/optional-features-option.png) +4. En la barra lateral izquierda, haz clic en **Características opcionales**. ![Pestaña de características opcionales](/assets/images/github-apps/optional-features-option.png) 5. Junto a la característica opcional que quieres habilitar para tu app, haz clic en **Decidir participar**. ![Botón de unirse para habilitar una característica opcional](/assets/images/github-apps/enable-optional-features.png) From 8968ed1b6310c5d9fdaabf3c3279950f048094ca Mon Sep 17 00:00:00 2001 From: GitHub Actions Date: Sun, 20 Mar 2022 18:25:41 +0000 Subject: [PATCH 43/52] update search indexes --- lib/search/indexes/github-docs-3.1-cn-records.json.br | 4 ++-- lib/search/indexes/github-docs-3.1-cn.json.br | 4 ++-- lib/search/indexes/github-docs-3.1-en-records.json.br | 4 ++-- lib/search/indexes/github-docs-3.1-en.json.br | 4 ++-- lib/search/indexes/github-docs-3.1-es-records.json.br | 4 ++-- lib/search/indexes/github-docs-3.1-es.json.br | 4 ++-- lib/search/indexes/github-docs-3.1-ja-records.json.br | 4 ++-- lib/search/indexes/github-docs-3.1-ja.json.br | 4 ++-- lib/search/indexes/github-docs-3.1-pt-records.json.br | 4 ++-- lib/search/indexes/github-docs-3.1-pt.json.br | 4 ++-- lib/search/indexes/github-docs-3.2-cn-records.json.br | 4 ++-- lib/search/indexes/github-docs-3.2-cn.json.br | 4 ++-- lib/search/indexes/github-docs-3.2-en-records.json.br | 4 ++-- lib/search/indexes/github-docs-3.2-en.json.br | 4 ++-- lib/search/indexes/github-docs-3.2-es-records.json.br | 4 ++-- lib/search/indexes/github-docs-3.2-es.json.br | 4 ++-- lib/search/indexes/github-docs-3.2-ja-records.json.br | 4 ++-- lib/search/indexes/github-docs-3.2-ja.json.br | 4 ++-- lib/search/indexes/github-docs-3.2-pt-records.json.br | 4 ++-- lib/search/indexes/github-docs-3.2-pt.json.br | 4 ++-- lib/search/indexes/github-docs-3.3-cn-records.json.br | 4 ++-- lib/search/indexes/github-docs-3.3-cn.json.br | 4 ++-- lib/search/indexes/github-docs-3.3-en-records.json.br | 4 ++-- lib/search/indexes/github-docs-3.3-en.json.br | 4 ++-- lib/search/indexes/github-docs-3.3-es-records.json.br | 4 ++-- lib/search/indexes/github-docs-3.3-es.json.br | 4 ++-- lib/search/indexes/github-docs-3.3-ja-records.json.br | 4 ++-- lib/search/indexes/github-docs-3.3-ja.json.br | 4 ++-- lib/search/indexes/github-docs-3.3-pt-records.json.br | 4 ++-- lib/search/indexes/github-docs-3.3-pt.json.br | 4 ++-- lib/search/indexes/github-docs-3.4-cn-records.json.br | 4 ++-- lib/search/indexes/github-docs-3.4-cn.json.br | 4 ++-- lib/search/indexes/github-docs-3.4-en-records.json.br | 4 ++-- lib/search/indexes/github-docs-3.4-en.json.br | 4 ++-- lib/search/indexes/github-docs-3.4-es-records.json.br | 4 ++-- lib/search/indexes/github-docs-3.4-es.json.br | 4 ++-- lib/search/indexes/github-docs-3.4-ja-records.json.br | 4 ++-- lib/search/indexes/github-docs-3.4-ja.json.br | 4 ++-- lib/search/indexes/github-docs-3.4-pt-records.json.br | 4 ++-- lib/search/indexes/github-docs-3.4-pt.json.br | 4 ++-- lib/search/indexes/github-docs-dotcom-cn-records.json.br | 4 ++-- lib/search/indexes/github-docs-dotcom-cn.json.br | 4 ++-- lib/search/indexes/github-docs-dotcom-en-records.json.br | 4 ++-- lib/search/indexes/github-docs-dotcom-en.json.br | 4 ++-- lib/search/indexes/github-docs-dotcom-es-records.json.br | 4 ++-- lib/search/indexes/github-docs-dotcom-es.json.br | 4 ++-- lib/search/indexes/github-docs-dotcom-ja-records.json.br | 4 ++-- lib/search/indexes/github-docs-dotcom-ja.json.br | 4 ++-- lib/search/indexes/github-docs-dotcom-pt-records.json.br | 4 ++-- lib/search/indexes/github-docs-dotcom-pt.json.br | 4 ++-- lib/search/indexes/github-docs-ghae-cn-records.json.br | 4 ++-- lib/search/indexes/github-docs-ghae-cn.json.br | 4 ++-- lib/search/indexes/github-docs-ghae-en-records.json.br | 4 ++-- lib/search/indexes/github-docs-ghae-en.json.br | 4 ++-- lib/search/indexes/github-docs-ghae-es-records.json.br | 4 ++-- lib/search/indexes/github-docs-ghae-es.json.br | 4 ++-- lib/search/indexes/github-docs-ghae-ja-records.json.br | 4 ++-- lib/search/indexes/github-docs-ghae-ja.json.br | 4 ++-- lib/search/indexes/github-docs-ghae-pt-records.json.br | 4 ++-- lib/search/indexes/github-docs-ghae-pt.json.br | 4 ++-- lib/search/indexes/github-docs-ghec-cn-records.json.br | 4 ++-- lib/search/indexes/github-docs-ghec-cn.json.br | 4 ++-- lib/search/indexes/github-docs-ghec-en-records.json.br | 4 ++-- lib/search/indexes/github-docs-ghec-en.json.br | 4 ++-- lib/search/indexes/github-docs-ghec-es-records.json.br | 4 ++-- lib/search/indexes/github-docs-ghec-es.json.br | 4 ++-- lib/search/indexes/github-docs-ghec-ja-records.json.br | 4 ++-- lib/search/indexes/github-docs-ghec-ja.json.br | 4 ++-- lib/search/indexes/github-docs-ghec-pt-records.json.br | 4 ++-- lib/search/indexes/github-docs-ghec-pt.json.br | 4 ++-- 70 files changed, 140 insertions(+), 140 deletions(-) diff --git a/lib/search/indexes/github-docs-3.1-cn-records.json.br b/lib/search/indexes/github-docs-3.1-cn-records.json.br index fdd718d13a..647906910d 100644 --- a/lib/search/indexes/github-docs-3.1-cn-records.json.br +++ b/lib/search/indexes/github-docs-3.1-cn-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:cc424574a2561bfc24d222cf06b24a8c4fc81633c09d0a191f964ac9f3ca6a48 -size 656270 +oid sha256:9892d7a1a0485658d1ed66413174e713670ba39236d4dcb39a6a8c7e39b5858c +size 659413 diff --git a/lib/search/indexes/github-docs-3.1-cn.json.br b/lib/search/indexes/github-docs-3.1-cn.json.br index 42777129a8..14747ffb8b 100644 --- a/lib/search/indexes/github-docs-3.1-cn.json.br +++ b/lib/search/indexes/github-docs-3.1-cn.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:01a3dd7c5f9f0226a8987da3416a6b158aa03979ae192df450339ac34315a234 -size 1347889 +oid sha256:0e15377923827a7034ae71e0f648de9b60ad9ee7176c842d274747de1e1cdf54 +size 1338004 diff --git a/lib/search/indexes/github-docs-3.1-en-records.json.br b/lib/search/indexes/github-docs-3.1-en-records.json.br index 76bed1d475..ee2e6e23b0 100644 --- a/lib/search/indexes/github-docs-3.1-en-records.json.br +++ b/lib/search/indexes/github-docs-3.1-en-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:135d36edcee1bc4e4a4e6b6435a8e45411feea65a4b02cc47be0772e2ff81783 -size 879722 +oid sha256:26e7e7bd295e8177a0395d87e85f81814d0dbc5c34259ee091b8e6e52bb59722 +size 880971 diff --git a/lib/search/indexes/github-docs-3.1-en.json.br b/lib/search/indexes/github-docs-3.1-en.json.br index 87d430a0f2..83c3e1433a 100644 --- a/lib/search/indexes/github-docs-3.1-en.json.br +++ b/lib/search/indexes/github-docs-3.1-en.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:a14895025812730812f797a2f875d749e3cc7883beac6b53d2becb4977d626f1 -size 3384119 +oid sha256:658d283f39d3d382d0f5350f7c10bc96930a8e79894c8b8c7bfe8e9f0fad669d +size 3385893 diff --git a/lib/search/indexes/github-docs-3.1-es-records.json.br b/lib/search/indexes/github-docs-3.1-es-records.json.br index c107ee7351..594b8b299b 100644 --- a/lib/search/indexes/github-docs-3.1-es-records.json.br +++ b/lib/search/indexes/github-docs-3.1-es-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:280ce8ed47742ff617564403bbed7b8d5c5b98d909318376e56fa659a4232458 -size 608572 +oid sha256:6dffe700b8b789d2d04215b9fac2911e16ba96376c178f9c7671e23acad55e65 +size 608617 diff --git a/lib/search/indexes/github-docs-3.1-es.json.br b/lib/search/indexes/github-docs-3.1-es.json.br index c61d70da88..f8983c5bd3 100644 --- a/lib/search/indexes/github-docs-3.1-es.json.br +++ b/lib/search/indexes/github-docs-3.1-es.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:f0c4c35ec5e7e24f442e55801175db800c28324ad33b087109cef04f3bf0bdad -size 2565280 +oid sha256:dee91c956a56b9870713aaa2aabf5f7aae6f50a5a595f96055e71cabe8695082 +size 2568137 diff --git a/lib/search/indexes/github-docs-3.1-ja-records.json.br b/lib/search/indexes/github-docs-3.1-ja-records.json.br index 4695b2cd94..9b057e5b5a 100644 --- a/lib/search/indexes/github-docs-3.1-ja-records.json.br +++ b/lib/search/indexes/github-docs-3.1-ja-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:ee7c3566fdc57aae584a2a955f664288baff74a37a56ffc964a04ccc81aab093 -size 672864 +oid sha256:c44a22c4988732334c253011420ca72a024e22316190925db58cd83d96316e8e +size 673458 diff --git a/lib/search/indexes/github-docs-3.1-ja.json.br b/lib/search/indexes/github-docs-3.1-ja.json.br index 5064074b08..a37362d0a9 100644 --- a/lib/search/indexes/github-docs-3.1-ja.json.br +++ b/lib/search/indexes/github-docs-3.1-ja.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:12c25276e82da50182cb581e97156e76310d63892b7a19c613169461e4cfb754 -size 3572459 +oid sha256:4f927e518403e8aa5557c1e7f8c15050069f7b6aef6a22ebfe77470f35dd25a6 +size 3573852 diff --git a/lib/search/indexes/github-docs-3.1-pt-records.json.br b/lib/search/indexes/github-docs-3.1-pt-records.json.br index 7148672df5..e486b413f4 100644 --- a/lib/search/indexes/github-docs-3.1-pt-records.json.br +++ b/lib/search/indexes/github-docs-3.1-pt-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:5c9fa4e52d7e11e8a9c47a4356fc11922f23bb9cf19458c13d4027bcbf1d90be -size 598413 +oid sha256:b26574e76b0afcaf4eece511b66cc1d5f7ed1855c318ebe52e652ba5b919a2ba +size 598612 diff --git a/lib/search/indexes/github-docs-3.1-pt.json.br b/lib/search/indexes/github-docs-3.1-pt.json.br index b6bc545caa..08f89bdfbc 100644 --- a/lib/search/indexes/github-docs-3.1-pt.json.br +++ b/lib/search/indexes/github-docs-3.1-pt.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:bc219a12c9e41bcf578ad2033160512cee9dd3df09d61a3db8944ea0d84087f5 -size 2446686 +oid sha256:bfe22850de7d7c31396b32bf41797eb64887b4db4f96a961cf3b18c6b08f7db0 +size 2447008 diff --git a/lib/search/indexes/github-docs-3.2-cn-records.json.br b/lib/search/indexes/github-docs-3.2-cn-records.json.br index 21b2cee78c..0d2816fc79 100644 --- a/lib/search/indexes/github-docs-3.2-cn-records.json.br +++ b/lib/search/indexes/github-docs-3.2-cn-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:6516c6a728200371170389ec7b442b0f40fce1199f36ab4bfed5b22ac36319f1 -size 674650 +oid sha256:6b7e41d58469f8fbcbbb9f4cb6991e0eb548152a73cfd868a6e08140a926517c +size 677643 diff --git a/lib/search/indexes/github-docs-3.2-cn.json.br b/lib/search/indexes/github-docs-3.2-cn.json.br index 2c78050f0f..6cf4c07a15 100644 --- a/lib/search/indexes/github-docs-3.2-cn.json.br +++ b/lib/search/indexes/github-docs-3.2-cn.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:d530c747c2f667ce7b4f6c4eae0fb064809b3b1fb3ce64754ce9d3248779f0c9 -size 1377425 +oid sha256:5a61b1b401f43480f79ab9ab76f071f2a6644adaab200e35b3d008c333ca36e8 +size 1369495 diff --git a/lib/search/indexes/github-docs-3.2-en-records.json.br b/lib/search/indexes/github-docs-3.2-en-records.json.br index 8a956f6ddf..7b1d2d69c5 100644 --- a/lib/search/indexes/github-docs-3.2-en-records.json.br +++ b/lib/search/indexes/github-docs-3.2-en-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:10c8372de74af4bfe02dc2323769ec4d2b19e471d2b29e199ef517bc012cfaf4 -size 909077 +oid sha256:e957f6488bc574005f7ef8eb4a4f48157e98da19fb21c606df4221925f0d476e +size 910146 diff --git a/lib/search/indexes/github-docs-3.2-en.json.br b/lib/search/indexes/github-docs-3.2-en.json.br index 4c80aa1488..701e9b3791 100644 --- a/lib/search/indexes/github-docs-3.2-en.json.br +++ b/lib/search/indexes/github-docs-3.2-en.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:0e01c30a88fe7f26b630868adbf56e2d09d2db909382f2e4b589a7d40cef6cf8 -size 3499475 +oid sha256:33f9de41204e2f92016822e63438841bd4127fdb4706b8dd75db85418e89606c +size 3502389 diff --git a/lib/search/indexes/github-docs-3.2-es-records.json.br b/lib/search/indexes/github-docs-3.2-es-records.json.br index ecc83cc779..529a6d4314 100644 --- a/lib/search/indexes/github-docs-3.2-es-records.json.br +++ b/lib/search/indexes/github-docs-3.2-es-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:f0c8deccfb2be6e70d84e844a79bce79a793fda9b7a2d11f602c5f11fa0641b8 -size 624609 +oid sha256:27fc70f440dad616e94d32b66285393a6350e7adda60ff6ac56016f37d030d98 +size 625294 diff --git a/lib/search/indexes/github-docs-3.2-es.json.br b/lib/search/indexes/github-docs-3.2-es.json.br index 765dd4dab4..acfdc00254 100644 --- a/lib/search/indexes/github-docs-3.2-es.json.br +++ b/lib/search/indexes/github-docs-3.2-es.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:8b77b8d78c5bf134c339aa20f355cbb86d099e7fcb264df2223ef84102473243 -size 2635612 +oid sha256:9f1ac9295d418559356266e07b73d64775dd6d058d8fb138b99abf9d819f57ec +size 2636343 diff --git a/lib/search/indexes/github-docs-3.2-ja-records.json.br b/lib/search/indexes/github-docs-3.2-ja-records.json.br index bf1f4e5aa6..5a0e91ea90 100644 --- a/lib/search/indexes/github-docs-3.2-ja-records.json.br +++ b/lib/search/indexes/github-docs-3.2-ja-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:47793f8e76d13c17030f9e1c9c493b060cccaa66925ced1117597f1192ded5bb -size 689550 +oid sha256:433a63ac24bf8f643e9b3311cfc47907c060ec0e0bc267dd8979e6647cea378b +size 689533 diff --git a/lib/search/indexes/github-docs-3.2-ja.json.br b/lib/search/indexes/github-docs-3.2-ja.json.br index 060eaeadf3..108eff5723 100644 --- a/lib/search/indexes/github-docs-3.2-ja.json.br +++ b/lib/search/indexes/github-docs-3.2-ja.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:1380afe616e75e3a310b58712f30cc3a013aeb2291f69f3946ff95c09a71503f -size 3663238 +oid sha256:11006008a3be00bcb24970acc5c247402e6de9c8b4637be696639ba8d785f9da +size 3666887 diff --git a/lib/search/indexes/github-docs-3.2-pt-records.json.br b/lib/search/indexes/github-docs-3.2-pt-records.json.br index 5202a3260c..d27b5f2e54 100644 --- a/lib/search/indexes/github-docs-3.2-pt-records.json.br +++ b/lib/search/indexes/github-docs-3.2-pt-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:6a4791429f015c52472efa93eeba114e2c820118c997351308f72fd5c4b6ec33 -size 614180 +oid sha256:e3fa6e9d017bc72cd186b33fc34a99aa4f64939faa1491b8ca421b24c158b7d3 +size 614999 diff --git a/lib/search/indexes/github-docs-3.2-pt.json.br b/lib/search/indexes/github-docs-3.2-pt.json.br index 7cac397b19..be05ee6702 100644 --- a/lib/search/indexes/github-docs-3.2-pt.json.br +++ b/lib/search/indexes/github-docs-3.2-pt.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:9a77b0b59da21175b2fc1274307618d7da1f6d15e1b26cee31a4b88d7555f741 -size 2505188 +oid sha256:3edc0a57b3717b151a041e292aa86615ff40fdad3d7787e63171a3435e5fcf4c +size 2505354 diff --git a/lib/search/indexes/github-docs-3.3-cn-records.json.br b/lib/search/indexes/github-docs-3.3-cn-records.json.br index f048177fbc..559e5cdb4a 100644 --- a/lib/search/indexes/github-docs-3.3-cn-records.json.br +++ b/lib/search/indexes/github-docs-3.3-cn-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:89d9e4645e2f9d6ed6b475b934d63af96e07b475cf9841138b4b647d4cd56f97 -size 698146 +oid sha256:230b967a3ab16d66502f5cb2a6c2625f39aab4aec0d9e1d37fe95481af7afac0 +size 700964 diff --git a/lib/search/indexes/github-docs-3.3-cn.json.br b/lib/search/indexes/github-docs-3.3-cn.json.br index 4014a3ff36..e6c824ee2d 100644 --- a/lib/search/indexes/github-docs-3.3-cn.json.br +++ b/lib/search/indexes/github-docs-3.3-cn.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:01dd6105505cdd7002990b984676c7572d2ea0a94745e42d65ea963162492367 -size 1433520 +oid sha256:45fa076f6e4a8671ce5bc6b4a255f902e3a0c12b5acac9633ec7860129ac31db +size 1422794 diff --git a/lib/search/indexes/github-docs-3.3-en-records.json.br b/lib/search/indexes/github-docs-3.3-en-records.json.br index 025285c2db..5f5ee1c840 100644 --- a/lib/search/indexes/github-docs-3.3-en-records.json.br +++ b/lib/search/indexes/github-docs-3.3-en-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:af4450d14ef560063290eba12c236d3e9939cc68e32693a7faa6149e0080c83d -size 943519 +oid sha256:484a5c977cd7721aebd76e1afd3c5e14d22f5392aa5ffa59f90b972c8602de4e +size 944289 diff --git a/lib/search/indexes/github-docs-3.3-en.json.br b/lib/search/indexes/github-docs-3.3-en.json.br index 192aa699bd..77eb9c510d 100644 --- a/lib/search/indexes/github-docs-3.3-en.json.br +++ b/lib/search/indexes/github-docs-3.3-en.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:7d70fa9f7da57fd38c5cce32d1de18adcbc4bb099cb935188c6a37ef983aee6c -size 3614224 +oid sha256:6e49ee6714504ec5f8faea8a6d86fa78746d36d0ab40eb4e26e811b758741a88 +size 3618925 diff --git a/lib/search/indexes/github-docs-3.3-es-records.json.br b/lib/search/indexes/github-docs-3.3-es-records.json.br index b4356fdb70..6bc87f29e6 100644 --- a/lib/search/indexes/github-docs-3.3-es-records.json.br +++ b/lib/search/indexes/github-docs-3.3-es-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:55700877829cec931a50618ff7b7320015c7cf9f38a7c9881ec034bd1a4660f0 -size 643584 +oid sha256:493a5ba4dcd30bdd5a1bd9ddb000f29ea56238bcfbde444eb8261647da41bfe9 +size 643477 diff --git a/lib/search/indexes/github-docs-3.3-es.json.br b/lib/search/indexes/github-docs-3.3-es.json.br index 766659ecd3..2a59edfa2d 100644 --- a/lib/search/indexes/github-docs-3.3-es.json.br +++ b/lib/search/indexes/github-docs-3.3-es.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:222ee2814de550dd7ade742677e204e6cff40a5ba06f84f7f7e54176eaf1ac46 -size 2721496 +oid sha256:649ff5eb5eb41ee27288f3e9da6f7a6d708be0fe3fdd95b2fe3b422cd6b7b82e +size 2722694 diff --git a/lib/search/indexes/github-docs-3.3-ja-records.json.br b/lib/search/indexes/github-docs-3.3-ja-records.json.br index f5ebe6ecee..50c33fa58f 100644 --- a/lib/search/indexes/github-docs-3.3-ja-records.json.br +++ b/lib/search/indexes/github-docs-3.3-ja-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:21ebb5ab33c86695e3397f8cebc0d573a311d90555af77c8738b3ed089430ac7 -size 712511 +oid sha256:b46affcf1ff87e290b4f4110457fdb71fea2c44910ca823ca1c722fd7e7d10bb +size 714200 diff --git a/lib/search/indexes/github-docs-3.3-ja.json.br b/lib/search/indexes/github-docs-3.3-ja.json.br index d2a7726ae3..d71dbb17b5 100644 --- a/lib/search/indexes/github-docs-3.3-ja.json.br +++ b/lib/search/indexes/github-docs-3.3-ja.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:24d61c0e4fa92c59c8215236812b45a0aeb86e134b7a39a5d7653583ed7673a5 -size 3786299 +oid sha256:5b901d7d73ea7684dadc894525d7964b01a6cb90856f584d8b5bfbc6ba24a995 +size 3790145 diff --git a/lib/search/indexes/github-docs-3.3-pt-records.json.br b/lib/search/indexes/github-docs-3.3-pt-records.json.br index 2a0c33aeb4..bf9fc2fa1a 100644 --- a/lib/search/indexes/github-docs-3.3-pt-records.json.br +++ b/lib/search/indexes/github-docs-3.3-pt-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:909122157f58915022f1ac7b4c1ac798bde98152dd429667244e72c548d6a0e8 -size 634030 +oid sha256:898a2a5ee23c4187d6be1284fb1760b726b025553e89951739a6ddfd9b6e7734 +size 634703 diff --git a/lib/search/indexes/github-docs-3.3-pt.json.br b/lib/search/indexes/github-docs-3.3-pt.json.br index 946e2d6467..a9dc52ac45 100644 --- a/lib/search/indexes/github-docs-3.3-pt.json.br +++ b/lib/search/indexes/github-docs-3.3-pt.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:3086104e649d6615bd4f292fc2db96de5388bd74c9936534e96792573a053e7b -size 2591619 +oid sha256:4af3ac4c7f57ad436e0b72ed3150260975885e2176409535f77699b51932695b +size 2590833 diff --git a/lib/search/indexes/github-docs-3.4-cn-records.json.br b/lib/search/indexes/github-docs-3.4-cn-records.json.br index bf800b6564..1d98059c50 100644 --- a/lib/search/indexes/github-docs-3.4-cn-records.json.br +++ b/lib/search/indexes/github-docs-3.4-cn-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:bc47686a992f2f5276ed7eba98ce6480f2256b6ebfd1813459dbb2ccb5021620 -size 701158 +oid sha256:beed4f86c60ae3f5aee447e9be4db8c398a5bcd2cad0098c93739c69027533a4 +size 703423 diff --git a/lib/search/indexes/github-docs-3.4-cn.json.br b/lib/search/indexes/github-docs-3.4-cn.json.br index a4d3744294..b3c5549a38 100644 --- a/lib/search/indexes/github-docs-3.4-cn.json.br +++ b/lib/search/indexes/github-docs-3.4-cn.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:6a7d84b07c998c3153138ae74d916b5dd2451350942c5c730cccd1e852162017 -size 1444180 +oid sha256:6ca295ccf64512deec27f2400b28f4a95d91a20520ba4e25c0f7ebf135b99fe8 +size 1432941 diff --git a/lib/search/indexes/github-docs-3.4-en-records.json.br b/lib/search/indexes/github-docs-3.4-en-records.json.br index c7422b1944..7f4591ba2b 100644 --- a/lib/search/indexes/github-docs-3.4-en-records.json.br +++ b/lib/search/indexes/github-docs-3.4-en-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:af9b9e4f7449147805c763d71f2841215f05ef928c56a4d8798622bc095d9f36 -size 954366 +oid sha256:81e0e6b3c1176a162c2e20761d3b68f6a2c71c408b54a5777f39034eb92e474f +size 953646 diff --git a/lib/search/indexes/github-docs-3.4-en.json.br b/lib/search/indexes/github-docs-3.4-en.json.br index 6370dabdce..aeb9c830f7 100644 --- a/lib/search/indexes/github-docs-3.4-en.json.br +++ b/lib/search/indexes/github-docs-3.4-en.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:20bcff6b07545fd1c35554d31d3a2aa5725cdb2a2e6eb004ff3c36114416aea8 -size 3652332 +oid sha256:d6700f59525ab111ca1a02062045260c537d3e4c19b9182ce4bf527a645cbfdb +size 3654460 diff --git a/lib/search/indexes/github-docs-3.4-es-records.json.br b/lib/search/indexes/github-docs-3.4-es-records.json.br index 6b35a02256..17cc017e02 100644 --- a/lib/search/indexes/github-docs-3.4-es-records.json.br +++ b/lib/search/indexes/github-docs-3.4-es-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:9aa1c121ec6679d6d7dff16e951082a8beeb6542fb45bc4fc9a35e8b32b84e90 -size 648076 +oid sha256:c466d8eb23cece9a1da4a1f451cbefe4c744bf2fb762f89e14366af2e3cd4fdf +size 648113 diff --git a/lib/search/indexes/github-docs-3.4-es.json.br b/lib/search/indexes/github-docs-3.4-es.json.br index 7c6c5baa37..c0731ab079 100644 --- a/lib/search/indexes/github-docs-3.4-es.json.br +++ b/lib/search/indexes/github-docs-3.4-es.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:5830fcb17f65769a56b3a9a06d585e62781ddb4145f06f19082a1a0c77aa994b -size 2738704 +oid sha256:3088430df17dd17272a2a185a28704840bd47cfaf064c85afcba82ef8a03ebea +size 2741705 diff --git a/lib/search/indexes/github-docs-3.4-ja-records.json.br b/lib/search/indexes/github-docs-3.4-ja-records.json.br index 5b061902fb..29e811a5dd 100644 --- a/lib/search/indexes/github-docs-3.4-ja-records.json.br +++ b/lib/search/indexes/github-docs-3.4-ja-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:95c51c972824cf4a3d1b285d91def6f003ee0673f704854c6d539a47577f0773 -size 716083 +oid sha256:6de60356ec37c1f4ba089eeb9ea895f008dd55b36df98d1e146b833f63a986a0 +size 716919 diff --git a/lib/search/indexes/github-docs-3.4-ja.json.br b/lib/search/indexes/github-docs-3.4-ja.json.br index ec0e7ec256..1d843a34c8 100644 --- a/lib/search/indexes/github-docs-3.4-ja.json.br +++ b/lib/search/indexes/github-docs-3.4-ja.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:d0cfa439fa6abc32f7a8a8f4e5ab56f623b35b394042a37a7deff3b588b094a5 -size 3807053 +oid sha256:1323cbcb10047a5cbac5d802f012630bce3e5090874744b5c1a74da94a55ac6e +size 3810350 diff --git a/lib/search/indexes/github-docs-3.4-pt-records.json.br b/lib/search/indexes/github-docs-3.4-pt-records.json.br index 5dec2daab6..4408f0b8ad 100644 --- a/lib/search/indexes/github-docs-3.4-pt-records.json.br +++ b/lib/search/indexes/github-docs-3.4-pt-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:42681eae5a8c4eacaa9c950ce79bc1dae978d570cd9f1134b71e71a72949f481 -size 638490 +oid sha256:28df9420fa4102c195f6aca99c9071a0ca423757be78fcd89b7d69a020348b91 +size 638245 diff --git a/lib/search/indexes/github-docs-3.4-pt.json.br b/lib/search/indexes/github-docs-3.4-pt.json.br index d4c1ba6c92..c786237adf 100644 --- a/lib/search/indexes/github-docs-3.4-pt.json.br +++ b/lib/search/indexes/github-docs-3.4-pt.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:8cfc28a0ad78477c5de0f89a4871608bc4b8dd3c65d805c8528c28a51682c15a -size 2604099 +oid sha256:ddcaa3bb87e927d7c608f21999920b9ec462de96e0ec01b197d7819fe3f7bf08 +size 2605648 diff --git a/lib/search/indexes/github-docs-dotcom-cn-records.json.br b/lib/search/indexes/github-docs-dotcom-cn-records.json.br index f9a33a9a32..45967f4ddf 100644 --- a/lib/search/indexes/github-docs-dotcom-cn-records.json.br +++ b/lib/search/indexes/github-docs-dotcom-cn-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:40b4d24ec150fc8adb4ecebf5b5c9b25a5a32eaea91edacb71ba355e5841a07e -size 905729 +oid sha256:2f3d85c1e1defadc498f86d368f7d80ce8fa21bd64fc7ffece496f31d7997d40 +size 906882 diff --git a/lib/search/indexes/github-docs-dotcom-cn.json.br b/lib/search/indexes/github-docs-dotcom-cn.json.br index 1e92a24aa7..f4b6a46a21 100644 --- a/lib/search/indexes/github-docs-dotcom-cn.json.br +++ b/lib/search/indexes/github-docs-dotcom-cn.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:91bd5f2ba237488d50f83f33483725c47be62f15d3a31fc3f1674f4b0824b01b -size 1588004 +oid sha256:90bb649b7a0c7ed7cd8cdfc5adae90735b987993f77f3d9d2534dfbae0ec9fd8 +size 1573018 diff --git a/lib/search/indexes/github-docs-dotcom-en-records.json.br b/lib/search/indexes/github-docs-dotcom-en-records.json.br index 70e2617a16..0e832f23eb 100644 --- a/lib/search/indexes/github-docs-dotcom-en-records.json.br +++ b/lib/search/indexes/github-docs-dotcom-en-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:8f04688d578b1185e666ddbad7aebd56a81785991b6d1d69e9b403b3b325c9f6 -size 1225365 +oid sha256:7a67cf1336dfcd23581dbbcc085f24bceadcd33c09d27442d4e3e56f7b149c5a +size 1215268 diff --git a/lib/search/indexes/github-docs-dotcom-en.json.br b/lib/search/indexes/github-docs-dotcom-en.json.br index 2c988662d3..adc1d971f3 100644 --- a/lib/search/indexes/github-docs-dotcom-en.json.br +++ b/lib/search/indexes/github-docs-dotcom-en.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:92b7f1398d88e3b6ee453cbfa6e38e437a8dc3385b7175417329a7d1a76e048b -size 4416531 +oid sha256:6c99926bb73d26571fe4b38cc0b417b620a17ec5714d74f2ec8d294204697e25 +size 4415817 diff --git a/lib/search/indexes/github-docs-dotcom-es-records.json.br b/lib/search/indexes/github-docs-dotcom-es-records.json.br index 8bcb54f7a7..9c26e28bc4 100644 --- a/lib/search/indexes/github-docs-dotcom-es-records.json.br +++ b/lib/search/indexes/github-docs-dotcom-es-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:02c154d4d870339f4fe7c068cdf1a7fcfe69828201459211539585fef85d7bc1 -size 817668 +oid sha256:c9342d0703cea7977679811149031816b4262457c1aca2a67f9e410c0c2dd5a4 +size 817879 diff --git a/lib/search/indexes/github-docs-dotcom-es.json.br b/lib/search/indexes/github-docs-dotcom-es.json.br index bb72de1192..35b8f7c6e3 100644 --- a/lib/search/indexes/github-docs-dotcom-es.json.br +++ b/lib/search/indexes/github-docs-dotcom-es.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:14b8efbdf6be2a7af42e4d146ec3982e29a926eb3f90de1d96362f4f9f705e72 -size 3276932 +oid sha256:30cac37c5672624a7de588fba1780bab71107ae19656e2b773f81dba5395e806 +size 3274899 diff --git a/lib/search/indexes/github-docs-dotcom-ja-records.json.br b/lib/search/indexes/github-docs-dotcom-ja-records.json.br index 77614cce94..b3e7882844 100644 --- a/lib/search/indexes/github-docs-dotcom-ja-records.json.br +++ b/lib/search/indexes/github-docs-dotcom-ja-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:cbb23a7107fddc48e6336fa85de816efc0c7741adfe78a208e9851e29f6c6ea1 -size 919842 +oid sha256:a5f95c3ba7b46896a326000dd7004288c64666c0f54ccaa0de97697bce9c17a2 +size 918705 diff --git a/lib/search/indexes/github-docs-dotcom-ja.json.br b/lib/search/indexes/github-docs-dotcom-ja.json.br index 251d28b36d..70447dcca1 100644 --- a/lib/search/indexes/github-docs-dotcom-ja.json.br +++ b/lib/search/indexes/github-docs-dotcom-ja.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:681b51d2b923977460a99b3f4f3de15c360926ac061b7bff40b8d724c3efcc95 -size 4660813 +oid sha256:a6a50f83ac88c97567ce34c46cb62cf780db401439b06d7fffa9d47b6d4b009c +size 4661954 diff --git a/lib/search/indexes/github-docs-dotcom-pt-records.json.br b/lib/search/indexes/github-docs-dotcom-pt-records.json.br index 7b0035d163..6a1ec643d1 100644 --- a/lib/search/indexes/github-docs-dotcom-pt-records.json.br +++ b/lib/search/indexes/github-docs-dotcom-pt-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:6b4f8c4274d1080fab06052a7a562fd8ddc01eda96bcef1c192b601b99117f10 -size 806926 +oid sha256:e5e41f12684905dfb54b276804d5eca45fe1f8d30b9b1cf8f53857e9588254d9 +size 805990 diff --git a/lib/search/indexes/github-docs-dotcom-pt.json.br b/lib/search/indexes/github-docs-dotcom-pt.json.br index ebd320df85..40bb54addb 100644 --- a/lib/search/indexes/github-docs-dotcom-pt.json.br +++ b/lib/search/indexes/github-docs-dotcom-pt.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:6ed96829e80a3d46e1363506c51c4bc9d6c3e3568fb40e7c3e6cb191014f1090 -size 3127728 +oid sha256:62d03436406300170243120dcf09834f8fdb6e15a52e935d8bb0e8967be59fbe +size 3121674 diff --git a/lib/search/indexes/github-docs-ghae-cn-records.json.br b/lib/search/indexes/github-docs-ghae-cn-records.json.br index de3fa877f1..d1c5032be5 100644 --- a/lib/search/indexes/github-docs-ghae-cn-records.json.br +++ b/lib/search/indexes/github-docs-ghae-cn-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:1292e6c8287d83d1e9a437fae562b4f366dd179cda6796b86ccb11e2b5d2a809 -size 536581 +oid sha256:3cdad8e892242e14302c97f9b7d22fd95f88e2f70317d4cfb1d2786b9398a933 +size 537184 diff --git a/lib/search/indexes/github-docs-ghae-cn.json.br b/lib/search/indexes/github-docs-ghae-cn.json.br index b0cc477011..ccc599097a 100644 --- a/lib/search/indexes/github-docs-ghae-cn.json.br +++ b/lib/search/indexes/github-docs-ghae-cn.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:07a2afaa4de90d6d1a31c07244578af7fa5d0be835fb47a0a5533bc3a08fe472 -size 1024501 +oid sha256:e24f2eaf39088f34884c5c45a47199bfdbfa38efe0ad4479c28e974710fed626 +size 1011321 diff --git a/lib/search/indexes/github-docs-ghae-en-records.json.br b/lib/search/indexes/github-docs-ghae-en-records.json.br index 450c3ee32c..4c419003b9 100644 --- a/lib/search/indexes/github-docs-ghae-en-records.json.br +++ b/lib/search/indexes/github-docs-ghae-en-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:19623f55ec1eb7dff1e95a9d7e1ce0005a31256254dd3553d4a9c8a2f4412430 -size 736598 +oid sha256:5ccb6e45e5a2b9cb23060cc3b023789cc639c433bb5af6952e044f30b47b0594 +size 738247 diff --git a/lib/search/indexes/github-docs-ghae-en.json.br b/lib/search/indexes/github-docs-ghae-en.json.br index 27c6038f1a..faa7676584 100644 --- a/lib/search/indexes/github-docs-ghae-en.json.br +++ b/lib/search/indexes/github-docs-ghae-en.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:ec3592e500272b1aa2251d56e8d07241e0f1b98791634d5ff2af52ad526cf010 -size 2787948 +oid sha256:f94db9f4f6ddf5a7587efddec222f00e6b84b21951a683a36e16b42eb18d14af +size 2788843 diff --git a/lib/search/indexes/github-docs-ghae-es-records.json.br b/lib/search/indexes/github-docs-ghae-es-records.json.br index 3008e03a7c..d8c6a2e41a 100644 --- a/lib/search/indexes/github-docs-ghae-es-records.json.br +++ b/lib/search/indexes/github-docs-ghae-es-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:885fd193b80df890ec0a848d61ce6e16e6fcc7463c99a499d1ad164793a27aaa -size 495902 +oid sha256:e23313060f22dd926f424fefddd839df07ee3fa6f0359cada7ce9af1ba68db99 +size 496614 diff --git a/lib/search/indexes/github-docs-ghae-es.json.br b/lib/search/indexes/github-docs-ghae-es.json.br index fe5910e73e..2a5eb7adcf 100644 --- a/lib/search/indexes/github-docs-ghae-es.json.br +++ b/lib/search/indexes/github-docs-ghae-es.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:5f8351f49ac031b16a7c0cdf70d5958b4dc5c56f8ee6d233b75bb016afbb93dd -size 2016275 +oid sha256:ea626e3775a82a98cd8cd3a819cdd32ff01091cbc431712f15e88d6477f4fdc4 +size 2018790 diff --git a/lib/search/indexes/github-docs-ghae-ja-records.json.br b/lib/search/indexes/github-docs-ghae-ja-records.json.br index 4388ac9e1f..5948221371 100644 --- a/lib/search/indexes/github-docs-ghae-ja-records.json.br +++ b/lib/search/indexes/github-docs-ghae-ja-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:6b21bd519cf82b45e70f6523d2477c9a10754c78a86e11380f7066d9a6497938 -size 547924 +oid sha256:390176ab52dfe437804bad2216e594658d86ac853914dda8952648d2b8ef4691 +size 547862 diff --git a/lib/search/indexes/github-docs-ghae-ja.json.br b/lib/search/indexes/github-docs-ghae-ja.json.br index 5c2d4d4a68..85a61eb1eb 100644 --- a/lib/search/indexes/github-docs-ghae-ja.json.br +++ b/lib/search/indexes/github-docs-ghae-ja.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:c943b56780874c9f3e7b6c87c634090c24e646c6bb5ca45cf2c17964d46f2b43 -size 2781265 +oid sha256:6d41a984c180880fdc112f414967032a04caaf04e58f5e37a14970761a938c78 +size 2782631 diff --git a/lib/search/indexes/github-docs-ghae-pt-records.json.br b/lib/search/indexes/github-docs-ghae-pt-records.json.br index 7a0b624fde..5d27f34804 100644 --- a/lib/search/indexes/github-docs-ghae-pt-records.json.br +++ b/lib/search/indexes/github-docs-ghae-pt-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:b280390c62ac548b1e4aa17062b6b82f356b3c8759125f2c9f48da0c3b6924a7 -size 488040 +oid sha256:308fb74d9095ce30b7b8b9e47cc41461ccdabbe8753e7e00ee4a65bdd2087702 +size 488593 diff --git a/lib/search/indexes/github-docs-ghae-pt.json.br b/lib/search/indexes/github-docs-ghae-pt.json.br index aaf8c3c9a1..e21817a7a4 100644 --- a/lib/search/indexes/github-docs-ghae-pt.json.br +++ b/lib/search/indexes/github-docs-ghae-pt.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:ccf9ff527d7474e729e42bbc2ce35fb3f5a073662a7d9ccb96b22501364548f6 -size 1894775 +oid sha256:2197102e751e53144d884165b804ecef84256c8b3176dfb5817174cd43a99c51 +size 1897216 diff --git a/lib/search/indexes/github-docs-ghec-cn-records.json.br b/lib/search/indexes/github-docs-ghec-cn-records.json.br index f4d0f35279..7c6cb4ddd6 100644 --- a/lib/search/indexes/github-docs-ghec-cn-records.json.br +++ b/lib/search/indexes/github-docs-ghec-cn-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:46c8429991d66b3e744c68c88ada72bfc17108febdad2653d513714c0861b49f -size 837061 +oid sha256:f5d74c472686b374466d30cd9e8742ca01b4d1e9ccc8f8cc14b56eecf1481544 +size 836823 diff --git a/lib/search/indexes/github-docs-ghec-cn.json.br b/lib/search/indexes/github-docs-ghec-cn.json.br index 9850a36aef..9368f3289c 100644 --- a/lib/search/indexes/github-docs-ghec-cn.json.br +++ b/lib/search/indexes/github-docs-ghec-cn.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:a65847526a1101e19d4537d6a58e2542ca55675e52b597a7006413025867f255 -size 1651748 +oid sha256:92e2bede5b85602a1b3194579fea0b30440608223fc62e745b80e6c03f2511c9 +size 1633932 diff --git a/lib/search/indexes/github-docs-ghec-en-records.json.br b/lib/search/indexes/github-docs-ghec-en-records.json.br index b8d6ea9240..a44773678f 100644 --- a/lib/search/indexes/github-docs-ghec-en-records.json.br +++ b/lib/search/indexes/github-docs-ghec-en-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:97051dd391ed1ea1eba175f6fd50c5c5711c796205b0c0a5db7333246c2a015f -size 1105313 +oid sha256:9fa8c84d742e2d10be5c1ab1be1d2ad8ea4cc4737ae3279b4ce12730b9f8d037 +size 1104717 diff --git a/lib/search/indexes/github-docs-ghec-en.json.br b/lib/search/indexes/github-docs-ghec-en.json.br index f062d5468d..cf4e191088 100644 --- a/lib/search/indexes/github-docs-ghec-en.json.br +++ b/lib/search/indexes/github-docs-ghec-en.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:2c1d3db025ca22c8740bf403042ceb92025837344bc4ff0866af54e05237ef2e -size 4206680 +oid sha256:e28de7a5f895f108898cfd567089cb64da64736d59131245e4ab4d88293950cc +size 4207748 diff --git a/lib/search/indexes/github-docs-ghec-es-records.json.br b/lib/search/indexes/github-docs-ghec-es-records.json.br index d0f73a10a4..8b323b4f32 100644 --- a/lib/search/indexes/github-docs-ghec-es-records.json.br +++ b/lib/search/indexes/github-docs-ghec-es-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:1f6ffc811371042aa951adc408b3a8a3ef26d220f90d46e923bbd988090c974d -size 776302 +oid sha256:9de6b65fffe5f6efcc0699b671b3da32ec0ffc14a344adb2c07d5faf92a88492 +size 777297 diff --git a/lib/search/indexes/github-docs-ghec-es.json.br b/lib/search/indexes/github-docs-ghec-es.json.br index 4117cb6eea..70454ba085 100644 --- a/lib/search/indexes/github-docs-ghec-es.json.br +++ b/lib/search/indexes/github-docs-ghec-es.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:7f49952c8e1b25cadc2488c406a796e0b0aaebb7ef82aa8bf242603dae638c79 -size 3268345 +oid sha256:56aff8ca9ffa47f9987f0e6be56a7a29495715c4871c6d09794d32caaf5f1fb8 +size 3267350 diff --git a/lib/search/indexes/github-docs-ghec-ja-records.json.br b/lib/search/indexes/github-docs-ghec-ja-records.json.br index 16d67eb500..708c3716a3 100644 --- a/lib/search/indexes/github-docs-ghec-ja-records.json.br +++ b/lib/search/indexes/github-docs-ghec-ja-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:e394634c97e36806dc6e9b4e8ad7bd67c32e4b142d888f69ef929b1b53077003 -size 853861 +oid sha256:5f74362c2f827e3f64d436c945b5080f9a468efa5ee9f6eb744388b9654b1163 +size 853744 diff --git a/lib/search/indexes/github-docs-ghec-ja.json.br b/lib/search/indexes/github-docs-ghec-ja.json.br index 8eb9fe4efd..73febd163c 100644 --- a/lib/search/indexes/github-docs-ghec-ja.json.br +++ b/lib/search/indexes/github-docs-ghec-ja.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:2449c37b569977c40ca2d454df7e453d7bbf06a69d83225d5709fa068b0b4c9b -size 4555311 +oid sha256:8c3def58e8f6e22567234ecf404ba44ac9904b79ede215e0d9447cf234a1932b +size 4551585 diff --git a/lib/search/indexes/github-docs-ghec-pt-records.json.br b/lib/search/indexes/github-docs-ghec-pt-records.json.br index 6274360104..d2c7dc808a 100644 --- a/lib/search/indexes/github-docs-ghec-pt-records.json.br +++ b/lib/search/indexes/github-docs-ghec-pt-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:c5b4049b1e19da7cf5442d2288955485f389d65887a7bc7a6fccf23fcb3f36da -size 765588 +oid sha256:77198516c15979af79fcdf67d6030a83fded2e9f39afa51bb06f645e497ba7d6 +size 764428 diff --git a/lib/search/indexes/github-docs-ghec-pt.json.br b/lib/search/indexes/github-docs-ghec-pt.json.br index c1ba2c1a4e..31e8c2794f 100644 --- a/lib/search/indexes/github-docs-ghec-pt.json.br +++ b/lib/search/indexes/github-docs-ghec-pt.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:9a442f68e99f96877c9e4d5cac37021e966aee48a92a894991b19b7231d9d580 -size 3109722 +oid sha256:6860a5de2e7a1114be7a225ee2d23c68f3f3cda5b8d965750815e32e201daaed +size 3102091 From f24a5cb1ebe004912e5352352eec2137b302d786 Mon Sep 17 00:00:00 2001 From: Martin Lopes Date: Mon, 21 Mar 2022 11:04:34 +1000 Subject: [PATCH 44/52] Update workflow-commands-for-github-actions.md --- .../using-workflows/workflow-commands-for-github-actions.md | 1 - 1 file changed, 1 deletion(-) diff --git a/content/actions/using-workflows/workflow-commands-for-github-actions.md b/content/actions/using-workflows/workflow-commands-for-github-actions.md index 8943c34c0c..edaa25be79 100644 --- a/content/actions/using-workflows/workflow-commands-for-github-actions.md +++ b/content/actions/using-workflows/workflow-commands-for-github-actions.md @@ -10,7 +10,6 @@ redirect_from: - /actions/reference/logging-commands-for-github-actions - /actions/reference/workflow-commands-for-github-actions - /actions/learn-github-actions/workflow-commands-for-github-actions -defaultTool: bash versions: fpt: '*' ghes: '*' From 09c77faaa1b808ae3c72f969ec1d6aaed3809d84 Mon Sep 17 00:00:00 2001 From: Martin Lopes Date: Mon, 21 Mar 2022 11:19:54 +1000 Subject: [PATCH 45/52] Update workflow-commands-for-github-actions.md --- .../using-workflows/workflow-commands-for-github-actions.md | 1 + 1 file changed, 1 insertion(+) diff --git a/content/actions/using-workflows/workflow-commands-for-github-actions.md b/content/actions/using-workflows/workflow-commands-for-github-actions.md index edaa25be79..33f4bbdedd 100644 --- a/content/actions/using-workflows/workflow-commands-for-github-actions.md +++ b/content/actions/using-workflows/workflow-commands-for-github-actions.md @@ -2,6 +2,7 @@ title: Workflow commands for GitHub Actions shortTitle: Workflow commands intro: You can use workflow commands when running shell commands in a workflow or in an action's code. +defaultTool: bash redirect_from: - /articles/development-tools-for-github-actions - /github/automating-your-workflow-with-github-actions/development-tools-for-github-actions From ea67b3735aa58f617fb20f8936c24bb7567938d4 Mon Sep 17 00:00:00 2001 From: GitHub Actions Date: Mon, 21 Mar 2022 02:55:35 +0000 Subject: [PATCH 46/52] update search indexes --- lib/search/indexes/github-docs-3.1-cn-records.json.br | 4 ++-- lib/search/indexes/github-docs-3.1-cn.json.br | 4 ++-- lib/search/indexes/github-docs-3.1-en-records.json.br | 4 ++-- lib/search/indexes/github-docs-3.1-en.json.br | 4 ++-- lib/search/indexes/github-docs-3.1-es-records.json.br | 4 ++-- lib/search/indexes/github-docs-3.1-es.json.br | 4 ++-- lib/search/indexes/github-docs-3.1-ja-records.json.br | 4 ++-- lib/search/indexes/github-docs-3.1-ja.json.br | 4 ++-- lib/search/indexes/github-docs-3.1-pt-records.json.br | 4 ++-- lib/search/indexes/github-docs-3.1-pt.json.br | 4 ++-- lib/search/indexes/github-docs-3.2-cn-records.json.br | 4 ++-- lib/search/indexes/github-docs-3.2-cn.json.br | 4 ++-- lib/search/indexes/github-docs-3.2-en-records.json.br | 4 ++-- lib/search/indexes/github-docs-3.2-en.json.br | 4 ++-- lib/search/indexes/github-docs-3.2-es-records.json.br | 4 ++-- lib/search/indexes/github-docs-3.2-es.json.br | 4 ++-- lib/search/indexes/github-docs-3.2-ja-records.json.br | 4 ++-- lib/search/indexes/github-docs-3.2-ja.json.br | 4 ++-- lib/search/indexes/github-docs-3.2-pt-records.json.br | 4 ++-- lib/search/indexes/github-docs-3.2-pt.json.br | 4 ++-- lib/search/indexes/github-docs-3.3-cn-records.json.br | 4 ++-- lib/search/indexes/github-docs-3.3-cn.json.br | 4 ++-- lib/search/indexes/github-docs-3.3-en-records.json.br | 4 ++-- lib/search/indexes/github-docs-3.3-en.json.br | 4 ++-- lib/search/indexes/github-docs-3.3-es-records.json.br | 4 ++-- lib/search/indexes/github-docs-3.3-es.json.br | 4 ++-- lib/search/indexes/github-docs-3.3-ja-records.json.br | 4 ++-- lib/search/indexes/github-docs-3.3-ja.json.br | 4 ++-- lib/search/indexes/github-docs-3.3-pt-records.json.br | 4 ++-- lib/search/indexes/github-docs-3.3-pt.json.br | 4 ++-- lib/search/indexes/github-docs-3.4-cn-records.json.br | 4 ++-- lib/search/indexes/github-docs-3.4-cn.json.br | 4 ++-- lib/search/indexes/github-docs-3.4-en-records.json.br | 4 ++-- lib/search/indexes/github-docs-3.4-en.json.br | 4 ++-- lib/search/indexes/github-docs-3.4-es-records.json.br | 4 ++-- lib/search/indexes/github-docs-3.4-es.json.br | 4 ++-- lib/search/indexes/github-docs-3.4-ja-records.json.br | 4 ++-- lib/search/indexes/github-docs-3.4-ja.json.br | 4 ++-- lib/search/indexes/github-docs-3.4-pt-records.json.br | 4 ++-- lib/search/indexes/github-docs-3.4-pt.json.br | 4 ++-- lib/search/indexes/github-docs-dotcom-cn-records.json.br | 4 ++-- lib/search/indexes/github-docs-dotcom-cn.json.br | 4 ++-- lib/search/indexes/github-docs-dotcom-en-records.json.br | 4 ++-- lib/search/indexes/github-docs-dotcom-en.json.br | 4 ++-- lib/search/indexes/github-docs-dotcom-es-records.json.br | 4 ++-- lib/search/indexes/github-docs-dotcom-es.json.br | 4 ++-- lib/search/indexes/github-docs-dotcom-ja-records.json.br | 4 ++-- lib/search/indexes/github-docs-dotcom-ja.json.br | 4 ++-- lib/search/indexes/github-docs-dotcom-pt-records.json.br | 4 ++-- lib/search/indexes/github-docs-dotcom-pt.json.br | 4 ++-- lib/search/indexes/github-docs-ghae-cn-records.json.br | 4 ++-- lib/search/indexes/github-docs-ghae-cn.json.br | 4 ++-- lib/search/indexes/github-docs-ghae-en-records.json.br | 4 ++-- lib/search/indexes/github-docs-ghae-en.json.br | 4 ++-- lib/search/indexes/github-docs-ghae-es-records.json.br | 4 ++-- lib/search/indexes/github-docs-ghae-es.json.br | 4 ++-- lib/search/indexes/github-docs-ghae-ja-records.json.br | 4 ++-- lib/search/indexes/github-docs-ghae-ja.json.br | 4 ++-- lib/search/indexes/github-docs-ghae-pt-records.json.br | 4 ++-- lib/search/indexes/github-docs-ghae-pt.json.br | 4 ++-- lib/search/indexes/github-docs-ghec-cn-records.json.br | 4 ++-- lib/search/indexes/github-docs-ghec-cn.json.br | 4 ++-- lib/search/indexes/github-docs-ghec-en-records.json.br | 4 ++-- lib/search/indexes/github-docs-ghec-en.json.br | 4 ++-- lib/search/indexes/github-docs-ghec-es-records.json.br | 4 ++-- lib/search/indexes/github-docs-ghec-es.json.br | 4 ++-- lib/search/indexes/github-docs-ghec-ja-records.json.br | 4 ++-- lib/search/indexes/github-docs-ghec-ja.json.br | 4 ++-- lib/search/indexes/github-docs-ghec-pt-records.json.br | 4 ++-- lib/search/indexes/github-docs-ghec-pt.json.br | 4 ++-- 70 files changed, 140 insertions(+), 140 deletions(-) diff --git a/lib/search/indexes/github-docs-3.1-cn-records.json.br b/lib/search/indexes/github-docs-3.1-cn-records.json.br index 647906910d..2c8e99c0ae 100644 --- a/lib/search/indexes/github-docs-3.1-cn-records.json.br +++ b/lib/search/indexes/github-docs-3.1-cn-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:9892d7a1a0485658d1ed66413174e713670ba39236d4dcb39a6a8c7e39b5858c -size 659413 +oid sha256:977fcfd43a4c27ca8ba8d2b03a5b8df3b0f61b511926ccbf9722951619d78684 +size 659310 diff --git a/lib/search/indexes/github-docs-3.1-cn.json.br b/lib/search/indexes/github-docs-3.1-cn.json.br index 14747ffb8b..75ecd6ac2a 100644 --- a/lib/search/indexes/github-docs-3.1-cn.json.br +++ b/lib/search/indexes/github-docs-3.1-cn.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:0e15377923827a7034ae71e0f648de9b60ad9ee7176c842d274747de1e1cdf54 -size 1338004 +oid sha256:45c9384bf52da03882cb714af01a94c6f87d9c99a37d7d24abe67d450a27fd88 +size 1338334 diff --git a/lib/search/indexes/github-docs-3.1-en-records.json.br b/lib/search/indexes/github-docs-3.1-en-records.json.br index ee2e6e23b0..1a5cb8ca5d 100644 --- a/lib/search/indexes/github-docs-3.1-en-records.json.br +++ b/lib/search/indexes/github-docs-3.1-en-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:26e7e7bd295e8177a0395d87e85f81814d0dbc5c34259ee091b8e6e52bb59722 -size 880971 +oid sha256:ab24306fceb5f740f023de1108a7e5739541a4edf70170fe5bb0b63ba98d2486 +size 880153 diff --git a/lib/search/indexes/github-docs-3.1-en.json.br b/lib/search/indexes/github-docs-3.1-en.json.br index 83c3e1433a..bbbfcd0ac0 100644 --- a/lib/search/indexes/github-docs-3.1-en.json.br +++ b/lib/search/indexes/github-docs-3.1-en.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:658d283f39d3d382d0f5350f7c10bc96930a8e79894c8b8c7bfe8e9f0fad669d -size 3385893 +oid sha256:c7dad888001d63a367ca0a04c5bde507dcfcbb678f1bf00d07408322716de81e +size 3386710 diff --git a/lib/search/indexes/github-docs-3.1-es-records.json.br b/lib/search/indexes/github-docs-3.1-es-records.json.br index 594b8b299b..39f3c1c43d 100644 --- a/lib/search/indexes/github-docs-3.1-es-records.json.br +++ b/lib/search/indexes/github-docs-3.1-es-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:6dffe700b8b789d2d04215b9fac2911e16ba96376c178f9c7671e23acad55e65 -size 608617 +oid sha256:02f5a0b534efbb100c2f00f37ace0774b346435abff74871eb3d0fef3ead8946 +size 608930 diff --git a/lib/search/indexes/github-docs-3.1-es.json.br b/lib/search/indexes/github-docs-3.1-es.json.br index f8983c5bd3..9d20e1ef2a 100644 --- a/lib/search/indexes/github-docs-3.1-es.json.br +++ b/lib/search/indexes/github-docs-3.1-es.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:dee91c956a56b9870713aaa2aabf5f7aae6f50a5a595f96055e71cabe8695082 -size 2568137 +oid sha256:bd100980c86eadd7f360c5ca719231ab6d17419caffcb1507e21480c92e466ab +size 2566159 diff --git a/lib/search/indexes/github-docs-3.1-ja-records.json.br b/lib/search/indexes/github-docs-3.1-ja-records.json.br index 9b057e5b5a..1203e5eab5 100644 --- a/lib/search/indexes/github-docs-3.1-ja-records.json.br +++ b/lib/search/indexes/github-docs-3.1-ja-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:c44a22c4988732334c253011420ca72a024e22316190925db58cd83d96316e8e -size 673458 +oid sha256:6c1ef3f592e3b3b35c81963c5df76515fa0d66ed3ad2f46f94154d2c7147b02a +size 673738 diff --git a/lib/search/indexes/github-docs-3.1-ja.json.br b/lib/search/indexes/github-docs-3.1-ja.json.br index a37362d0a9..f3c6836387 100644 --- a/lib/search/indexes/github-docs-3.1-ja.json.br +++ b/lib/search/indexes/github-docs-3.1-ja.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:4f927e518403e8aa5557c1e7f8c15050069f7b6aef6a22ebfe77470f35dd25a6 -size 3573852 +oid sha256:db1cd84dfc679185056a1dfadacb951b890f0b9d0a9a6f89f853b45f97d26078 +size 3573720 diff --git a/lib/search/indexes/github-docs-3.1-pt-records.json.br b/lib/search/indexes/github-docs-3.1-pt-records.json.br index e486b413f4..81ba0da630 100644 --- a/lib/search/indexes/github-docs-3.1-pt-records.json.br +++ b/lib/search/indexes/github-docs-3.1-pt-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:b26574e76b0afcaf4eece511b66cc1d5f7ed1855c318ebe52e652ba5b919a2ba -size 598612 +oid sha256:b6b7baddf01f6d6eb26a99a407803d94d160faed9d1fc7b6ddafaa07b93ca441 +size 599730 diff --git a/lib/search/indexes/github-docs-3.1-pt.json.br b/lib/search/indexes/github-docs-3.1-pt.json.br index 08f89bdfbc..804038cbe1 100644 --- a/lib/search/indexes/github-docs-3.1-pt.json.br +++ b/lib/search/indexes/github-docs-3.1-pt.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:bfe22850de7d7c31396b32bf41797eb64887b4db4f96a961cf3b18c6b08f7db0 -size 2447008 +oid sha256:8dde619ec974132b84615780fca12ce89fbde9c054ae1b5b42e2e4aac0c475ad +size 2446883 diff --git a/lib/search/indexes/github-docs-3.2-cn-records.json.br b/lib/search/indexes/github-docs-3.2-cn-records.json.br index 0d2816fc79..5469957a35 100644 --- a/lib/search/indexes/github-docs-3.2-cn-records.json.br +++ b/lib/search/indexes/github-docs-3.2-cn-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:6b7e41d58469f8fbcbbb9f4cb6991e0eb548152a73cfd868a6e08140a926517c -size 677643 +oid sha256:d4ea5d18ce5b9b7b917b671d4fe1360475de4ae7e5392fe8ed21b3ffdc268d42 +size 676784 diff --git a/lib/search/indexes/github-docs-3.2-cn.json.br b/lib/search/indexes/github-docs-3.2-cn.json.br index 6cf4c07a15..1ee63d8f7e 100644 --- a/lib/search/indexes/github-docs-3.2-cn.json.br +++ b/lib/search/indexes/github-docs-3.2-cn.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:5a61b1b401f43480f79ab9ab76f071f2a6644adaab200e35b3d008c333ca36e8 -size 1369495 +oid sha256:f6f0ae6edb32bd501c2d9e98401a4043119ba8562fe1b60cbb0917874297433b +size 1368418 diff --git a/lib/search/indexes/github-docs-3.2-en-records.json.br b/lib/search/indexes/github-docs-3.2-en-records.json.br index 7b1d2d69c5..dce4c06ff1 100644 --- a/lib/search/indexes/github-docs-3.2-en-records.json.br +++ b/lib/search/indexes/github-docs-3.2-en-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:e957f6488bc574005f7ef8eb4a4f48157e98da19fb21c606df4221925f0d476e -size 910146 +oid sha256:698f94173452d1f7059b9a37b6b460edc90e48d3790c07d5078325321cb8b555 +size 909631 diff --git a/lib/search/indexes/github-docs-3.2-en.json.br b/lib/search/indexes/github-docs-3.2-en.json.br index 701e9b3791..e14a3c2888 100644 --- a/lib/search/indexes/github-docs-3.2-en.json.br +++ b/lib/search/indexes/github-docs-3.2-en.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:33f9de41204e2f92016822e63438841bd4127fdb4706b8dd75db85418e89606c -size 3502389 +oid sha256:daa0605f13bc90835c7efd63fa32acee64b902487e8a757fd7b8f919f94c4c30 +size 3501727 diff --git a/lib/search/indexes/github-docs-3.2-es-records.json.br b/lib/search/indexes/github-docs-3.2-es-records.json.br index 529a6d4314..c9567611c7 100644 --- a/lib/search/indexes/github-docs-3.2-es-records.json.br +++ b/lib/search/indexes/github-docs-3.2-es-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:27fc70f440dad616e94d32b66285393a6350e7adda60ff6ac56016f37d030d98 -size 625294 +oid sha256:2ed535ca605a26565fed22948ae57a7501b59202a8a8b21210533ca1df4e1b9e +size 625297 diff --git a/lib/search/indexes/github-docs-3.2-es.json.br b/lib/search/indexes/github-docs-3.2-es.json.br index acfdc00254..e3ba379fe1 100644 --- a/lib/search/indexes/github-docs-3.2-es.json.br +++ b/lib/search/indexes/github-docs-3.2-es.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:9f1ac9295d418559356266e07b73d64775dd6d058d8fb138b99abf9d819f57ec -size 2636343 +oid sha256:3045a3e928eacff099a0b863ea2b2e143554084826168fc39dc2b7c93702c0f2 +size 2636431 diff --git a/lib/search/indexes/github-docs-3.2-ja-records.json.br b/lib/search/indexes/github-docs-3.2-ja-records.json.br index 5a0e91ea90..059ddab76c 100644 --- a/lib/search/indexes/github-docs-3.2-ja-records.json.br +++ b/lib/search/indexes/github-docs-3.2-ja-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:433a63ac24bf8f643e9b3311cfc47907c060ec0e0bc267dd8979e6647cea378b -size 689533 +oid sha256:619746001979b040fed19bdfce58d5b194bfdf617736f5e11b9fe54a6af5eb84 +size 689857 diff --git a/lib/search/indexes/github-docs-3.2-ja.json.br b/lib/search/indexes/github-docs-3.2-ja.json.br index 108eff5723..2aca98a24f 100644 --- a/lib/search/indexes/github-docs-3.2-ja.json.br +++ b/lib/search/indexes/github-docs-3.2-ja.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:11006008a3be00bcb24970acc5c247402e6de9c8b4637be696639ba8d785f9da -size 3666887 +oid sha256:bb82a768ba5dc22c059427730502e69fea7a5ce7900570534be37a5ea37da178 +size 3668646 diff --git a/lib/search/indexes/github-docs-3.2-pt-records.json.br b/lib/search/indexes/github-docs-3.2-pt-records.json.br index d27b5f2e54..4fed28eb41 100644 --- a/lib/search/indexes/github-docs-3.2-pt-records.json.br +++ b/lib/search/indexes/github-docs-3.2-pt-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:e3fa6e9d017bc72cd186b33fc34a99aa4f64939faa1491b8ca421b24c158b7d3 -size 614999 +oid sha256:b850ce4a035883665d2406f0bdbb937eaa08b66bd35b67c85c122a076a3dd616 +size 614303 diff --git a/lib/search/indexes/github-docs-3.2-pt.json.br b/lib/search/indexes/github-docs-3.2-pt.json.br index be05ee6702..e422c479e1 100644 --- a/lib/search/indexes/github-docs-3.2-pt.json.br +++ b/lib/search/indexes/github-docs-3.2-pt.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:3edc0a57b3717b151a041e292aa86615ff40fdad3d7787e63171a3435e5fcf4c -size 2505354 +oid sha256:e8ec4976732cc2514cbb524e586fd07277d326c5279f165f788f8afbdd42d7f3 +size 2506655 diff --git a/lib/search/indexes/github-docs-3.3-cn-records.json.br b/lib/search/indexes/github-docs-3.3-cn-records.json.br index 559e5cdb4a..912ee25aeb 100644 --- a/lib/search/indexes/github-docs-3.3-cn-records.json.br +++ b/lib/search/indexes/github-docs-3.3-cn-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:230b967a3ab16d66502f5cb2a6c2625f39aab4aec0d9e1d37fe95481af7afac0 -size 700964 +oid sha256:05895eaab683374f095f588074d59d3041164b3ef281497a6db399c9e806f3a2 +size 700818 diff --git a/lib/search/indexes/github-docs-3.3-cn.json.br b/lib/search/indexes/github-docs-3.3-cn.json.br index e6c824ee2d..8adee3bd36 100644 --- a/lib/search/indexes/github-docs-3.3-cn.json.br +++ b/lib/search/indexes/github-docs-3.3-cn.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:45fa076f6e4a8671ce5bc6b4a255f902e3a0c12b5acac9633ec7860129ac31db -size 1422794 +oid sha256:f4acd92296cec9f892840fa44b382b37a205084c81e7fa199a2c841820ad995d +size 1423315 diff --git a/lib/search/indexes/github-docs-3.3-en-records.json.br b/lib/search/indexes/github-docs-3.3-en-records.json.br index 5f5ee1c840..f4b137798e 100644 --- a/lib/search/indexes/github-docs-3.3-en-records.json.br +++ b/lib/search/indexes/github-docs-3.3-en-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:484a5c977cd7721aebd76e1afd3c5e14d22f5392aa5ffa59f90b972c8602de4e -size 944289 +oid sha256:b82c5b1251512d29562334a03e489b8a646085cafc7001b3d91c581d4bd1b33e +size 943610 diff --git a/lib/search/indexes/github-docs-3.3-en.json.br b/lib/search/indexes/github-docs-3.3-en.json.br index 77eb9c510d..39f9ce1103 100644 --- a/lib/search/indexes/github-docs-3.3-en.json.br +++ b/lib/search/indexes/github-docs-3.3-en.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:6e49ee6714504ec5f8faea8a6d86fa78746d36d0ab40eb4e26e811b758741a88 -size 3618925 +oid sha256:c3dcda20ccccf8a8b1d66fcb6d7f39ad8d24af966c89f79e206938e93a813d45 +size 3617925 diff --git a/lib/search/indexes/github-docs-3.3-es-records.json.br b/lib/search/indexes/github-docs-3.3-es-records.json.br index 6bc87f29e6..f289b21b7c 100644 --- a/lib/search/indexes/github-docs-3.3-es-records.json.br +++ b/lib/search/indexes/github-docs-3.3-es-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:493a5ba4dcd30bdd5a1bd9ddb000f29ea56238bcfbde444eb8261647da41bfe9 -size 643477 +oid sha256:163ad0e51b3bca829e9f3aa3e55216b9cd46470ae2d3ed70dc428c5c3aeb13bd +size 644395 diff --git a/lib/search/indexes/github-docs-3.3-es.json.br b/lib/search/indexes/github-docs-3.3-es.json.br index 2a59edfa2d..7ab674bf29 100644 --- a/lib/search/indexes/github-docs-3.3-es.json.br +++ b/lib/search/indexes/github-docs-3.3-es.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:649ff5eb5eb41ee27288f3e9da6f7a6d708be0fe3fdd95b2fe3b422cd6b7b82e -size 2722694 +oid sha256:462fb778d663f0cfc87cf2281194c91462f2f29d34ffc26661e3c3a40e50fbc3 +size 2724488 diff --git a/lib/search/indexes/github-docs-3.3-ja-records.json.br b/lib/search/indexes/github-docs-3.3-ja-records.json.br index 50c33fa58f..9a1ec1f3e4 100644 --- a/lib/search/indexes/github-docs-3.3-ja-records.json.br +++ b/lib/search/indexes/github-docs-3.3-ja-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:b46affcf1ff87e290b4f4110457fdb71fea2c44910ca823ca1c722fd7e7d10bb -size 714200 +oid sha256:53f6e84c03331f9029f7fcaaf1b81291de86744c5214f55e15b1c5383526cb51 +size 713028 diff --git a/lib/search/indexes/github-docs-3.3-ja.json.br b/lib/search/indexes/github-docs-3.3-ja.json.br index d71dbb17b5..7071d97645 100644 --- a/lib/search/indexes/github-docs-3.3-ja.json.br +++ b/lib/search/indexes/github-docs-3.3-ja.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:5b901d7d73ea7684dadc894525d7964b01a6cb90856f584d8b5bfbc6ba24a995 -size 3790145 +oid sha256:194bd5c856798cf7929f1d3c099656e09f1e91a287b789009e6a985e79803b49 +size 3787788 diff --git a/lib/search/indexes/github-docs-3.3-pt-records.json.br b/lib/search/indexes/github-docs-3.3-pt-records.json.br index bf9fc2fa1a..8b3ebaa250 100644 --- a/lib/search/indexes/github-docs-3.3-pt-records.json.br +++ b/lib/search/indexes/github-docs-3.3-pt-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:898a2a5ee23c4187d6be1284fb1760b726b025553e89951739a6ddfd9b6e7734 -size 634703 +oid sha256:6061b90171b4d0fd7376d5422433e9fe6f12fa737bc5735307937410dc85a409 +size 633563 diff --git a/lib/search/indexes/github-docs-3.3-pt.json.br b/lib/search/indexes/github-docs-3.3-pt.json.br index a9dc52ac45..ecf25d429b 100644 --- a/lib/search/indexes/github-docs-3.3-pt.json.br +++ b/lib/search/indexes/github-docs-3.3-pt.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:4af3ac4c7f57ad436e0b72ed3150260975885e2176409535f77699b51932695b -size 2590833 +oid sha256:2e930ca7098bfda8add93974c49b3b7156d45c3458840ba22769992f8c938de7 +size 2589334 diff --git a/lib/search/indexes/github-docs-3.4-cn-records.json.br b/lib/search/indexes/github-docs-3.4-cn-records.json.br index 1d98059c50..c7daa5b794 100644 --- a/lib/search/indexes/github-docs-3.4-cn-records.json.br +++ b/lib/search/indexes/github-docs-3.4-cn-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:beed4f86c60ae3f5aee447e9be4db8c398a5bcd2cad0098c93739c69027533a4 -size 703423 +oid sha256:11fdfbbcb4c240cb6d44b6649b42b1e3c759da2c85f2ffb851b441f4e43cf976 +size 703688 diff --git a/lib/search/indexes/github-docs-3.4-cn.json.br b/lib/search/indexes/github-docs-3.4-cn.json.br index b3c5549a38..20a265083f 100644 --- a/lib/search/indexes/github-docs-3.4-cn.json.br +++ b/lib/search/indexes/github-docs-3.4-cn.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:6ca295ccf64512deec27f2400b28f4a95d91a20520ba4e25c0f7ebf135b99fe8 -size 1432941 +oid sha256:2bd39f53e63fd8bf8dca75c1132449749d71f6b1627cc7a93d3c4d6da97d5e7a +size 1432534 diff --git a/lib/search/indexes/github-docs-3.4-en-records.json.br b/lib/search/indexes/github-docs-3.4-en-records.json.br index 7f4591ba2b..855fd74b1a 100644 --- a/lib/search/indexes/github-docs-3.4-en-records.json.br +++ b/lib/search/indexes/github-docs-3.4-en-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:81e0e6b3c1176a162c2e20761d3b68f6a2c71c408b54a5777f39034eb92e474f -size 953646 +oid sha256:aea5c19f23a0c34d2f12250703560204299b63108bfcba723bd62b2fc49d0da1 +size 954380 diff --git a/lib/search/indexes/github-docs-3.4-en.json.br b/lib/search/indexes/github-docs-3.4-en.json.br index aeb9c830f7..f4d8d4ed73 100644 --- a/lib/search/indexes/github-docs-3.4-en.json.br +++ b/lib/search/indexes/github-docs-3.4-en.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:d6700f59525ab111ca1a02062045260c537d3e4c19b9182ce4bf527a645cbfdb -size 3654460 +oid sha256:bc283279cc224bf84ee278e117c47b0ecc4849365d80c4af42650e188220c1c1 +size 3656618 diff --git a/lib/search/indexes/github-docs-3.4-es-records.json.br b/lib/search/indexes/github-docs-3.4-es-records.json.br index 17cc017e02..37272af5a6 100644 --- a/lib/search/indexes/github-docs-3.4-es-records.json.br +++ b/lib/search/indexes/github-docs-3.4-es-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:c466d8eb23cece9a1da4a1f451cbefe4c744bf2fb762f89e14366af2e3cd4fdf -size 648113 +oid sha256:5ce1fd91773b5f44d90e601ed3d3d3a9fc06dc4ac1153dd35cac976ca1b75a5a +size 648005 diff --git a/lib/search/indexes/github-docs-3.4-es.json.br b/lib/search/indexes/github-docs-3.4-es.json.br index c0731ab079..b053b57f32 100644 --- a/lib/search/indexes/github-docs-3.4-es.json.br +++ b/lib/search/indexes/github-docs-3.4-es.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:3088430df17dd17272a2a185a28704840bd47cfaf064c85afcba82ef8a03ebea -size 2741705 +oid sha256:d07fbf4d458322c26e00ec2612599d8eb2efd393df2b5c3ca965f73c35415622 +size 2740558 diff --git a/lib/search/indexes/github-docs-3.4-ja-records.json.br b/lib/search/indexes/github-docs-3.4-ja-records.json.br index 29e811a5dd..354d2de2ea 100644 --- a/lib/search/indexes/github-docs-3.4-ja-records.json.br +++ b/lib/search/indexes/github-docs-3.4-ja-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:6de60356ec37c1f4ba089eeb9ea895f008dd55b36df98d1e146b833f63a986a0 -size 716919 +oid sha256:082a43d50cc4cf87098da11fab5a80f3c07ae0d7dd4ff860d1fe0a6eee33b01e +size 717171 diff --git a/lib/search/indexes/github-docs-3.4-ja.json.br b/lib/search/indexes/github-docs-3.4-ja.json.br index 1d843a34c8..9ebf02aa0d 100644 --- a/lib/search/indexes/github-docs-3.4-ja.json.br +++ b/lib/search/indexes/github-docs-3.4-ja.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:1323cbcb10047a5cbac5d802f012630bce3e5090874744b5c1a74da94a55ac6e -size 3810350 +oid sha256:352262d14093b28dc2df59d5806e647e30fa83755a5c31a851341a7b09e3895b +size 3810772 diff --git a/lib/search/indexes/github-docs-3.4-pt-records.json.br b/lib/search/indexes/github-docs-3.4-pt-records.json.br index 4408f0b8ad..188786a1cb 100644 --- a/lib/search/indexes/github-docs-3.4-pt-records.json.br +++ b/lib/search/indexes/github-docs-3.4-pt-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:28df9420fa4102c195f6aca99c9071a0ca423757be78fcd89b7d69a020348b91 -size 638245 +oid sha256:348c66f229d6483b54c7f0bef0b4992926094bba84d993e6265d1cbc38d37765 +size 638314 diff --git a/lib/search/indexes/github-docs-3.4-pt.json.br b/lib/search/indexes/github-docs-3.4-pt.json.br index c786237adf..2213985931 100644 --- a/lib/search/indexes/github-docs-3.4-pt.json.br +++ b/lib/search/indexes/github-docs-3.4-pt.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:ddcaa3bb87e927d7c608f21999920b9ec462de96e0ec01b197d7819fe3f7bf08 -size 2605648 +oid sha256:cf96a298ee0201c5e40850e80f48239cf3a7601e4f2ce305bf895bf21c8ff2fb +size 2606138 diff --git a/lib/search/indexes/github-docs-dotcom-cn-records.json.br b/lib/search/indexes/github-docs-dotcom-cn-records.json.br index 45967f4ddf..fa30090a03 100644 --- a/lib/search/indexes/github-docs-dotcom-cn-records.json.br +++ b/lib/search/indexes/github-docs-dotcom-cn-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:2f3d85c1e1defadc498f86d368f7d80ce8fa21bd64fc7ffece496f31d7997d40 -size 906882 +oid sha256:b7eee1752286442452cd9ac8efbd589cf542b589685d3fe9415f8d5037dba1d1 +size 905549 diff --git a/lib/search/indexes/github-docs-dotcom-cn.json.br b/lib/search/indexes/github-docs-dotcom-cn.json.br index f4b6a46a21..55feea71ba 100644 --- a/lib/search/indexes/github-docs-dotcom-cn.json.br +++ b/lib/search/indexes/github-docs-dotcom-cn.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:90bb649b7a0c7ed7cd8cdfc5adae90735b987993f77f3d9d2534dfbae0ec9fd8 -size 1573018 +oid sha256:dc988ae596a84e9099c82dfbc779628bb808d87c6f9d3f75ac66b31f4f2c3db0 +size 1571582 diff --git a/lib/search/indexes/github-docs-dotcom-en-records.json.br b/lib/search/indexes/github-docs-dotcom-en-records.json.br index 0e832f23eb..acb6c41230 100644 --- a/lib/search/indexes/github-docs-dotcom-en-records.json.br +++ b/lib/search/indexes/github-docs-dotcom-en-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:7a67cf1336dfcd23581dbbcc085f24bceadcd33c09d27442d4e3e56f7b149c5a -size 1215268 +oid sha256:888f967a513b7bfb96da8b4e4f37513ca0a1e374a7fa49f3e586954a649a8fef +size 1225900 diff --git a/lib/search/indexes/github-docs-dotcom-en.json.br b/lib/search/indexes/github-docs-dotcom-en.json.br index adc1d971f3..279064866f 100644 --- a/lib/search/indexes/github-docs-dotcom-en.json.br +++ b/lib/search/indexes/github-docs-dotcom-en.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:6c99926bb73d26571fe4b38cc0b417b620a17ec5714d74f2ec8d294204697e25 -size 4415817 +oid sha256:d1d1544a44f62ed478da053815fd4fd85cefc4d5cd4a35a12bb3c5aefe491d51 +size 4417393 diff --git a/lib/search/indexes/github-docs-dotcom-es-records.json.br b/lib/search/indexes/github-docs-dotcom-es-records.json.br index 9c26e28bc4..6924bf10e8 100644 --- a/lib/search/indexes/github-docs-dotcom-es-records.json.br +++ b/lib/search/indexes/github-docs-dotcom-es-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:c9342d0703cea7977679811149031816b4262457c1aca2a67f9e410c0c2dd5a4 -size 817879 +oid sha256:1378e1e4c383db7ba6dc944116f21592773bbf31db4f92321374a9cc1c54c0da +size 818538 diff --git a/lib/search/indexes/github-docs-dotcom-es.json.br b/lib/search/indexes/github-docs-dotcom-es.json.br index 35b8f7c6e3..ea43229d23 100644 --- a/lib/search/indexes/github-docs-dotcom-es.json.br +++ b/lib/search/indexes/github-docs-dotcom-es.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:30cac37c5672624a7de588fba1780bab71107ae19656e2b773f81dba5395e806 -size 3274899 +oid sha256:3b9a1622085bc5efeceaaf1f1134f030ca5843efd33b95fe20779b80570af4a6 +size 3275648 diff --git a/lib/search/indexes/github-docs-dotcom-ja-records.json.br b/lib/search/indexes/github-docs-dotcom-ja-records.json.br index b3e7882844..330cdb952e 100644 --- a/lib/search/indexes/github-docs-dotcom-ja-records.json.br +++ b/lib/search/indexes/github-docs-dotcom-ja-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:a5f95c3ba7b46896a326000dd7004288c64666c0f54ccaa0de97697bce9c17a2 -size 918705 +oid sha256:afed45442a73dbef68caf6cbeb1b233787b7c561448e26752e88a434ecfe0d50 +size 919406 diff --git a/lib/search/indexes/github-docs-dotcom-ja.json.br b/lib/search/indexes/github-docs-dotcom-ja.json.br index 70447dcca1..e338400009 100644 --- a/lib/search/indexes/github-docs-dotcom-ja.json.br +++ b/lib/search/indexes/github-docs-dotcom-ja.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:a6a50f83ac88c97567ce34c46cb62cf780db401439b06d7fffa9d47b6d4b009c -size 4661954 +oid sha256:02c947498d3b65ac258e950b9714f57d78cb0c15e9cf3416aa8de05e55229d6b +size 4662003 diff --git a/lib/search/indexes/github-docs-dotcom-pt-records.json.br b/lib/search/indexes/github-docs-dotcom-pt-records.json.br index 6a1ec643d1..4422c04268 100644 --- a/lib/search/indexes/github-docs-dotcom-pt-records.json.br +++ b/lib/search/indexes/github-docs-dotcom-pt-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:e5e41f12684905dfb54b276804d5eca45fe1f8d30b9b1cf8f53857e9588254d9 -size 805990 +oid sha256:18c642cf116f36352e20072d6aa089aecd7018eeca93b82a323e9098710aa865 +size 806636 diff --git a/lib/search/indexes/github-docs-dotcom-pt.json.br b/lib/search/indexes/github-docs-dotcom-pt.json.br index 40bb54addb..38c06eaa3f 100644 --- a/lib/search/indexes/github-docs-dotcom-pt.json.br +++ b/lib/search/indexes/github-docs-dotcom-pt.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:62d03436406300170243120dcf09834f8fdb6e15a52e935d8bb0e8967be59fbe -size 3121674 +oid sha256:560fa5c33b6d0d9a72f23b3f3e4ca7fdaef4f94f00d1b75647b2d99be14c1d82 +size 3122185 diff --git a/lib/search/indexes/github-docs-ghae-cn-records.json.br b/lib/search/indexes/github-docs-ghae-cn-records.json.br index d1c5032be5..c8ac5cb979 100644 --- a/lib/search/indexes/github-docs-ghae-cn-records.json.br +++ b/lib/search/indexes/github-docs-ghae-cn-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:3cdad8e892242e14302c97f9b7d22fd95f88e2f70317d4cfb1d2786b9398a933 -size 537184 +oid sha256:df7e123b3eefbb0d71f1e1835afbca9a8e64138508d5415ab06845a96a8717a4 +size 538341 diff --git a/lib/search/indexes/github-docs-ghae-cn.json.br b/lib/search/indexes/github-docs-ghae-cn.json.br index ccc599097a..131b44c4b1 100644 --- a/lib/search/indexes/github-docs-ghae-cn.json.br +++ b/lib/search/indexes/github-docs-ghae-cn.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:e24f2eaf39088f34884c5c45a47199bfdbfa38efe0ad4479c28e974710fed626 -size 1011321 +oid sha256:271118819600147b051c10d732d6a91230fa2829535c4c6374d4299714cd9984 +size 1013086 diff --git a/lib/search/indexes/github-docs-ghae-en-records.json.br b/lib/search/indexes/github-docs-ghae-en-records.json.br index 4c419003b9..de5682780d 100644 --- a/lib/search/indexes/github-docs-ghae-en-records.json.br +++ b/lib/search/indexes/github-docs-ghae-en-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:5ccb6e45e5a2b9cb23060cc3b023789cc639c433bb5af6952e044f30b47b0594 -size 738247 +oid sha256:3ff7b987840ca1e96cd5de52049281e259344e59e9d4d695e27801b269223015 +size 737754 diff --git a/lib/search/indexes/github-docs-ghae-en.json.br b/lib/search/indexes/github-docs-ghae-en.json.br index faa7676584..36cfcf927f 100644 --- a/lib/search/indexes/github-docs-ghae-en.json.br +++ b/lib/search/indexes/github-docs-ghae-en.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:f94db9f4f6ddf5a7587efddec222f00e6b84b21951a683a36e16b42eb18d14af -size 2788843 +oid sha256:4d3aaa2549c6f576f5d3d78c01223dbea3f5b5a8462cee53f26fdb8391bf2d86 +size 2788186 diff --git a/lib/search/indexes/github-docs-ghae-es-records.json.br b/lib/search/indexes/github-docs-ghae-es-records.json.br index d8c6a2e41a..b9588f1c47 100644 --- a/lib/search/indexes/github-docs-ghae-es-records.json.br +++ b/lib/search/indexes/github-docs-ghae-es-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:e23313060f22dd926f424fefddd839df07ee3fa6f0359cada7ce9af1ba68db99 -size 496614 +oid sha256:da457ebf686f159834645ca40161c3fbe9d99b2b3df778f2c1b1bb2284e23767 +size 496015 diff --git a/lib/search/indexes/github-docs-ghae-es.json.br b/lib/search/indexes/github-docs-ghae-es.json.br index 2a5eb7adcf..3294d99c3a 100644 --- a/lib/search/indexes/github-docs-ghae-es.json.br +++ b/lib/search/indexes/github-docs-ghae-es.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:ea626e3775a82a98cd8cd3a819cdd32ff01091cbc431712f15e88d6477f4fdc4 -size 2018790 +oid sha256:83137df9f8474759603b7778482d9b10f592c40de73cbe68f28e9eee8641b4e1 +size 2016564 diff --git a/lib/search/indexes/github-docs-ghae-ja-records.json.br b/lib/search/indexes/github-docs-ghae-ja-records.json.br index 5948221371..f55b5b0f0c 100644 --- a/lib/search/indexes/github-docs-ghae-ja-records.json.br +++ b/lib/search/indexes/github-docs-ghae-ja-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:390176ab52dfe437804bad2216e594658d86ac853914dda8952648d2b8ef4691 -size 547862 +oid sha256:9025ed1af14f2a98ef485f3987bf9f30a211fadf043a3c4f5bf66d1cc6eabf12 +size 547845 diff --git a/lib/search/indexes/github-docs-ghae-ja.json.br b/lib/search/indexes/github-docs-ghae-ja.json.br index 85a61eb1eb..53050d043f 100644 --- a/lib/search/indexes/github-docs-ghae-ja.json.br +++ b/lib/search/indexes/github-docs-ghae-ja.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:6d41a984c180880fdc112f414967032a04caaf04e58f5e37a14970761a938c78 -size 2782631 +oid sha256:53e3e748b8f58c03e783bbb73cbefa38ae842160ce8be3b9724a0e795435a557 +size 2782914 diff --git a/lib/search/indexes/github-docs-ghae-pt-records.json.br b/lib/search/indexes/github-docs-ghae-pt-records.json.br index 5d27f34804..bfa5b5e8f6 100644 --- a/lib/search/indexes/github-docs-ghae-pt-records.json.br +++ b/lib/search/indexes/github-docs-ghae-pt-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:308fb74d9095ce30b7b8b9e47cc41461ccdabbe8753e7e00ee4a65bdd2087702 -size 488593 +oid sha256:89a6c57081c931f1eb734fbc16625369d201964b509d4e08bb3de2da41fa9ef0 +size 488738 diff --git a/lib/search/indexes/github-docs-ghae-pt.json.br b/lib/search/indexes/github-docs-ghae-pt.json.br index e21817a7a4..f18d2454d0 100644 --- a/lib/search/indexes/github-docs-ghae-pt.json.br +++ b/lib/search/indexes/github-docs-ghae-pt.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:2197102e751e53144d884165b804ecef84256c8b3176dfb5817174cd43a99c51 -size 1897216 +oid sha256:00e5cf8663d33249a524320be20a3c3b7894413aed4a10f35f0ece366f4bcd8e +size 1897776 diff --git a/lib/search/indexes/github-docs-ghec-cn-records.json.br b/lib/search/indexes/github-docs-ghec-cn-records.json.br index 7c6cb4ddd6..f2e077e395 100644 --- a/lib/search/indexes/github-docs-ghec-cn-records.json.br +++ b/lib/search/indexes/github-docs-ghec-cn-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:f5d74c472686b374466d30cd9e8742ca01b4d1e9ccc8f8cc14b56eecf1481544 -size 836823 +oid sha256:3cf807c3c6ebfd01cad4b126b73ff5ac9f50c8d5e24cd95d660381a85079e451 +size 839462 diff --git a/lib/search/indexes/github-docs-ghec-cn.json.br b/lib/search/indexes/github-docs-ghec-cn.json.br index 9368f3289c..2253c4dfa6 100644 --- a/lib/search/indexes/github-docs-ghec-cn.json.br +++ b/lib/search/indexes/github-docs-ghec-cn.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:92e2bede5b85602a1b3194579fea0b30440608223fc62e745b80e6c03f2511c9 -size 1633932 +oid sha256:cf1edfbec8d51697e23a226668f606134d67822f5094d929cbef57c4d93e2362 +size 1637769 diff --git a/lib/search/indexes/github-docs-ghec-en-records.json.br b/lib/search/indexes/github-docs-ghec-en-records.json.br index a44773678f..a6156dae23 100644 --- a/lib/search/indexes/github-docs-ghec-en-records.json.br +++ b/lib/search/indexes/github-docs-ghec-en-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:9fa8c84d742e2d10be5c1ab1be1d2ad8ea4cc4737ae3279b4ce12730b9f8d037 -size 1104717 +oid sha256:f7f3cb0a75eecbe58fac71e754f59561626e77154ba962b63ab5ddd916beeec3 +size 1102528 diff --git a/lib/search/indexes/github-docs-ghec-en.json.br b/lib/search/indexes/github-docs-ghec-en.json.br index cf4e191088..faef4df110 100644 --- a/lib/search/indexes/github-docs-ghec-en.json.br +++ b/lib/search/indexes/github-docs-ghec-en.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:e28de7a5f895f108898cfd567089cb64da64736d59131245e4ab4d88293950cc -size 4207748 +oid sha256:0987bcf199f9d64e4235aa087508ab4ed4d41fbf13273da06fa4d7c90b724d4f +size 4204675 diff --git a/lib/search/indexes/github-docs-ghec-es-records.json.br b/lib/search/indexes/github-docs-ghec-es-records.json.br index 8b323b4f32..aaa4c6f65f 100644 --- a/lib/search/indexes/github-docs-ghec-es-records.json.br +++ b/lib/search/indexes/github-docs-ghec-es-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:9de6b65fffe5f6efcc0699b671b3da32ec0ffc14a344adb2c07d5faf92a88492 -size 777297 +oid sha256:40bfc759e37094dfd46a12a61531909e03c41f0b851c9a349175015a89b3f970 +size 776294 diff --git a/lib/search/indexes/github-docs-ghec-es.json.br b/lib/search/indexes/github-docs-ghec-es.json.br index 70454ba085..97d90315b8 100644 --- a/lib/search/indexes/github-docs-ghec-es.json.br +++ b/lib/search/indexes/github-docs-ghec-es.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:56aff8ca9ffa47f9987f0e6be56a7a29495715c4871c6d09794d32caaf5f1fb8 -size 3267350 +oid sha256:9691f7735e7c41614bd44e313314bb8fafa16a2e066e094393d2230b6ae8334d +size 3267079 diff --git a/lib/search/indexes/github-docs-ghec-ja-records.json.br b/lib/search/indexes/github-docs-ghec-ja-records.json.br index 708c3716a3..c8f46fb16c 100644 --- a/lib/search/indexes/github-docs-ghec-ja-records.json.br +++ b/lib/search/indexes/github-docs-ghec-ja-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:5f74362c2f827e3f64d436c945b5080f9a468efa5ee9f6eb744388b9654b1163 -size 853744 +oid sha256:1c2c74578ee5427e91faf56e31341893163abd5de6c725bf33080734bc6ae46e +size 852329 diff --git a/lib/search/indexes/github-docs-ghec-ja.json.br b/lib/search/indexes/github-docs-ghec-ja.json.br index 73febd163c..a7902f6a74 100644 --- a/lib/search/indexes/github-docs-ghec-ja.json.br +++ b/lib/search/indexes/github-docs-ghec-ja.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:8c3def58e8f6e22567234ecf404ba44ac9904b79ede215e0d9447cf234a1932b -size 4551585 +oid sha256:e173fb104834654aba8e6238c9fe63e2988c159d48f482bf4649eb91b7400a3d +size 4549610 diff --git a/lib/search/indexes/github-docs-ghec-pt-records.json.br b/lib/search/indexes/github-docs-ghec-pt-records.json.br index d2c7dc808a..f0344dfecf 100644 --- a/lib/search/indexes/github-docs-ghec-pt-records.json.br +++ b/lib/search/indexes/github-docs-ghec-pt-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:77198516c15979af79fcdf67d6030a83fded2e9f39afa51bb06f645e497ba7d6 -size 764428 +oid sha256:392721f8bb5ed0d29aefdd46964e88485c05d5a819ea665f98b25ddb480f936f +size 764794 diff --git a/lib/search/indexes/github-docs-ghec-pt.json.br b/lib/search/indexes/github-docs-ghec-pt.json.br index 31e8c2794f..7999b83318 100644 --- a/lib/search/indexes/github-docs-ghec-pt.json.br +++ b/lib/search/indexes/github-docs-ghec-pt.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:6860a5de2e7a1114be7a225ee2d23c68f3f3cda5b8d965750815e32e201daaed -size 3102091 +oid sha256:96aac8d9c3881b9d7b9d841bf893f8fb4a61578314ee9b4c5812a69f51974ca0 +size 3101439 From e5285c09a90b842aaa17073c2dae18a19f55da0d Mon Sep 17 00:00:00 2001 From: djdefi Date: Sun, 20 Mar 2022 23:30:18 -0700 Subject: [PATCH 47/52] Clarify that web and api request redirect to configured hostname in GHES (#26217) --- .../configuring-a-hostname.md | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/content/admin/configuration/configuring-network-settings/configuring-a-hostname.md b/content/admin/configuration/configuring-network-settings/configuring-a-hostname.md index 2727ae6ddc..4c374cc4df 100644 --- a/content/admin/configuration/configuring-network-settings/configuring-a-hostname.md +++ b/content/admin/configuration/configuring-network-settings/configuring-a-hostname.md @@ -16,7 +16,11 @@ topics: --- If you configure a hostname instead of a hard-coded IP address, you will be able to change the physical hardware that {% data variables.product.product_location %} runs on without affecting users or client software. -The hostname setting in the {% data variables.enterprise.management_console %} should be set to an appropriate fully qualified domain name (FQDN) which is resolvable on the internet or within your internal network. For example, your hostname setting could be `github.companyname.com.` We also recommend enabling subdomain isolation for the chosen hostname to mitigate several cross-site scripting style vulnerabilities. For more information on hostname settings, see [Section 2.1 of the HTTP RFC](https://tools.ietf.org/html/rfc1123#section-2). +The hostname setting in the {% data variables.enterprise.management_console %} should be set to an appropriate fully qualified domain name (FQDN) which is resolvable on the internet or within your internal network. For example, your hostname setting could be `github.companyname.com.` Web and API requests will automatically redirect to the hostname configured in the {% data variables.enterprise.management_console %}. + +After you configure a hostname, you can enable subdomain isolation to further increase the security of {% data variables.product.product_location %}. For more information, see "[Enabling subdomain isolation](/enterprise/{{ currentVersion }}/admin/guides/installation/enabling-subdomain-isolation/)." + +For more information on the supported hostname types, see [Section 2.1 of the HTTP RFC](https://tools.ietf.org/html/rfc1123#section-2). {% data reusables.enterprise_installation.changing-hostname-not-supported %} @@ -30,4 +34,4 @@ The hostname setting in the {% data variables.enterprise.management_console %} s {% data reusables.enterprise_management_console.test-domain-settings-failure %} {% data reusables.enterprise_management_console.save-settings %} -After you configure a hostname, we recommend that you enable subdomain isolation for {% data variables.product.product_location %}. For more information, see "[Enabling subdomain isolation](/enterprise/{{ currentVersion }}/admin/guides/installation/enabling-subdomain-isolation/)." +To help mitigate various cross-site scripting vulnerabilities, we recommend that you enable subdomain isolation for {% data variables.product.product_location %} after you configure a hostname. For more information, see "[Enabling subdomain isolation](/enterprise/{{ currentVersion }}/admin/guides/installation/enabling-subdomain-isolation/)." From fd2d1036d562435fd5888a470e59ade36cb60032 Mon Sep 17 00:00:00 2001 From: Courtney Wilson <77312589+cmwilson21@users.noreply.github.com> Date: Mon, 21 Mar 2022 04:44:51 -0500 Subject: [PATCH 48/52] =?UTF-8?q?refreshed=20some=20of=20the=20language=20?= =?UTF-8?q?around=20pull=20request=20reviews=20and=20differ=E2=80=A6=20(#1?= =?UTF-8?q?6127)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * refreshed some of the language around pull request reviews and different account types * Apply suggestions from code review Co-authored-by: hubwriter Co-authored-by: Felicity Chapman Co-authored-by: hubwriter --- .../requesting-a-pull-request-review.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/content/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/requesting-a-pull-request-review.md b/content/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/requesting-a-pull-request-review.md index 0d8f54b35a..2e1c7f916a 100644 --- a/content/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/requesting-a-pull-request-review.md +++ b/content/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/requesting-a-pull-request-review.md @@ -16,9 +16,11 @@ topics: - Pull requests shortTitle: Request a PR review --- -Owners and collaborators on a repository owned by a user account can assign pull request reviews. Organization members with triage permissions to a repository can assign a pull request review. +Repositories belong to a personal account (a single individual owner) or an organization account (a shared account with numerous collaborators or maintainers). For more information, see "[Types of {% data variables.product.prodname_dotcom %} accounts](/get-started/learning-about-github/types-of-github-accounts)." Owners and collaborators on a repository owned by a personal account can assign pull request reviews. Organization members with triage permissions can also assign a reviewer for a pull request. -Owners or collaborators can assign a pull request review to any person that has been explicitly granted [read access](/articles/access-permissions-on-github) to a user-owned repository. Organization members can assign a pull request review to any person or team with read access to a repository. The requested reviewer or team will receive a notification that you asked them to review the pull request. {% ifversion fpt or ghae or ghes or ghec %}If you request a review from a team and code review assignment is enabled, specific members will be requested and the team will be removed as a reviewer. For more information, see "[Managing code review settings for your team](/organizations/organizing-members-into-teams/managing-code-review-settings-for-your-team)."{% endif %} +To assign a reviewer to a pull request, you will need write access to the repository. For more information about repository access, see "[Repository roles for an organization](/organizations/managing-access-to-your-organizations-repositories/repository-roles-for-an-organization)." If you have write access, you can assign anyone who has read access to the repository as a reviewer. + +Organization members with write access can also assign a pull request review to any person or team with read access to a repository. The requested reviewer or team will receive a notification that you asked them to review the pull request. {% ifversion fpt or ghae or ghes or ghec %}If you request a review from a team and code review assignment is enabled, specific members will be requested and the team will be removed as a reviewer. For more information, see "[Managing code review settings for your team](/organizations/organizing-members-into-teams/managing-code-review-settings-for-your-team)."{% endif %} {% note %} From e9390ec8a7e1933a2cecc8472e3ee86362e440f9 Mon Sep 17 00:00:00 2001 From: Matt Pollard Date: Mon, 21 Mar 2022 10:50:53 +0100 Subject: [PATCH 49/52] Add release note for encrypted SAML assertions in GitHub Enterprise Server 3.4.0 (#26312) --- data/release-notes/enterprise-server/3-4/0.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/data/release-notes/enterprise-server/3-4/0.yml b/data/release-notes/enterprise-server/3-4/0.yml index c158cc09d8..8e5db4ccfe 100644 --- a/data/release-notes/enterprise-server/3-4/0.yml +++ b/data/release-notes/enterprise-server/3-4/0.yml @@ -33,6 +33,12 @@ sections: - | {% data variables.product.prodname_dependabot %} is now available in {% data variables.product.prodname_ghe_server %} 3.4 as a public beta, offering both version updates and security updates for several popular ecosystems. {% data variables.product.prodname_dependabot %} on {% data variables.product.prodname_ghe_server %} requires {% data variables.product.prodname_actions %} and a pool of self-hosted runners configured for {% data variables.product.prodname_dependabot %} use. {% data variables.product.prodname_dependabot %} on {% data variables.product.prodname_ghe_server %} also requires {% data variables.product.prodname_github_connect %} and {% data variables.product.prodname_dependabot %} to be enabled by an administrator. Beta feedback and suggestions can be shared in the [{% data variables.product.prodname_dependabot %} Feedback GitHub discussion](https://github.com/github/feedback/discussions/categories/dependabot-feedback). For more information and to try the beta, see "[Setting up {% data variables.product.prodname_dependabot %} security and version updates on your enterprise](/admin/github-actions/enabling-github-actions-for-github-enterprise-server/setting-up-dependabot-updates)." + - heading: SAML authentication supports encrypted assertions + notes: + # https://github.com/github/releases/issues/1946 + - | + If you use SAML authentication for {% data variables.product.prodname_ghe_server %}, you can now configure encrypted assertions from your IdP to improve security. Encrypted assertions add an additional layer of encryption when your IdP transmits information to {% data variables.product.product_location %}. For more information, see "[Using SAML](/admin/identity-and-access-management/authenticating-users-for-your-github-enterprise-server-instance/using-saml#enabling-encrypted-assertions)." + changes: - heading: Administration Changes notes: From a952b20d66c6b4d16803605ea3e9ba4201c3833b Mon Sep 17 00:00:00 2001 From: GitHub Actions Date: Mon, 21 Mar 2022 10:02:52 +0000 Subject: [PATCH 50/52] update search indexes --- lib/search/indexes/github-docs-3.1-cn-records.json.br | 4 ++-- lib/search/indexes/github-docs-3.1-cn.json.br | 4 ++-- lib/search/indexes/github-docs-3.1-en-records.json.br | 4 ++-- lib/search/indexes/github-docs-3.1-en.json.br | 4 ++-- lib/search/indexes/github-docs-3.1-es-records.json.br | 4 ++-- lib/search/indexes/github-docs-3.1-es.json.br | 4 ++-- lib/search/indexes/github-docs-3.1-ja-records.json.br | 4 ++-- lib/search/indexes/github-docs-3.1-ja.json.br | 4 ++-- lib/search/indexes/github-docs-3.1-pt-records.json.br | 4 ++-- lib/search/indexes/github-docs-3.1-pt.json.br | 4 ++-- lib/search/indexes/github-docs-3.2-cn-records.json.br | 4 ++-- lib/search/indexes/github-docs-3.2-cn.json.br | 4 ++-- lib/search/indexes/github-docs-3.2-en-records.json.br | 4 ++-- lib/search/indexes/github-docs-3.2-en.json.br | 4 ++-- lib/search/indexes/github-docs-3.2-es-records.json.br | 4 ++-- lib/search/indexes/github-docs-3.2-es.json.br | 4 ++-- lib/search/indexes/github-docs-3.2-ja-records.json.br | 4 ++-- lib/search/indexes/github-docs-3.2-ja.json.br | 4 ++-- lib/search/indexes/github-docs-3.2-pt-records.json.br | 4 ++-- lib/search/indexes/github-docs-3.2-pt.json.br | 4 ++-- lib/search/indexes/github-docs-3.3-cn-records.json.br | 4 ++-- lib/search/indexes/github-docs-3.3-cn.json.br | 4 ++-- lib/search/indexes/github-docs-3.3-en-records.json.br | 4 ++-- lib/search/indexes/github-docs-3.3-en.json.br | 4 ++-- lib/search/indexes/github-docs-3.3-es-records.json.br | 4 ++-- lib/search/indexes/github-docs-3.3-es.json.br | 4 ++-- lib/search/indexes/github-docs-3.3-ja-records.json.br | 4 ++-- lib/search/indexes/github-docs-3.3-ja.json.br | 4 ++-- lib/search/indexes/github-docs-3.3-pt-records.json.br | 4 ++-- lib/search/indexes/github-docs-3.3-pt.json.br | 4 ++-- lib/search/indexes/github-docs-3.4-cn-records.json.br | 4 ++-- lib/search/indexes/github-docs-3.4-cn.json.br | 4 ++-- lib/search/indexes/github-docs-3.4-en-records.json.br | 4 ++-- lib/search/indexes/github-docs-3.4-en.json.br | 4 ++-- lib/search/indexes/github-docs-3.4-es-records.json.br | 4 ++-- lib/search/indexes/github-docs-3.4-es.json.br | 4 ++-- lib/search/indexes/github-docs-3.4-ja-records.json.br | 4 ++-- lib/search/indexes/github-docs-3.4-ja.json.br | 4 ++-- lib/search/indexes/github-docs-3.4-pt-records.json.br | 4 ++-- lib/search/indexes/github-docs-3.4-pt.json.br | 4 ++-- lib/search/indexes/github-docs-dotcom-cn-records.json.br | 4 ++-- lib/search/indexes/github-docs-dotcom-cn.json.br | 4 ++-- lib/search/indexes/github-docs-dotcom-en-records.json.br | 4 ++-- lib/search/indexes/github-docs-dotcom-en.json.br | 4 ++-- lib/search/indexes/github-docs-dotcom-es-records.json.br | 4 ++-- lib/search/indexes/github-docs-dotcom-es.json.br | 4 ++-- lib/search/indexes/github-docs-dotcom-ja-records.json.br | 4 ++-- lib/search/indexes/github-docs-dotcom-ja.json.br | 4 ++-- lib/search/indexes/github-docs-dotcom-pt-records.json.br | 4 ++-- lib/search/indexes/github-docs-dotcom-pt.json.br | 4 ++-- lib/search/indexes/github-docs-ghae-cn-records.json.br | 4 ++-- lib/search/indexes/github-docs-ghae-cn.json.br | 4 ++-- lib/search/indexes/github-docs-ghae-en-records.json.br | 4 ++-- lib/search/indexes/github-docs-ghae-en.json.br | 4 ++-- lib/search/indexes/github-docs-ghae-es-records.json.br | 4 ++-- lib/search/indexes/github-docs-ghae-es.json.br | 4 ++-- lib/search/indexes/github-docs-ghae-ja-records.json.br | 4 ++-- lib/search/indexes/github-docs-ghae-ja.json.br | 4 ++-- lib/search/indexes/github-docs-ghae-pt-records.json.br | 4 ++-- lib/search/indexes/github-docs-ghae-pt.json.br | 4 ++-- lib/search/indexes/github-docs-ghec-cn-records.json.br | 4 ++-- lib/search/indexes/github-docs-ghec-cn.json.br | 4 ++-- lib/search/indexes/github-docs-ghec-en-records.json.br | 4 ++-- lib/search/indexes/github-docs-ghec-en.json.br | 4 ++-- lib/search/indexes/github-docs-ghec-es-records.json.br | 4 ++-- lib/search/indexes/github-docs-ghec-es.json.br | 4 ++-- lib/search/indexes/github-docs-ghec-ja-records.json.br | 4 ++-- lib/search/indexes/github-docs-ghec-ja.json.br | 4 ++-- lib/search/indexes/github-docs-ghec-pt-records.json.br | 4 ++-- lib/search/indexes/github-docs-ghec-pt.json.br | 4 ++-- 70 files changed, 140 insertions(+), 140 deletions(-) diff --git a/lib/search/indexes/github-docs-3.1-cn-records.json.br b/lib/search/indexes/github-docs-3.1-cn-records.json.br index 2c8e99c0ae..f7d6ca55b6 100644 --- a/lib/search/indexes/github-docs-3.1-cn-records.json.br +++ b/lib/search/indexes/github-docs-3.1-cn-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:977fcfd43a4c27ca8ba8d2b03a5b8df3b0f61b511926ccbf9722951619d78684 -size 659310 +oid sha256:ff0c9edba0a40aa9c746a319a6dc8f3299e134f666177dfa4342f4a9910b4b20 +size 659833 diff --git a/lib/search/indexes/github-docs-3.1-cn.json.br b/lib/search/indexes/github-docs-3.1-cn.json.br index 75ecd6ac2a..b0df8e7cba 100644 --- a/lib/search/indexes/github-docs-3.1-cn.json.br +++ b/lib/search/indexes/github-docs-3.1-cn.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:45c9384bf52da03882cb714af01a94c6f87d9c99a37d7d24abe67d450a27fd88 -size 1338334 +oid sha256:fb1c0e71459563b832c0f0f8a4f860c0c9cf14139c4a7217f8138fd4d473a990 +size 1338146 diff --git a/lib/search/indexes/github-docs-3.1-en-records.json.br b/lib/search/indexes/github-docs-3.1-en-records.json.br index 1a5cb8ca5d..09a8b29290 100644 --- a/lib/search/indexes/github-docs-3.1-en-records.json.br +++ b/lib/search/indexes/github-docs-3.1-en-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:ab24306fceb5f740f023de1108a7e5739541a4edf70170fe5bb0b63ba98d2486 -size 880153 +oid sha256:f3c33c3eb6cb2c5a4a44176435637decf31ec38db7eae5338acff0638190a2bc +size 881318 diff --git a/lib/search/indexes/github-docs-3.1-en.json.br b/lib/search/indexes/github-docs-3.1-en.json.br index bbbfcd0ac0..0364dca6d3 100644 --- a/lib/search/indexes/github-docs-3.1-en.json.br +++ b/lib/search/indexes/github-docs-3.1-en.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:c7dad888001d63a367ca0a04c5bde507dcfcbb678f1bf00d07408322716de81e -size 3386710 +oid sha256:387a312051b8f97cba29386cdd20480b325f4ead2bbddbf2b181d776e7c00ac9 +size 3385989 diff --git a/lib/search/indexes/github-docs-3.1-es-records.json.br b/lib/search/indexes/github-docs-3.1-es-records.json.br index 39f3c1c43d..18f698ddad 100644 --- a/lib/search/indexes/github-docs-3.1-es-records.json.br +++ b/lib/search/indexes/github-docs-3.1-es-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:02f5a0b534efbb100c2f00f37ace0774b346435abff74871eb3d0fef3ead8946 -size 608930 +oid sha256:608e9731086822e5fb454c66182b739b4f20d3a8bea69488851fa6b5e70b9fb4 +size 609376 diff --git a/lib/search/indexes/github-docs-3.1-es.json.br b/lib/search/indexes/github-docs-3.1-es.json.br index 9d20e1ef2a..0340f3962d 100644 --- a/lib/search/indexes/github-docs-3.1-es.json.br +++ b/lib/search/indexes/github-docs-3.1-es.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:bd100980c86eadd7f360c5ca719231ab6d17419caffcb1507e21480c92e466ab -size 2566159 +oid sha256:a7a35b7e842eec9acd6cb9ebcda4e9ddd034704bba49f4f8971523ff31e9a9af +size 2567986 diff --git a/lib/search/indexes/github-docs-3.1-ja-records.json.br b/lib/search/indexes/github-docs-3.1-ja-records.json.br index 1203e5eab5..2642cda10b 100644 --- a/lib/search/indexes/github-docs-3.1-ja-records.json.br +++ b/lib/search/indexes/github-docs-3.1-ja-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:6c1ef3f592e3b3b35c81963c5df76515fa0d66ed3ad2f46f94154d2c7147b02a -size 673738 +oid sha256:ede763d4f0bf7c5cf89d6fc9d52c520c27c6cc58e030fdb22e06185bc34b86db +size 673659 diff --git a/lib/search/indexes/github-docs-3.1-ja.json.br b/lib/search/indexes/github-docs-3.1-ja.json.br index f3c6836387..9568d27ec6 100644 --- a/lib/search/indexes/github-docs-3.1-ja.json.br +++ b/lib/search/indexes/github-docs-3.1-ja.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:db1cd84dfc679185056a1dfadacb951b890f0b9d0a9a6f89f853b45f97d26078 -size 3573720 +oid sha256:129c5e67cd3396fa2a031cd0da721f4b648741baf2405bdf36af4b15cee32b18 +size 3573898 diff --git a/lib/search/indexes/github-docs-3.1-pt-records.json.br b/lib/search/indexes/github-docs-3.1-pt-records.json.br index 81ba0da630..5357ba0f01 100644 --- a/lib/search/indexes/github-docs-3.1-pt-records.json.br +++ b/lib/search/indexes/github-docs-3.1-pt-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:b6b7baddf01f6d6eb26a99a407803d94d160faed9d1fc7b6ddafaa07b93ca441 -size 599730 +oid sha256:2b5e686d992c66adbc2fab0e932fc4326929f74e75f98dacbf2c117c1790c6e3 +size 598782 diff --git a/lib/search/indexes/github-docs-3.1-pt.json.br b/lib/search/indexes/github-docs-3.1-pt.json.br index 804038cbe1..9265bb1d21 100644 --- a/lib/search/indexes/github-docs-3.1-pt.json.br +++ b/lib/search/indexes/github-docs-3.1-pt.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:8dde619ec974132b84615780fca12ce89fbde9c054ae1b5b42e2e4aac0c475ad -size 2446883 +oid sha256:ba41b694feb8728f96e2c642ba43f4a02aa9f5e41a6cbc05ad475827afc9cd01 +size 2447574 diff --git a/lib/search/indexes/github-docs-3.2-cn-records.json.br b/lib/search/indexes/github-docs-3.2-cn-records.json.br index 5469957a35..c1130e6988 100644 --- a/lib/search/indexes/github-docs-3.2-cn-records.json.br +++ b/lib/search/indexes/github-docs-3.2-cn-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:d4ea5d18ce5b9b7b917b671d4fe1360475de4ae7e5392fe8ed21b3ffdc268d42 -size 676784 +oid sha256:dff4a49d8bacff2bc137fc2154e1e84a50a7de6f8f01d8c78ed67f0b322573bc +size 676895 diff --git a/lib/search/indexes/github-docs-3.2-cn.json.br b/lib/search/indexes/github-docs-3.2-cn.json.br index 1ee63d8f7e..20bc61c3d0 100644 --- a/lib/search/indexes/github-docs-3.2-cn.json.br +++ b/lib/search/indexes/github-docs-3.2-cn.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:f6f0ae6edb32bd501c2d9e98401a4043119ba8562fe1b60cbb0917874297433b -size 1368418 +oid sha256:68dea3ca72e413e961d681afd4757a26f5ee0b655fccc75bee6683b735282394 +size 1368047 diff --git a/lib/search/indexes/github-docs-3.2-en-records.json.br b/lib/search/indexes/github-docs-3.2-en-records.json.br index dce4c06ff1..817f928477 100644 --- a/lib/search/indexes/github-docs-3.2-en-records.json.br +++ b/lib/search/indexes/github-docs-3.2-en-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:698f94173452d1f7059b9a37b6b460edc90e48d3790c07d5078325321cb8b555 -size 909631 +oid sha256:610fab4aba6d0b9c98d8173b9f5e88e3d802eaa5bd43e4a3a05b394c661f5b30 +size 910047 diff --git a/lib/search/indexes/github-docs-3.2-en.json.br b/lib/search/indexes/github-docs-3.2-en.json.br index e14a3c2888..689ce1c4b3 100644 --- a/lib/search/indexes/github-docs-3.2-en.json.br +++ b/lib/search/indexes/github-docs-3.2-en.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:daa0605f13bc90835c7efd63fa32acee64b902487e8a757fd7b8f919f94c4c30 -size 3501727 +oid sha256:edf33e468746f8bd45499d172890ecf6c6e182f24aa102ba0892addd2d6d6380 +size 3503719 diff --git a/lib/search/indexes/github-docs-3.2-es-records.json.br b/lib/search/indexes/github-docs-3.2-es-records.json.br index c9567611c7..d0b0734ad0 100644 --- a/lib/search/indexes/github-docs-3.2-es-records.json.br +++ b/lib/search/indexes/github-docs-3.2-es-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:2ed535ca605a26565fed22948ae57a7501b59202a8a8b21210533ca1df4e1b9e -size 625297 +oid sha256:0a77aa5c29c8dcbb1af735a4c869bafb86a5a6bd62e90bab075b3ca086cec4f6 +size 625131 diff --git a/lib/search/indexes/github-docs-3.2-es.json.br b/lib/search/indexes/github-docs-3.2-es.json.br index e3ba379fe1..96fb684a40 100644 --- a/lib/search/indexes/github-docs-3.2-es.json.br +++ b/lib/search/indexes/github-docs-3.2-es.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:3045a3e928eacff099a0b863ea2b2e143554084826168fc39dc2b7c93702c0f2 -size 2636431 +oid sha256:3ac0b47fa94d4753c7a3f1386fccabc1f77fb7b0275a7b8fbb494f0324e0f893 +size 2636202 diff --git a/lib/search/indexes/github-docs-3.2-ja-records.json.br b/lib/search/indexes/github-docs-3.2-ja-records.json.br index 059ddab76c..b82c1e76fa 100644 --- a/lib/search/indexes/github-docs-3.2-ja-records.json.br +++ b/lib/search/indexes/github-docs-3.2-ja-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:619746001979b040fed19bdfce58d5b194bfdf617736f5e11b9fe54a6af5eb84 -size 689857 +oid sha256:f46ea20fa6047c33289c1424c6758045d1f06570f17ef14d2938ceb46b089939 +size 689971 diff --git a/lib/search/indexes/github-docs-3.2-ja.json.br b/lib/search/indexes/github-docs-3.2-ja.json.br index 2aca98a24f..b1ef45af51 100644 --- a/lib/search/indexes/github-docs-3.2-ja.json.br +++ b/lib/search/indexes/github-docs-3.2-ja.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:bb82a768ba5dc22c059427730502e69fea7a5ce7900570534be37a5ea37da178 -size 3668646 +oid sha256:165d82b212796a1e2a2d5df4cbdb672e3ebe93694b22f4b1c72adc214184957a +size 3664525 diff --git a/lib/search/indexes/github-docs-3.2-pt-records.json.br b/lib/search/indexes/github-docs-3.2-pt-records.json.br index 4fed28eb41..1ffec1813a 100644 --- a/lib/search/indexes/github-docs-3.2-pt-records.json.br +++ b/lib/search/indexes/github-docs-3.2-pt-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:b850ce4a035883665d2406f0bdbb937eaa08b66bd35b67c85c122a076a3dd616 -size 614303 +oid sha256:84f1896f872fc51d04b2dab0e6e5d4fc0de8f2009ebea7e1c51bddc7f0342e02 +size 614693 diff --git a/lib/search/indexes/github-docs-3.2-pt.json.br b/lib/search/indexes/github-docs-3.2-pt.json.br index e422c479e1..f76898babf 100644 --- a/lib/search/indexes/github-docs-3.2-pt.json.br +++ b/lib/search/indexes/github-docs-3.2-pt.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:e8ec4976732cc2514cbb524e586fd07277d326c5279f165f788f8afbdd42d7f3 -size 2506655 +oid sha256:d58c056208af6d3694c42c7c18d52a4204884e7055ba2cd8f64050237278f00f +size 2506649 diff --git a/lib/search/indexes/github-docs-3.3-cn-records.json.br b/lib/search/indexes/github-docs-3.3-cn-records.json.br index 912ee25aeb..8c956a2ef9 100644 --- a/lib/search/indexes/github-docs-3.3-cn-records.json.br +++ b/lib/search/indexes/github-docs-3.3-cn-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:05895eaab683374f095f588074d59d3041164b3ef281497a6db399c9e806f3a2 -size 700818 +oid sha256:dc2d88716d79e2235e10b15a6686685954859e773a528e09be38e9cda26a8d58 +size 700103 diff --git a/lib/search/indexes/github-docs-3.3-cn.json.br b/lib/search/indexes/github-docs-3.3-cn.json.br index 8adee3bd36..640727ad94 100644 --- a/lib/search/indexes/github-docs-3.3-cn.json.br +++ b/lib/search/indexes/github-docs-3.3-cn.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:f4acd92296cec9f892840fa44b382b37a205084c81e7fa199a2c841820ad995d -size 1423315 +oid sha256:3c468ed53b7252495f02bec2eaa4a004475897a66a1c09357145564d3c134cab +size 1421656 diff --git a/lib/search/indexes/github-docs-3.3-en-records.json.br b/lib/search/indexes/github-docs-3.3-en-records.json.br index f4b137798e..be96481f8b 100644 --- a/lib/search/indexes/github-docs-3.3-en-records.json.br +++ b/lib/search/indexes/github-docs-3.3-en-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:b82c5b1251512d29562334a03e489b8a646085cafc7001b3d91c581d4bd1b33e -size 943610 +oid sha256:d4f63c512b449c588541e2bebf1f556eb5d23c28772d9b2ec26a17e06720e996 +size 945173 diff --git a/lib/search/indexes/github-docs-3.3-en.json.br b/lib/search/indexes/github-docs-3.3-en.json.br index 39f9ce1103..2df876fbca 100644 --- a/lib/search/indexes/github-docs-3.3-en.json.br +++ b/lib/search/indexes/github-docs-3.3-en.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:c3dcda20ccccf8a8b1d66fcb6d7f39ad8d24af966c89f79e206938e93a813d45 -size 3617925 +oid sha256:429b7ecde229d2c04020d8c7e3fe4725a4ead459eabb95ef9e2e975a4f79fcb3 +size 3619628 diff --git a/lib/search/indexes/github-docs-3.3-es-records.json.br b/lib/search/indexes/github-docs-3.3-es-records.json.br index f289b21b7c..9c964c1ce7 100644 --- a/lib/search/indexes/github-docs-3.3-es-records.json.br +++ b/lib/search/indexes/github-docs-3.3-es-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:163ad0e51b3bca829e9f3aa3e55216b9cd46470ae2d3ed70dc428c5c3aeb13bd -size 644395 +oid sha256:6c03f6c7f6a65dde6193ec93231bf088c9641c8d8172cffc1a40444a16834308 +size 644205 diff --git a/lib/search/indexes/github-docs-3.3-es.json.br b/lib/search/indexes/github-docs-3.3-es.json.br index 7ab674bf29..a30eb9301b 100644 --- a/lib/search/indexes/github-docs-3.3-es.json.br +++ b/lib/search/indexes/github-docs-3.3-es.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:462fb778d663f0cfc87cf2281194c91462f2f29d34ffc26661e3c3a40e50fbc3 -size 2724488 +oid sha256:c0a023f678ad0d413b0967e0fbc2123a7a29fc30267ed5e18bd2da3a9cf3ef43 +size 2723709 diff --git a/lib/search/indexes/github-docs-3.3-ja-records.json.br b/lib/search/indexes/github-docs-3.3-ja-records.json.br index 9a1ec1f3e4..7d0e1dc949 100644 --- a/lib/search/indexes/github-docs-3.3-ja-records.json.br +++ b/lib/search/indexes/github-docs-3.3-ja-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:53f6e84c03331f9029f7fcaaf1b81291de86744c5214f55e15b1c5383526cb51 -size 713028 +oid sha256:bd5f89d09df52de206c52b281b0c486efd5b5674e6d092d919d920b4ae86502d +size 713927 diff --git a/lib/search/indexes/github-docs-3.3-ja.json.br b/lib/search/indexes/github-docs-3.3-ja.json.br index 7071d97645..772a18d978 100644 --- a/lib/search/indexes/github-docs-3.3-ja.json.br +++ b/lib/search/indexes/github-docs-3.3-ja.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:194bd5c856798cf7929f1d3c099656e09f1e91a287b789009e6a985e79803b49 -size 3787788 +oid sha256:af4b2c840334ca9ee053dee394bb97033675ad08d935790e7f9b7bbfe61f8f65 +size 3789047 diff --git a/lib/search/indexes/github-docs-3.3-pt-records.json.br b/lib/search/indexes/github-docs-3.3-pt-records.json.br index 8b3ebaa250..a5dac4a162 100644 --- a/lib/search/indexes/github-docs-3.3-pt-records.json.br +++ b/lib/search/indexes/github-docs-3.3-pt-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:6061b90171b4d0fd7376d5422433e9fe6f12fa737bc5735307937410dc85a409 -size 633563 +oid sha256:c77cc9ea44a3ce88f75adfb4b0e462a70f0d0f9618c39d5d9e88fd22e377de34 +size 634481 diff --git a/lib/search/indexes/github-docs-3.3-pt.json.br b/lib/search/indexes/github-docs-3.3-pt.json.br index ecf25d429b..3351034c33 100644 --- a/lib/search/indexes/github-docs-3.3-pt.json.br +++ b/lib/search/indexes/github-docs-3.3-pt.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:2e930ca7098bfda8add93974c49b3b7156d45c3458840ba22769992f8c938de7 -size 2589334 +oid sha256:d06af2d3a363a8dea90a4b0856d418cc2d2f25db815ddae6fee5aec70300f703 +size 2591441 diff --git a/lib/search/indexes/github-docs-3.4-cn-records.json.br b/lib/search/indexes/github-docs-3.4-cn-records.json.br index c7daa5b794..746f68ac6c 100644 --- a/lib/search/indexes/github-docs-3.4-cn-records.json.br +++ b/lib/search/indexes/github-docs-3.4-cn-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:11fdfbbcb4c240cb6d44b6649b42b1e3c759da2c85f2ffb851b441f4e43cf976 -size 703688 +oid sha256:e87321fc6811d0ab0c4d7c6e76742319c3b89f3320d4758edd99041be50a4693 +size 703568 diff --git a/lib/search/indexes/github-docs-3.4-cn.json.br b/lib/search/indexes/github-docs-3.4-cn.json.br index 20a265083f..226200d9bf 100644 --- a/lib/search/indexes/github-docs-3.4-cn.json.br +++ b/lib/search/indexes/github-docs-3.4-cn.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:2bd39f53e63fd8bf8dca75c1132449749d71f6b1627cc7a93d3c4d6da97d5e7a -size 1432534 +oid sha256:e484abf831ace5bcfd5077ada3fd2532037ef56cf8c7dd82f90b7d856206e38a +size 1433916 diff --git a/lib/search/indexes/github-docs-3.4-en-records.json.br b/lib/search/indexes/github-docs-3.4-en-records.json.br index 855fd74b1a..cc948754c8 100644 --- a/lib/search/indexes/github-docs-3.4-en-records.json.br +++ b/lib/search/indexes/github-docs-3.4-en-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:aea5c19f23a0c34d2f12250703560204299b63108bfcba723bd62b2fc49d0da1 -size 954380 +oid sha256:a09b40a0071c4cf66372f9c8e938679242602dd254cc9994118e5082462a4dcf +size 954957 diff --git a/lib/search/indexes/github-docs-3.4-en.json.br b/lib/search/indexes/github-docs-3.4-en.json.br index f4d8d4ed73..159039f9b5 100644 --- a/lib/search/indexes/github-docs-3.4-en.json.br +++ b/lib/search/indexes/github-docs-3.4-en.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:bc283279cc224bf84ee278e117c47b0ecc4849365d80c4af42650e188220c1c1 -size 3656618 +oid sha256:eca4bee01dddc9117f8da5e0cdd2cdf8ca442dcd720623baa2fe0f132d7ed10a +size 3656711 diff --git a/lib/search/indexes/github-docs-3.4-es-records.json.br b/lib/search/indexes/github-docs-3.4-es-records.json.br index 37272af5a6..a78c5469b9 100644 --- a/lib/search/indexes/github-docs-3.4-es-records.json.br +++ b/lib/search/indexes/github-docs-3.4-es-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:5ce1fd91773b5f44d90e601ed3d3d3a9fc06dc4ac1153dd35cac976ca1b75a5a -size 648005 +oid sha256:fdf064c160dad6188799d750596cbf069a579fe5cfb63be7f8eb92941dec4e7f +size 647751 diff --git a/lib/search/indexes/github-docs-3.4-es.json.br b/lib/search/indexes/github-docs-3.4-es.json.br index b053b57f32..a26836f780 100644 --- a/lib/search/indexes/github-docs-3.4-es.json.br +++ b/lib/search/indexes/github-docs-3.4-es.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:d07fbf4d458322c26e00ec2612599d8eb2efd393df2b5c3ca965f73c35415622 -size 2740558 +oid sha256:c415d96320c7df570b3f9fbc9cfe0c790c473e605d2cae3469528bdbfb05ef9f +size 2740330 diff --git a/lib/search/indexes/github-docs-3.4-ja-records.json.br b/lib/search/indexes/github-docs-3.4-ja-records.json.br index 354d2de2ea..54567f11ae 100644 --- a/lib/search/indexes/github-docs-3.4-ja-records.json.br +++ b/lib/search/indexes/github-docs-3.4-ja-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:082a43d50cc4cf87098da11fab5a80f3c07ae0d7dd4ff860d1fe0a6eee33b01e -size 717171 +oid sha256:8c1ec0d82010c17fae8a0f7d5661625322bb681785d37a3e41ce9f75a3fb3b29 +size 716766 diff --git a/lib/search/indexes/github-docs-3.4-ja.json.br b/lib/search/indexes/github-docs-3.4-ja.json.br index 9ebf02aa0d..0d67c33a4f 100644 --- a/lib/search/indexes/github-docs-3.4-ja.json.br +++ b/lib/search/indexes/github-docs-3.4-ja.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:352262d14093b28dc2df59d5806e647e30fa83755a5c31a851341a7b09e3895b -size 3810772 +oid sha256:79c021a9d91e909bf28fd0999e5d13341709339288e72562d929e098ac969f40 +size 3808893 diff --git a/lib/search/indexes/github-docs-3.4-pt-records.json.br b/lib/search/indexes/github-docs-3.4-pt-records.json.br index 188786a1cb..0aa3b7d023 100644 --- a/lib/search/indexes/github-docs-3.4-pt-records.json.br +++ b/lib/search/indexes/github-docs-3.4-pt-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:348c66f229d6483b54c7f0bef0b4992926094bba84d993e6265d1cbc38d37765 -size 638314 +oid sha256:0ac0ad8430595d6af58c42535fb4bca94c4094568ec0020898ee49921fc72721 +size 638379 diff --git a/lib/search/indexes/github-docs-3.4-pt.json.br b/lib/search/indexes/github-docs-3.4-pt.json.br index 2213985931..406924df64 100644 --- a/lib/search/indexes/github-docs-3.4-pt.json.br +++ b/lib/search/indexes/github-docs-3.4-pt.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:cf96a298ee0201c5e40850e80f48239cf3a7601e4f2ce305bf895bf21c8ff2fb -size 2606138 +oid sha256:dbd786a796b5e6b66e6804e0a09888dd27f65342ba55b8d05f9a08dc12a74544 +size 2603947 diff --git a/lib/search/indexes/github-docs-dotcom-cn-records.json.br b/lib/search/indexes/github-docs-dotcom-cn-records.json.br index fa30090a03..15de032526 100644 --- a/lib/search/indexes/github-docs-dotcom-cn-records.json.br +++ b/lib/search/indexes/github-docs-dotcom-cn-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:b7eee1752286442452cd9ac8efbd589cf542b589685d3fe9415f8d5037dba1d1 -size 905549 +oid sha256:c3d517f33169585250b7beee52f77d9adb7d233f57ee2f4fd87c0fcacc7bc048 +size 906271 diff --git a/lib/search/indexes/github-docs-dotcom-cn.json.br b/lib/search/indexes/github-docs-dotcom-cn.json.br index 55feea71ba..fc3723479d 100644 --- a/lib/search/indexes/github-docs-dotcom-cn.json.br +++ b/lib/search/indexes/github-docs-dotcom-cn.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:dc988ae596a84e9099c82dfbc779628bb808d87c6f9d3f75ac66b31f4f2c3db0 -size 1571582 +oid sha256:9d6f7620bbe42386a876e3c4ca994890a506a0e3b6292697286d4430c166ee29 +size 1571734 diff --git a/lib/search/indexes/github-docs-dotcom-en-records.json.br b/lib/search/indexes/github-docs-dotcom-en-records.json.br index acb6c41230..c37be6981c 100644 --- a/lib/search/indexes/github-docs-dotcom-en-records.json.br +++ b/lib/search/indexes/github-docs-dotcom-en-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:888f967a513b7bfb96da8b4e4f37513ca0a1e374a7fa49f3e586954a649a8fef -size 1225900 +oid sha256:2f3b22e4234d9f43568bd9a35f93f3fdfe95835cd98b5a0541d3730a15f6e274 +size 1224998 diff --git a/lib/search/indexes/github-docs-dotcom-en.json.br b/lib/search/indexes/github-docs-dotcom-en.json.br index 279064866f..9c0ed09956 100644 --- a/lib/search/indexes/github-docs-dotcom-en.json.br +++ b/lib/search/indexes/github-docs-dotcom-en.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:d1d1544a44f62ed478da053815fd4fd85cefc4d5cd4a35a12bb3c5aefe491d51 -size 4417393 +oid sha256:b393b09dcc655963ada2502dd32e783d1ab324e7a3e86aa210be53eca4b564ea +size 4416589 diff --git a/lib/search/indexes/github-docs-dotcom-es-records.json.br b/lib/search/indexes/github-docs-dotcom-es-records.json.br index 6924bf10e8..2c020857ff 100644 --- a/lib/search/indexes/github-docs-dotcom-es-records.json.br +++ b/lib/search/indexes/github-docs-dotcom-es-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:1378e1e4c383db7ba6dc944116f21592773bbf31db4f92321374a9cc1c54c0da -size 818538 +oid sha256:09f4115509a1a7fd55ed6b14f0ed9fb37b95a1652d8d656d51c419b9f3ee11d6 +size 817647 diff --git a/lib/search/indexes/github-docs-dotcom-es.json.br b/lib/search/indexes/github-docs-dotcom-es.json.br index ea43229d23..8db837a5ae 100644 --- a/lib/search/indexes/github-docs-dotcom-es.json.br +++ b/lib/search/indexes/github-docs-dotcom-es.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:3b9a1622085bc5efeceaaf1f1134f030ca5843efd33b95fe20779b80570af4a6 -size 3275648 +oid sha256:68f335114bb375ee27cd86bc27a13fd527eedb7783d5a245a6b6c926cf8d841e +size 3273885 diff --git a/lib/search/indexes/github-docs-dotcom-ja-records.json.br b/lib/search/indexes/github-docs-dotcom-ja-records.json.br index 330cdb952e..d4ee1caedc 100644 --- a/lib/search/indexes/github-docs-dotcom-ja-records.json.br +++ b/lib/search/indexes/github-docs-dotcom-ja-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:afed45442a73dbef68caf6cbeb1b233787b7c561448e26752e88a434ecfe0d50 -size 919406 +oid sha256:0a930f822118744a5dc6e8527b5fbacac1a457a0d7ebb07b9c9e8974171d8057 +size 918214 diff --git a/lib/search/indexes/github-docs-dotcom-ja.json.br b/lib/search/indexes/github-docs-dotcom-ja.json.br index e338400009..8ffd5e7f50 100644 --- a/lib/search/indexes/github-docs-dotcom-ja.json.br +++ b/lib/search/indexes/github-docs-dotcom-ja.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:02c947498d3b65ac258e950b9714f57d78cb0c15e9cf3416aa8de05e55229d6b -size 4662003 +oid sha256:047e4222775d8abd65d89a65e80935289d92c93f4f8d9424e14cc24c40e3ecd8 +size 4662824 diff --git a/lib/search/indexes/github-docs-dotcom-pt-records.json.br b/lib/search/indexes/github-docs-dotcom-pt-records.json.br index 4422c04268..e251232997 100644 --- a/lib/search/indexes/github-docs-dotcom-pt-records.json.br +++ b/lib/search/indexes/github-docs-dotcom-pt-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:18c642cf116f36352e20072d6aa089aecd7018eeca93b82a323e9098710aa865 -size 806636 +oid sha256:469f9e58d726244061ba3a41353d2c3a997937b1b29b17f802d1a6df9db1cfe0 +size 806035 diff --git a/lib/search/indexes/github-docs-dotcom-pt.json.br b/lib/search/indexes/github-docs-dotcom-pt.json.br index 38c06eaa3f..f150fe8732 100644 --- a/lib/search/indexes/github-docs-dotcom-pt.json.br +++ b/lib/search/indexes/github-docs-dotcom-pt.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:560fa5c33b6d0d9a72f23b3f3e4ca7fdaef4f94f00d1b75647b2d99be14c1d82 -size 3122185 +oid sha256:7e3061027a390da4bfcc012ef6b93cf462be38208222dd63b1be6693016e50f6 +size 3121112 diff --git a/lib/search/indexes/github-docs-ghae-cn-records.json.br b/lib/search/indexes/github-docs-ghae-cn-records.json.br index c8ac5cb979..78c584df0f 100644 --- a/lib/search/indexes/github-docs-ghae-cn-records.json.br +++ b/lib/search/indexes/github-docs-ghae-cn-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:df7e123b3eefbb0d71f1e1835afbca9a8e64138508d5415ab06845a96a8717a4 -size 538341 +oid sha256:b3ad79ab0cdf875fe3eab4c52359e06704300761139bca80784b8fad99569e91 +size 537759 diff --git a/lib/search/indexes/github-docs-ghae-cn.json.br b/lib/search/indexes/github-docs-ghae-cn.json.br index 131b44c4b1..d9ec628472 100644 --- a/lib/search/indexes/github-docs-ghae-cn.json.br +++ b/lib/search/indexes/github-docs-ghae-cn.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:271118819600147b051c10d732d6a91230fa2829535c4c6374d4299714cd9984 -size 1013086 +oid sha256:50b21d0df833195261f324a2abb957dee5c5f358424e435fa85e70f61947fdd0 +size 1012611 diff --git a/lib/search/indexes/github-docs-ghae-en-records.json.br b/lib/search/indexes/github-docs-ghae-en-records.json.br index de5682780d..5ecbef719f 100644 --- a/lib/search/indexes/github-docs-ghae-en-records.json.br +++ b/lib/search/indexes/github-docs-ghae-en-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:3ff7b987840ca1e96cd5de52049281e259344e59e9d4d695e27801b269223015 -size 737754 +oid sha256:7ca5b06c1c64a450bc0ae733fe3ee55f2ab8ed50fdd328b0f6790807a1289a45 +size 737935 diff --git a/lib/search/indexes/github-docs-ghae-en.json.br b/lib/search/indexes/github-docs-ghae-en.json.br index 36cfcf927f..b063f13c20 100644 --- a/lib/search/indexes/github-docs-ghae-en.json.br +++ b/lib/search/indexes/github-docs-ghae-en.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:4d3aaa2549c6f576f5d3d78c01223dbea3f5b5a8462cee53f26fdb8391bf2d86 -size 2788186 +oid sha256:7179b371c23578853cc8948c11c832031f1e8de133e3194a9e73a72214e03c4c +size 2789117 diff --git a/lib/search/indexes/github-docs-ghae-es-records.json.br b/lib/search/indexes/github-docs-ghae-es-records.json.br index b9588f1c47..6d65f7d910 100644 --- a/lib/search/indexes/github-docs-ghae-es-records.json.br +++ b/lib/search/indexes/github-docs-ghae-es-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:da457ebf686f159834645ca40161c3fbe9d99b2b3df778f2c1b1bb2284e23767 -size 496015 +oid sha256:9e59b2a9afb4c1d1323cc65f76084c266921679cd34774a252ad5e2ad2c7c9ca +size 496691 diff --git a/lib/search/indexes/github-docs-ghae-es.json.br b/lib/search/indexes/github-docs-ghae-es.json.br index 3294d99c3a..008f2deb25 100644 --- a/lib/search/indexes/github-docs-ghae-es.json.br +++ b/lib/search/indexes/github-docs-ghae-es.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:83137df9f8474759603b7778482d9b10f592c40de73cbe68f28e9eee8641b4e1 -size 2016564 +oid sha256:80a98440594318b0529e97107a9ba47532f3fb6a07f7d1b1930d99c2c01a40c9 +size 2018469 diff --git a/lib/search/indexes/github-docs-ghae-ja-records.json.br b/lib/search/indexes/github-docs-ghae-ja-records.json.br index f55b5b0f0c..d47436ac29 100644 --- a/lib/search/indexes/github-docs-ghae-ja-records.json.br +++ b/lib/search/indexes/github-docs-ghae-ja-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:9025ed1af14f2a98ef485f3987bf9f30a211fadf043a3c4f5bf66d1cc6eabf12 -size 547845 +oid sha256:ad77bb2b897c3c93b6cca590749a2aa4a5cb86fa12ef995205c70451b7d3b2be +size 548022 diff --git a/lib/search/indexes/github-docs-ghae-ja.json.br b/lib/search/indexes/github-docs-ghae-ja.json.br index 53050d043f..c6d66f220f 100644 --- a/lib/search/indexes/github-docs-ghae-ja.json.br +++ b/lib/search/indexes/github-docs-ghae-ja.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:53e3e748b8f58c03e783bbb73cbefa38ae842160ce8be3b9724a0e795435a557 -size 2782914 +oid sha256:771fdd7285cb93a223ef4b2e08c722bbb29e9ef78efcc60c79bd5ef29cb89f4e +size 2783872 diff --git a/lib/search/indexes/github-docs-ghae-pt-records.json.br b/lib/search/indexes/github-docs-ghae-pt-records.json.br index bfa5b5e8f6..58b945350f 100644 --- a/lib/search/indexes/github-docs-ghae-pt-records.json.br +++ b/lib/search/indexes/github-docs-ghae-pt-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:89a6c57081c931f1eb734fbc16625369d201964b509d4e08bb3de2da41fa9ef0 -size 488738 +oid sha256:704990ffeea9abaf7d7b3e1729e8a2961fd6362ecc72bc67d4c47a5de1387dde +size 487985 diff --git a/lib/search/indexes/github-docs-ghae-pt.json.br b/lib/search/indexes/github-docs-ghae-pt.json.br index f18d2454d0..082edb958b 100644 --- a/lib/search/indexes/github-docs-ghae-pt.json.br +++ b/lib/search/indexes/github-docs-ghae-pt.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:00e5cf8663d33249a524320be20a3c3b7894413aed4a10f35f0ece366f4bcd8e -size 1897776 +oid sha256:b8200466d52d5e8f61cbf712c46d8f8c001a8f8a09ba2a3d0bdb70cd0cbaa37a +size 1896954 diff --git a/lib/search/indexes/github-docs-ghec-cn-records.json.br b/lib/search/indexes/github-docs-ghec-cn-records.json.br index f2e077e395..c13eb93c19 100644 --- a/lib/search/indexes/github-docs-ghec-cn-records.json.br +++ b/lib/search/indexes/github-docs-ghec-cn-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:3cf807c3c6ebfd01cad4b126b73ff5ac9f50c8d5e24cd95d660381a85079e451 -size 839462 +oid sha256:1bfb279bc778e2e614d9dc1d3a5b0b06ddba0eee34cfdb120e172cfbe39ed158 +size 837995 diff --git a/lib/search/indexes/github-docs-ghec-cn.json.br b/lib/search/indexes/github-docs-ghec-cn.json.br index 2253c4dfa6..83b2680fc3 100644 --- a/lib/search/indexes/github-docs-ghec-cn.json.br +++ b/lib/search/indexes/github-docs-ghec-cn.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:cf1edfbec8d51697e23a226668f606134d67822f5094d929cbef57c4d93e2362 -size 1637769 +oid sha256:b2db7c4687e9a43b75e7422f47769a4a12f055300ea7e3841258008170dbee69 +size 1635377 diff --git a/lib/search/indexes/github-docs-ghec-en-records.json.br b/lib/search/indexes/github-docs-ghec-en-records.json.br index a6156dae23..91e8809e27 100644 --- a/lib/search/indexes/github-docs-ghec-en-records.json.br +++ b/lib/search/indexes/github-docs-ghec-en-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:f7f3cb0a75eecbe58fac71e754f59561626e77154ba962b63ab5ddd916beeec3 -size 1102528 +oid sha256:a6a7d034e0f48caee97e1fba8502adf49147bcddcec0d7e14c2264b9cc4d8bc1 +size 1105228 diff --git a/lib/search/indexes/github-docs-ghec-en.json.br b/lib/search/indexes/github-docs-ghec-en.json.br index faef4df110..c366344645 100644 --- a/lib/search/indexes/github-docs-ghec-en.json.br +++ b/lib/search/indexes/github-docs-ghec-en.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:0987bcf199f9d64e4235aa087508ab4ed4d41fbf13273da06fa4d7c90b724d4f -size 4204675 +oid sha256:5ad4a6feb5233f01764880315c4ce6705c0c0cf7ae0211907ffcf1f1f8bf614b +size 4207635 diff --git a/lib/search/indexes/github-docs-ghec-es-records.json.br b/lib/search/indexes/github-docs-ghec-es-records.json.br index aaa4c6f65f..ff87bae6e2 100644 --- a/lib/search/indexes/github-docs-ghec-es-records.json.br +++ b/lib/search/indexes/github-docs-ghec-es-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:40bfc759e37094dfd46a12a61531909e03c41f0b851c9a349175015a89b3f970 -size 776294 +oid sha256:1f275f3c75ded67755f324cc00996e0953eda2a48dd0e99806d5e69c651d1e61 +size 776421 diff --git a/lib/search/indexes/github-docs-ghec-es.json.br b/lib/search/indexes/github-docs-ghec-es.json.br index 97d90315b8..f05df35e03 100644 --- a/lib/search/indexes/github-docs-ghec-es.json.br +++ b/lib/search/indexes/github-docs-ghec-es.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:9691f7735e7c41614bd44e313314bb8fafa16a2e066e094393d2230b6ae8334d -size 3267079 +oid sha256:4acf4944ab0c36dd9d94b162fb18ca2a4920a62506da4ddac3f71f2abf325595 +size 3266771 diff --git a/lib/search/indexes/github-docs-ghec-ja-records.json.br b/lib/search/indexes/github-docs-ghec-ja-records.json.br index c8f46fb16c..e0c192da4f 100644 --- a/lib/search/indexes/github-docs-ghec-ja-records.json.br +++ b/lib/search/indexes/github-docs-ghec-ja-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:1c2c74578ee5427e91faf56e31341893163abd5de6c725bf33080734bc6ae46e -size 852329 +oid sha256:ea56582b707485106c97b95e2f23d99ff69996a97ca5258b76a5cf8c1bff18b7 +size 852908 diff --git a/lib/search/indexes/github-docs-ghec-ja.json.br b/lib/search/indexes/github-docs-ghec-ja.json.br index a7902f6a74..0e0609059c 100644 --- a/lib/search/indexes/github-docs-ghec-ja.json.br +++ b/lib/search/indexes/github-docs-ghec-ja.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:e173fb104834654aba8e6238c9fe63e2988c159d48f482bf4649eb91b7400a3d -size 4549610 +oid sha256:f70cc3fe84262427cc8a5cf949565f6eaae988092db5db56e132e3e269e58226 +size 4550464 diff --git a/lib/search/indexes/github-docs-ghec-pt-records.json.br b/lib/search/indexes/github-docs-ghec-pt-records.json.br index f0344dfecf..7b1bfe7114 100644 --- a/lib/search/indexes/github-docs-ghec-pt-records.json.br +++ b/lib/search/indexes/github-docs-ghec-pt-records.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:392721f8bb5ed0d29aefdd46964e88485c05d5a819ea665f98b25ddb480f936f -size 764794 +oid sha256:5fefb22f038f49bb9e2206b26771bfb74939202e7d2f8fe2ca8962900ef1f841 +size 765117 diff --git a/lib/search/indexes/github-docs-ghec-pt.json.br b/lib/search/indexes/github-docs-ghec-pt.json.br index 7999b83318..840cf3d069 100644 --- a/lib/search/indexes/github-docs-ghec-pt.json.br +++ b/lib/search/indexes/github-docs-ghec-pt.json.br @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:96aac8d9c3881b9d7b9d841bf893f8fb4a61578314ee9b4c5812a69f51974ca0 -size 3101439 +oid sha256:f97312508215bf8493c399fa264ecd1d053ffdf559fa220f40523df46b0ce203 +size 3103523 From 8462b4881945ab5bfed739ebc698aaef002129f8 Mon Sep 17 00:00:00 2001 From: hubwriter Date: Mon, 21 Mar 2022 10:23:47 +0000 Subject: [PATCH 51/52] Clarify why you'd use a fork (#26153) --- content/get-started/quickstart/fork-a-repo.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/get-started/quickstart/fork-a-repo.md b/content/get-started/quickstart/fork-a-repo.md index 145314eb1f..bce507d4c9 100644 --- a/content/get-started/quickstart/fork-a-repo.md +++ b/content/get-started/quickstart/fork-a-repo.md @@ -21,7 +21,7 @@ topics: --- ## About forks -Most commonly, forks are used to either propose changes to someone else's project or to use someone else's project as a starting point for your own idea. You can fork a repository to create a copy of the repository and make changes without affecting the upstream repository. For more information, see "[Working with forks](/github/collaborating-with-issues-and-pull-requests/working-with-forks)." +Most commonly, forks are used to either propose changes to someone else's project to which you don't have write access, or to use someone else's project as a starting point for your own idea. You can fork a repository to create a copy of the repository and make changes without affecting the upstream repository. For more information, see "[Working with forks](/github/collaborating-with-issues-and-pull-requests/working-with-forks)." ### Propose changes to someone else's project From f89a56957066f530f0359748850c6b815bf771b1 Mon Sep 17 00:00:00 2001 From: docubot <67483024+docubot@users.noreply.github.com> Date: Mon, 21 Mar 2022 03:54:31 -0700 Subject: [PATCH 52/52] New translation batch for cn (#26356) * Add crowdin translations * Run script/i18n/homogenize-frontmatter.js * Run script/i18n/lint-translation-files.js --check rendering * run script/i18n/reset-files-with-broken-liquid-tags.js --language=cn * run script/i18n/reset-known-broken-translation-files.js * Check in cn CSV report --- translations/log/cn-resets.csv | 3 +- .../deploying-with-github-actions.md | 66 +++++++++---------- .../deploying-to-google-kubernetes-engine.md | 18 ++--- ...-security-hardening-with-openid-connect.md | 2 +- ...g-openid-connect-in-amazon-web-services.md | 6 +- .../configuring-openid-connect-in-azure.md | 6 +- ...uring-openid-connect-in-cloud-providers.md | 62 ++++++++--------- ...openid-connect-in-google-cloud-platform.md | 6 +- ...uring-openid-connect-in-hashicorp-vault.md | 6 +- .../index.md | 6 +- .../targeting-different-environments/index.md | 2 +- .../using-environments-for-deployment.md | 34 +++++----- 12 files changed, 109 insertions(+), 108 deletions(-) diff --git a/translations/log/cn-resets.csv b/translations/log/cn-resets.csv index 10f59a540c..76e01604a5 100644 --- a/translations/log/cn-resets.csv +++ b/translations/log/cn-resets.csv @@ -9,6 +9,7 @@ translations/zh-CN/content/account-and-profile/setting-up-and-managing-your-gith translations/zh-CN/content/account-and-profile/setting-up-and-managing-your-github-user-account/managing-user-account-settings/managing-the-default-branch-name-for-your-repositories.md,broken liquid tags translations/zh-CN/content/account-and-profile/setting-up-and-managing-your-github-user-account/managing-your-membership-in-organizations/about-organization-membership.md,broken liquid tags translations/zh-CN/content/actions/automating-builds-and-tests/about-continuous-integration.md,broken liquid tags +translations/zh-CN/content/actions/deployment/about-deployments/deploying-with-github-actions.md,broken liquid tags translations/zh-CN/content/actions/hosting-your-own-runners/about-self-hosted-runners.md,broken liquid tags translations/zh-CN/content/actions/hosting-your-own-runners/adding-self-hosted-runners.md,Listed in localization-support#489 translations/zh-CN/content/actions/hosting-your-own-runners/adding-self-hosted-runners.md,broken liquid tags @@ -270,7 +271,7 @@ translations/zh-CN/data/reusables/rest-reference/activity/events.md,broken liqui translations/zh-CN/data/reusables/rest-reference/apps/marketplace.md,broken liquid tags translations/zh-CN/data/reusables/rest-reference/packages/packages.md,broken liquid tags translations/zh-CN/data/reusables/saml/you-must-periodically-authenticate.md,Listed in localization-support#489 -translations/zh-CN/data/reusables/saml/you-must-periodically-authenticate.md,broken liquid tags +translations/zh-CN/data/reusables/saml/you-must-periodically-authenticate.md,rendering error translations/zh-CN/data/reusables/scim/after-you-configure-saml.md,broken liquid tags translations/zh-CN/data/reusables/secret-scanning/enterprise-enable-secret-scanning.md,broken liquid tags translations/zh-CN/data/reusables/sponsors/feedback.md,broken liquid tags diff --git a/translations/zh-CN/content/actions/deployment/about-deployments/deploying-with-github-actions.md b/translations/zh-CN/content/actions/deployment/about-deployments/deploying-with-github-actions.md index 04e2fe7d7f..f84c550826 100644 --- a/translations/zh-CN/content/actions/deployment/about-deployments/deploying-with-github-actions.md +++ b/translations/zh-CN/content/actions/deployment/about-deployments/deploying-with-github-actions.md @@ -1,6 +1,6 @@ --- -title: 使用 GitHub Actions 进行部署 -intro: 了解如何使用环境和并发性等功能控制部署。 +title: Deploying with GitHub Actions +intro: Learn how to control deployments with features like environments and concurrency. versions: fpt: '*' ghes: '*' @@ -11,35 +11,35 @@ redirect_from: - /actions/deployment/deploying-with-github-actions topics: - CD -shortTitle: 使用 GitHub Actions 进行部署 +shortTitle: Deploy with GitHub Actions --- {% data reusables.actions.enterprise-beta %} {% data reusables.actions.enterprise-github-hosted-runners %} -## 简介 +## Introduction -{% data variables.product.prodname_actions %} 提供了允许您控制部署的功能。 您可以: +{% data variables.product.prodname_actions %} offers features that let you control deployments. You can: -- 使用各种事件触发工作流程。 -- 配置环境以在作业可以继续之前设置规则,并限制对机密的访问。 -- 使用并发性来控制一次运行的部署数。 +- Trigger workflows with a variety of events. +- Configure environments to set rules before a job can proceed and to limit access to secrets. +- Use concurrency to control the number of deployments running at a time. -有关持续部署的更多信息,请参阅“[关于持续部署](/actions/deployment/about-continuous-deployment)”。 +For more information about continuous deployment, see "[About continuous deployment](/actions/deployment/about-continuous-deployment)." -## 基本要求 +## Prerequisites -您应该熟悉 {% data variables.product.prodname_actions %} 的语法。 更多信息请参阅“[Learn {% data variables.product.prodname_actions %}](/actions/learn-github-actions)”。 +You should be familiar with the syntax for {% data variables.product.prodname_actions %}. For more information, see "[Learn {% data variables.product.prodname_actions %}](/actions/learn-github-actions)." -## 触发部署 +## Triggering your deployment -您可以使用各种事件来触发您的部署工作流程。 最常见的有:`pull_request`、`put` 和 `Workflow_paid`。 +You can use a variety of events to trigger your deployment workflow. Some of the most common are: `pull_request`, `push`, and `workflow_dispatch`. -例如,具有以下触发器的工作流在以下情况下会运行: +For example, a workflow with the following triggers runs whenever: -- 有人推送到 `main` 分支。 -- 打开、同步或重新打开面向 `main` 分支的拉取请求。 -- 有人手动触发它。 +- There is a push to the `main` branch. +- A pull request targeting the `main` branch is opened, synchronized, or reopened. +- Someone manually triggers it. ```yaml on: @@ -52,23 +52,23 @@ on: workflow_dispatch: ``` -更多信息请参阅“[触发工作流程的事件](/actions/reference/events-that-trigger-workflows)”。 +For more information, see "[Events that trigger workflows](/actions/reference/events-that-trigger-workflows)." -## 使用环境 +## Using environments {% data reusables.actions.about-environments %} -## 使用并发 +## Using concurrency -并发确保只有使用相同并发组的单一作业或工作流程才会同时运行。 您可以使用并发,以便环境中每次最多有一个正在进行的部署和一个待处理的部署。 +Concurrency ensures that only a single job or workflow using the same concurrency group will run at a time. You can use concurrency so that an environment has a maximum of one deployment in progress and one deployment pending at a time. {% note %} -**注意**:`concurrency` 和 `environment` 未连接。 并发值可以是任何字符串;它无需是环境名称。 此外,如果另一个工作流程使用相同的环境,但未指定并发性,则该工作流程将不受任何并发规则的约束。 +**Note:** `concurrency` and `environment` are not connected. The concurrency value can be any string; it does not need to be an environment name. Additionally, if another workflow uses the same environment but does not specify concurrency, that workflow will not be subject to any concurrency rules. {% endnote %} -例如,当以下工作流程运行时,如果正在进行使用 `production` 并发组的任何作业或工作流程,则该工作流程将暂停,且状态为 `pending`。 它还将取消使用 `production` 并发组并且状态为 `pending` 的任何作业或工作流程。 这意味着最多将有一个正在运行的作业或工作流程和一个使用 `production` 并发组的挂起作业或工作流程。 +For example, when the following workflow runs, it will be paused with the status `pending` if any job or workflow that uses the `production` concurrency group is in progress. It will also cancel any job or workflow that uses the `production` concurrency group and has the status `pending`. This means that there will be a maximum of one running and one pending job or workflow in that uses the `production` concurrency group. ```yaml name: Deployment @@ -89,7 +89,7 @@ jobs: # ...deployment-specific steps ``` -您也可以在作业级别指定并发性。 这将允许工作流中的其他作业继续,即使并发作业状态为 `pending`。 +You can also specify concurrency at the job level. This will allow other jobs in the workflow to proceed even if the concurrent job is `pending`. ```yaml name: Deployment @@ -109,7 +109,7 @@ jobs: # ...deployment-specific steps ``` -还可以使用 `cancel-in-progress` 取消同一并发组中任何当前正在运行的作业或工作流程。 +You can also use `cancel-in-progress` to cancel any currently running job or workflow in the same concurrency group. ```yaml name: Deployment @@ -132,19 +132,19 @@ jobs: # ...deployment-specific steps ``` -有关编写特定于部署的步骤的指导,请参阅“[查找部署示例](#finding-deployment-examples)”。 +For guidance on writing deployment-specific steps, see "[Finding deployment examples](#finding-deployment-examples)." -## 查看部署历史记录 +## Viewing deployment history When a {% data variables.product.prodname_actions %} workflow deploys to an environment, the environment is displayed on the main page of the repository. For more information about viewing deployments to environments, see "[Viewing deployment history](/developers/overview/viewing-deployment-history)." -## 监控工作流程运行 +## Monitoring workflow runs -每个工作流程运行都会生成一个实时图表,说明运行进度。 您可以使用此图表来监控和调试部署。 更多信息请参阅“[使用可视化图](/actions/monitoring-and-troubleshooting-workflows/using-the-visualization-graph)”。 +Every workflow run generates a real-time graph that illustrates the run progress. You can use this graph to monitor and debug deployments. For more information see, "[Using the visualization graph](/actions/monitoring-and-troubleshooting-workflows/using-the-visualization-graph)." -您还可以查看每个工作流程运行的日志和工作流程运行的历史记录。 更多信息请参阅“[查看工作流程运行历史记录](/actions/monitoring-and-troubleshooting-workflows/viewing-workflow-run-history)”。 +You can also view the logs of each workflow run and the history of workflow runs. For more information, see "[Viewing workflow run history](/actions/monitoring-and-troubleshooting-workflows/viewing-workflow-run-history)." -## 通过应用跟踪部署 +## Tracking deployments through apps {% ifversion fpt or ghec %} If your personal account or organization on {% ifversion ghae %}{% data variables.product.product_name %}{% else %}{% data variables.product.product_location %}{% endif %} is integrated with Microsoft Teams or Slack, you can track deployments that use environments through Microsoft Teams or Slack. For example, you can receive notifications through the app when a deployment is pending approval, when a deployment is approved, or when the deployment status changes. For more information about integrating Microsoft Teams or Slack, see "[GitHub extensions and integrations](/github/customizing-your-github-workflow/exploring-integrations/github-extensions-and-integrations#team-communication-tools)." @@ -154,7 +154,7 @@ You can also build an app that uses deployment and deployment status webhooks to {% ifversion fpt or ghes or ghec %} -## 选择运行器 +## Choosing a runner You can run your deployment workflow on {% data variables.product.company_short %}-hosted runners or on self-hosted runners. Traffic from {% data variables.product.company_short %}-hosted runners can come from a [wide range of network addresses](/rest/reference/meta#get-github-meta-information). If you are deploying to an internal environment and your company restricts external traffic into private networks, {% data variables.product.prodname_actions %} workflows running on {% data variables.product.company_short %}-hosted runners may not be communicate with your internal services or resources. To overcome this, you can host your own runners. For more information, see "[About self-hosted runners](/actions/hosting-your-own-runners/about-self-hosted-runners)" and "[About GitHub-hosted runners](/actions/using-github-hosted-runners/about-github-hosted-runners)." @@ -164,7 +164,7 @@ You can run your deployment workflow on {% data variables.product.company_short You can use a status badge to display the status of your deployment workflow. {% data reusables.repositories.actions-workflow-status-badge-intro %} -更多信息请参阅“[添加工作流程状态徽章](/actions/managing-workflow-runs/adding-a-workflow-status-badge)”。 +For more information, see "[Adding a workflow status badge](/actions/managing-workflow-runs/adding-a-workflow-status-badge)." ## Finding deployment examples diff --git a/translations/zh-CN/content/actions/deployment/deploying-to-your-cloud-provider/deploying-to-google-kubernetes-engine.md b/translations/zh-CN/content/actions/deployment/deploying-to-your-cloud-provider/deploying-to-google-kubernetes-engine.md index 16ffd39eb8..db72ee4f92 100644 --- a/translations/zh-CN/content/actions/deployment/deploying-to-your-cloud-provider/deploying-to-google-kubernetes-engine.md +++ b/translations/zh-CN/content/actions/deployment/deploying-to-your-cloud-provider/deploying-to-google-kubernetes-engine.md @@ -14,7 +14,7 @@ topics: - CD - Containers - Google Kubernetes Engine -shortTitle: Deploy to Google Kubernetes Engine +shortTitle: 部署到 Google Kubernetes Engine --- {% data reusables.actions.enterprise-beta %} @@ -22,7 +22,7 @@ shortTitle: Deploy to Google Kubernetes Engine ## 简介 -This guide explains how to use {% data variables.product.prodname_actions %} to build a containerized application, push it to Google Container Registry (GCR), and deploy it to Google Kubernetes Engine (GKE) when there is a push to the `main` branch. +本指南介绍如何使用 {% data variables.product.prodname_actions %} 构建容器化应用程序,将其推送到 Google Container Registry (GCR),以及要推送到 `main` 分支时将其部署到 Google Kubernetes Engine (GKE)。 GKE 是 Google Cloud 的托管 Kubernetes 群集服务,可以在云中或您自己的数据中心中托管您的容器化工作负载。 更多信息请参阅 [Google Kubernetes Engine](https://cloud.google.com/kubernetes-engine)。 @@ -71,7 +71,7 @@ $ gcloud services enable \ ### 配置服务帐户并存储其凭据 -此程序显示如何为您的 GKE 集成创建服务帐户。 It explains how to create the account, add roles to it, retrieve its keys, and store them as a base64-encoded encrypted repository secret named `GKE_SA_KEY`. +此程序显示如何为您的 GKE 集成创建服务帐户。 它说明了如何创建帐户、向其添加角色、检索其密钥,以及将它们存储为名为 `GKE_SA_KEY` 的加密仓库机密。 1. 创建新服务帐户: {% raw %} @@ -111,16 +111,16 @@ $ gcloud services enable \ $ export GKE_SA_KEY=$(cat key.json | base64) ``` {% endraw %} - For more information about how to store a secret, see "[Encrypted secrets](/actions/security-guides/encrypted-secrets)." + 有关如何存储机密的更多信息,请参阅“[加密密码](/actions/security-guides/encrypted-secrets)”。 -### Storing your project name +### 存储项目名称 -Store the name of your project as a secret named `GKE_PROJECT`. For more information about how to store a secret, see "[Encrypted secrets](/actions/security-guides/encrypted-secrets)." +将项目名称存储为名为 `GKE_PROJECT` 的机密。 有关如何存储机密的更多信息,请参阅“[加密密码](/actions/security-guides/encrypted-secrets)”。 ### (可选)配置 kustomize -Kustomize 是用于管理 YAML 规范的可选工具。 After creating a `kustomization` file, the workflow below can be used to dynamically set fields of the image and pipe in the result to `kubectl`. 更多信息请参阅 [kustomize 的用法](https://github.com/kubernetes-sigs/kustomize#usage)。 +Kustomize 是用于管理 YAML 规范的可选工具。 在创建 `kustomization` 文件之后, 下面的工作流可用于将结果中的图像和管道字段动态设置为 `kubectl`。 更多信息请参阅 [kustomize 的用法](https://github.com/kubernetes-sigs/kustomize#usage)。 -### (Optional) Configure a deployment environment +### (可选)配置部署环境 {% data reusables.actions.about-environments %} @@ -130,7 +130,7 @@ Kustomize 是用于管理 YAML 规范的可选工具。 After creating a `kustom 下面的示例工作流程演示如何生成容器映像并推送到 GCR。 然后,它使用 Kubernetes 工具(如 `kubectl` 和 `kustomize`)将映像拉入群集部署。 -Under the `env` key, change the value of `GKE_CLUSTER` to the name of your cluster, `GKE_ZONE` to your cluster zone, `DEPLOYMENT_NAME` to the name of your deployment, and `IMAGE` to the name of your image. +在 `env` 键下,将 `GKE_CLUSTER` 的值更改为群集的名称,将 `GKE_ZONE` 更改为群集区域,将 `DEPLOYMENT_NAME` 更改为部署的名称,以及将 `IMAGE` 更改为映像的名称。 {% data reusables.actions.delete-env-key %} diff --git a/translations/zh-CN/content/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect.md b/translations/zh-CN/content/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect.md index 11b5d04f8d..6b23804431 100644 --- a/translations/zh-CN/content/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect.md +++ b/translations/zh-CN/content/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect.md @@ -226,7 +226,7 @@ You could also use a `curl` command to request the JWT, using the following envi curl -H "Authorization: bearer $ACTIONS_ID_TOKEN_REQUEST_TOKEN" "$ACTIONS_ID_TOKEN_REQUEST_URL&audience=api://AzureADTokenExchange" ``` -### Adding permissions settings +### 添加权限设置 {% data reusables.actions.oidc-permissions-token %} diff --git a/translations/zh-CN/content/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services.md b/translations/zh-CN/content/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services.md index 9924912b82..dc17f0ec52 100644 --- a/translations/zh-CN/content/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services.md +++ b/translations/zh-CN/content/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services.md @@ -51,11 +51,11 @@ Edit the trust relationship to add the `sub` field to the validation conditions. ## 更新 {% data variables.product.prodname_actions %} 工作流程 -To update your workflows for OIDC, you will need to make two changes to your YAML: -1. Add permissions settings for the token. +要更新 OIDC 的工作流程,您需要对 YAML 进行两项更改: +1. 为令牌添加权限设置。 2. Use the [`aws-actions/configure-aws-credentials`](https://github.com/aws-actions/configure-aws-credentials) action to exchange the OIDC token (JWT) for a cloud access token. -### Adding permissions settings +### 添加权限设置  {% data reusables.actions.oidc-permissions-token %} diff --git a/translations/zh-CN/content/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-azure.md b/translations/zh-CN/content/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-azure.md index ee6c4342fa..7bef1cd354 100644 --- a/translations/zh-CN/content/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-azure.md +++ b/translations/zh-CN/content/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-azure.md @@ -44,11 +44,11 @@ Additional guidance for configuring the identity provider: ## 更新 {% data variables.product.prodname_actions %} 工作流程 -To update your workflows for OIDC, you will need to make two changes to your YAML: -1. Add permissions settings for the token. +要更新 OIDC 的工作流程,您需要对 YAML 进行两项更改: +1. 为令牌添加权限设置。 2. Use the [`azure/login`](https://github.com/Azure/login) action to exchange the OIDC token (JWT) for a cloud access token. -### Adding permissions settings +### 添加权限设置  {% data reusables.actions.oidc-permissions-token %} diff --git a/translations/zh-CN/content/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-cloud-providers.md b/translations/zh-CN/content/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-cloud-providers.md index d0823e7108..994275f4be 100644 --- a/translations/zh-CN/content/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-cloud-providers.md +++ b/translations/zh-CN/content/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-cloud-providers.md @@ -1,7 +1,7 @@ --- -title: Configuring OpenID Connect in cloud providers -shortTitle: Configuring OpenID Connect in cloud providers -intro: Use OpenID Connect within your workflows to authenticate with cloud providers. +title: 在云提供商中配置 OpenID Connect +shortTitle: 在云提供商中配置 OpenID Connect +intro: 在工作流程中使用 OpenID Connect 向云提供商进行身份验证。 miniTocMaxHeadingLevel: 3 versions: fpt: '*' @@ -17,9 +17,9 @@ topics: ## 概览 -OpenID Connect (OIDC) allows your {% data variables.product.prodname_actions %} workflows to access resources in your cloud provider, without having to store any credentials as long-lived {% data variables.product.prodname_dotcom %} secrets. +OpenID Connect (OIDC) 允许您的 {% data variables.product.prodname_actions %} 工作流程访问云提供商中的资源,而无需将任何凭据存储为长期 {% data variables.product.prodname_dotcom %} 机密。 -To use OIDC, you will first need to configure your cloud provider to trust {% data variables.product.prodname_dotcom %}'s OIDC as a federated identity, and must then update your workflows to authenticate using tokens. +要使用 OIDC,需要先配置云提供商信任 {% data variables.product.prodname_dotcom %} 的 OIDC 作为联合身份,然后必须更新工作流程以使用令牌进行验证。 ## 基本要求 @@ -29,35 +29,35 @@ To use OIDC, you will first need to configure your cloud provider to trust {% da ## 更新 {% data variables.product.prodname_actions %} 工作流程 -To update your workflows for OIDC, you will need to make two changes to your YAML: -1. Add permissions settings for the token. -2. Use the official action from your cloud provider to exchange the OIDC token (JWT) for a cloud access token. +要更新 OIDC 的工作流程,您需要对 YAML 进行两项更改: +1. 为令牌添加权限设置。 +2. 使用云提供商的官方操作将 OIDC 令牌 (JWT) 交换为云访问令牌。 -If your cloud provider doesn't yet offer an official action, you can update your workflows to perform these steps manually. +如果您的云提供商尚未提供官方操作,您可以更新工作流程以手动执行这些步骤。 -### Adding permissions settings +### 添加权限设置  {% data reusables.actions.oidc-permissions-token %} -### Using official actions +### 使用官方操作 -If your cloud provider has created an official action for using OIDC with {% data variables.product.prodname_actions %}, it will allow you to easily exchange the OIDC token for an access token. You can then update your workflows to use this token when accessing cloud resources. +如果您的云提供商已创建将 OIDC 与 {% data variables.product.prodname_actions %} 结合使用的官方操作,它将允许您轻松地将 OIDC 令牌交换为访问令牌。 然后,可以更新工作流程,以便在访问云资源时使用此令牌。 -## Using custom actions +## 使用自定义操作 -If your cloud provider doesn't have an official action, or if you prefer to create custom scripts, you can manually request the JSON Web Token (JWT) from {% data variables.product.prodname_dotcom %}'s OIDC provider. +如果您的云提供商没有官方操作,或者您更喜欢创建自定义脚本,则可以手动向 {% data variables.product.prodname_dotcom %}的 OIDC 提供商请求 JSON Web 令牌 (JWT)。 -If you're not using an official action, then {% data variables.product.prodname_dotcom %} recommends that you use the Actions core toolkit. Alternatively, you can use the following environment variables to retrieve the token: `ACTIONS_RUNTIME_TOKEN`, `ACTIONS_ID_TOKEN_REQUEST_URL`. +如果您没有使用官方操作,则 {% data variables.product.prodname_dotcom %} 建议您使用 Actions 核心工具包。 或者,可以使用以下环境变量来检索令牌:`ACTIONS_RUNTIME_TOKEN`、`ACTIONS_ID_TOKEN_REQUEST_URL`。 -To update your workflows using this approach, you will need to make three changes to your YAML: +要使用此方法更新工作流程,您需要对 YAML 进行三项更改: -1. Add permissions settings for the token. -2. Add code that requests the OIDC token from {% data variables.product.prodname_dotcom %}'s OIDC provider. -3. Add code that exchanges the OIDC token with your cloud provider for an access token. +1. 为令牌添加权限设置。 +2. 添加从 {% data variables.product.prodname_dotcom %} 的 OIDC 提供商请求 OIDC 令牌的代码。 +3. 添加用于将 OIDC 令牌与您的云提供商交换为访问令牌的代码。 -### Requesting the JWT using the Actions core toolkit +### 使用 Actions 核心工具包请求 JWT -The following example demonstrates how to use `actions/github-script` with the `core` toolkit to request the JWT from {% data variables.product.prodname_dotcom %}'s OIDC provider. For more information, see "[Adding actions toolkit packages](/actions/creating-actions/creating-a-javascript-action#adding-actions-toolkit-packages)." +以下示例演示如何使用 `actions/github-script` 与 `core` 工具包,从 {% data variables.product.prodname_dotcom %} 的 OIDC 提供程序请求 JWT。 更多信息请参阅“[添加 Actions 工具包](/actions/creating-actions/creating-a-javascript-action#adding-actions-toolkit-packages)”。 ```yaml jobs: @@ -77,11 +77,11 @@ jobs: coredemo.setOutput('id_token', id_token) ``` -### Requesting the JWT using environment variables +### 使用环境变量请求 JWT -The following example demonstrates how to use enviroment variables to request a JSON Web Token. +下面的示例演示如何使用环境变量来请求 JSON Web 令牌。 -For your deployment job, you will need to define the token settings, using `actions/github-script` with the `core` toolkit. For more information, see "[Adding actions toolkit packages](/actions/creating-actions/creating-a-javascript-action#adding-actions-toolkit-packages)." +对于部署作业,需要使用 `actions/github-script` 与 `core` 工具包定义令牌设置。 更多信息请参阅“[添加 Actions 工具包](/actions/creating-actions/creating-a-javascript-action#adding-actions-toolkit-packages)”。 例如: @@ -102,7 +102,7 @@ jobs: core.setOutput('IDTOKENURL', runtimeUrl.trim()) ``` -You can then use `curl` to retrieve a JWT from the {% data variables.product.prodname_dotcom %} OIDC provider. 例如: +然后,您可以使用 `curl` 从 {% data variables.product.prodname_dotcom %} OIDC 提供商检索 JWT。 例如: ```yaml - run: | @@ -119,14 +119,14 @@ You can then use `curl` to retrieve a JWT from the {% data variables.product.pro id: tokenid ``` -### Getting the access token from the cloud provider +### 从云提供商获取访问令牌 -You will need to present the OIDC JSON web token to your cloud provider in order to obtain an access token. +您需要向云提供商提供 OIDC JSON Web 令牌,以便获取访问令牌。 -For each deployment, your workflows must use cloud login actions (or custom scripts) that fetch the OIDC token and present it to your cloud provider. The cloud provider then validates the claims in the token; if successful, it provides a cloud access token that is available only to that job run. The provided access token can then be used by subsequent actions in the job to connect to the cloud and deploy to its resources. +对于每个部署,您的工作流程必须使用云登录操作(或自定义脚本),以提取 OIDC 令牌并将其提供给您的云提供商。 然后,云提供商验证令牌中的声明;如果成功,它将提供仅可用于该作业运行的云访问令牌。 然后,作业中的后续操作可以使用提供的访问令牌连接到云并部署到其资源。 -The steps for exchanging the OIDC token for an access token will vary for each cloud provider. +将 OIDC 令牌交换为访问令牌的步骤因每个云提供商而异。 -### Accessing resources in your cloud provider +### 访问云提供商中的资源 -Once you've obtained the access token, you can use specific cloud actions or scripts to authenticate to the cloud provider and deploy to its resources. These steps could differ for each cloud provider. In addition, the default expiration time of this access token could vary between each cloud and can be configurable at the cloud provider's side. +获取访问令牌后,可以使用特定的云操作或脚本向云提供商进行身份验证并部署到其资源。 对于每个云提供商,这些步骤可能会有所不同。 此外,此访问令牌的默认过期时间可能因每个云而异,并且可以在云提供商端进行配置。 diff --git a/translations/zh-CN/content/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-google-cloud-platform.md b/translations/zh-CN/content/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-google-cloud-platform.md index 068cb10739..c5319bd950 100644 --- a/translations/zh-CN/content/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-google-cloud-platform.md +++ b/translations/zh-CN/content/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-google-cloud-platform.md @@ -43,11 +43,11 @@ Additional guidance for configuring the identity provider: ## 更新 {% data variables.product.prodname_actions %} 工作流程 -To update your workflows for OIDC, you will need to make two changes to your YAML: -1. Add permissions settings for the token. +要更新 OIDC 的工作流程,您需要对 YAML 进行两项更改: +1. 为令牌添加权限设置。 2. Use the [`google-github-actions/auth`](https://github.com/google-github-actions/auth) action to exchange the OIDC token (JWT) for a cloud access token. -### Adding permissions settings +### 添加权限设置  {% data reusables.actions.oidc-permissions-token %} diff --git a/translations/zh-CN/content/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-hashicorp-vault.md b/translations/zh-CN/content/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-hashicorp-vault.md index e2f45d1934..284fb6eaa4 100644 --- a/translations/zh-CN/content/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-hashicorp-vault.md +++ b/translations/zh-CN/content/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-hashicorp-vault.md @@ -38,8 +38,8 @@ Configure the vault to accept JSON Web Tokens (JWT) for authentication: ## 更新 {% data variables.product.prodname_actions %} 工作流程 -To update your workflows for OIDC, you will need to make two changes to your YAML: -1. Add permissions settings for the token. +要更新 OIDC 的工作流程,您需要对 YAML 进行两项更改: +1. 为令牌添加权限设置。 2. Use the [`hashicorp/vault-action`](https://github.com/hashicorp/vault-action) action to exchange the OIDC token (JWT) for a cloud access token. @@ -52,7 +52,7 @@ To add OIDC integration to your workflows that allow them to access secrets in V This example demonstrates how to use OIDC with the official action to request a secret from HashiCorp Vault. -### Adding permissions settings +### 添加权限设置  {% data reusables.actions.oidc-permissions-token %} diff --git a/translations/zh-CN/content/actions/deployment/security-hardening-your-deployments/index.md b/translations/zh-CN/content/actions/deployment/security-hardening-your-deployments/index.md index 8a6f5e6066..28f93c40b4 100644 --- a/translations/zh-CN/content/actions/deployment/security-hardening-your-deployments/index.md +++ b/translations/zh-CN/content/actions/deployment/security-hardening-your-deployments/index.md @@ -1,7 +1,7 @@ --- -title: Security hardening your deployments -shortTitle: Security hardening your deployments -intro: Use OpenID Connect within your workflows to authenticate with your cloud provider. +title: 安全强化您的部署 +shortTitle: 安全强化您的部署 +intro: 在工作流程中使用 OpenID Connect 向云提供商进行身份验证。 versions: fpt: '*' ghae: issue-4856 diff --git a/translations/zh-CN/content/actions/deployment/targeting-different-environments/index.md b/translations/zh-CN/content/actions/deployment/targeting-different-environments/index.md index a3360b7e02..2cf3b18a76 100644 --- a/translations/zh-CN/content/actions/deployment/targeting-different-environments/index.md +++ b/translations/zh-CN/content/actions/deployment/targeting-different-environments/index.md @@ -1,7 +1,7 @@ --- title: Targeting different environments shortTitle: Targeting different environments -intro: 您可以使用保护规则和机密配置环境。 A workflow job that references an environment must follow any protection rules for the environment before running or accessing the environment's secrets. +intro: 您可以使用保护规则和机密配置环境。 引用环境的工作流程作业在运行或访问环境的机密之前,必须遵循环境的任何保护规则。 versions: fpt: '*' ghes: '*' diff --git a/translations/zh-CN/content/actions/deployment/targeting-different-environments/using-environments-for-deployment.md b/translations/zh-CN/content/actions/deployment/targeting-different-environments/using-environments-for-deployment.md index 52d5005266..84805257d2 100644 --- a/translations/zh-CN/content/actions/deployment/targeting-different-environments/using-environments-for-deployment.md +++ b/translations/zh-CN/content/actions/deployment/targeting-different-environments/using-environments-for-deployment.md @@ -1,7 +1,7 @@ --- -title: Using environments for deployment -shortTitle: Use environments for deployment -intro: 您可以使用保护规则和机密配置环境。 A workflow job that references an environment must follow any protection rules for the environment before running or accessing the environment's secrets. +title: 使用环境进行部署 +shortTitle: 使用环境进行部署 +intro: 您可以使用保护规则和机密配置环境。 引用环境的工作流程作业在运行或访问环境的机密之前,必须遵循环境的任何保护规则。 product: '{% data reusables.gated-features.environments %}' miniTocMaxHeadingLevel: 3 redirect_from: @@ -18,16 +18,16 @@ versions: ## 关于环境 -Environments are used to describe a general deployment target like `production`, `staging`, or `development`. When a {% data variables.product.prodname_actions %} workflow deploys to an environment, the environment is displayed on the main page of the repository. For more information about viewing deployments to environments, see "[Viewing deployment history](/developers/overview/viewing-deployment-history)." +Environments are used to describe a general deployment target like `production`, `staging`, or `development`. When a {% data variables.product.prodname_actions %} workflow deploys to an environment, the environment is displayed on the main page of the repository. 有关查看环境部署的详细信息,请参阅“[查看部署历史记录](/developers/overview/viewing-deployment-history)”。 您可以使用保护规则和机密配置环境。 当工作流程引用环境时,作业在环境的所有保护规则通过之前不会开始。 在所有环境保护规则通过之前,作业也不能访问在环境中定义的机密。 {% ifversion fpt %} {% note %} -**Note:** You can only configure environments for public repositories. 如果您将仓库从公开转换为私密,任何配置的保护规则或环境机密将被忽略, 并且您将无法配置任何环境。 如果将仓库转换回公共,您将有权访问以前配置的任何保护规则和环境机密。 +**注意:** 您只能为公共存储库配置环境。 如果您将仓库从公开转换为私密,任何配置的保护规则或环境机密将被忽略, 并且您将无法配置任何环境。 如果将仓库转换回公共,您将有权访问以前配置的任何保护规则和环境机密。 -Organizations that use {% data variables.product.prodname_ghe_cloud %} can configure environments for private repositories. 更多信息请参阅 [{% data variables.product.prodname_ghe_cloud %} 文档](/enterprise-cloud@latest/actions/deployment/targeting-different-environments/using-environments-for-deployment)。 {% data reusables.enterprise.link-to-ghec-trial %} +使用 {% data variables.product.prodname_ghe_cloud %} 的组织可以为私有仓库配置环境。 更多信息请参阅 [{% data variables.product.prodname_ghe_cloud %} 文档](/enterprise-cloud@latest/actions/deployment/targeting-different-environments/using-environments-for-deployment)。 {% data reusables.enterprise.link-to-ghec-trial %} {% endnote %} {% endif %} @@ -63,7 +63,7 @@ Organizations that use {% data variables.product.prodname_ghe_cloud %} can confi {% note %} -**注意:** 在自托管运行器上运行的工作流程不会在一个孤立的容器中运行,即使它们使用环境。 Environment secrets should be treated with the same level of security as repository and organization secrets. 更多信息请参阅“[GitHub Actions 的安全性增强](/actions/learn-github-actions/security-hardening-for-github-actions#hardening-for-self-hosted-runners)”。 +**注意:** 在自托管运行器上运行的工作流程不会在一个孤立的容器中运行,即使它们使用环境。 环境机密应与存储库和组织机密的安全级别相同。 更多信息请参阅“[GitHub Actions 的安全性增强](/actions/learn-github-actions/security-hardening-for-github-actions#hardening-for-self-hosted-runners)”。 {% endnote %} @@ -76,16 +76,16 @@ Organizations that use {% data variables.product.prodname_ghe_cloud %} can confi {% data reusables.actions.sidebar-environment %} {% data reusables.actions.new-environment %} {% data reusables.actions.name-environment %} -1. Optionally, specify people or teams that must approve workflow jobs that use this environment. - 1. Select **Required reviewers**. - 1. Enter up to 6 people or teams. 只有一个必需的审查者需要批准该作业才能继续。 - 1. Click **Save protection rules**. -2. Optionally, specify the amount of time to wait before allowing workflow jobs that use this environment to proceed. - 1. Select **Wait timer**. - 1. Enter the number of minutes to wait. - 1. Click **Save protection rules**. -3. Optionally, specify what branches can deploy to this environment. For more information about the possible values, see "[Deployment branches](#deployment-branches)." - 1. Select the desired option in the **Deployment branches** dropdown. +1. (可选)指定必须批准使用此环境的工作流程作业的人员或团队。 + 1. 选择 **Required reviewers(必需的审查者)**。 + 1. 最多可输入 6 人或团队。 只有一个必需的审查者需要批准该作业才能继续。 + 1. 单击 **Save protection rules(保存保护规则)**。 +2. (可选)指定在允许使用此环境的工作流程作业继续之前要等待的时长。 + 1. 选择 **Wait timer(等待计时器)**。 + 1. 输入要等待的分钟数。 + 1. 单击 **Save protection rules(保存保护规则)**。 +3. (可选)指定哪些分支可以部署到此环境。 有关可能值的详细信息,请参阅“[部署分支](#deployment-branches)”。 + 1. 在 **Deployment branches(部署分支)**下拉列表中选择所需的选项。 1. If you chose **Selected branches**, enter the branch name patterns that you want to allow. 4. Optionally, add environment secrets. These secrets are only available to workflow jobs that use the environment. Additionally, workflow jobs that use this environment can only access these secrets after any configured rules (for example, required reviewers) pass. 有关机密的更多信息,请参阅“[加密密码](/actions/reference/encrypted-secrets)”。 1. Under **Environment secrets**, click **Add Secret**.