diff --git a/assets/images/help/repository/code-scanning-check-failure-setting.png b/assets/images/help/repository/code-scanning-check-failure-setting.png new file mode 100644 index 0000000000..ae7c27e85f Binary files /dev/null and b/assets/images/help/repository/code-scanning-check-failure-setting.png differ diff --git a/content/actions/creating-actions/creating-a-javascript-action.md b/content/actions/creating-actions/creating-a-javascript-action.md index 9a2422148c..4dceda5422 100644 --- a/content/actions/creating-actions/creating-a-javascript-action.md +++ b/content/actions/creating-actions/creating-a-javascript-action.md @@ -35,13 +35,13 @@ Once you complete this project, you should understand how to build your own Java ### Prerequisites -Before you begin, you'll need to download Node.js and create a GitHub repository. +Before you begin, you'll need to download Node.js and create a public {% data variables.product.prodname_dotcom %} repository. 1. Download and install Node.js 12.x, which includes npm. https://nodejs.org/en/download/current/ -1. Create a new repository on {% data variables.product.product_location %}. You can choose any repository name or use "hello-world-javascript-action" like this example. You can add these files after your project has been pushed to {% data variables.product.product_name %}. For more information, see "[Create a new repository](/articles/creating-a-new-repository)." +1. Create a new public repository on {% data variables.product.product_location %} and call it "hello-world-javascript-action". For more information, see "[Create a new repository](/articles/creating-a-new-repository)." 1. Clone your repository to your computer. For more information, see "[Cloning a repository](/articles/cloning-a-repository)." @@ -51,7 +51,7 @@ Before you begin, you'll need to download Node.js and create a GitHub repository cd hello-world-javascript-action ``` -1. From your terminal, initialize the directory with a `package.json` file. +1. From your terminal, initialize the directory with npm to generate a `package.json` file. ```shell npm init -y @@ -59,10 +59,8 @@ Before you begin, you'll need to download Node.js and create a GitHub repository ### Creating an action metadata file -Create a new file `action.yml` in the `hello-world-javascript-action` directory with the following example code. For more information, see "[Metadata syntax for {% data variables.product.prodname_actions %}](/actions/creating-actions/metadata-syntax-for-github-actions)." +Create a new file named `action.yml` in the `hello-world-javascript-action` directory with the following example code. For more information, see "[Metadata syntax for {% data variables.product.prodname_actions %}](/actions/creating-actions/metadata-syntax-for-github-actions)." - -**action.yml** ```yaml name: 'Hello World' description: 'Greet someone and record the time' @@ -108,7 +106,7 @@ GitHub Actions provide context information about the webhook event, Git refs, wo Add a new file called `index.js`, with the following code. -**index.js** +{% raw %} ```javascript const core = require('@actions/core'); const github = require('@actions/github'); @@ -126,6 +124,7 @@ try { core.setFailed(error.message); } ``` +{% endraw %} If an error is thrown in the above `index.js` example, `core.setFailed(error.message);` uses the actions toolkit [`@actions/core`](https://github.com/actions/toolkit/tree/main/packages/core) package to log a message and set a failing exit code. For more information, see "[Setting exit codes for actions](/actions/creating-actions/setting-exit-codes-for-actions)." @@ -143,7 +142,6 @@ In your `hello-world-javascript-action` directory, create a `README.md` file tha - Environment variables the action uses. - An example of how to use your action in a workflow. -**README.md** ```markdown # Hello world javascript action @@ -180,7 +178,7 @@ It's best practice to also add a version tag for releases of your action. For mo ```shell git add action.yml index.js node_modules/* package.json package-lock.json README.md git commit -m "My first action is ready" -git tag -a -m "My first action release" v1 +git tag -a -m "My first action release" v1.1 git push --follow-tags ``` @@ -205,7 +203,7 @@ Checking in your `node_modules` directory can cause problems. As an alternative, ```shell git add action.yml dist/index.js node_modules/* git commit -m "Use vercel/ncc" -git tag -a -m "My first action release" v1 +git tag -a -m "My first action release" v1.1 git push --follow-tags ``` @@ -217,10 +215,11 @@ Now you're ready to test your action out in a workflow. When an action is in a p #### Example using a public action -The following workflow code uses the completed hello world action in the `actions/hello-world-javascript-action` repository. Copy the workflow code into a `.github/workflows/main.yml` file, but replace the `actions/hello-world-javascript-action` repository with the repository you created. You can also replace the `who-to-greet` input with your name. +This example demonstrates how your new public action can be run from within an external repository. + +Copy the following YAML into a new file at `.github/workflows/main.yml`, and update the `uses: octocat/hello-world-javascript-action@v1.1` line with your username and the name of the public repository you created above. You can also replace the `who-to-greet` input with your name. {% raw %} -**.github/workflows/main.yml** ```yaml on: [push] @@ -231,7 +230,7 @@ jobs: steps: - name: Hello world action step id: hello - uses: actions/hello-world-javascript-action@v1.1 + uses: octocat/hello-world-javascript-action@v1.1 with: who-to-greet: 'Mona the Octocat' # Use the output from the `hello` step @@ -240,6 +239,8 @@ jobs: ``` {% endraw %} +When this workflow is triggered, the runner will download the `hello-world-javascript-action` action from your public repository and then execute it. + #### Example using a private action Copy the workflow code into a `.github/workflows/main.yml` file in your action's repository. You can also replace the `who-to-greet` input with your name. diff --git a/content/code-security/secure-coding/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning.md b/content/code-security/secure-coding/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning.md index 8486ebbae8..6472b829e9 100644 --- a/content/code-security/secure-coding/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning.md +++ b/content/code-security/secure-coding/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning.md @@ -81,6 +81,18 @@ For more information about the `pull_request` event, see "[Workflow syntax for { If you scan pull requests, then the results appear as alerts in a pull request check. For more information, see "[Triaging code scanning alerts in pull requests](/code-security/secure-coding/triaging-code-scanning-alerts-in-pull-requests)." +{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@3.1" or currentVersion == "github-ae@next" %} +#### Defining the alert severities causing pull request check failure + +By default, only alerts with the severity level of `error` will cause a pull request check failure, and a check will still succeed with alerts of lower severities. You can change the levels of alert severities that will cause a pull request check failure in your repository settings. + +{% data reusables.repositories.navigate-to-repo %} +{% data reusables.repositories.sidebar-settings %} +{% data reusables.repositories.navigate-to-security-and-analysis %} +1. Under "Code scanning", to the right of "Check Failure", use the drop-down menu to select the level of severity you would like to cause a pull request check failure. +![Check failure setting](/assets/images/help/repository/code-scanning-check-failure-setting.png) +{% endif %} + #### Avoiding unnecessary scans of pull requests You might want to avoid a code scan being triggered on specific pull requests targeted against the default branch, irrespective of which files have been changed. You can configure this by specifying `on:pull_request:paths-ignore` or `on:pull_request:paths` in the {% data variables.product.prodname_code_scanning %} workflow. For example, if the only changes in a pull request are to files with the file extensions `.md` or `.txt` you can use the following `paths-ignore` array. diff --git a/content/code-security/secure-coding/automatically-scanning-your-code-for-vulnerabilities-and-errors/triaging-code-scanning-alerts-in-pull-requests.md b/content/code-security/secure-coding/automatically-scanning-your-code-for-vulnerabilities-and-errors/triaging-code-scanning-alerts-in-pull-requests.md index 0074f86637..a00836e0a5 100644 --- a/content/code-security/secure-coding/automatically-scanning-your-code-for-vulnerabilities-and-errors/triaging-code-scanning-alerts-in-pull-requests.md +++ b/content/code-security/secure-coding/automatically-scanning-your-code-for-vulnerabilities-and-errors/triaging-code-scanning-alerts-in-pull-requests.md @@ -27,7 +27,11 @@ topics: In repositories where {% data variables.product.prodname_code_scanning %} is configured as a pull request check, {% data variables.product.prodname_code_scanning %} checks the code in the pull request. By default, this is limited to pull requests that target the default branch, but you can change this configuration within {% data variables.product.prodname_actions %} or in a third-party CI/CD system. If merging the changes would introduce new {% data variables.product.prodname_code_scanning %} alerts to the target branch, these are reported as check results in the pull request. The alerts are also shown as annotations in the **Files changed** tab of the pull request. If you have write permission for the repository, you can see any existing {% data variables.product.prodname_code_scanning %} alerts on the **Security** tab. For information about repository alerts, see "[Managing {% data variables.product.prodname_code_scanning %} alerts for your repository](/code-security/secure-coding/managing-code-scanning-alerts-for-your-repository)." -If {% data variables.product.prodname_code_scanning %} has any results with a severity of `error`, the check fails and the error is reported in the check results. If all the results found by {% data variables.product.prodname_code_scanning %} have lower severities, the alerts are treated as warnings or notices and the check succeeds. If your pull request targets a protected branch that uses {% data variables.product.prodname_code_scanning %}, and the repository owner has configured required status checks, then you must either fix or dismiss all error alerts before the pull request can be merged. For more information, see "[About protected branches](/github/administering-a-repository/about-protected-branches#require-status-checks-before-merging)." +If {% data variables.product.prodname_code_scanning %} has any results with a severity of `error`, the check fails and the error is reported in the check results. If all the results found by {% data variables.product.prodname_code_scanning %} have lower severities, the alerts are treated as warnings or notices and the check succeeds. + +{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@3.1" or currentVersion == "github-ae@next" %}You can override the default behavior in your repository settings, by specifying the level of severities that will cause a pull request check failure. For more information, see "[Defining the alert severities causing pull request check failure](/code-security/secure-coding/configuring-code-scanning#defining-the-alert-severities-causing-pull-request-check-failure)". + +{% endif %}If your pull request targets a protected branch that uses {% data variables.product.prodname_code_scanning %}, and the repository owner has configured required status checks, then you must either fix or dismiss all error alerts before the pull request can be merged. For more information, see "[About protected branches](/github/administering-a-repository/about-protected-branches#require-status-checks-before-merging)." ![Failed {% data variables.product.prodname_code_scanning %} check on a pull request](/assets/images/help/repository/code-scanning-check-failure.png) diff --git a/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/configuration-options-for-dependency-updates.md b/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/configuration-options-for-dependency-updates.md index 525ea937dd..6cd888d83e 100644 --- a/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/configuration-options-for-dependency-updates.md +++ b/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/configuration-options-for-dependency-updates.md @@ -298,7 +298,7 @@ Dependencies ignored by using the `@dependabot ignore` command are stored centra You can check whether a repository has stored `ignore` preferences by searching the repository for `"@dependabot ignore" in:comments`. If you wish to un-ignore a dependency ignored this way, re-open the pull request. -For more information about the `@dependabot ignore` commands, see "[Managing pull requests for dependency updates](/github/administering-a-repository/managing-pull-requests-for-dependency-updates)." +For more information about the `@dependabot ignore` commands, see "[Managing pull requests for dependency updates](/github/administering-a-repository/managing-pull-requests-for-dependency-updates#managing-dependabot-pull-requests-with-comment-commands)." ##### Specifying dependencies and versions to ignore diff --git a/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/managing-pull-requests-for-dependency-updates.md b/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/managing-pull-requests-for-dependency-updates.md index e4de9c94be..61bdee14ee 100644 --- a/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/managing-pull-requests-for-dependency-updates.md +++ b/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/managing-pull-requests-for-dependency-updates.md @@ -37,6 +37,21 @@ By default, {% data variables.product.prodname_dependabot %} automatically rebas ### Managing {% data variables.product.prodname_dependabot %} pull requests with comment commands -{% data variables.product.prodname_dependabot %} responds to simple commands in comments. Each pull request contains details of the commands you can use to process the pull request, for example: to merge, squash, reopen, close, or rebase the pull request. The aim is to make it as easy as possible for you to triage these automatically generated pull requests. +{% data variables.product.prodname_dependabot %} responds to simple commands in comments. Each pull request contains details of the commands you can use to process the pull request (for example: to merge, squash, reopen, close, or rebase the pull request) under the "{% data variables.product.prodname_dependabot %} commands and options" section. The aim is to make it as easy as possible for you to triage these automatically generated pull requests. + +You can use any of the following commands on a {% data variables.product.prodname_dependabot %} pull request. + +- `@dependabot cancel merge` cancels a previously requested merge. +- `@dependabot close` closes the pull request and prevents {% data variables.product.prodname_dependabot %} from recreating that pull request. You can achieve the same result by closing the pull request manually. +- `@dependabot ignore this dependency` closes the pull request and prevents {% data variables.product.prodname_dependabot %} from creating any more pull requests for this dependency (unless you reopen the pull request or upgrade to the suggested version of the dependency yourself). +- `@dependabot ignore this major version` closes the pull request and prevents {% data variables.product.prodname_dependabot %} from creating any more pull requests for this major version (unless you reopen the pull request or upgrade to this major version yourself). +- `@dependabot ignore this minor version` closes the pull request and prevents {% data variables.product.prodname_dependabot %} from creating any more pull requests for this minor version (unless you reopen the pull request or upgrade to this minor version yourself). +- `@dependabot merge` merges the pull request once your CI tests have passed. +- `@dependabot rebase` rebases the pull request. +- `@dependabot recreate` recreates the pull request, overwriting any edits that have been made to the pull request. +- `@dependabot reopen` reopens the pull request if the pull request is closed. +- `@dependabot squash and merge` squashes and merges the pull request once your CI tests have passed. + +{% data variables.product.prodname_dependabot %} will react with a "thumbs up" emoji to acknowledge the command, and may respond with a comment on the pull request. While {% data variables.product.prodname_dependabot %} usually responds quickly, some commands may take several minutes to complete if {% data variables.product.prodname_dependabot %} is busy processing other updates or commands. If you run any of the commands for ignoring dependencies or versions, {% data variables.product.prodname_dependabot %} stores the preferences for the repository centrally. While this is a quick solution, for repositories with more than one contributor it is better to explicitly define the dependencies and versions to ignore in the configuration file. This makes it easy for all contributors to see why a particular dependency isn't being updated automatically. For more information, see "[Configuration options for dependency updates](/github/administering-a-repository/configuration-options-for-dependency-updates#ignore)." diff --git a/content/github/searching-for-information-on-github/index.md b/content/github/searching-for-information-on-github/index.md index ceb7bad7f2..44f1a5dc1e 100644 --- a/content/github/searching-for-information-on-github/index.md +++ b/content/github/searching-for-information-on-github/index.md @@ -1,5 +1,6 @@ --- title: Searching for information on GitHub +intro: Use different types of searches to find the information you want. redirect_from: - /categories/78/articles/ - /categories/search/ @@ -14,4 +15,3 @@ children: - /getting-started-with-searching-on-github - /searching-on-github --- - diff --git a/data/reusables/gpg/copy-gpg-key-id.md b/data/reusables/gpg/copy-gpg-key-id.md index 3b49b14def..944dd0f138 100644 --- a/data/reusables/gpg/copy-gpg-key-id.md +++ b/data/reusables/gpg/copy-gpg-key-id.md @@ -1,6 +1,6 @@ -1. From the list of GPG keys, copy the GPG key ID you'd like to use. In this example, the GPG key ID is `3AA5C34371567BD2`: +1. From the list of GPG keys, copy the long form of the GPG key ID you'd like to use. In this example, the GPG key ID is `3AA5C34371567BD2`: ```shell - $ gpg --list-secret-keys --keyid-format LONG + $ gpg --list-secret-keys --keyid-format=long /Users/hubot/.gnupg/secring.gpg ------------------------------------ sec 4096R/3AA5C34371567BD2 2016-03-10 [expires: 2017-03-10] diff --git a/data/reusables/gpg/list-keys-with-note.md b/data/reusables/gpg/list-keys-with-note.md index d2da074b36..3dfe6910ca 100644 --- a/data/reusables/gpg/list-keys-with-note.md +++ b/data/reusables/gpg/list-keys-with-note.md @@ -1,7 +1,7 @@ -1. Use the `gpg --list-secret-keys --keyid-format LONG` command to list GPG keys for which you have both a public and private key. A private key is required for signing commits or tags. +1. Use the `gpg --list-secret-keys --keyid-format=long` command to list the long form of the GPG keys for which you have both a public and private key. A private key is required for signing commits or tags. ```shell - $ gpg --list-secret-keys --keyid-format LONG + $ gpg --list-secret-keys --keyid-format=long ``` {% note %}