Merge branch 'main' into patch-1

Author: nguyenalex836

.devcontainer/devcontainer.json

@@ -19,7 +19,8 @@
       // Set *default* container specific settings.json values on container create.
       "settings": {
         "terminal.integrated.shell.linux": "/bin/bash",
-        "cSpell.language": ",en"
+        "cSpell.language": ",en",
+        "git.autofetch": true
       },
       // Visual Studio Code extensions which help authoring for docs.github.com.
       "extensions": [

.github/PULL_REQUEST_TEMPLATE.md

@@ -4,7 +4,8 @@ Thank you for contributing to this project! You must fill out the information be
 
 ### Why:
 
-Closes:
+<!-- Paste the issue link or number here -->
+Closes: 
 
 <!-- If there's an existing issue for your change, please link to it above.
 If there's _not_ an existing issue, please open one first to make it more likely that this update will be accepted: https://github.com/github/docs/issues/new/choose. -->
@@ -16,6 +17,6 @@ If you made changes to the `content` directory, a table will populate in a comme
 
 ### Check off the following:
 
-- [ ] A subject matter expert (SME) has reviewed the technical accuracy of the content in this PR. In most cases, the author can be the SME. Open source contributions may require a SME review from GitHub staff.
+- [ ] A subject matter expert (SME) has reviewed the technical accuracy of the content in this PR. In most cases, the author can be the SME. Open source contributions may require an SME review from GitHub staff.
 - [ ] The changes in this PR meet [the docs fundamentals that are required for all content](http://docs.github.com/en/contributing/writing-for-github-docs/about-githubs-documentation-fundamentals).
-- [ ] All CI checks are passing.
+- [ ] All CI checks are passing and the changes look good in the preview environment.

.github/actions/cache-nextjs/action.yml

@@ -8,7 +8,7 @@ runs:
   using: 'composite'
   steps:
     - name: Cache .next/cache
-      uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0
+      uses: actions/cache@v4
       with:
         path: ${{ github.workspace }}/.next/cache
         # Generate a new cache whenever packages or source files change.

.github/actions/node-npm-setup/action.yml

@@ -6,7 +6,7 @@ runs:
   using: 'composite'
   steps:
     - name: Cache node_modules
-      uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0
+      uses: actions/cache@v4
       id: cache-node_modules
       env:
         # Default is 10 min, per segment, but we can make it much smaller

.github/actions/precompute-pageinfo/action.yml

@@ -17,16 +17,14 @@ runs:
     # Optionally, you can have it just do A (and not B and C).
 
     - name: Cache .pageinfo-cache.json.br (restore)
-      # You can't use a SHA on these. Only possible with `actions/cache@SHA...`
-      uses: actions/cache/restore@v3
+      uses: actions/cache/restore@v4
       with:
         path: .pageinfo-cache.json.br
         key: pageinfo-cache-
         restore-keys: pageinfo-cache-
 
-    # When we use this composite action from the workflows like
-    # Azure Preview Deploy and Azure Production Deploy, we don't have
-    # any Node installed or any of its packages. I.e. we never
+    # When we use this composite action from deployment workflows
+    # we don't have any Node installed or any of its packages. I.e. we never
     # run `npm ci` in those actions. For security sake.
     # So we can't do things that require Node code.
     # Tests and others will omit the `restore-only` input, but
@@ -40,7 +38,7 @@ runs:
 
     - name: Cache .remotejson-cache (save)
       if: ${{ inputs.restore-only == '' }}
-      uses: actions/cache/save@v3
+      uses: actions/cache/save@v4
       with:
         path: .pageinfo-cache.json.br
         key: pageinfo-cache-${{ github.sha }}

.github/actions/setup-elasticsearch/action.yml

@@ -19,7 +19,7 @@ runs:
     # Cache the elasticsearch image to prevent Docker Hub rate limiting
     - name: Cache Docker layers
       id: cache-docker-layers
-      uses: actions/cache@v2
+      uses: actions/cache@v4
       with:
         path: /tmp/docker-cache
         key: ${{ runner.os }}-elasticsearch-${{ inputs.elasticsearch_version }}

.github/actions/warmup-remotejson-cache/action.yml

@@ -14,16 +14,14 @@ runs:
     # You "wrap" the step that appends to disk and it will possibly retrieve
     # some from the cache, then save it when it's got more in it.
     - name: Cache .remotejson-cache (restore)
-      # You can't use a SHA on these. Only possible with `actions/cache@SHA...`
-      uses: actions/cache/restore@v3
+      uses: actions/cache/restore@v4
       with:
         path: .remotejson-cache
         key: remotejson-cache-
         restore-keys: remotejson-cache-
 
-    # When we use this composite action from the workflows like
-    # Azure Preview Deploy and Azure Production Deploy, we don't have
-    # any Node installed or any of its packages. I.e. we never
+    # When we use this composite action from deployment workflows
+    # we don't have any Node installed or any of its packages. I.e. we never
     # run `npm ci` in those actions. For security sake.
     # So we can't do things that require Node code.
     # Tests and others will omit the `restore-only` input, but
@@ -37,7 +35,7 @@ runs:
 
     - name: Cache .remotejson-cache (save)
       if: ${{ inputs.restore-only == '' }}
-      uses: actions/cache/save@v3
+      uses: actions/cache/save@v4
       with:
         path: .remotejson-cache
         key: remotejson-cache-${{ github.sha }}

.github/branch_protection_settings/main.json

@@ -4,7 +4,6 @@
     "url": "https://api.github.com/repos/github/docs-internal/branches/main/protection/required_status_checks",
     "strict": true,
     "contexts": [
-      "Build and deploy Azure preview environment",
       "automated-pipelines",
       "github-apps",
       "graphql",
@@ -41,14 +40,13 @@
       "workflows",
       "lint-code",
       "secret-scanning",
-      "pagelist"
+      "pagelist",
+      "docs-internal-docker-image / docs-internal-docker-image",
+      "docs-internal-docker-security / docs-internal-docker-security",
+      "docs-internal-moda-config-bundle / docs-internal-moda-config-bundle"
     ],
     "contexts_url": "https://api.github.com/repos/github/docs-internal/branches/main/protection/required_status_checks/contexts",
     "checks": [
-      {
-        "context": "Build and deploy Azure preview environment",
-        "app_id": 15368
-      },
       { "context": "automated-pipelines", "app_id": 15368 },
       { "context": "github-apps", "app_id": 15368 },
       { "context": "graphql", "app_id": 15368 },
@@ -85,7 +83,19 @@
       { "context": "workflows", "app_id": 15368 },
       { "context": "lint-code", "app_id": 15368 },
       { "context": "secret-scanning", "app_id": 15368 },
-      { "context": "pagelist", "app_id": 15368 }
+      { "context": "pagelist", "app_id": 15368 },
+      {
+        "context": "docs-internal-docker-image / docs-internal-docker-image",
+        "app_id": 15368
+      },
+      {
+        "context": "docs-internal-docker-security / docs-internal-docker-security",
+        "app_id": 15368
+      },
+      {
+        "context": "docs-internal-moda-config-bundle / docs-internal-moda-config-bundle",
+        "app_id": 15368
+      }
     ]
   },
   "restrictions": {

.github/dependabot.yml

@@ -1,4 +1,10 @@
 version: 2
+registries:
+  ghcr: # Define access for a private registry
+    type: docker-registry
+    url: ghcr.io
+    username: PAT
+    password: ${{secrets.CONTAINER_BUILDER_TOKEN}}
 updates:
   - package-ecosystem: npm
     directory: '/'
@@ -23,11 +29,18 @@ updates:
       - dependency-name: '*'
         update-types:
           ['version-update:semver-patch', 'version-update:semver-minor']
+      - dependency-name: 'github/internal-actions'
 
   - package-ecosystem: 'docker'
+    registries:
+      - ghcr
     directory: '/'
     schedule:
       interval: weekly
       day: thursday
+    groups:
+      baseImages:
+        patterns:
+          - '*'
     ignore:
       - dependency-name: 'node'

.github/workflows/alert-changed-branch-protections.yml

@@ -4,7 +4,7 @@ on:
   branch_protection_rule:
   workflow_dispatch:
   schedule:
-    - cron: '20 16 * * 3' # Run every Wednesday at 16:30 UTC / 8:30 PST
+    - cron: '20 16 * * 3' # Run every Wednesday at 16:20 UTC / 8:20 PST
 
 permissions:
   contents: read