From 47d38c7435517a3a5be14d9cf95951b204f96bd9 Mon Sep 17 00:00:00 2001 From: docubot <67483024+docubot@users.noreply.github.com> Date: Mon, 29 Aug 2022 16:19:26 -0400 Subject: [PATCH 1/2] New translation batch for cn (#30360) Co-authored-by: Grace Park --- translations/log/cn-resets.csv | 5 ++-- ...-hosted-runner-application-as-a-service.md | 14 ++++++++-- .../publishing-nodejs-packages.md | 4 +-- ...or-security-settings-in-your-enterprise.md | 2 ++ .../sarif-support-for-code-scanning.md | 12 ++++++-- .../uploading-a-sarif-file-to-github.md | 2 +- ...pace-to-access-a-private-image-registry.md | 22 +++++++-------- ...g-allowed-ip-addresses-for-a-github-app.md | 2 ++ .../webhooks/securing-your-webhooks.md | 4 +-- ...owed-ip-addresses-for-your-organization.md | 2 ++ translations/zh-CN/content/packages/index.md | 1 + .../about-permissions-for-github-packages.md | 8 ++++-- ...-packages-access-control-and-visibility.md | 4 +-- .../deleting-and-restoring-a-package.md | 28 +++++++++---------- .../introduction-to-github-packages.md | 10 +++++-- .../learn-github-packages/viewing-packages.md | 6 ++-- ...nstalling-a-package-with-github-actions.md | 20 ++++++------- .../working-with-the-container-registry.md | 4 ++- .../working-with-the-npm-registry.md | 21 +++++++++++++- .../zh-CN/data/features/packages-npm-v2.yml | 5 ++++ .../dependabot/dependabot-alerts-filters.md | 2 +- .../ipv6-allow-lists.md | 7 +++++ .../package_registry/authenticate-packages.md | 2 +- ...nticate_with_pat_for_container_registry.md | 11 -------- .../authenticate_with_pat_for_v2_registry.md | 7 +++++ .../no-graphql-to-delete-packages.md | 1 + translations/zh-CN/data/variables/product.yml | 4 +++ 27 files changed, 135 insertions(+), 75 deletions(-) create mode 100644 translations/zh-CN/data/features/packages-npm-v2.yml create mode 100644 translations/zh-CN/data/reusables/identity-and-permissions/ipv6-allow-lists.md delete mode 100644 translations/zh-CN/data/reusables/package_registry/authenticate_with_pat_for_container_registry.md create mode 100644 translations/zh-CN/data/reusables/package_registry/authenticate_with_pat_for_v2_registry.md create mode 100644 translations/zh-CN/data/reusables/package_registry/no-graphql-to-delete-packages.md diff --git a/translations/log/cn-resets.csv b/translations/log/cn-resets.csv index 95d49631ff..9c6660f789 100644 --- a/translations/log/cn-resets.csv +++ b/translations/log/cn-resets.csv @@ -395,16 +395,15 @@ translations/zh-CN/data/reusables/notifications/vulnerable-dependency-notificati translations/zh-CN/data/reusables/organizations/team-synchronization.md,broken liquid tags translations/zh-CN/data/reusables/package_registry/authenticate-packages.md,broken liquid tags translations/zh-CN/data/reusables/package_registry/authenticate-to-container-registry-steps.md,broken liquid tags -translations/zh-CN/data/reusables/package_registry/authenticate_with_pat_for_container_registry.md,broken liquid tags translations/zh-CN/data/reusables/package_registry/docker_registry_deprecation_status.md,Listed in localization-support#489 translations/zh-CN/data/reusables/package_registry/next-steps-for-packages-enterprise-setup.md,broken liquid tags translations/zh-CN/data/reusables/package_registry/packages-cluster-support.md,broken liquid tags translations/zh-CN/data/reusables/repositories/deleted_forks_from_private_repositories_warning.md,broken liquid tags translations/zh-CN/data/reusables/repositories/enable-security-alerts.md,broken liquid tags translations/zh-CN/data/reusables/repositories/select-marketplace-apps.md,broken liquid tags -translations/zh-CN/data/reusables/saml/saml-session-oauth.md,rendering error +translations/zh-CN/data/reusables/saml/saml-session-oauth.md,broken liquid tags translations/zh-CN/data/reusables/saml/you-must-periodically-authenticate.md,Listed in localization-support#489 -translations/zh-CN/data/reusables/saml/you-must-periodically-authenticate.md,rendering error +translations/zh-CN/data/reusables/saml/you-must-periodically-authenticate.md,broken liquid tags translations/zh-CN/data/reusables/scim/after-you-configure-saml.md,broken liquid tags translations/zh-CN/data/reusables/secret-scanning/enterprise-enable-secret-scanning.md,broken liquid tags translations/zh-CN/data/reusables/secret-scanning/partner-program-link.md,broken liquid tags diff --git a/translations/zh-CN/content/actions/hosting-your-own-runners/configuring-the-self-hosted-runner-application-as-a-service.md b/translations/zh-CN/content/actions/hosting-your-own-runners/configuring-the-self-hosted-runner-application-as-a-service.md index 14e01a6ba9..d95f60b37a 100644 --- a/translations/zh-CN/content/actions/hosting-your-own-runners/configuring-the-self-hosted-runner-application-as-a-service.md +++ b/translations/zh-CN/content/actions/hosting-your-own-runners/configuring-the-self-hosted-runner-application-as-a-service.md @@ -18,15 +18,23 @@ shortTitle: 启动时运行运行器应用程序 {% capture service_first_step %}1. 如果自托管的运行器应用程序正在运行,请停止它。{% endcapture %} {% capture service_non_windows_intro_shell %}在运行器机器上,在安装了自托管运行器应用程序的目录中打开 shell。 使用以下命令安装和管理自托管的运行器服务。{% endcapture %} -{% capture service_nonwindows_intro %}将自托管的运行器应用程序配置为服务之前,您必须添加运行器到 {% data variables.product.product_name %}。 更多信息请参阅“[添加自托管的运行器](/github/automating-your-workflow-with-github-actions/adding-self-hosted-runners)”。{% endcapture %} -{% capture service_win_name %}actions.runner.*{% endcapture %} +{% capture service_nonwindows_intro %} + +{% note %} + +**Note:** You must add a runner to {% data variables.product.product_name %} before you can configure the self-hosted runner application as a service. 更多信息请参阅“[添加自托管的运行器](/github/automating-your-workflow-with-github-actions/adding-self-hosted-runners)”。 + +{% endnote %} +{% endcapture %} + +{% capture service_win_name %}actions.runner.*{% endcapture %} {% linux %} {{ service_nonwindows_intro }} -对于使用 `systemd` 的 Linux 系统,您可以使用随自托管运行器应用程序分发的 `svc.h` 脚本来安装和管理应用程序即服务。 +For Linux systems that use `systemd`, you can use the `svc.sh` script that is created after successfully adding the runner to install and manage using the application as a service. {{ service_non_windows_intro_shell }} diff --git a/translations/zh-CN/content/actions/publishing-packages/publishing-nodejs-packages.md b/translations/zh-CN/content/actions/publishing-packages/publishing-nodejs-packages.md index b05078b9e3..aa8257e381 100644 --- a/translations/zh-CN/content/actions/publishing-packages/publishing-nodejs-packages.md +++ b/translations/zh-CN/content/actions/publishing-packages/publishing-nodejs-packages.md @@ -98,9 +98,9 @@ always-auth=true ### 配置目标仓库 -如果您没有在 *package.json* 文件中提供 `repository` 键,则 {% data variables.product.prodname_registry %} 将包发布到您在 *package.json* 文件的 `name` 字段中指定的 {% data variables.product.prodname_dotcom %} 仓库。 例如,名为 `@my-org/test` 的包将被发布到 `my-org/test` {% data variables.product.prodname_dotcom %} 仓库。 +Linking your package to {% data variables.product.prodname_registry %} using the `repository` key is optional. If you choose not to provide the `repository` key in your *package.json* file, then {% data variables.product.prodname_registry %} publishes a package in the {% data variables.product.prodname_dotcom %} repository you specify in the `name` field of the *package.json* file. 例如,名为 `@my-org/test` 的包将被发布到 `my-org/test` {% data variables.product.prodname_dotcom %} 仓库。 If the `url` specified in the `repository` key is invalid, your package may still be published however it won't be linked to the repository source as intended. -但是,如果您提供了 `repository` 键,则该键中的仓库将被用作 {% data variables.product.prodname_registry %} 的目标 npm 注册表。 例如,发布以下 *package.json* 将导致名为 `my-amazing-package` 的包被发布到 `octocat/my-other-repo` {% data variables.product.prodname_dotcom %} 仓库。 +If you do provide the `repository` key in your *package.json* file, then the repository in that key is used as the destination npm registry for {% data variables.product.prodname_registry %}. 例如,发布以下 *package.json* 将导致名为 `my-amazing-package` 的包被发布到 `octocat/my-other-repo` {% data variables.product.prodname_dotcom %} 仓库。 Once published, only the repository source is updated, and the package doesn't inherit any permissions from the destination repository. ```json { diff --git a/translations/zh-CN/content/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-security-settings-in-your-enterprise.md b/translations/zh-CN/content/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-security-settings-in-your-enterprise.md index b673ea767c..49a87dbefd 100644 --- a/translations/zh-CN/content/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-security-settings-in-your-enterprise.md +++ b/translations/zh-CN/content/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-security-settings-in-your-enterprise.md @@ -79,6 +79,8 @@ shortTitle: 安全设置策略 {% data reusables.identity-and-permissions.about-adding-ip-allow-list-entries %} +{% data reusables.identity-and-permissions.ipv6-allow-lists %} + {% data reusables.enterprise-accounts.access-enterprise %} {% data reusables.enterprise-accounts.settings-tab %} {% data reusables.enterprise-accounts.security-tab %} diff --git a/translations/zh-CN/content/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning.md b/translations/zh-CN/content/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning.md index daeb17e483..4b845cf8a3 100644 --- a/translations/zh-CN/content/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning.md +++ b/translations/zh-CN/content/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning.md @@ -45,9 +45,15 @@ If you upload a second SARIF file for a commit with the same category and from t If you're new to SARIF and want to learn more, see Microsoft's [`SARIF tutorials`](https://github.com/microsoft/sarif-tutorials) repository. -## Preventing duplicate alerts using fingerprints +## Providing data to track {% data variables.product.prodname_code_scanning %} alerts across runs -Each time the results of a new code scan are uploaded, the results are processed and alerts are added to the repository. To prevent duplicate alerts for the same problem, {% data variables.product.prodname_code_scanning %} uses fingerprints to match results across various runs so they only appear once in the latest run for the selected branch. This makes it possible to match alerts to the right line of code when files are edited. +Each time the results of a new code scan are uploaded, the results are processed and alerts are added to the repository. To prevent duplicate alerts for the same problem, {% data variables.product.prodname_code_scanning %} uses fingerprints to match results across various runs so they only appear once in the latest run for the selected branch. This makes it possible to match alerts to the correct line of code when files are edited. The `ruleID` for a result has to be the same across analysis. + +### Reporting consistent filepaths + +The filepath has to be consistent across the runs to enable a computation of a stable fingerprint. If the filepaths differ for the same result, each time there is a new analysis a new alert will be created, and the old one will be closed. This will cause having multiple alerts for the same result. + +### Including data for fingerprint generation {% data variables.product.prodname_dotcom %} uses the `partialFingerprints` property in the OASIS standard to detect when two results are logically identical. For more information, see the "[partialFingerprints property](https://docs.oasis-open.org/sarif/sarif/v2.1.0/cs01/sarif-v2.1.0-cs01.html#_Toc16012611)" entry in the OASIS documentation. @@ -138,7 +144,7 @@ Each `result` object contains details for one alert in the codebase. Within the | `level`| **Optional.** The severity of the result. This level overrides the default severity defined by the rule. {% data variables.product.prodname_code_scanning_capc %} uses the level to filter results by severity on {% data variables.product.prodname_dotcom %}. | `message.text`| **Required.** A message that describes the result. {% data variables.product.prodname_code_scanning_capc %} displays the message text as the title of the result. Only the first sentence of the message will be displayed when visible space is limited. | `locations[]`| **Required.** The set of locations where the result was detected up to a maximum of 10. Only one location should be included unless the problem can only be corrected by making a change at every specified location. **Note:** At least one location is required for {% data variables.product.prodname_code_scanning %} to display a result. {% data variables.product.prodname_code_scanning_capc %} will use this property to decide which file to annotate with the result. Only the first value of this array is used. All other values are ignored. -| `partialFingerprints`| **Required.** A set of strings used to track the unique identity of the result. {% data variables.product.prodname_code_scanning_capc %} uses `partialFingerprints` to accurately identify which results are the same across commits and branches. {% data variables.product.prodname_code_scanning_capc %} will attempt to use `partialFingerprints` if they exist. If you are uploading third-party SARIF files with the `upload-action`, the action will create `partialFingerprints` for you when they are not included in the SARIF file. For more information, see "[Preventing duplicate alerts using fingerprints](#preventing-duplicate-alerts-using-fingerprints)." **Note:** {% data variables.product.prodname_code_scanning_capc %} only uses the `primaryLocationLineHash`. +| `partialFingerprints`| **Required.** A set of strings used to track the unique identity of the result. {% data variables.product.prodname_code_scanning_capc %} uses `partialFingerprints` to accurately identify which results are the same across commits and branches. {% data variables.product.prodname_code_scanning_capc %} will attempt to use `partialFingerprints` if they exist. If you are uploading third-party SARIF files with the `upload-action`, the action will create `partialFingerprints` for you when they are not included in the SARIF file. For more information, see "[Providing data to track code scanning alerts across runs](#providing-data-to-track-code-scanning-alerts-across-runs)." **Note:** {% data variables.product.prodname_code_scanning_capc %} only uses the `primaryLocationLineHash`. | `codeFlows[].threadFlows[].locations[]`| **Optional.** An array of `location` objects for a `threadFlow` object, which describes the progress of a program through a thread of execution. A `codeFlow` object describes a pattern of code execution used to detect a result. If code flows are provided, {% data variables.product.prodname_code_scanning %} will expand code flows on {% data variables.product.prodname_dotcom %} for the relevant result. For more information, see the [`location` object](#location-object). | `relatedLocations[]`| A set of locations relevant to this result. {% data variables.product.prodname_code_scanning_capc %} will link to related locations when they are embedded in the result message. For more information, see the [`location` object](#location-object). diff --git a/translations/zh-CN/content/code-security/code-scanning/integrating-with-code-scanning/uploading-a-sarif-file-to-github.md b/translations/zh-CN/content/code-security/code-scanning/integrating-with-code-scanning/uploading-a-sarif-file-to-github.md index 1e03a239f3..193ee54f5a 100644 --- a/translations/zh-CN/content/code-security/code-scanning/integrating-with-code-scanning/uploading-a-sarif-file-to-github.md +++ b/translations/zh-CN/content/code-security/code-scanning/integrating-with-code-scanning/uploading-a-sarif-file-to-github.md @@ -58,7 +58,7 @@ For more information see the [`upload-sarif` action](https://github.com/github/c The `upload-sarif` action can be configured to run when the `push` and `scheduled` event occur. For more information about {% data variables.product.prodname_actions %} events, see "[Events that trigger workflows](/actions/reference/events-that-trigger-workflows)." -If your SARIF file doesn't include `partialFingerprints`, the `upload-sarif` action will calculate the `partialFingerprints` field for you and attempt to prevent duplicate alerts. {% data variables.product.prodname_dotcom %} can only create `partialFingerprints` when the repository contains both the SARIF file and the source code used in the static analysis. For more information about preventing duplicate alerts, see "[About SARIF support for code scanning](/code-security/secure-coding/sarif-support-for-code-scanning#preventing-duplicate-alerts-using-fingerprints)." +If your SARIF file doesn't include `partialFingerprints`, the `upload-sarif` action will calculate the `partialFingerprints` field for you and attempt to prevent duplicate alerts. {% data variables.product.prodname_dotcom %} can only create `partialFingerprints` when the repository contains both the SARIF file and the source code used in the static analysis. For more information about preventing duplicate alerts, see "[About SARIF support for code scanning](/code-security/secure-coding/sarif-support-for-code-scanning#providing-data-to-track-code-scanning-alerts-across-runs)." {% data reusables.code-scanning.upload-sarif-alert-limit %} diff --git a/translations/zh-CN/content/codespaces/codespaces-reference/allowing-your-codespace-to-access-a-private-image-registry.md b/translations/zh-CN/content/codespaces/codespaces-reference/allowing-your-codespace-to-access-a-private-image-registry.md index a5ab209231..c9a6991945 100644 --- a/translations/zh-CN/content/codespaces/codespaces-reference/allowing-your-codespace-to-access-a-private-image-registry.md +++ b/translations/zh-CN/content/codespaces/codespaces-reference/allowing-your-codespace-to-access-a-private-image-registry.md @@ -12,25 +12,25 @@ shortTitle: 私有映像注册表 ## 关于私人映像注册表和 {% data variables.product.prodname_github_codespaces %} -注册表是用于存储、管理和提取专用容器映像的安全空间。 您可以使用一个来存储一个或多个映像。 注册表的示例很多,例如 {% data variables.product.prodname_dotcom %} 容器注册表、Azure 容器注册表或 DockerHub。 +注册表是用于存储、管理和提取专用容器映像的安全空间。 您可以使用一个来存储一个或多个映像。 There are many examples of registries, such as {% data variables.product.prodname_container_registry %}, {% data variables.product.prodname_npm_registry %}, Azure Container Registry, or DockerHub. -{% data variables.product.prodname_dotcom %} 容器注册表可以配置为无缝拉取容器映像,而无需向 {% data variables.product.prodname_github_codespaces %} 提供任何身份验证凭据。 对于其他映像注册表,必须在 {% data variables.product.prodname_dotcom %} 中创建机密以存储访问详细信息,这将允许 {% data variables.product.prodname_codespaces %} 访问存储在该注册表中的映像。 +{% data variables.product.prodname_ghcr_and_npm_registry %} can be configured to allow container images to be pulled seamlessly into {% data variables.product.prodname_github_codespaces %} during codespace creation, without having to provide any authentication credentials. 对于其他映像注册表,必须在 {% data variables.product.prodname_dotcom %} 中创建机密以存储访问详细信息,这将允许 {% data variables.product.prodname_codespaces %} 访问存储在该注册表中的映像。 -## 访问存储在 {% data variables.product.prodname_dotcom %} 容器注册表中的映像 +## Accessing images stored in {% data variables.product.prodname_ghcr_and_npm_registry %} -{% data variables.product.prodname_dotcom %} 容器注册表是 {% data variables.product.prodname_codespaces %} 使用 devcontainer 容器映像的最简单方法。 +{% data variables.product.prodname_ghcr_and_npm_registry %} provide the easiest way for {% data variables.product.prodname_codespaces %} to consume dev container images. -更多信息请参阅“[使用容器注册表](/packages/working-with-a-github-packages-registry/working-with-the-container-registry)”。 +For more information, see "[Working with the Container registry](/packages/working-with-a-github-packages-registry/working-with-the-container-registry)" and "[Working with the npm registry](/packages/working-with-a-github-packages-registry/working-with-the-npm-registry)". ### 访问发布到与代码空间相同的仓库的映像 -如果将容器映像发布到启动代码空间的同一仓库中的 {% data variables.product.prodname_dotcom %} 容器注册表,则在创建代码空间时将自动能够获取该映像。 无需提供任何其他凭据,除非在发布容器映像时未选中 **Inherit access from repo(从仓库继承访问权限)**选项。 +If you publish a container image to {% data variables.product.prodname_ghcr_or_npm_registry %} in the same repository that the codespace is being launched in, you will automatically be able to fetch that image on codespace creation. 无需提供任何其他凭据,除非在发布容器映像时未选中 **Inherit access from repo(从仓库继承访问权限)**选项。 #### 从发布映像的仓库继承访问权限 -默认情况下,将容器映像发布到 {% data variables.product.prodname_dotcom %} 容器注册表时,该映像将继承从中发布映像的仓库的访问设置。 例如,如果仓库是公共的,则映像也是公共的。 如果仓库是私有的,则映像也是私有的,但可以从仓库访问。 +By default, when you publish a container image to {% data variables.product.prodname_ghcr_or_npm_registry %}, the image inherits the access setting of the repository from which the image was published. 例如,如果仓库是公共的,则映像也是公共的。 如果仓库是私有的,则映像也是私有的,但可以从仓库访问。 -此行为由 **Inherit access from repo(从仓库继承访问权限)**选项控制。 **通过** {% data variables.product.prodname_actions %} 发布时,默认情况下会选择从仓库继承访问权限,但在使用个人访问令牌 (PAT) 直接发布到 {% data variables.product.prodname_dotcom %} 容器注册表时,不会选择从仓库继承访问权限。 +此行为由 **Inherit access from repo(从仓库继承访问权限)**选项控制。 **Inherit access from repo** is selected by default when publishing via {% data variables.product.prodname_actions %}, but not when publishing directly to {% data variables.product.prodname_ghcr_or_npm_registry %} using a Personal Access Token (PAT). 如果在发布映像时未选择 **Inherit access from repo(从仓库继承访问权限)**选项,则可以手动将仓库添加到已发布容器映像的访问控制中。 更多信息请参阅“[配置包的访问控制和可见性](/packages/learn-github-packages/configuring-a-packages-access-control-and-visibility#inheriting-access-for-a-container-image-from-a-repository)”。 @@ -46,13 +46,13 @@ shortTitle: 私有映像注册表 ### 从代码空间发布容器映像 -从代码空间到容器注册表 {% data variables.product.prodname_dotcom %} 的无缝访问仅限于拉取容器映像。 如果要从代码空间内部发布容器映像,则必须结合使用个人访问令牌 (PAT) 与 `write:packages` 作用域。 +Seamless access from a codespace to {% data variables.product.prodname_ghcr_or_npm_registry %} is limited to pulling container images. 如果要从代码空间内部发布容器映像,则必须结合使用个人访问令牌 (PAT) 与 `write:packages` 作用域。 -我们建议通过 {% data variables.product.prodname_actions %} 发布映像。 更多信息请参阅“[发布 Docker 映像](/actions/publishing-packages/publishing-docker-images)”。 +我们建议通过 {% data variables.product.prodname_actions %} 发布映像。 For more information, see "[Publishing Docker images](/actions/publishing-packages/publishing-docker-images)" and "[Publishing Node.js packages](/actions/publishing-packages/publishing-nodejs-packages)." ## 访问存储在其他容器注册表中的映像 -如果要从不是 {% data variables.product.prodname_dotcom %} 容器注册表的注册表访问容器映像,{% data variables.product.prodname_codespaces %} 将检查是否存在三个机密,这些机密定义了容器注册表的服务器名称、用户名和个人访问令牌 (PAT)。 如果找到这些密钥,{% data variables.product.prodname_github_codespaces %} 将在代码空间中提供注册表。 +If you are accessing a container image from a registry that isn't {% data variables.product.prodname_ghcr_or_npm_registry %}, {% data variables.product.prodname_codespaces %} checks for the presence of three secrets, which define the server name, username, and personal access token (PAT) for a container registry. 如果找到这些密钥,{% data variables.product.prodname_github_codespaces %} 将在代码空间中提供注册表。 - `<*>_CONTAINER_REGISTRY_SERVER` - `<*>_CONTAINER_REGISTRY_USER` diff --git a/translations/zh-CN/content/developers/apps/building-github-apps/managing-allowed-ip-addresses-for-a-github-app.md b/translations/zh-CN/content/developers/apps/building-github-apps/managing-allowed-ip-addresses-for-a-github-app.md index d0e1dd4592..52e1519479 100644 --- a/translations/zh-CN/content/developers/apps/building-github-apps/managing-allowed-ip-addresses-for-a-github-app.md +++ b/translations/zh-CN/content/developers/apps/building-github-apps/managing-allowed-ip-addresses-for-a-github-app.md @@ -23,6 +23,8 @@ When an organization has an allow list, third-party applications that connect vi ## Adding an IP address allow list to a {% data variables.product.prodname_github_app %} +{% data reusables.identity-and-permissions.ipv6-allow-lists %} + {% data reusables.apps.settings-step %} {% data reusables.user-settings.developer_settings %} {% data reusables.user-settings.github_apps %} diff --git a/translations/zh-CN/content/developers/webhooks-and-events/webhooks/securing-your-webhooks.md b/translations/zh-CN/content/developers/webhooks-and-events/webhooks/securing-your-webhooks.md index bc200e0243..863cf93064 100644 --- a/translations/zh-CN/content/developers/webhooks-and-events/webhooks/securing-your-webhooks.md +++ b/translations/zh-CN/content/developers/webhooks-and-events/webhooks/securing-your-webhooks.md @@ -37,12 +37,12 @@ $ export SECRET_TOKEN=your_token ## 验证来自 GitHub 的有效负载 -设置密钥令牌后,{% data variables.product.product_name %} 使用它为每个有效负载创建一个哈希签名。 此哈希签名包含在每个请求的标头中,作为 `X-Hub-Signature-256`。 +设置密钥令牌后,{% data variables.product.product_name %} 使用它为每个有效负载创建一个哈希签名。 This hash signature is included with the headers of each request as `x-hub-signature-256`. {% ifversion fpt or ghes or ghec %} {% note %} -**注:** 为了向后兼容,我们还包括使用 SHA-1 哈希函数生成的 `X-Hub-Signature` 标头。 如果可能,我们建议您使用 `X-Hub-Signature-256` 标头以提高安全性。 下面的示例演示使用 `X-Hub-Signature-256` 标头。 +**Note:** For backward-compatibility, we also include the `x-hub-signature` header that is generated using the SHA-1 hash function. If possible, we recommend that you use the `x-hub-signature-256` header for improved security. The example below demonstrates using the `x-hub-signature-256` header. {% endnote %} {% endif %} diff --git a/translations/zh-CN/content/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-allowed-ip-addresses-for-your-organization.md b/translations/zh-CN/content/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-allowed-ip-addresses-for-your-organization.md index 94c920226f..b6e248b0a4 100644 --- a/translations/zh-CN/content/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-allowed-ip-addresses-for-your-organization.md +++ b/translations/zh-CN/content/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-allowed-ip-addresses-for-your-organization.md @@ -38,6 +38,8 @@ permissions: Organization owners can manage allowed IP addresses for an organiza {% data reusables.identity-and-permissions.about-adding-ip-allow-list-entries %} +{% data reusables.identity-and-permissions.ipv6-allow-lists %} + {% data reusables.profile.access_org %} {% data reusables.profile.org_settings %} {% data reusables.organizations.security %} diff --git a/translations/zh-CN/content/packages/index.md b/translations/zh-CN/content/packages/index.md index 4773b4809f..785f176d68 100644 --- a/translations/zh-CN/content/packages/index.md +++ b/translations/zh-CN/content/packages/index.md @@ -18,6 +18,7 @@ featuredLinks: guideCards: - '{% ifversion docker-ghcr-enterprise-migration %}/packages/working-with-a-github-packages-registry/migrating-to-the-container-registry-from-the-docker-registry{% endif %}' - '{% ifversion fpt or ghec or ghes > 3.4 %}/packages/working-with-a-github-packages-registry/working-with-the-container-registry{% else %}/packages/working-with-a-github-packages-registry/working-with-the-docker-registry{% endif %}' + - '{% ifversion packages-npm-v2 %}/packages/working-with-a-github-packages-registry/working-with-the-npm-registry{% endif %}' - /packages/working-with-a-github-packages-registry/working-with-the-rubygems-registry changelog: label: packages diff --git a/translations/zh-CN/content/packages/learn-github-packages/about-permissions-for-github-packages.md b/translations/zh-CN/content/packages/learn-github-packages/about-permissions-for-github-packages.md index c05ba2a02f..de17d09ee4 100644 --- a/translations/zh-CN/content/packages/learn-github-packages/about-permissions-for-github-packages.md +++ b/translations/zh-CN/content/packages/learn-github-packages/about-permissions-for-github-packages.md @@ -18,20 +18,22 @@ shortTitle: 关于权限 仓库作用域的包从拥有该包的仓库继承权限和可见性。 通过转到仓库的主页并单击页面右侧的 **Packages(包)**链接,您可以找到作用域为仓库的包。 {% ifversion fpt or ghec %}更多信息请参阅“[将仓库连接到包](/packages/learn-github-packages/connecting-a-repository-to-a-package)”。{% endif %} -下面的 {% data variables.product.prodname_registry %} 注册表使用仓库作用域的权限: +The {% data variables.product.prodname_registry %} registries below **only** use repository-scoped permissions: {% ifversion not fpt or ghec %}- Docker 注册表 (`docker.pkg.github.com`){% endif %} - - npm 注册表 + {% ifversion packages-npm-v2 %}{% else %}- npm registry{% endif %} - RubyGems 注册表 - Apache Maven 注册表 - NuGet 注册表 +{% ifversion packages-npm-v2 %}For {% data variables.product.prodname_ghcr_and_npm_registry %}, you can choose to allow packages to be scoped to a user, an organization, or linked to a repository.{% endif %} + {% ifversion fpt or ghec %} ## 用户/组织作用域包的精细权限 具有精细权限的包仅限于个人用户或组织帐户。 您可以从与包相连(或链接)的仓库分别更改包的访问控制和可见性。 -目前,只有 {% data variables.product.prodname_container_registry %} 为容器映像包提供精细权限。 +Currently, the {% data variables.product.prodname_ghcr_and_npm_registry %} offer granular permissions for your container image packages. ## 容器映像的可见性和访问权限 diff --git a/translations/zh-CN/content/packages/learn-github-packages/configuring-a-packages-access-control-and-visibility.md b/translations/zh-CN/content/packages/learn-github-packages/configuring-a-packages-access-control-and-visibility.md index 4b2ca5591c..c0ebb3641a 100644 --- a/translations/zh-CN/content/packages/learn-github-packages/configuring-a-packages-access-control-and-visibility.md +++ b/translations/zh-CN/content/packages/learn-github-packages/configuring-a-packages-access-control-and-visibility.md @@ -16,7 +16,7 @@ shortTitle: 访问控制和可见性 具有精细权限的包仅限于个人用户或组织帐户。 您可以从与包相连(或链接)的仓库分别更改包的访问控制和可见性。 -目前,您只能对 {% data variables.product.prodname_container_registry %} 使用粒度权限。 我们的其他包注册表(如 npm 注册表)不支持粒度权限。{% ifversion docker-ghcr-enterprise-migration %} 有关迁移到 {% data variables.product.prodname_container_registry %} 的详细信息,请参阅“[从 Docker 注册表迁移到 {% data variables.product.prodname_container_registry %}](/packages/working-with-a-github-packages-registry/migrating-to-the-container-registry-from-the-docker-registry)”。{% endif %} +目前,您只能对 {% data variables.product.prodname_ghcr_and_npm_registry %} 使用粒度权限。 Granular permissions are not supported in our other package registries, such as the RubyGems registry.{% ifversion docker-ghcr-enterprise-migration %} For more information about migration to the {% data variables.product.prodname_container_registry %}, see "[Migrating to the {% data variables.product.prodname_container_registry %} from the Docker registry](/packages/working-with-a-github-packages-registry/migrating-to-the-container-registry-from-the-docker-registry)."{% endif %} 有关仓库作用域的包、与包相关的 PAT 作用域或管理操作工作流程的权限的更多信息,请参阅“[关于 GitHub Packages 的权限](/packages/learn-github-packages/about-permissions-for-github-packages)”。 @@ -95,7 +95,7 @@ shortTitle: 访问控制和可见性 {% ifversion fpt or ghec %} ## 确保 {% data variables.product.prodname_codespaces %} 访问您的软件包 -默认情况下,代码空间可以无缝访问 {% data variables.product.prodname_dotcom %} 容器注册表中的某些包,例如在选中了 **Inherit access(继承访问)**选项的同一仓库中发布的包。 有关自动配置哪些访问权限的详细信息,请参阅“[访问存储在容器注册表 {% data variables.product.prodname_dotcom %} 中的映像](/codespaces/codespaces-reference/allowing-your-codespace-to-access-a-private-image-registry#accessing-images-stored-in-github-container-registry)”。 +By default, a codespace can seamlessly access certain packages in the {% data variables.product.prodname_ghcr_and_npm_registry %}, such as those published in the same repository with the **Inherit access** option selected. For more information on which access is automatically configured, see "[Allowing your codespace to access a private image registry](/codespaces/codespaces-reference/allowing-your-codespace-to-access-a-private-image-registry#accessing-images-stored-in-container-registry-and-npm-registry)." 否则,为了确保代码空间能够访问您的软件包,必须授予对启动代码空间的仓库的访问权限。 diff --git a/translations/zh-CN/content/packages/learn-github-packages/deleting-and-restoring-a-package.md b/translations/zh-CN/content/packages/learn-github-packages/deleting-and-restoring-a-package.md index f7e9663049..8e50d7fe16 100644 --- a/translations/zh-CN/content/packages/learn-github-packages/deleting-and-restoring-a-package.md +++ b/translations/zh-CN/content/packages/learn-github-packages/deleting-and-restoring-a-package.md @@ -23,12 +23,12 @@ shortTitle: 删除和恢复包 - 整个私有包 - 整个公共包(如果任何包版本不超过 5000 次下载) - 私有包的特定版本 -- 公共包的特定版本(如果包版本不超过 5000 次下载) +- 公共包的特定版本(如果包版本不超过 5,000 次下载) {% note %} **注:** -- 如果任何版本的包下载量超过 5000 次,则无法删除公共包。 在这种情况下,请联系 [GitHub 支持](https://support.github.com/contact?tags=docs-packages) 获取更多帮助。 +- 如果任何版本的包下载量超过 5,000 次,则无法删除公共包。 在这种情况下,请联系 [GitHub 支持](https://support.github.com/contact?tags=docs-packages) 获取更多帮助。 - 删除公共包时,请注意,您可能会破坏依赖于包的项目。 {% endnote %} @@ -46,7 +46,7 @@ shortTitle: 删除和恢复包 {% endif %} -对于从仓库继承其权限和访问权限的包,您可以使用 GraphQL 删除特定的包版本。{% ifversion fpt or ghec %} {% data variables.product.prodname_registry %} GraphQL API 不支持使用包命名空间的容器或 Docker 映像 `https://ghcr.io/OWNER/PACKAGE-NAME`。{% endif %} 有关 GraphQL 支持的更多信息,请参阅“[使用 GraphQL 删除存储库范围包的版本](#deleting-a-version-of-a-repository-scoped-package-with-graphql)”。 +For packages that inherit their permissions and access from repositories, you can use GraphQL to delete a specific package version.{% data reusables.package_registry.no-graphql-to-delete-packages %} For more information about GraphQL support, see "[Deleting a version of a repository-scoped package with GraphQL](#deleting-a-version-of-a-repository-scoped-package-with-graphql)." {% endif %} @@ -54,17 +54,19 @@ shortTitle: 删除和恢复包 对于从仓库继承其访问权限的包,如果您拥有仓库管理权限,则可以删除包。 -{% data variables.product.prodname_registry %} 上仓库范围的包中包括以下包: -- npm -- RubyGems -- maven -- Gradle -- NuGet -{% ifversion not fpt or ghec %}- Docker 映像位于 `docker.pkg.github.com/OWNER/REPOSITORY/IMAGE-NAME`{% endif %} +The {% data variables.product.prodname_registry %} registries below **only** use repository-scoped permissions: + + {% ifversion not fpt or ghec %}- Docker 映像位于 `docker.pkg.github.com/OWNER/REPOSITORY/IMAGE-NAME`{% endif %} + {% ifversion packages-npm-v2 %}{% else %}- npm{% endif %} + - RubyGems 注册表 + - Apache Maven 注册表 + - NuGet 注册表 + +{% ifversion packages-npm-v2 %}For {% data variables.product.prodname_ghcr_and_npm_registry %}, you can choose to allow packages to be scoped to a user, an organization, or linked to a repository.{% endif %} {% ifversion fpt or ghec %} -要删除与仓库分开的具有粒度权限的软件包,例如存储在 `https://ghcr.io/OWNER/PACKAGE-NAME` 上的容器映像,您必须对该包具有管理员访问权限。 更多信息请参阅“[关于 {% data variables.product.prodname_registry %} 的权限](/packages/learn-github-packages/about-permissions-for-github-packages)”。 +To delete a package that has granular permissions separate from a repository, such as container images stored at `https://ghcr.io/OWNER/PACKAGE-NAME` or `https://npm.pkg.github.com/OWNER/PACKAGE-NAME`, you must have admin access to the package. 更多信息请参阅“[关于 {% data variables.product.prodname_registry %} 的权限](/packages/learn-github-packages/about-permissions-for-github-packages)”。 {% endif %} @@ -86,9 +88,7 @@ shortTitle: 删除和恢复包 对于从仓库继承其许可和访问权限的包,您可以使用 GraphQL 删除特定的包版本。 -{% ifversion fpt or ghec %} -对于在 `ghcr.io` 上的容器或 Docker 映像,GraphQL 不受支持,但您可以使用 REST API。 更多信息请参阅“[{% data variables.product.prodname_registry %} API](/rest/reference/packages)”。 -{% endif %} +{% data reusables.package_registry.no-graphql-to-delete-packages %}{% ifversion fpt or ghec %} You can however use the REST API. For more information, see the "[{% data variables.product.prodname_registry %} API](/rest/reference/packages)."{% endif %} 在 GraphQL API 中使用 `deletePackageVersion` 突变。 必须使用具有 `read:packages`、`delete:packages` 和 `repo` 作用域的令牌。 有关令牌的更多信息,请参阅“[关于 {% data variables.product.prodname_registry %}](/packages/publishing-and-managing-packages/about-github-packages#authenticating-to-github-packages)”。 diff --git a/translations/zh-CN/content/packages/learn-github-packages/introduction-to-github-packages.md b/translations/zh-CN/content/packages/learn-github-packages/introduction-to-github-packages.md index fc5090006e..5450ffcff9 100644 --- a/translations/zh-CN/content/packages/learn-github-packages/introduction-to-github-packages.md +++ b/translations/zh-CN/content/packages/learn-github-packages/introduction-to-github-packages.md @@ -51,7 +51,7 @@ For more information about the configuration of {% data variables.product.prodna | | | |--------------------|--------------------| -| Permissions | {% ifversion fpt or ghec %}The permissions for a package are either inherited from the repository where the package is hosted or, for packages in the {% data variables.product.prodname_container_registry %}, they can be defined for specific user or organization accounts. For more information, see "[Configuring a package’s access control and visibility](/packages/learn-github-packages/configuring-a-packages-access-control-and-visibility)." {% else %}Each package inherits the permissions of the repository where the package is hosted.

For example, anyone with read permissions for a repository can install a package as a dependency in a project, and anyone with write permissions can publish a new package version.{% endif %} | +| Permissions | {% ifversion fpt or ghec %}The permissions for a package are either inherited from the repository where the package is hosted or, for packages in the {% data variables.product.prodname_ghcr_and_npm_registry %}, they can be defined for specific user or organization accounts. For more information, see "[Configuring a package’s access control and visibility](/packages/learn-github-packages/configuring-a-packages-access-control-and-visibility)." {% else %}Each package inherits the permissions of the repository where the package is hosted.

For example, anyone with read permissions for a repository can install a package as a dependency in a project, and anyone with write permissions can publish a new package version.{% endif %} | | Visibility | {% data reusables.package_registry.public-or-private-packages %} | For more information, see "[About permissions for {% data variables.product.prodname_registry %}](/packages/learn-github-packages/about-permissions-for-github-packages)." @@ -101,7 +101,9 @@ For more information about Docker and the {% data variables.product.prodname_con ## Managing packages {% ifversion fpt or ghec %} -You can delete a package in the {% ifversion ghae %}{% data variables.product.product_name %}{% else %}{% data variables.product.product_location %}{% endif %} user interface or using the REST API. For more information, see the "[{% data variables.product.prodname_registry %} API](/rest/reference/packages)." +You can delete a package in the {% ifversion ghae %}{% data variables.product.product_name %}{% else %}{% data variables.product.product_location %}{% endif %} user interface or using the REST API. For more information, see "[Deleting and restoring a package](/packages/learn-github-packages/deleting-and-restoring-a-package)" and the "[{% data variables.product.prodname_registry %} API](/rest/reference/packages)." + +{% data reusables.package_registry.no-graphql-to-delete-packages %} {% endif %} {% ifversion ghes %} @@ -112,7 +114,9 @@ You can delete a private or public package in the {% data variables.product.prod You can delete a version of a package in the {% data variables.product.product_name %} user interface or using the GraphQL API. {% endif %} -When you use the GraphQL API to query and delete private packages, you must use the same token you use to authenticate to {% data variables.product.prodname_registry %}. For more information, see "[Deleting and restoring a package](/packages/learn-github-packages/deleting-and-restoring-a-package)" and "[Forming calls with GraphQL](/graphql/guides/forming-calls-with-graphql)." +When you use the GraphQL API to query and delete private packages, you must use the same token you use to authenticate to {% data variables.product.prodname_registry %}. + +For more information, see {% ifversion ghes or ghae %}"[Deleting and restoring a package](/packages/learn-github-packages/deleting-and-restoring-a-package)" and {% endif %}"[Forming calls with GraphQL](/graphql/guides/forming-calls-with-graphql)." You can configure webhooks to subscribe to package-related events, such as when a package is published or updated. For more information, see the "[`package` webhook event](/webhooks/event-payloads/#package)." diff --git a/translations/zh-CN/content/packages/learn-github-packages/viewing-packages.md b/translations/zh-CN/content/packages/learn-github-packages/viewing-packages.md index 5b7d3a04e9..40686593f0 100644 --- a/translations/zh-CN/content/packages/learn-github-packages/viewing-packages.md +++ b/translations/zh-CN/content/packages/learn-github-packages/viewing-packages.md @@ -23,15 +23,15 @@ versions: 查看包的权限取决于几个因素。 默认情况下,您可以查看您发布的所有包。 -仓库作用域的包从拥有该包的仓库继承权限和可见性。 下面的注册表使用此类权限:{% ifversion not fpt or ghec %} +仓库作用域的包从拥有该包的仓库继承权限和可见性。 The registries below **only** use this type of permissions:{% ifversion not fpt or ghec %} - Docker 注册表 (`docker.pkg.github.com`){% endif %} -- npm 注册表 +{% ifversion packages-npm-v2 %}{% else %}- npm registry{% endif %} - RubyGems 注册表 - Apache Maven 注册表 - NuGet 注册表 {% ifversion fpt or ghec %} -容器注册表提供粒度权限和可见性设置,可针对个人用户或组织帐户拥有的每个包进行自定义。 您可以选择使用粒度权限或连接包到仓库并继承它的权限。 更多信息请参阅“[将仓库连接到包](/packages/learn-github-packages/connecting-a-repository-to-a-package)”。 +The {% data variables.product.prodname_ghcr_and_npm_registry %} offer you the option of granular permissions and visibility settings that can be customized for each package owned by a personal user or organization account. 您可以选择使用粒度权限或连接包到仓库并继承它的权限。 更多信息请参阅“[将仓库连接到包](/packages/learn-github-packages/connecting-a-repository-to-a-package)”。 {% endif %} 更多信息请参阅“[关于 GitHub Packages 的权限](/packages/learn-github-packages/about-permissions-for-github-packages)”{% ifversion fpt or ghec %} 或“[配置包的访问控制和可见性](/packages/learn-github-packages/configuring-a-packages-access-control-and-visibility)”。{% endif %} diff --git a/translations/zh-CN/content/packages/managing-github-packages-using-github-actions-workflows/publishing-and-installing-a-package-with-github-actions.md b/translations/zh-CN/content/packages/managing-github-packages-using-github-actions-workflows/publishing-and-installing-a-package-with-github-actions.md index abf40d8435..6b3f8fc7cd 100644 --- a/translations/zh-CN/content/packages/managing-github-packages-using-github-actions-workflows/publishing-and-installing-a-package-with-github-actions.md +++ b/translations/zh-CN/content/packages/managing-github-packages-using-github-actions-workflows/publishing-and-installing-a-package-with-github-actions.md @@ -24,9 +24,9 @@ shortTitle: Publish & install with Actions You can extend the CI and CD capabilities of your repository by publishing or installing packages as part of your workflow. {% ifversion fpt or ghec %} -### Authenticating to the {% data variables.product.prodname_container_registry %} +### Authenticating to the {% data variables.product.prodname_ghcr_and_npm_registry %} -{% data reusables.package_registry.authenticate_with_pat_for_container_registry %} +{% data reusables.package_registry.authenticate_with_pat_for_v2_registry %} {% endif %} @@ -40,7 +40,7 @@ You can reference the `GITHUB_TOKEN` in your workflow file using the {% raw %}`{ {% note %} -**Note:** Repository-owned packages include RubyGems, npm, Apache Maven, NuGet, {% ifversion fpt or ghec %}and Gradle. {% else %}Gradle, and Docker packages that use the package namespace `docker.pkg.github.com`.{% endif %} +**Note:** Some registries, such as RubyGems, {% ifversion packages-npm-v2 %}{% else %}npm, {% endif %}Apache Maven, NuGet, {% ifversion fpt or ghec %}and Gradle{% else %}Gradle, and Docker packages that use the package namespace `docker.pkg.github.com`{% endif %}, only allow repository-owned packages. With {% data variables.product.prodname_ghcr_and_npm_registry_full %} you can choose to allow packages to be owned by a user, an organization, or linked to a repository. {% endnote %} @@ -49,11 +49,11 @@ When you enable GitHub Actions, GitHub installs a GitHub App on your repository. {% data variables.product.prodname_registry %} allows you to push and pull packages through the `GITHUB_TOKEN` available to a {% data variables.product.prodname_actions %} workflow. {% ifversion fpt or ghec %} -## About permissions and package access for {% data variables.product.prodname_container_registry %} +## About permissions and package access for {% data variables.product.prodname_ghcr_and_npm_registry %} -The {% data variables.product.prodname_container_registry %} (`ghcr.io`) allows users to create and administer containers as free-standing resources at the organization level. Containers can be owned by an organization or personal account and you can customize access to each of your containers separately from repository permissions. +The {% data variables.product.prodname_ghcr_and_npm_registry_full %} allows users to create and administer packages as free-standing resources at the organization level. Packages can be owned by an organization or personal account and you can customize access to each of your packages separately from repository permissions. -All workflows accessing the {% data variables.product.prodname_container_registry %} should use the `GITHUB_TOKEN` instead of a personal access token. For more information about security best practices, see "[Security hardening for GitHub Actions](/actions/learn-github-actions/security-hardening-for-github-actions#using-secrets)." +All workflows accessing the {% data variables.product.prodname_ghcr_and_npm_registry %} should use the `GITHUB_TOKEN` instead of a personal access token. For more information about security best practices, see "[Security hardening for GitHub Actions](/actions/learn-github-actions/security-hardening-for-github-actions#using-secrets)." ## Default permissions and access settings for containers modified through workflows @@ -484,9 +484,9 @@ Installing packages hosted by {% data variables.product.prodname_registry %} thr {% data reusables.package_registry.actions-configuration %} {% ifversion fpt or ghec %} -## Upgrading a workflow that accesses `ghcr.io` +## Upgrading a workflow that accesses a registry using a PAT -The {% data variables.product.prodname_container_registry %} supports the `GITHUB_TOKEN` for easy and secure authentication in your workflows. If your workflow is using a personal access token (PAT) to authenticate to `ghcr.io`, then we highly recommend you update your workflow to use the `GITHUB_TOKEN`. +The {% data variables.product.prodname_ghcr_and_npm_registry %} support the `GITHUB_TOKEN` for easy and secure authentication in your workflows. If your workflow is using a personal access token (PAT) to authenticate to the registry, then we highly recommend you update your workflow to use the `GITHUB_TOKEN`. For more information about the `GITHUB_TOKEN`, see "[Authentication in a workflow](/actions/reference/authentication-in-a-workflow#using-the-github_token-in-a-workflow)." @@ -504,9 +504,9 @@ Using the `GITHUB_TOKEN` instead of a PAT, which includes the `repo` scope, incr {% endnote %} 1. Optionally, using the "role" drop-down menu, select the default access level that you'd like the repository to have to your container image. ![Permission access levels to give to repositories](/assets/images/help/package-registry/repository-permission-options-for-package-access-through-actions.png) -1. Open your workflow file. On the line where you log in to `ghcr.io`, replace your PAT with {% raw %}`${{ secrets.GITHUB_TOKEN }}`{% endraw %}. +1. Open your workflow file. On the line where you log in to the registry, replace your PAT with {% raw %}`${{ secrets.GITHUB_TOKEN }}`{% endraw %}. -For example, this workflow publishes a Docker image using {% raw %}`${{ secrets.GITHUB_TOKEN }}`{% endraw %} to authenticate. +For example, this workflow publishes a Docker image to the {% data variables.product.prodname_container_registry %} and uses {% raw %}`${{ secrets.GITHUB_TOKEN }}`{% endraw %} to authenticate. ```yaml{:copy} name: Demo Push diff --git a/translations/zh-CN/content/packages/working-with-a-github-packages-registry/working-with-the-container-registry.md b/translations/zh-CN/content/packages/working-with-a-github-packages-registry/working-with-the-container-registry.md index 02708a404d..98ac905c0a 100644 --- a/translations/zh-CN/content/packages/working-with-a-github-packages-registry/working-with-the-container-registry.md +++ b/translations/zh-CN/content/packages/working-with-a-github-packages-registry/working-with-the-container-registry.md @@ -42,7 +42,9 @@ When installing or publishing a Docker image, the {% data variables.product.prod ## Authenticating to the {% data variables.product.prodname_container_registry %} -{% data reusables.package_registry.authenticate_with_pat_for_container_registry %} +{% ifversion fpt or ghec or ghes > 3.4 %} +To authenticate to the {% data variables.product.prodname_container_registry %} (`ghcr.io`) within a {% data variables.product.prodname_actions %} workflow, use the `GITHUB_TOKEN` for the best security and experience. {% data reusables.package_registry.authenticate_with_pat_for_v2_registry %} +{% endif %} {% ifversion ghes %}Ensure that you replace `HOSTNAME` with {% data variables.product.product_location_enterprise %} hostname or IP address in the examples below.{% endif %} diff --git a/translations/zh-CN/content/packages/working-with-a-github-packages-registry/working-with-the-npm-registry.md b/translations/zh-CN/content/packages/working-with-a-github-packages-registry/working-with-the-npm-registry.md index 993e933de3..8007cd2b6f 100644 --- a/translations/zh-CN/content/packages/working-with-a-github-packages-registry/working-with-the-npm-registry.md +++ b/translations/zh-CN/content/packages/working-with-a-github-packages-registry/working-with-the-npm-registry.md @@ -21,6 +21,8 @@ shortTitle: npm registry {% data reusables.package_registry.admins-can-configure-package-types %} +{% ifversion packages-npm-v2 %} +{% else %} ## Limits for published npm versions If you publish over 1,000 npm package versions to {% data variables.product.prodname_registry %}, you may see performance issues and timeouts occur during usage. @@ -28,12 +30,17 @@ If you publish over 1,000 npm package versions to {% data variables.product.prod In the future, to improve performance of the service, you won't be able to publish more than 1,000 versions of a package on {% data variables.product.prodname_dotcom %}. Any versions published before hitting this limit will still be readable. If you reach this limit, consider deleting package versions or contact Support for help. When this limit is enforced, our documentation will be updated with a way to work around this limit. For more information, see "[Deleting and restoring a package](/packages/learn-github-packages/deleting-and-restoring-a-package)" or "[Contacting Support](/packages/learn-github-packages/about-github-packages#contacting-support)." +{% endif %} ## Authenticating to {% data variables.product.prodname_registry %} {% data reusables.package_registry.authenticate-packages %} -{% data reusables.package_registry.authenticate-packages-github-token %} +{% ifversion packages-npm-v2 %} +{% data reusables.package_registry.authenticate_with_pat_for_v2_registry %} + +You can also choose to give access permissions to packages independently for {% data variables.product.prodname_codespaces %} and {% data variables.product.prodname_actions %}. For more information, see "[Ensuring Codespaces access to your package](/packages/learn-github-packages/configuring-a-packages-access-control-and-visibility#ensuring-codespaces-access-to-your-package) and [Ensuring workflow access to your package](/packages/learn-github-packages/configuring-a-packages-access-control-and-visibility#ensuring-workflow-access-to-your-package)." +{% endif %} ### Authenticating with a personal access token @@ -94,12 +101,24 @@ $ npm login --scope=@OWNER --registry=https://HOSTNAME/_regist {% endnote %} +{% ifversion packages-npm-v2 %} +The {% data variables.product.prodname_registry %} registry stores npm packages within your organization or personal account, and allows you to associate a package with a repository. You can choose whether to inherit permissions from a repository, or set granular permissions independently of a repository. +{% endif %} + By default, {% data variables.product.prodname_registry %} publishes a package in the {% data variables.product.prodname_dotcom %} repository you specify in the name field of the *package.json* file. For example, you would publish a package named `@my-org/test` to the `my-org/test` {% data variables.product.prodname_dotcom %} repository. If you're running [npm v8.5.3](https://github.com/npm/cli/releases/tag/v8.5.3) or later, you can add a summary for the package listing page by including a *README.md* file in your package directory. For more information, see "[Working with package.json](https://docs.npmjs.com/getting-started/using-a-package.json)" and "[How to create Node.js Modules](https://docs.npmjs.com/getting-started/creating-node-modules)" in the npm documentation. You can publish multiple packages to the same {% data variables.product.prodname_dotcom %} repository by including a `URL` field in the *package.json* file. For more information, see "[Publishing multiple packages to the same repository](#publishing-multiple-packages-to-the-same-repository)." +{% ifversion fpt or ghec %} +When a package is published, it isn't automatically linked to a repository. You can however choose to link your published package to a repository using the user interface or command line. For more information, see "[Connecting a repository to a package](/packages/learn-github-packages/connecting-a-repository-to-a-package)." +{% endif %} + You can set up the scope mapping for your project using either a local *.npmrc* file in the project or using the `publishConfig` option in the *package.json*. {% data variables.product.prodname_registry %} only supports scoped npm packages. Scoped packages have names with the format of `@owner/name`. Scoped packages always begin with an `@` symbol. You may need to update the name in your *package.json* to use the scoped name. For example, `"name": "@codertocat/hello-world-npm"`. +{% ifversion packages-npm-v2 %} +When you first publish a package, the default visibility is private. When a package is linked to repository, the package visibility is dependent on the repository's visibility. To change the visibility or set access permissions, see "[Configuring a package's access control and visibility](/packages/learn-github-packages/configuring-a-packages-access-control-and-visibility)." +{% endif %} + {% data reusables.package_registry.viewing-packages %} ### Publishing a package using a local *.npmrc* file diff --git a/translations/zh-CN/data/features/packages-npm-v2.yml b/translations/zh-CN/data/features/packages-npm-v2.yml new file mode 100644 index 0000000000..572e412e4a --- /dev/null +++ b/translations/zh-CN/data/features/packages-npm-v2.yml @@ -0,0 +1,5 @@ +#Issue 7039 +#npm Package Registry Improvements (v2) GA +versions: + fpt: '*' + ghec: '*' diff --git a/translations/zh-CN/data/reusables/dependabot/dependabot-alerts-filters.md b/translations/zh-CN/data/reusables/dependabot/dependabot-alerts-filters.md index 0a2e0ad1ba..29684cdd92 100644 --- a/translations/zh-CN/data/reusables/dependabot/dependabot-alerts-filters.md +++ b/translations/zh-CN/data/reusables/dependabot/dependabot-alerts-filters.md @@ -2,7 +2,7 @@ You can sort and filter {% data variables.product.prodname_dependabot_alerts %} | 选项 | 描述 | 示例 | |:---------- |:---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |:---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| `生态系统` | Displays alerts for the selected ecosystem | Use `ecosystem:npm` to show {% data variables.product.prodname_dependabot_alerts %} for npm |{% ifversion fpt or ghec or ghes > 3.5 %} +| `生态系统` | Displays alerts for the selected ecosystem | Use `ecosystem:npm` to show {% data variables.product.prodname_dependabot_alerts %} for npm |{% ifversion fpt or ghec or ghes > 3.5 or ghae-issue-7891 %} | `has` | Displays alerts meeting the selected filter criteria | Use `has:patch` to show alerts related to advisories that have a patch{% ifversion dependabot-alerts-vulnerable-calls %}
Use `has:vulnerable-calls` to show alerts relating to calls to vulnerable functions{% endif %} {% endif %} | `is` | Displays alerts based on their state | Use `is:open` to show open alerts | diff --git a/translations/zh-CN/data/reusables/identity-and-permissions/ipv6-allow-lists.md b/translations/zh-CN/data/reusables/identity-and-permissions/ipv6-allow-lists.md new file mode 100644 index 0000000000..3c26491fe2 --- /dev/null +++ b/translations/zh-CN/data/reusables/identity-and-permissions/ipv6-allow-lists.md @@ -0,0 +1,7 @@ +{% ifversion fpt or ghec %} +{% note %} + +**Note:** {% data variables.product.company_short %} is gradually rolling out support for IPv6. As {% data variables.product.prodname_dotcom %} services continue to add IPv6 support, we will start recognizing IPv6 addresses of {% data variables.product.prodname_dotcom %} users. To prevent possible access interruptions, please ensure you have added any necessary IPv6 addresses to your IP allow list. + +{% endnote %} +{% endif %} \ No newline at end of file diff --git a/translations/zh-CN/data/reusables/package_registry/authenticate-packages.md b/translations/zh-CN/data/reusables/package_registry/authenticate-packages.md index a766f6e96d..5ca4e91584 100644 --- a/translations/zh-CN/data/reusables/package_registry/authenticate-packages.md +++ b/translations/zh-CN/data/reusables/package_registry/authenticate-packages.md @@ -4,4 +4,4 @@ You can use a personal access token (PAT) to authenticate to {% data variables.p To authenticate to a {% data variables.product.prodname_registry %} registry within a {% data variables.product.prodname_actions %} workflow, you can use: - `GITHUB_TOKEN` to publish packages associated with the workflow repository. -- a PAT to install packages associated with other private repositories (which `GITHUB_TOKEN` can't access). +- a PAT with at least `packages:read` scope to install packages associated with other private repositories (which `GITHUB_TOKEN` can't access). diff --git a/translations/zh-CN/data/reusables/package_registry/authenticate_with_pat_for_container_registry.md b/translations/zh-CN/data/reusables/package_registry/authenticate_with_pat_for_container_registry.md deleted file mode 100644 index a54f9a0844..0000000000 --- a/translations/zh-CN/data/reusables/package_registry/authenticate_with_pat_for_container_registry.md +++ /dev/null @@ -1,11 +0,0 @@ -{% ifversion fpt or ghec or ghes > 3.4 %} - -To authenticate to the {% data variables.product.prodname_container_registry %} within a {% data variables.product.prodname_actions %} workflow, use the `GITHUB_TOKEN` for the best security and experience. If your workflow is using a personal access token (PAT) to authenticate to `{% data reusables.package_registry.container-registry-hostname %}`, then we highly recommend you update your workflow to use the `GITHUB_TOKEN`. - -{% ifversion fpt or ghec %}For guidance on updating your workflows that authenticate to `{% data reusables.package_registry.container-registry-hostname %}` with a personal access token, see "[Upgrading a workflow that accesses `ghcr.io`](/packages/managing-github-packages-using-github-actions-workflows/publishing-and-installing-a-package-with-github-actions#upgrading-a-workflow-that-accesses-ghcrio)."{% endif %} - -For more information about the `GITHUB_TOKEN`, see "[Authentication in a workflow](/actions/reference/authentication-in-a-workflow#using-the-github_token-in-a-workflow)." - -If you're using the {% data variables.product.prodname_container_registry %} in actions, follow our security best practices at "[Security hardening for GitHub Actions](/actions/getting-started-with-github-actions/security-hardening-for-github-actions#considering-cross-repository-access)." - -{% endif %} diff --git a/translations/zh-CN/data/reusables/package_registry/authenticate_with_pat_for_v2_registry.md b/translations/zh-CN/data/reusables/package_registry/authenticate_with_pat_for_v2_registry.md new file mode 100644 index 0000000000..9eb44525c7 --- /dev/null +++ b/translations/zh-CN/data/reusables/package_registry/authenticate_with_pat_for_v2_registry.md @@ -0,0 +1,7 @@ +If your workflow is using a personal access token (PAT) to authenticate to a registry, then we highly recommend you update your workflow to use the `GITHUB_TOKEN`. + +{% ifversion fpt or ghec %}For guidance on updating your workflows that authenticate to a registry with a personal access token, see "[Upgrading a workflow that accesses a registry using a PAT](/packages/managing-github-packages-using-github-actions-workflows/publishing-and-installing-a-package-with-github-actions#upgrading-a-workflow-that-accesses-a-registry-using-a-pat)."{% endif %} + +有关 `GITHUB_TOKEN` 的更多信息,请参阅“[工作流程中的身份验证](/actions/reference/authentication-in-a-workflow#using-the-github_token-in-a-workflow)”。 + +For more information about the best practises when using a registry in actions, see "[Security hardening for GitHub Actions](/actions/getting-started-with-github-actions/security-hardening-for-github-actions#considering-cross-repository-access)." diff --git a/translations/zh-CN/data/reusables/package_registry/no-graphql-to-delete-packages.md b/translations/zh-CN/data/reusables/package_registry/no-graphql-to-delete-packages.md new file mode 100644 index 0000000000..cbab609f2b --- /dev/null +++ b/translations/zh-CN/data/reusables/package_registry/no-graphql-to-delete-packages.md @@ -0,0 +1 @@ +{% ifversion fpt or ghec %} The {% data variables.product.prodname_registry %} GraphQL API does not support containers or Docker images that use the package namespace `https://ghcr.io/OWNER/PACKAGE-NAME`, or npm images that use the package namespace `https://npm.pkg.github.com/OWNER/PACKAGE-NAME`.{% endif %} \ No newline at end of file diff --git a/translations/zh-CN/data/variables/product.yml b/translations/zh-CN/data/variables/product.yml index 5d09c47040..7e67ff4653 100644 --- a/translations/zh-CN/data/variables/product.yml +++ b/translations/zh-CN/data/variables/product.yml @@ -112,6 +112,10 @@ prodname_registry: 'GitHub Packages' prodname_container_registry: 'Container registry' prodname_docker_registry_namespace: '{% ifversion fpt or ghec %}`docker.pkg.github.com`{% elsif ghes or ghae %}docker.HOSTNAME{% endif %}' prodname_container_registry_namespace: '{% ifversion fpt or ghec %}`ghcr.io`{% elsif ghes or ghae %}containers.HOSTNAME{% endif %}' +prodname_npm_registry: 'npm 注册表' +prodname_ghcr_and_npm_registry: '{% data variables.product.prodname_container_registry %}{% ifversion packages-npm-v2 %} and {% data variables.product.prodname_npm_registry %}{% endif %}' +prodname_ghcr_or_npm_registry: '{% data variables.product.prodname_container_registry %}{% ifversion packages-npm-v2 %} or {% data variables.product.prodname_npm_registry %}{% endif %}' +prodname_ghcr_and_npm_registry_full: '{% data variables.product.prodname_container_registry %} (`ghcr.io`){% ifversion packages-npm-v2 %} and {% data variables.product.prodname_npm_registry %} (`npm.pkg.github.com`){% endif %}' #GitHub Insights prodname_insights: 'GitHub Insights' #GitHub Sponsors From 05967a9b681c10ea6a329092d31d10708385f48e Mon Sep 17 00:00:00 2001 From: Peter Bengtsson Date: Mon, 29 Aug 2022 22:43:12 +0200 Subject: [PATCH 2/2] optionally check external URLs in rendered content (#25429) --- .github/workflows/link-check-all.yml | 8 ++ script/rendered-content-link-checker.js | 179 ++++++++++++++++++++---- 2 files changed, 158 insertions(+), 29 deletions(-) diff --git a/.github/workflows/link-check-all.yml b/.github/workflows/link-check-all.yml index db3848d588..d983604699 100644 --- a/.github/workflows/link-check-all.yml +++ b/.github/workflows/link-check-all.yml @@ -53,6 +53,14 @@ jobs: # Don't care about CDN caching image URLs DISABLE_REWRITE_ASSET_URLS: true run: | + + # Note as of Aug 2022, we *don't* check external links + # on the pages you touched in the PR. We could enable that + # but it has the added risk of false positives blocking CI. + # We are using this script for the daily/nightly checker that + # checks external links too. Once we're confident it really works + # well, we can consider enabling it here on every content PR too. + ./script/rendered-content-link-checker.js \ --language en \ --max 100 \ diff --git a/script/rendered-content-link-checker.js b/script/rendered-content-link-checker.js index e3ece57f06..af0e69f2ca 100755 --- a/script/rendered-content-link-checker.js +++ b/script/rendered-content-link-checker.js @@ -12,6 +12,7 @@ import path from 'path' import cheerio from 'cheerio' import { program, Option, InvalidArgumentError } from 'commander' import chalk from 'chalk' +import got from 'got' import shortVersions from '../middleware/contextualizers/short-versions.js' import contextualize from '../middleware/context.js' @@ -20,6 +21,7 @@ import getRedirect from '../lib/get-redirect.js' import warmServer from '../lib/warm-server.js' import renderContent from '../lib/render-content/index.js' import { deprecated } from '../lib/enterprise-server-releases.js' +import excludedLinks from '../lib/excluded-links.js' const STATIC_PREFIXES = { assets: path.resolve('assets'), @@ -32,6 +34,18 @@ Object.entries(STATIC_PREFIXES).forEach(([key, value]) => { } }) +// Return a function that can as quickly as possible check if a certain +// href input should be skipped. +// Do this so we can use a `Set` and a `iterable.some()` for a speedier +// check. +function linksToSkipFactory() { + const set = new Set(excludedLinks.filter((regexOrURL) => typeof regexOrURL === 'string')) + const regexes = excludedLinks.filter((regexOrURL) => regexOrURL instanceof RegExp) + return (href) => set.has(href) || regexes.some((regex) => regex.test(href)) +} + +const linksToSkip = linksToSkipFactory(excludedLinks) + const CONTENT_ROOT = path.resolve('content') const deprecatedVersionPrefixesRegex = new RegExp( @@ -56,6 +70,7 @@ program .option('-b, --bail', 'Exit on the first flaw') .option('--check-anchors', "Validate links that start with a '#' too") .option('--check-images', 'Validate local images too') + .option('--check-external-links', 'Check external URLs too') .option('-v, --verbose', 'Verbose outputs') .option('--debug', "Loud about everything it's doing") .option('--random', 'Load pages in a random order (useful for debugging)') @@ -92,7 +107,7 @@ program main(program.opts(), program.args) async function main(opts, files) { - const { random, language, filter, exit, debug, max, verbose, list } = opts + const { random, language, filter, exit, debug, max, verbose, list, checkExternalLinks } = opts // Note! The reason we're using `warmServer()` in this script, // even though there's no server involved, is because @@ -133,6 +148,14 @@ async function main(opts, files) { const pages = getPages(pageList, languages, filters, files, max) debug && console.timeEnd('getPages') + if (checkExternalLinks && pages.length >= 100) { + console.warn( + chalk.yellow( + `Warning! Checking external URLs can be time costly. You're testing ${pages.length} pages.` + ) + ) + } + const processPagesStart = new Date() const flawsGroups = await Promise.all( pages.map((page) => processPage(page, pageMap, redirects, opts)) @@ -240,38 +263,58 @@ async function processPage(page, pageMap, redirects, opts) { } async function processPermalink(permalink, page, pageMap, redirects, opts) { - const { level, checkAnchors, checkImages } = opts + const { level, checkAnchors, checkImages, checkExternalLinks } = opts const html = await renderInnerHTML(page, permalink) const $ = cheerio.load(html) const flaws = [] + const links = [] $('a[href]').each((i, link) => { - const { href } = link.attribs - - // The global cache can't be used for anchor links because they - // depend on each page it renders - if (!href.startsWith('#')) { - if (globalHrefCheckCache.has(href)) { - globalCacheHitCount++ - return globalHrefCheckCache.get(href) - } - globalCacheMissCount++ - } - - const flaw = checkHrefLink(href, $, redirects, pageMap, checkAnchors) - - // Again if it's *not* an anchor link, we can use the cache. - if (!href.startsWith('#')) { - globalHrefCheckCache.set(href, flaw) - } - - if (flaw) { - if (level === 'critical' && !flaw.CRITICAL) { - return - } - const text = $(link).text() - flaws.push({ permalink, page, href, flaw, text }) - } + links.push(link) }) + const newFlaws = await Promise.all( + links.map(async (link) => { + const { href } = link.attribs + + // The global cache can't be used for anchor links because they + // depend on each page it renders + if (!href.startsWith('#')) { + if (globalHrefCheckCache.has(href)) { + globalCacheHitCount++ + return globalHrefCheckCache.get(href) + } + globalCacheMissCount++ + } + + const flaw = await checkHrefLink( + href, + $, + redirects, + pageMap, + checkAnchors, + checkExternalLinks + ) + + if (flaw) { + if (level === 'critical' && !flaw.CRITICAL) { + return + } + const text = $(link).text() + if (!href.startsWith('#')) { + globalHrefCheckCache.set(href, { href, flaw, text }) + } + return { href, flaw, text } + } else { + if (!href.startsWith('#')) { + globalHrefCheckCache.set(href, flaw) + } + } + }) + ) + for (const flaw of newFlaws) { + if (flaw) { + flaws.push(Object.assign(flaw, { page, permalink })) + } + } if (checkImages) { $('img[src]').each((i, img) => { @@ -353,7 +396,14 @@ const globalImageSrcCheckCache = new Map() let globalCacheHitCount = 0 let globalCacheMissCount = 0 -function checkHrefLink(href, $, redirects, pageMap, checkAnchors = false) { +async function checkHrefLink( + href, + $, + redirects, + pageMap, + checkAnchors = false, + checkExternalLinks = false +) { if (href === '#') { if (checkAnchors) { return { WARNING: 'Link is just an empty `#`' } @@ -399,9 +449,80 @@ function checkHrefLink(href, $, redirects, pageMap, checkAnchors = false) { return { CRITICAL: 'Broken link' } } } + } else if (checkExternalLinks) { + if (!href.startsWith('https://')) { + return { WARNING: `Will not check external URLs that are not HTTPS (${href})` } + } + if (linksToSkip(href)) { + return + } + let failed = false + + try { + failed = await checkExternalURL(href) + } catch (err) { + return { WARNING: `Got error when testing ${href}: ${err.toString()}` } + } + if (failed) { + return { CRITICAL: 'Broken external link ' } + } } } +const externalResponseCache = new Map() +const externalResponseWaiting = new Set() + +const sleep = (ms) => new Promise((resolve) => setTimeout(resolve, ms)) + +async function checkExternalURL(url) { + if (!url.startsWith('https://')) throw new Error('Invalid URL') + + if (externalResponseCache.has(url)) { + const result = externalResponseCache.get(url) + return result + } + if (externalResponseWaiting.has(url)) { + // Because this whole script is based on `Promise.all()` you can't + // guarantee that you first make the list of external URLs distinct, + // so you'll end up with N concurrent threads that both start, + // waiting for the same URL to check. + // If there's one going on, sleep and retry all over. + await sleep(500 + Math.random() * 100) + return await checkExternalURL(url) + } + externalResponseWaiting.add(url) + + // The way `got` does retries: + // + // sleep = 1000 * Math.pow(2, retry - 1) + Math.random() * 100 + // + // So, it means: + // + // 1. ~1000ms + // 2. ~2000ms + // 3. ~4000ms + // + // ...if the limit we set is 3. + // Our own timeout, in ./middleware/timeout.js defaults to 10 seconds. + // So there's no point in trying more attempts than 3 because it would + // just timeout on the 10s. (i.e. 1000 + 2000 + 4000 + 8000 > 10,000) + const retry = { + limit: 3, + } + const timeout = 2000 + + const r = await got(url, { + throwHttpErrors: false, + retry, + timeout, + }) + + const failed = r.statusCode !== 200 + externalResponseCache.set(url, failed) + externalResponseWaiting.delete(url) + return failed +} + function checkImageSrc(src, $) { const pathname = new URL(src, 'http://example.com').pathname if (!pathname.startsWith('/')) {