diff --git a/.github/workflows/automerge-dependencies.yml b/.github/workflows/automerge-dependencies.yml index 31ccf83f0fc9..e02ff47ab6cc 100644 --- a/.github/workflows/automerge-dependencies.yml +++ b/.github/workflows/automerge-dependencies.yml @@ -68,7 +68,7 @@ jobs: # Because we get far too much spam ;_; - name: Lock conversations - uses: actions/github-script@2b34a689ec86a68d8ab9478298f91d5401337b7d + uses: actions/github-script@9ac08808f993958e9de277fe43a64532a609130e env: PR_NUMBER: ${{ github.event.pull_request.number }} with: diff --git a/.github/workflows/azure-preview-env-deploy.yml b/.github/workflows/azure-preview-env-deploy.yml index c37dbedfdcce..bb664cc56596 100644 --- a/.github/workflows/azure-preview-env-deploy.yml +++ b/.github/workflows/azure-preview-env-deploy.yml @@ -109,7 +109,7 @@ jobs: - if: ${{ env.IS_INTERNAL_BUILD == 'true' }} name: Determine which docs-early-access branch to clone id: 'check-early-access' - uses: actions/github-script@2b34a689ec86a68d8ab9478298f91d5401337b7d + uses: actions/github-script@9ac08808f993958e9de277fe43a64532a609130e env: BRANCH_NAME: ${{ env.BRANCH_NAME }} with: diff --git a/.github/workflows/azure-prod-build-deploy.yml b/.github/workflows/azure-prod-build-deploy.yml index 2a10b09863bc..561d951b3b6c 100644 --- a/.github/workflows/azure-prod-build-deploy.yml +++ b/.github/workflows/azure-prod-build-deploy.yml @@ -96,7 +96,7 @@ jobs: # Watch staging slot instances to see when all the instances are ready - name: Check that staging slot is ready - uses: actions/github-script@2b34a689ec86a68d8ab9478298f91d5401337b7d + uses: actions/github-script@9ac08808f993958e9de277fe43a64532a609130e env: CHECK_INTERVAL: 10000 with: diff --git a/.github/workflows/check-for-spammy-issues.yml b/.github/workflows/check-for-spammy-issues.yml index b325dd08bd70..02cff7bbb6e4 100644 --- a/.github/workflows/check-for-spammy-issues.yml +++ b/.github/workflows/check-for-spammy-issues.yml @@ -17,7 +17,7 @@ jobs: if: github.repository == 'github/docs' runs-on: ubuntu-latest steps: - - uses: actions/github-script@2b34a689ec86a68d8ab9478298f91d5401337b7d + - uses: actions/github-script@9ac08808f993958e9de277fe43a64532a609130e with: github-token: ${{ secrets.DOCUBOT_READORG_REPO_WORKFLOW_SCOPES }} script: | diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml new file mode 100644 index 000000000000..c1cd6e5a9033 --- /dev/null +++ b/.github/workflows/codeql-analysis.yml @@ -0,0 +1,70 @@ +# For most projects, this workflow file will not need changing; you simply need +# to commit it to your repository. +# +# You may wish to alter this file to override the set of languages analyzed, +# or to provide custom queries or build logic. +# +# ******** NOTE ******** +# We have attempted to detect the languages in your repository. Please check +# the `language` matrix defined below to confirm you have the correct set of +# supported CodeQL languages. +# +name: "CodeQL" + +on: + push: + branches: [ main ] + pull_request: + # The branches below must be a subset of the branches above + branches: [ main ] + schedule: + - cron: '20 4 * * 1' + +jobs: + analyze: + name: Analyze + runs-on: ubuntu-latest + permissions: + actions: read + contents: read + security-events: write + + strategy: + fail-fast: false + matrix: + language: [ 'javascript', 'ruby' ] + # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ] + # Learn more about CodeQL language support at https://git.io/codeql-language-support + + steps: + - name: Checkout repository + uses: actions/checkout@v2 + + # Initializes the CodeQL tools for scanning. + - name: Initialize CodeQL + uses: github/codeql-action/init@v1 + with: + languages: ${{ matrix.language }} + # If you wish to specify custom queries, you can do so here or in a config file. + # By default, queries listed here will override any specified in a config file. + # Prefix the list here with "+" to use these queries and those in the config file. + # queries: ./path/to/local/query, your-org/your-repo/queries@main + + # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). + # If this step fails, then you should remove it and run the build manually (see below) + - name: Autobuild + uses: github/codeql-action/autobuild@v1 + + # ℹ️ Command-line programs to run using the OS shell. + # 📚 https://git.io/JvXDl + + # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines + # and modify them (or add more) to build your code if your project + # uses a compiled language + + #- run: | + # make bootstrap + # make release + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v1 diff --git a/.github/workflows/confirm-internal-staff-work-in-docs.yml b/.github/workflows/confirm-internal-staff-work-in-docs.yml index 81fa3788b5f4..962d48c549e3 100644 --- a/.github/workflows/confirm-internal-staff-work-in-docs.yml +++ b/.github/workflows/confirm-internal-staff-work-in-docs.yml @@ -23,7 +23,7 @@ jobs: if: github.repository == 'github/docs' && github.actor != 'docs-bot' steps: - id: membership_check - uses: actions/github-script@2b34a689ec86a68d8ab9478298f91d5401337b7d + uses: actions/github-script@9ac08808f993958e9de277fe43a64532a609130e env: TEAM_CONTENT_REPO: ${{ secrets.TEAM_CONTENT_REPO }} with: diff --git a/.github/workflows/copy-api-issue-to-internal.yml b/.github/workflows/copy-api-issue-to-internal.yml index 13bac002f1c0..432fce9ce1b9 100644 --- a/.github/workflows/copy-api-issue-to-internal.yml +++ b/.github/workflows/copy-api-issue-to-internal.yml @@ -19,7 +19,7 @@ jobs: if: (github.event.label.name == 'rest-description' || github.event.label.name == 'graphql-description') && github.repository == 'github/docs' steps: - name: Check if this run was triggered by a member of the docs team - uses: actions/github-script@2b34a689ec86a68d8ab9478298f91d5401337b7d + uses: actions/github-script@9ac08808f993958e9de277fe43a64532a609130e id: triggered-by-member with: github-token: ${{secrets.DOCUBOT_READORG_REPO_WORKFLOW_SCOPES}} diff --git a/.github/workflows/first-responder-docs-content.yml b/.github/workflows/first-responder-docs-content.yml index 1726c9ac960b..c3c6a700ca57 100644 --- a/.github/workflows/first-responder-docs-content.yml +++ b/.github/workflows/first-responder-docs-content.yml @@ -24,7 +24,7 @@ jobs: steps: - name: Check if the event originated from a team member - uses: actions/github-script@2b34a689ec86a68d8ab9478298f91d5401337b7d + uses: actions/github-script@9ac08808f993958e9de277fe43a64532a609130e id: set-result with: github-token: ${{secrets.DOCUBOT_READORG_REPO_WORKFLOW_SCOPES}} @@ -71,7 +71,7 @@ jobs: steps: - name: Remove card from project - uses: actions/github-script@2b34a689ec86a68d8ab9478298f91d5401337b7d + uses: actions/github-script@9ac08808f993958e9de277fe43a64532a609130e with: github-token: ${{secrets.DOCUBOT_READORG_REPO_WORKFLOW_SCOPES}} result-encoding: string diff --git a/.github/workflows/hubber-contribution-help.yml b/.github/workflows/hubber-contribution-help.yml index cc71b17a988e..f4f12793dd82 100644 --- a/.github/workflows/hubber-contribution-help.yml +++ b/.github/workflows/hubber-contribution-help.yml @@ -21,7 +21,7 @@ jobs: runs-on: ubuntu-latest steps: - id: membership_check - uses: actions/github-script@2b34a689ec86a68d8ab9478298f91d5401337b7d + uses: actions/github-script@9ac08808f993958e9de277fe43a64532a609130e with: github-token: ${{ secrets.DOCUBOT_READORG_REPO_WORKFLOW_SCOPES }} script: | diff --git a/.github/workflows/merged-notification.yml b/.github/workflows/merged-notification.yml index 8604b4223b5d..73f3e8534489 100644 --- a/.github/workflows/merged-notification.yml +++ b/.github/workflows/merged-notification.yml @@ -18,7 +18,7 @@ jobs: if: github.repository == 'github/docs' && github.event.pull_request.merged && github.event.pull_request.base.ref == github.event.repository.default_branch && github.event.pull_request.user.login != 'Octomerger' runs-on: ubuntu-latest steps: - - uses: actions/github-script@2b34a689ec86a68d8ab9478298f91d5401337b7d + - uses: actions/github-script@9ac08808f993958e9de277fe43a64532a609130e with: script: | github.issues.createComment({ diff --git a/.github/workflows/move-existing-issues-to-the-correct-repo.yml b/.github/workflows/move-existing-issues-to-the-correct-repo.yml index 05b994a52574..aa976c0ff322 100644 --- a/.github/workflows/move-existing-issues-to-the-correct-repo.yml +++ b/.github/workflows/move-existing-issues-to-the-correct-repo.yml @@ -15,7 +15,7 @@ jobs: runs-on: ubuntu-latest steps: - id: move_to_correct_repo - uses: actions/github-script@2b34a689ec86a68d8ab9478298f91d5401337b7d + uses: actions/github-script@9ac08808f993958e9de277fe43a64532a609130e env: TEAM_ENGINEERING_REPO: ${{ secrets.TEAM_ENGINEERING_REPO }} TEAM_CONTENT_REPO: ${{ secrets.TEAM_CONTENT_REPO }} diff --git a/.github/workflows/move-new-issues-to-correct-docs-repo.yml b/.github/workflows/move-new-issues-to-correct-docs-repo.yml index 1c2c36282163..93cec76c152d 100644 --- a/.github/workflows/move-new-issues-to-correct-docs-repo.yml +++ b/.github/workflows/move-new-issues-to-correct-docs-repo.yml @@ -21,7 +21,7 @@ jobs: if: github.repository == 'github/docs-internal' steps: - id: move_to_correct_repo - uses: actions/github-script@2b34a689ec86a68d8ab9478298f91d5401337b7d + uses: actions/github-script@9ac08808f993958e9de277fe43a64532a609130e env: TEAM_ENGINEERING_REPO: ${{ secrets.TEAM_ENGINEERING_REPO }} TEAM_CONTENT_REPO: ${{ secrets.TEAM_CONTENT_REPO }} diff --git a/.github/workflows/move-reopened-issues-to-triage.yaml b/.github/workflows/move-reopened-issues-to-triage.yaml index 28b297639887..b5c788698fa8 100644 --- a/.github/workflows/move-reopened-issues-to-triage.yaml +++ b/.github/workflows/move-reopened-issues-to-triage.yaml @@ -17,7 +17,7 @@ jobs: if: github.repository == 'github/docs' runs-on: ubuntu-latest steps: - - uses: actions/github-script@2b34a689ec86a68d8ab9478298f91d5401337b7d + - uses: actions/github-script@9ac08808f993958e9de277fe43a64532a609130e with: script: | const issueNumber = context.issue.number; diff --git a/.github/workflows/notify-when-maintainers-cannot-edit.yaml b/.github/workflows/notify-when-maintainers-cannot-edit.yaml index 85edabb89b2b..54b8e48e2ef9 100644 --- a/.github/workflows/notify-when-maintainers-cannot-edit.yaml +++ b/.github/workflows/notify-when-maintainers-cannot-edit.yaml @@ -17,7 +17,7 @@ jobs: if: github.repository == 'github/docs' runs-on: ubuntu-latest steps: - - uses: actions/github-script@2b34a689ec86a68d8ab9478298f91d5401337b7d + - uses: actions/github-script@9ac08808f993958e9de277fe43a64532a609130e with: script: | const query = ` diff --git a/.github/workflows/os-ready-for-review.yml b/.github/workflows/os-ready-for-review.yml index 673e11627ca2..c31563f64cf5 100644 --- a/.github/workflows/os-ready-for-review.yml +++ b/.github/workflows/os-ready-for-review.yml @@ -19,7 +19,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Check if this run was triggered by a member of the docs team - uses: actions/github-script@2b34a689ec86a68d8ab9478298f91d5401337b7d + uses: actions/github-script@9ac08808f993958e9de277fe43a64532a609130e id: triggered-by-member with: github-token: ${{secrets.DOCUBOT_READORG_REPO_WORKFLOW_SCOPES}} diff --git a/.github/workflows/repo-sync-stalls.yml b/.github/workflows/repo-sync-stalls.yml index f23356765124..f6e4f10c5413 100644 --- a/.github/workflows/repo-sync-stalls.yml +++ b/.github/workflows/repo-sync-stalls.yml @@ -18,7 +18,7 @@ jobs: steps: - if: github.repository == 'github/docs-internal' || github.repository == 'github/docs' name: Check if repo sync is stalled - uses: actions/github-script@2b34a689ec86a68d8ab9478298f91d5401337b7d + uses: actions/github-script@9ac08808f993958e9de277fe43a64532a609130e with: script: | let pulls; diff --git a/.github/workflows/repo-sync.yml b/.github/workflows/repo-sync.yml index a3f975f356a3..9488a7f7c94f 100644 --- a/.github/workflows/repo-sync.yml +++ b/.github/workflows/repo-sync.yml @@ -41,7 +41,7 @@ jobs: - name: Close pull request if unwanted if: ${{ github.repository == 'github/docs' && steps.find-pull-request.outputs.number }} - uses: actions/github-script@2b34a689ec86a68d8ab9478298f91d5401337b7d + uses: actions/github-script@9ac08808f993958e9de277fe43a64532a609130e with: github-token: ${{ secrets.DOCS_BOT_SPAM_VISION }} script: | @@ -147,7 +147,7 @@ jobs: # Because we get far too much spam ;_; - name: Lock conversations if: ${{ github.repository == 'github/docs' && steps.find-pull-request.outputs.number }} - uses: actions/github-script@2b34a689ec86a68d8ab9478298f91d5401337b7d + uses: actions/github-script@9ac08808f993958e9de277fe43a64532a609130e with: script: | try { @@ -165,7 +165,7 @@ jobs: # There are cases where the branch becomes out-of-date in between the time this workflow began and when the pull request is created/updated - name: Update branch if: ${{ steps.find-pull-request.outputs.number }} - uses: actions/github-script@2b34a689ec86a68d8ab9478298f91d5401337b7d + uses: actions/github-script@9ac08808f993958e9de277fe43a64532a609130e with: github-token: ${{ secrets.OCTOMERGER_PAT_WITH_REPO_AND_WORKFLOW_SCOPE }} script: | @@ -214,7 +214,7 @@ jobs: - name: Check pull request file count after updating if: ${{ steps.find-pull-request.outputs.number }} - uses: actions/github-script@2b34a689ec86a68d8ab9478298f91d5401337b7d + uses: actions/github-script@9ac08808f993958e9de277fe43a64532a609130e id: pr-files env: PR_NUMBER: ${{ steps.find-pull-request.outputs.number }} diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index de1034d14f2e..e1ea08c34d35 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -55,7 +55,7 @@ jobs: - name: Figure out which docs-early-access branch to checkout, if internal repo if: ${{ github.repository == 'github/docs-internal' }} id: check-early-access - uses: actions/github-script@2b34a689ec86a68d8ab9478298f91d5401337b7d + uses: actions/github-script@9ac08808f993958e9de277fe43a64532a609130e env: BRANCH_NAME: ${{ github.head_ref || github.ref_name }} with: diff --git a/.github/workflows/transfer-api-issue-to-openapi.yml b/.github/workflows/transfer-api-issue-to-openapi.yml index b7875594cdc5..1850abd28e68 100644 --- a/.github/workflows/transfer-api-issue-to-openapi.yml +++ b/.github/workflows/transfer-api-issue-to-openapi.yml @@ -19,7 +19,7 @@ jobs: if: github.event.label.name == 'rest-schema' && github.repository == 'github/docs' steps: - name: Check if this run was triggered by a member of the docs team - uses: actions/github-script@2b34a689ec86a68d8ab9478298f91d5401337b7d + uses: actions/github-script@9ac08808f993958e9de277fe43a64532a609130e id: triggered-by-member with: github-token: ${{secrets.DOCUBOT_READORG_REPO_WORKFLOW_SCOPES}} diff --git a/.github/workflows/transfer-to-localization-repo.yml b/.github/workflows/transfer-to-localization-repo.yml index a7fd81d4c380..a78e66ad7be4 100644 --- a/.github/workflows/transfer-to-localization-repo.yml +++ b/.github/workflows/transfer-to-localization-repo.yml @@ -19,7 +19,7 @@ jobs: if: (github.event.label.name == 'localization ' && github.repository == 'github/docs') steps: - name: Check if this run was triggered by a member of the docs team - uses: actions/github-script@2b34a689ec86a68d8ab9478298f91d5401337b7d + uses: actions/github-script@9ac08808f993958e9de277fe43a64532a609130e id: triggered-by-member with: github-token: ${{secrets.DOCUBOT_READORG_REPO_WORKFLOW_SCOPES}} diff --git a/.github/workflows/triage-issue-comments.yml b/.github/workflows/triage-issue-comments.yml index 4741204e58c5..3d96dd72c75e 100644 --- a/.github/workflows/triage-issue-comments.yml +++ b/.github/workflows/triage-issue-comments.yml @@ -19,7 +19,7 @@ jobs: steps: - name: Check if the event originated from a team member - uses: actions/github-script@2b34a689ec86a68d8ab9478298f91d5401337b7d + uses: actions/github-script@9ac08808f993958e9de277fe43a64532a609130e id: is-internal-contributor with: result-encoding: string diff --git a/.github/workflows/triage-unallowed-contributions.yml b/.github/workflows/triage-unallowed-contributions.yml index fe146e1d54bd..3e198a58b76b 100644 --- a/.github/workflows/triage-unallowed-contributions.yml +++ b/.github/workflows/triage-unallowed-contributions.yml @@ -76,7 +76,7 @@ jobs: # explaining this to the PR author - name: "Comment about changes we can't accept" if: ${{ steps.filter.outputs.notAllowed }} - uses: actions/github-script@2b34a689ec86a68d8ab9478298f91d5401337b7d + uses: actions/github-script@9ac08808f993958e9de277fe43a64532a609130e with: script: | const badFilesArr = [ diff --git a/translations/ja-JP/content/actions/creating-actions/dockerfile-support-for-github-actions.md b/translations/ja-JP/content/actions/creating-actions/dockerfile-support-for-github-actions.md index b86757f9ddc4..a9a75af8bbe0 100644 --- a/translations/ja-JP/content/actions/creating-actions/dockerfile-support-for-github-actions.md +++ b/translations/ja-JP/content/actions/creating-actions/dockerfile-support-for-github-actions.md @@ -67,7 +67,7 @@ ENTRYPOINT ["sh", "-c", "echo $GITHUB_SHA"] ```dockerfile # コードを実行するコンテナイメージ -FROM debian:9.5-slim +FROM debian:stretch-20211201-slim # アクションのリポジトリからコードをコンテナのファイルシステムパス `/` にコピー COPY entrypoint.sh /entrypoint.sh diff --git a/translations/zh-CN/content/actions/creating-actions/dockerfile-support-for-github-actions.md b/translations/zh-CN/content/actions/creating-actions/dockerfile-support-for-github-actions.md index 4fede1c2ce9c..00a1d301fc90 100644 --- a/translations/zh-CN/content/actions/creating-actions/dockerfile-support-for-github-actions.md +++ b/translations/zh-CN/content/actions/creating-actions/dockerfile-support-for-github-actions.md @@ -67,7 +67,7 @@ ENTRYPOINT ["sh", "-c", "echo $GITHUB_SHA"] ```dockerfile # Container image that runs your code -FROM debian:9.5-slim +FROM debian:buster-20210408-slim # Copies your code file from your action repository to the filesystem path `/` of the container COPY entrypoint.sh /entrypoint.sh