Merge branch 'main' into patch-1

Author: Kathy Korevec

.env.example

@@ -1,6 +1,3 @@
 ALGOLIA_API_KEY=
 ALGOLIA_APPLICATION_ID=
 ALLOW_TRANSLATION_COMMITS=
-EARLY_ACCESS_HOSTNAME=
-EARLY_ACCESS_SHARED_SECRET=
-GITHUB_TOKEN=

.github/CODEOWNERS

@@ -20,6 +20,10 @@ package.json @github/docs-engineering
 # Site Policy
 /content/github/site-policy/ @github/site-policy-admins
 
+# Content strategy
+/contributing/content-markup-reference.md @github/product-docs-content-strategy
+/contributing/content-style-guide.md @github/product-docs-content-strategy
+
 # Make sure that Octokit maintainers get notified about changes
 # relevant to the Octokit libraries (https://github.com/octokit)
 /content/rest/reference @github/octokit-maintainers

.github/ISSUE_TEMPLATE/improve-existing-docs.md

@@ -7,13 +7,13 @@ labels:
 assignees: ''
 ---
 <!--
-HUBBERS BEWARE! THE GITHUB/DOCS REPO IS PUBLIC TO THE ENTIRE INTERNET. OPEN AN ISSUE IN GITHUB/DOCS-CONTENT https://github.com/github/docs-content/issues/new/choose INSTEAD.
+HUBBERS BEWARE! THE GITHUB/DOCS REPO IS PUBLIC TO THE ENTIRE INTERNET. OPEN AN ISSUE IN GITHUB/DOCS-CONTENT INSTEAD.
 -->
 
 <!--
 For questions, ask in Discussions: https://github.com/github/docs/discussions
 
-Before you file an issue read the: 
+Before you file an issue read the:
 - Code of Conduct: https://github.com/github/docs/blob/main/CODE_OF_CONDUCT.md
 - Contributing guide: https://github.com/github/docs/blob/main/CONTRIBUTING.md
 

.github/ISSUE_TEMPLATE/improve-the-site.md

@@ -7,13 +7,13 @@ assignees: ''
 ---
 
 <!--
-HUBBERS BEWARE! THE GITHUB/DOCS REPO IS PUBLIC TO THE ENTIRE INTERNET. OPEN AN ISSUE IN GITHUB/DOCS-CONTENT https://github.com/github/docs-content/issues/new/choose INSTEAD.
+HUBBERS BEWARE! THE GITHUB/DOCS REPO IS PUBLIC TO THE ENTIRE INTERNET. OPEN AN ISSUE IN GITHUB/DOCS-CONTENT INSTEAD.
 -->
 
 <!--
 For questions, ask in Discussions: https://github.com/github/docs/discussions
 
-Before you file an issue read the: 
+Before you file an issue read the:
 - Code of Conduct: https://github.com/github/docs/blob/main/CODE_OF_CONDUCT.md
 - Contributing guide: https://github.com/github/docs/blob/main/CONTRIBUTING.md
 

.github/actions-scripts/enterprise-algolia-label.js

@@ -0,0 +1,36 @@
+#!/usr/bin/env node
+
+const fs = require('fs')
+const core = require('@actions/core')
+const eventPayload = JSON.parse(fs.readFileSync(process.env.GITHUB_EVENT_PATH, 'utf8'))
+
+// This workflow-run script does the following:
+// 1. Gets an array of labels on a PR.
+// 2. Finds one with the relevant Algolia text; if none found, exits early.
+// 3. Gets the version substring from the label string.
+
+const labelText = 'sync-english-index-for-'
+const labelsArray = eventPayload.pull_request.labels
+
+// Exit early if no labels are on this PR
+if (!(labelsArray && labelsArray.length)) {
+  process.exit(0)
+}
+
+// Find the relevant label
+const algoliaLabel = labelsArray
+  .map(label => label.name)
+  .find(label => label.startsWith(labelText))
+
+// Exit early if no relevant label is found
+if (!algoliaLabel) {
+  process.exit(0)
+}
+
+// Given: sync-english-index-for-enterprise-server@3.0
+// Returns: enterprise-server@3.0
+const versionToSync = algoliaLabel.split(labelText)[1]
+
+// Store the version so we can access it later in the workflow
+core.setOutput('versionToSync', versionToSync)
+process.exit(0)

.github/actions-scripts/openapi-schema-branch.js

@@ -0,0 +1,41 @@
+#!/usr/bin/env node
+
+const fs = require('fs')
+const path = require('path')
+const { execSync } = require('child_process')
+const semver = require('semver')
+
+/*
+ * This script performs two checks to prevent shipping development mode OpenAPI schemas:
+*  - Ensures the `info.version` property is a semantic version. 
+*    In development mode, the `info.version` property is a string
+*    containing the `github/github` branch name.
+*  - Ensures the decorated schema matches the dereferenced schema.
+*    The workflow that calls this script runs `script/rest/update-files.js` 
+*    with the `--decorate-only` switch then checks to see if files changed.
+* 
+*/
+
+// Check that the `info.version` property is a semantic version
+const dereferencedDir = path.join(process.cwd(), 'lib/rest/static/dereferenced')
+const schemas = fs.readdirSync(dereferencedDir)
+schemas.forEach(filename => {
+  const schema = require(path.join(dereferencedDir, filename))
+  if (!semver.valid(schema.info.version)) {
+    console.log(`🚧⚠️ Your branch contains a development mode OpenAPI schema: ${schema.info.version}. This check is a reminder to not 🚢 OpenAPI files in development mode. 🛑`)
+    process.exit(1)
+  }
+})
+
+// Check that the decorated schema matches the dereferenced schema
+const changedFiles = execSync('git diff --name-only HEAD').toString()
+
+if(changedFiles !== '') {
+  console.log(`These files were changed:\n${changedFiles}`)
+  console.log(`🚧⚠️ Your decorated and dereferenced schema files don't match. Ensure you're using decorated and dereferenced schemas from the automatically created pull requests by the 'github-openapi-bot' user. For more information, see 'script/rest/README.md'. 🛑`)
+    process.exit(1)
+}
+
+// All checks pass, ready to ship
+console.log('All good 👍')
+process.exit(0)

.github/allowed-actions.js

@@ -21,13 +21,16 @@ module.exports = [
   'juliangruber/approve-pull-request-action@c530832d4d346c597332e20e03605aa94fa150a8',
   'juliangruber/find-pull-request-action@64d55773c959748ad30a4184f4dc102af1669f7b',
   'juliangruber/read-file-action@e0a316da496006ffd19142f0fd594a1783f3b512',
+  'lee-dohm/close-matching-issues@22002609b2555fe18f52b8e2e7c07cbf5529e8a8',
   'pascalgn/automerge-action@c9bd182',
   'peter-evans/create-issue-from-file@a04ce672e3acedb1f8e416b46716ddfd09905326',
+  'peter-evans/create-or-update-comment@5221bf4aa615e5c6e95bb142f9673a9c791be2cd',
   'peter-evans/create-pull-request@938e6aea6f8dbdaced2064e948cb806c77fe87b8',
   'rachmari/actions-add-new-issue-to-column@1a459ef92308ba7c9c9dc2fcdd72f232495574a9',
   'rachmari/labeler@832d42ec5523f3c6d46e8168de71cd54363e3e2e',
   'repo-sync/github-sync@3832fe8e2be32372e1b3970bbae8e7079edeec88',
   'repo-sync/pull-request@33777245b1aace1a58c87a29c90321aa7a74bd7d',
-  'rtCamp/action-slack-notify@e17352feaf9aee300bf0ebc1dfbf467d80438815',
-  'tjenkinson/gh-action-auto-merge-dependency-updates@cee2ac0'
+  'someimportantcompany/github-actions-slack-message@0b470c14b39da4260ed9e3f9a4f1298a74ccdefd',
+  'tjenkinson/gh-action-auto-merge-dependency-updates@cee2ac0',
+  'EndBug/add-and-commit@9358097a71ad9fb9e2f9624c6098c89193d83575'
 ]

.github/workflows/autoupdate-repo-sync-branch-on-cron.yml

@@ -0,0 +1,15 @@
+name: autoupdate reposync branch on cron
+on:
+  schedule:
+    - cron: '*/5 * * * *'
+jobs:
+  autoupdate:
+    name: autoupdate
+    runs-on: ubuntu-18.04
+    steps:
+      - uses: docker://chinthakagodawita/autoupdate-action:v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.OCTOMERGER_PAT_WITH_REPO_AND_WORKFLOW_SCOPE }}
+          PR_FILTER: labelled
+          PR_LABELS: 'automated-reposync-pr'
+          MERGE_MSG: "Branch was updated using the 'autoupdate reposync branch on cron' Actions workflow."

.github/workflows/check-all-english-links.yml

@@ -17,16 +17,32 @@ jobs:
       - name: npm run build
         run: npm run build
       - name: Run script
-        run: script/check-english-links.js > broken_links.md
+        run: |
+          script/check-english-links.js > broken_links.md
       - if: ${{ failure() }}
         name: Get title for issue
         id: check
         run: echo "::set-output name=title::$(head -1 broken_links.md)"
+      - if: ${{ failure() }}
+        name: Close previous report
+        uses: lee-dohm/close-matching-issues@22002609b2555fe18f52b8e2e7c07cbf5529e8a8
+        with:
+          query: 'label:"broken link report"'
+          token: ${{ secrets.DOCUBOT_FR_PROJECT_BOARD_WORKFLOWS_REPO_ORG_READ_SCOPES }}
       - if: ${{ failure() }}
         name: Create issue from file
+        id: broken-link-report
         uses: peter-evans/create-issue-from-file@a04ce672e3acedb1f8e416b46716ddfd09905326
         with:
           token: ${{ secrets.DOCUBOT_FR_PROJECT_BOARD_WORKFLOWS_REPO_ORG_READ_SCOPES }}
           title: ${{ steps.check.outputs.title }}
           content-filepath: ./broken_links.md
           labels: broken link report
+      - if: ${{ failure() }}
+        name: Add comment to issue
+        uses: peter-evans/create-or-update-comment@5221bf4aa615e5c6e95bb142f9673a9c791be2cd
+        with:
+          body: |
+            cc @github/docs-content
+          issue-number: ${{ steps.broken-link-report.outputs.issue-number }}
+          token: ${{ secrets.DOCUBOT_FR_PROJECT_BOARD_WORKFLOWS_REPO_ORG_READ_SCOPES }}

.github/workflows/close-unwanted-pull-requests.yml

@@ -0,0 +1,39 @@
+name: Close unwanted pull requests
+on:
+  pull_request:
+    paths:
+      - '.github/workflows/**'
+      - '.github/CODEOWNERS'
+      - 'translations/**'
+      - 'assets/fonts/**'
+      - 'data/graphql/**'
+      - 'lib/graphql/**'
+      - 'lib/redirects/**'
+      - 'lib/webhooks/**'
+jobs:
+  close_unwanted_pull_requests:
+    if: github.repository == 'github/docs' && github.event.pull_request.user.login != 'Octomerger'
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/github-script@626af12fe9a53dc2972b48385e7fe7dec79145c9
+        with:
+          script: |
+            await github.issues.createComment({
+              ...context.repo,
+              issue_number: context.payload.pull_request.number,
+              body:
+            `Thanks for contributing! We do not accept community changes to these files at this time.
+            - '.github/workflows/**'
+            - '.github/CODEOWNERS'
+            - 'translations/**'
+            - 'assets/fonts/**'
+            - 'data/graphql/**'
+            - 'lib/graphql/**'
+            - 'lib/redirects/**'
+            - 'lib/webhooks/**'`
+            })
+            await github.issues.update({
+              ...context.repo,
+              issue_number: context.payload.pull_request.number,
+              state: 'closed'
+            })

.github/workflows/confirm-internal-staff-work-in-docs.yml

@@ -0,0 +1,72 @@
+name: Confirm internal staff meant to post in public
+
+on:
+  issues:
+    types:
+      - opened
+      - reopened
+      - transferred
+  pull_request_target:
+    types:
+      - opened
+      - reopened
+
+jobs:
+  check-team-membership:
+    runs-on: ubuntu-latest
+    continue-on-error: true
+    if: github.repository == 'github/docs'
+    steps:
+      - uses: actions/github-script@626af12fe9a53dc2972b48385e7fe7dec79145c9
+        with:
+          github-token: ${{ secrets.DOCUBOT_FR_PROJECT_BOARD_WORKFLOWS_REPO_ORG_READ_SCOPES }}
+          script: |
+            // Only perform this action with GitHub employees
+            try {
+              await github.teams.getMembershipForUserInOrg({
+                org: 'github',
+                team_slug: 'employees',
+                username: context.payload.sender.login,
+              });
+            } catch(err) {
+              // An error will be thrown if the user is not a GitHub employee
+              // If a user is not a GitHub employee, we should stop here and
+              // Not send a notification
+              return
+            }
+
+            // Don't perform this action with Docs team members
+            try {
+              await github.teams.getMembershipForUserInOrg({
+                org: 'github',
+                team_slug: 'docs',
+                username: context.payload.sender.login,
+              });
+              // If the user is a Docs team member, we should stop here and not send
+              // a notification
+              return
+            } catch(err) {
+              // An error will be thrown if the user is not a Docs team member
+              // If a user is not a Docs team member we should continue and send
+              // the notification
+            }
+
+            const issueNo = context.number || context.issue.number
+
+            // Create an issue in our private repo
+            await github.issues.create({
+              owner: 'github',
+              repo: 'docs-internal',
+              title: `@${context.payload.sender.login} confirm that \#${issueNo} should be in the public github/docs repo`,
+              body: `@${context.payload.sender.login} opened https://github.com/github/docs/issues/${issueNo} publicly in the github/docs repo, instead of the private github/docs-internal repo.\n\n@${context.payload.sender.login}, please confirm that this belongs in the public repo and that no sensitive information was disclosed by commenting below and closing the issue.\n\nIf this was not intentional and sensitive information was shared, please delete https://github.com/github/docs/issues/${issueNo} and notify us in the \#docs-open-source channel.\n\nThanks! \n\n/cc @github/docs @github/docs-engineering`
+            });
+
+            throw new Error('A Hubber opened an issue on the public github/docs repo');
+
+      - name: Send Slack notification if a GitHub employee who isn't on the docs team opens an issue in public
+        if: ${{ failure() && github.repository == 'github/docs' }}
+        uses: someimportantcompany/github-actions-slack-message@0b470c14b39da4260ed9e3f9a4f1298a74ccdefd
+        with:
+          channel: ${{ secrets.DOCS_OPEN_SOURCE_SLACK_CHANNEL_ID }}
+          bot-token: ${{ secrets.SLACK_DOCS_BOT_TOKEN }}
+          text: <@${{github.actor}}> opened https://github.com/github/docs/issues/${{ github.event.number || github.event.issue.number }} publicly on the github/docs repo instead of the private github/docs-internal repo. They have been notified via a new issue in the github/docs-internal repo to confirm this was intentional.

.github/workflows/js-lint.yml

@@ -10,23 +10,8 @@ on:
       - translations
 
 jobs:
-  see_if_should_skip:
-    runs-on: ubuntu-latest
-
-    outputs:
-      should_skip: ${{ steps.skip_check.outputs.should_skip }}
-    steps:
-      - id: skip_check
-        uses: fkirc/skip-duplicate-actions@36feb0d8d062137530c2e00bd278d138fe191289
-        with:
-          cancel_others: 'false'
-          github_token: ${{ github.token }}
-          paths: '["**/*.js", "package*.json", ".github/workflows/js-lint.yml", ".eslint*"]'
-
   lint:
     runs-on: ubuntu-latest
-    needs: see_if_should_skip
-    if: ${{ needs.see_if_should_skip.outputs.should_skip != 'true' }}
     steps:
       - name: Check out repo
         uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f

.github/workflows/openapi-decorate.yml

@@ -0,0 +1,37 @@
+name: OpenAPI generate decorated schema files
+
+on:
+  workflow_dispatch:
+  pull_request:
+    types: [opened]
+
+jobs:
+  generate-decorated-files:
+    if: github.event.pull_request.user.login == 'github-openapi-bot'
+    runs-on: ubuntu-latest
+    steps:
+      - name: Label pull requests with 'github-openapi-bot'
+        uses: rachmari/labeler@832d42ec5523f3c6d46e8168de71cd54363e3e2e
+        with:
+          repo-token: '${{ secrets.GITHUB_TOKEN }}'
+          add-labels: 'github-openapi-bot'
+      - name: Checkout repository code
+        uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
+
+      - name: Install dependencies
+        run: npm ci
+
+      - name: Decorate the dereferenced OpenAPI schemas
+        run: script/rest/update-files.js --decorate-only
+
+      - name: Check in the decorated files
+        uses: EndBug/add-and-commit@9358097a71ad9fb9e2f9624c6098c89193d83575
+        with:
+          # The arguments for the `git add` command
+          add: 'lib/rest/static/decorated'
+
+          # The message for the commit
+          message: 'Add decorated OpenAPI schema files'
+
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Leave this line unchanged

.github/workflows/openapi-schema-check.yml

@@ -0,0 +1,22 @@
+name: OpenAPI dev mode check
+
+on:
+  workflow_dispatch:
+  push:
+
+jobs:
+  check-schema-versions:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository code
+        uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
+
+      - name: Install dependencies
+        run: npm ci
+
+      # Differences between decorated and dereferenced files indicates a problem
+      - name: Generate decorated files to check that there are no differences
+        run: script/rest/update-files.js --decorate-only
+
+      - name: Check if deref/decorated schemas are dev mode and that they match
+        run: .github/actions-scripts/openapi-schema-branch.js