Merge branch 'main' of github.com:github/docs-internal into check-links-improvement-redux

Author: sarahs

.github/allowed-actions.js

@@ -25,7 +25,7 @@ module.exports = [
   'pascalgn/automerge-action@c9bd182',
   'peter-evans/create-issue-from-file@a04ce672e3acedb1f8e416b46716ddfd09905326',
   'peter-evans/create-or-update-comment@5221bf4aa615e5c6e95bb142f9673a9c791be2cd',
-  'peter-evans/create-pull-request@938e6aea6f8dbdaced2064e948cb806c77fe87b8',
+  'peter-evans/create-pull-request@8c603dbb04b917a9fc2dd991dc54fef54b640b43',
   'rachmari/actions-add-new-issue-to-column@1a459ef92308ba7c9c9dc2fcdd72f232495574a9',
   'rachmari/labeler@832d42ec5523f3c6d46e8168de71cd54363e3e2e',
   'repo-sync/github-sync@3832fe8e2be32372e1b3970bbae8e7079edeec88',

.github/workflows/remove-unused-assets.yml

@@ -33,7 +33,7 @@ jobs:
       - name: Remove script results file
         run: rm -rf ./results.md
       - name: Create pull request
-        uses: peter-evans/create-pull-request@938e6aea6f8dbdaced2064e948cb806c77fe87b8
+        uses: peter-evans/create-pull-request@8c603dbb04b917a9fc2dd991dc54fef54b640b43
         with:
           # need to use a token with repo and workflow scopes for this step
           token: ${{ secrets.OCTOMERGER_PAT_WITH_REPO_AND_WORKFLOW_SCOPE }}

.github/workflows/repo-sync-stalls.yml

@@ -40,7 +40,7 @@ jobs:
               const timeDelta = Date.now() - Date.parse(pr.created_at);
               const minutesOpen = timeDelta / 1000 / 60;
 
-              if (minutesOpen > 30) {
+              if (minutesOpen > 180) {
                 core.setFailed('Repo sync appears to be stalled') 
               }
             })

.github/workflows/triage-unallowed-contributions.yml

@@ -1,27 +1,24 @@
 name: Check unallowed file changes
 
 on:
-  push:
+  pull_request_target:
+    paths:
+      - '.github/workflows/**'
+      - '.github/CODEOWNERS'
+      - 'translations/**'
+      - 'assets/fonts/**'
+      - 'data/graphql/**'
+      - 'lib/graphql/**'
+      - 'lib/redirects/**'
+      - 'lib/rest/**'
+      - 'lib/webhooks/**'
 
 jobs:
   triage:
     if: github.repository == 'github/docs' && github.event.pull_request.user.login != 'Octomerger'
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
-      - name: Get pull request number
-        id: pull-number
-        uses: actions/github-script@626af12fe9a53dc2972b48385e7fe7dec79145c9
-        with:
-          github-token: ${{secrets.GITHUB_TOKEN}}
-          result-encoding: string
-          script: |
-            const pulls = await github.repos.listPullRequestsAssociatedWithCommit({
-              ...context.repo,
-              commit_sha: context.sha
-            })
-
-            return pulls.data.map(pull => pull.number).shift()
       - name: Check for existing requested changes
         id: requested-change
         uses: actions/github-script@626af12fe9a53dc2972b48385e7fe7dec79145c9
@@ -31,13 +28,19 @@ jobs:
           script: |
             const pullReviews = await github.pulls.listReviews({
               ...context.repo,
-              pull_number: ${{steps.pull-number.outputs.result}}
+              pull_number: context.payload.number
             })
 
-            return pullReviews.data
+            const botReviews = pullReviews.data
               .filter(review => review.user.login === 'github-actions[bot]')
               .sort((a, b) => new Date(b.submitted_at) - new Date(a.submitted_at))
               .shift()
+
+            if (botReviews) {
+              console.log(`Pull request reviews authored by the github-action bot: ${botReviews}`)
+            }
+            return botReviews
+
       - name: Get files changed
         uses: dorny/paths-filter@eb75a1edc117d3756a18ef89958ee59f9500ba58
         id: filter
@@ -89,29 +92,31 @@ jobs:
             if (translationFiles.length > 0) {
               await github.issues.addLabels({
                 ...context.repo,
-                issue_number: ${{steps.pull-number.outputs.result}},
+                issue_number: context.payload.number,
                 labels: ['localization']
               })
               reviewMessage += "\n\nIt looks like you've modified translated content. Unfortunately, we are not able to accept pull requests for translated content. Our translation process involves an integration with an external service at crowdin.com, where all translation activity happens. We hope to eventually open up the translation process to the open source community, but we're not there yet. See https://github.com/github/docs/blob/main/CONTRIBUTING.md#earth_asia-translations for more details."
             }
 
             await github.pulls.createReview({
               ...context.repo,
-              pull_number: ${{steps.pull-number.outputs.result}},
+              pull_number: context.payload.number,
               body: reviewMessage,
               event: 'REQUEST_CHANGES'
             })
       # When the most recent review was CHANGES_REQUESTED and the existing
       # PR no longer contains unallowed changes, dismiss the previous review
       - name: Dismiss pull request review
-        if: ${{ steps.filter.outputs.notAllowed == 'false' && fromJson(steps.requested-change.outputs.result).state == 'CHANGES_REQUESTED' }}
+        # Check that unallowed files aren't modified and that a
+        # CHANGES_REQUESTED review already exists
+        if: ${{ steps.filter.outputs.notAllowed == 'false' && steps.requested-change.outputs.result && fromJson(steps.requested-change.outputs.result).state == 'CHANGES_REQUESTED' }}
         uses: actions/github-script@626af12fe9a53dc2972b48385e7fe7dec79145c9
         with:
           github-token: ${{secrets.GITHUB_TOKEN}}
           script: |
             await github.pulls.dismissReview({
               ...context.repo,
-              pull_number: ${{steps.pull-number.outputs.result}},
+              pull_number: context.payload.number,
               review_id: ${{fromJson(steps.requested-change.outputs.result).id}},
               message: `✨Looks like you reverted all files we don't accept contributions for. 🙌 A member of the docs team will review your PR soon. 🚂`
             })

.github/workflows/update-graphql-files.yml

@@ -9,6 +9,7 @@ env:
   FREEZE: ${{ secrets.FREEZE }}
 
 on:
+  workflow_dispatch:
   schedule:
     - cron: '20 16 * * *' # run every day at 16:20 UTC / 8:20 PST
 
@@ -36,15 +37,15 @@ jobs:
       - name: Run updater scripts
         env:
           # need to use a token from a user with access to github/github for this step
-          GITHUB_TOKEN: ${{ secrets.ZEKE_PAT_WITH_REPO_AND_WORKFLOW_SCOPE_FOR_REPO_SYNC }}
+          GITHUB_TOKEN: ${{ secrets.RACHMARI_REPO_WORKFLOW }}
         run: |
           script/graphql/update-files.js
       - name: Create pull request
         id: create-pull-request
-        uses: peter-evans/create-pull-request@938e6aea6f8dbdaced2064e948cb806c77fe87b8
+        uses: peter-evans/create-pull-request@8c603dbb04b917a9fc2dd991dc54fef54b640b43
         with:
           # need to use a token with repo and workflow scopes for this step
-          token: ${{ secrets.OCTOMERGER_PAT_WITH_REPO_AND_WORKFLOW_SCOPE }}
+          token: ${{ secrets.GITHUB_TOKEN }}
           commit-message: 'Action ran graphql script"update-files"'
           title: GraphQL schema update
           body:

Gemfile.lock

@@ -10,10 +10,11 @@ GEM
 
 PLATFORMS
   ruby
+  x86_64-linux
 
 DEPENDENCIES
   graphql (= 1.10.6)
   graphql-schema_comparator (~> 1.0.0)
 
 BUNDLED WITH
-   2.1.4
+   2.2.1

app.json

@@ -2,9 +2,11 @@
   "name": "docs.github.com",
   "env": {
     "NODE_ENV": "production",
-    "NPM_CONFIG_PRODUCTION": "true"
+    "NPM_CONFIG_PRODUCTION": "true",
+    "ENABLED_LANGUAGES": "en, de"
   },
   "buildpacks": [
+    { "url": "https://github.com/DataDog/heroku-buildpack-datadog.git#1.21" },
     { "url": "heroku/nodejs" }
   ],
   "formation": {

assets/images/actions-approve-deployments.png

@@ -117,6 +117,7 @@ runs:
 {% endraw %}
 
 #### `outputs.<output_id>.value`
+
 **Required** The value that the output parameter will be mapped to. You can set this to a `string` or an expression with context. For example, you can use the `steps` context to set the `value` of an output to the output value of a step.
 
 For more information on how to use context and expression syntax, see "[Context and expression syntax for {% data variables.product.prodname_actions %}](/actions/reference/context-and-expression-syntax-for-github-actions)".
@@ -205,7 +206,7 @@ For example, this `cleanup.js` will only run on Linux-based runners:
 
 **Required** The run steps that you plan to run in this action.
 
-##### `runs.steps.run`
+##### `runs.steps[*].run`
 
 **Required** The command you want to run. This can be inline or a script in your action repository:
 ```yaml
@@ -228,23 +229,23 @@ runs:
 
 For more information, see "[`github context`](/actions/reference/context-and-expression-syntax-for-github-actions#github-context)".
 
-##### `runs.steps.shell`
+##### `runs.steps[*].shell`
 
 **Required** The shell where you want to run the command. You can use any of the shells listed [here](/actions/reference/workflow-syntax-for-github-actions#using-a-specific-shell).
 
-##### `runs.steps.name`
+##### `runs.steps[*].name`
 
 **Optional** The name of the composite run step.
 
-##### `runs.steps.id`
+##### `runs.steps[*].id`
 
 **Optional** A unique identifier for the step. You can use the `id` to reference the step in contexts. For more information, see "[Context and expression syntax for {% data variables.product.prodname_actions %}](/actions/reference/context-and-expression-syntax-for-github-actions)".
 
-##### `runs.steps.env`
+##### `runs.steps[*].env`
 
 **Optional**  Sets a `map` of environment variables for only that step. If you want to modify the environment variable stored in the workflow, use {% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "[email protected]" %}`echo "{name}={value}" >> $GITHUB_ENV`{% else %}`echo "::set-env name={name}::{value}"`{% endif %} in a composite run step.
 
-##### `runs.steps.working-directory`
+##### `runs.steps[*].working-directory`
 
 **Optional**  Specifies the working directory where the command is run.
 

assets/images/actions-review-deployments.png

@@ -25,7 +25,7 @@ Building and testing your code requires a server. You can build and test updates
 
 ### About continuous integration using {% data variables.product.prodname_actions %}
 
-CI using {% data variables.product.prodname_actions %} offers workflows that can build the code in your repository and run your tests. Workflows can run on {% data variables.product.prodname_dotcom %}-hosted virtual machines, or on machines that you host yourself. For more information, see "[Virtual environments for {% data variables.product.prodname_dotcom %}-hosted runners](/actions/automating-your-workflow-with-github-actions/virtual-environments-for-github-hosted-runners)," and "[About self-hosted runners](/actions/automating-your-workflow-with-github-actions/about-self-hosted-runners)."
+CI using {% data variables.product.prodname_actions %} offers workflows that can build the code in your repository and run your tests. Workflows can run on {% data variables.product.prodname_dotcom %}-hosted virtual machines, or on machines that you host yourself. For more information, see "[Virtual environments for {% data variables.product.prodname_dotcom %}-hosted runners](/actions/automating-your-workflow-with-github-actions/virtual-environments-for-github-hosted-runners)" and "[About self-hosted runners](/actions/automating-your-workflow-with-github-actions/about-self-hosted-runners)."
 
 You can configure your CI workflow to run when a {% data variables.product.product_name %} event occurs (for example, when new code is pushed to your repository), on a set schedule, or when an external event occurs using the repository dispatch webhook.
 

assets/images/environments-sidebar.png

@@ -193,9 +193,9 @@ steps:
 
 {% data reusables.github-actions.setup-node-intro %}
 
-To authenticate to your private registry, you'll need to store your npm authentication token as a secret in your repository settings. For example, create a secret called `NPM_TOKEN`. For more information, see "[Creating and using encrypted secrets](/actions/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets)."
+To authenticate to your private registry, you'll need to store your npm authentication token as a secret. For example, create a repository secret called `NPM_TOKEN`. For more information, see "[Creating and using encrypted secrets](/actions/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets)."
 
-In the example below, the secret `NPM_TOKEN` stores the npm authentication token. The `setup-node` action configures the *.npmrc* file to read the npm authentication token from the `NODE_AUTH_TOKEN` environment variable. When using the `setup-node` action to create an *.npmrc* file, you must set the `NPM_AUTH_TOKEN` environment variable with the secret that contains your npm authentication token.
+In the example below, the secret `NPM_TOKEN` stores the npm authentication token. The `setup-node` action configures the *.npmrc* file to read the npm authentication token from the `NODE_AUTH_TOKEN` environment variable. When using the `setup-node` action to create an *.npmrc* file, you must set the `NODE_AUTH_TOKEN` environment variable with the secret that contains your npm authentication token.
 
 Before installing dependencies, use the `setup-node` action to create the *.npmrc* file. The action has two input parameters. The `node-version` parameter sets the Node.js version, and the `registry-url` parameter sets the default registry. If your package registry uses scopes, you must use the `scope` parameter. For more information, see [`npm-scope`](https://docs.npmjs.com/misc/scope).
 

assets/images/help/enterprises/add-a-domain-button.png

@@ -214,7 +214,7 @@ The `always()` function configures the job to continue processing even if there
 
 ### Publishing to PowerShell Gallery
 
-You can configure your workflow to publish your PowerShell module to the PowerShell Gallery when your CI tests pass. You can use repository secrets to store any tokens or credentials needed to publish your package. For more information, see "[Creating and using encrypted secrets](/github/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets)."
+You can configure your workflow to publish your PowerShell module to the PowerShell Gallery when your CI tests pass. You can use secrets to store any tokens or credentials needed to publish your package. For more information, see "[Creating and using encrypted secrets](/github/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets)."
 
 The following example creates a package and uses `Publish-Module` to publish it to the PowerShell Gallery:
 

assets/images/help/enterprises/verified-domains-tab.png

@@ -391,7 +391,7 @@ jobs:
 
 You can configure your workflow to publish your Python package to any package registry you'd like when your CI tests pass.
 
-You can store any access tokens or credentials needed to publish your package using repository secrets. The following example creates and publishes a package to PyPI using `twine` and `dist`. For more information, see "[Creating and using encrypted secrets](/github/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets)."
+You can store any access tokens or credentials needed to publish your package using secrets. The following example creates and publishes a package to PyPI using `twine` and `dist`. For more information, see "[Creating and using encrypted secrets](/github/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets)."
 
 {% raw %}
 ```yaml

assets/images/help/pull_requests/allow-auto-merge-checkbox.png

@@ -50,7 +50,7 @@ To push to Docker Hub, you will need to have a Docker Hub account, and have a Do
 
 The `build-push-action` options required for Docker Hub are:
 
-* `username` and `password`: This is your Docker Hub username and password. We recommend storing your Docker Hub username and password as encrypted secrets in your {% data variables.product.prodname_dotcom %} repository so they aren't exposed in your workflow file. For more information, see "[Creating and using encrypted secrets](/actions/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets)."
+* `username` and `password`: This is your Docker Hub username and password. We recommend storing your Docker Hub username and password as secrets so they aren't exposed in your workflow file. For more information, see "[Creating and using encrypted secrets](/actions/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets)."
 * `repository`: Your Docker Hub repository in the format `DOCKER-HUB-NAMESPACE/DOCKER-HUB-REPOSITORY`.
 
 {% raw %}

assets/images/help/pull_requests/confirm-auto-merge-button.png

@@ -44,7 +44,7 @@ If you add steps in your workflow to configure the `publishConfig` fields in you
 
 Each time you create a new release, you can trigger a workflow to publish your package. The workflow in the example below runs when the `release` event triggers with type `created`. The workflow publishes the package to the npm registry if CI tests pass.
 
-To perform authenticated operations against the npm registry in your workflow, you'll need to store your npm authentication token as a secret in your repository settings. For example, create a secret called `NPM_TOKEN`. For more information, see "[Creating and using encrypted secrets](/actions/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets)."
+To perform authenticated operations against the npm registry in your workflow, you'll need to store your npm authentication token as a secret. For example, create a repository secret called `NPM_TOKEN`. For more information, see "[Creating and using encrypted secrets](/actions/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets)."
 
 By default, npm uses the `name` field of the *package.json* file to determine the npm registry. When publishing to a global namespace, you only need to include the package name. For example, you would publish a package named `npm-hello-world-test` to the `https://www.npmjs.com/package/npm-hello-world-test`.
 

assets/images/help/pull_requests/disable-auto-merge-button.png

@@ -25,18 +25,15 @@ featuredLinks:
     - /actions/reference/workflow-commands-for-github-actions
     - /actions/reference/environment-variables
 changelog:
+  - title: Workflow visualization
+    date: '2020-12-08'
+    href: https://github.blog/changelog/2020-12-08-github-actions-workflow-visualization/
   - title: Removing set-env and add-path commands on November 16
     date: '2020-11-09'
     href: https://github.blog/changelog/2020-10-01-github-actions-deprecating-set-env-and-add-path-commands/
   - title: Ubuntu-latest workflows will use Ubuntu-20.04
     date: '2020-10-29'
     href: https://github.blog/changelog/2020-10-29-github-actions-ubuntu-latest-workflows-will-use-ubuntu-20-04
-  - title: MacOS Big Sur Preview
-    date: '2020-10-29'
-    href: https://github.blog/changelog/2020-10-29-github-actions-macos-big-sur-preview
-  - title: Self-Hosted Runner Group Access Changes
-    date: '2020-10-16'
-    href: https://github.blog/changelog/2020-10-16-github-actions-self-hosted-runner-group-access-changes/
 
 product_video: https://www.youtube-nocookie.com/embed/cP0I9w2coGU
 

assets/images/help/pull_requests/enable-auto-merge-button.png

@@ -79,7 +79,7 @@ steps:
 
 #### Using branches
 
-Referring to a specific branch means that the action will always use include the latest updates on the target branch, but can create problems if those updates include breaking changes. This example targets a branch named `@main`:
+Referring to a specific branch means that the action will always use the latest updates on the target branch, but can create problems if those updates include breaking changes. This example targets a branch named `@main`:
 
 ```yaml
 steps: