Merge branch 'main' into repo-sync

Author: Octomerger

.github/allowed-actions.js

@@ -23,7 +23,6 @@ export default [
   'juliangruber/approve-pull-request-action@c530832d4d346c597332e20e03605aa94fa150a8',
   'juliangruber/find-pull-request-action@db875662766249c049b2dcd85293892d61cb0b51', // v1.5.0
   'juliangruber/read-file-action@e0a316da496006ffd19142f0fd594a1783f3b512',
-  'lee-dohm/close-matching-issues@22002609b2555fe18f52b8e2e7c07cbf5529e8a8',
   'lee-dohm/no-response@9bb0a4b5e6a45046f00353d5de7d90fb8bd773bb',
   'pascalgn/automerge-action@c9bd1823770819dc8fb8a5db2d11a3a95fbe9b07', // v0.12.0
   'peter-evans/create-issue-from-file@b4f9ee0a9d4abbfc6986601d9b1a4f8f8e74c77e',

.github/workflows/check-all-english-links.yml

@@ -14,6 +14,11 @@ jobs:
     name: Check all links
     if: github.repository == 'github/docs-internal'
     runs-on: ubuntu-latest
+    env:
+      GITHUB_TOKEN: ${{ secrets.DOCUBOT_FR_PROJECT_BOARD_WORKFLOWS_REPO_ORG_READ_SCOPES }}
+      REPORT_AUTHOR: docubot
+      REPORT_LABEL: broken link report
+      REPORT_REPOSITORY: github/docs-content
     steps:
       - uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
       - name: npm ci
@@ -27,27 +32,58 @@ jobs:
         name: Get title for issue
         id: check
         run: echo "::set-output name=title::$(head -1 broken_links.md)"
-      - if: ${{ failure() }}
-        name: Close previous report
-        uses: lee-dohm/close-matching-issues@22002609b2555fe18f52b8e2e7c07cbf5529e8a8
-        with:
-          query: 'label:"broken link report"'
-          token: ${{ secrets.DOCUBOT_FR_PROJECT_BOARD_WORKFLOWS_REPO_ORG_READ_SCOPES }}
       - if: ${{ failure() }}
         name: Create issue from file
         id: broken-link-report
         uses: peter-evans/create-issue-from-file@b4f9ee0a9d4abbfc6986601d9b1a4f8f8e74c77e
         with:
-          token: ${{ secrets.DOCUBOT_FR_PROJECT_BOARD_WORKFLOWS_REPO_ORG_READ_SCOPES }}
+          token: ${{ env.GITHUB_TOKEN }}
+
           title: ${{ steps.check.outputs.title }}
           content-filepath: ./broken_links.md
-          repository: github/docs-content
-          labels: broken link report
+          repository: ${{ env.REPORT_REPOSITORY }}
+          labels: ${{ env.REPORT_LABEL }}
       - if: ${{ failure() }}
-        name: Add comment to issue
-        uses: peter-evans/create-or-update-comment@5221bf4aa615e5c6e95bb142f9673a9c791be2cd
-        with:
-          body: |
-            cc @github/docs-content
-          issue-number: ${{ steps.broken-link-report.outputs.issue-number }}
-          token: ${{ secrets.DOCUBOT_FR_PROJECT_BOARD_WORKFLOWS_REPO_ORG_READ_SCOPES }}
+        name: Close and/or comment on old issues
+        env:
+          NEW_REPORT_URL: 'https://github.com/${{ env.REPORT_REPOSITORY }}/issues/${{ steps.broken-link-report.outputs.issue-number }}'
+        run: |
+          gh alias set list-reports "issue list \
+                                       --repo ${{ env.REPORT_REPOSITORY }} \
+                                       --author ${{ env.REPORT_AUTHOR }} \
+                                       --label '${{ env.REPORT_LABEL }}'"
+
+          # Link to the previous report from the new report that triggered this
+          # workflow run.
+
+          for issue_url in $(gh list-reports \
+                                  --state all \
+                                  --limit 2 \
+                                  --json url \
+                                  --jq '.[].url' | grep -v ${{ env.NEW_REPORT_URL }}); do
+            gh issue comment ${{ env.NEW_REPORT_URL }} --body "⬅️ [Previous report]($issue_url)"
+          done
+
+          # Link to the newer report from any older report that is still open,
+          # then close the older report.
+
+          for issue_url in $(gh list-reports \
+                                  --search 'no:assignee' \
+                                  --json url \
+                                  --jq '.[].url'); do
+            if [ "$issue_url" != "${{ env.NEW_REPORT_URL }}" ]; then
+              gh issue comment $issue_url --body "➡️ [Newer report](${{ env.NEW_REPORT_URL }})"
+              gh issue close $issue_url
+            fi
+          done
+
+          # If an old report is open and assigned to someone, link to the newer
+          # report without closing the old report.
+
+          for issue_url in $(gh list-reports \
+                                  --json assignees,url \
+                                  --jq '.[] | select (.assignees != []) | .url'); do
+            if [ "$issue_url" != "${{ env.NEW_REPORT_URL }}" ]; then
+              gh issue comment $issue_url --body "➡️ [Newer report](${{ env.NEW_REPORT_URL }})"
+            fi
+          done

assets/images/help/apps/github-apps-new-issue.png

@@ -11,14 +11,14 @@ import { useTranslation } from './hooks/useTranslation'
 
 type Props = { children?: React.ReactNode }
 export const DefaultLayout = (props: Props) => {
-  const { page, error, isHomepageVersion } = useMainContext()
+  const { page, error, isHomepageVersion, currentPathWithoutLanguage } = useMainContext()
   const { t } = useTranslation('errors')
   return (
     <div className="d-lg-flex">
       <Head>
         {error === '404' ? (
           <title>{t('oops')}</title>
-        ) : !isHomepageVersion && page.fullTitle ? (
+        ) : (!isHomepageVersion && page.fullTitle) || (currentPathWithoutLanguage.includes('enterprise-server') && page.fullTitle) ? (
           <title>{page.fullTitle}</title>
         ) : null}
 

assets/images/help/business-accounts/enable-saml-auth-enterprise.png

@@ -52,7 +52,7 @@ export const HeaderNotifications = () => {
     if (userLanguage && userLanguage !== 'en' && languages[userLanguage]?.wip === false) {
       translationNotices.push({
         type: NotificationType.TRANSLATION,
-        content: `This article is also available in your language of choice. Click <a href="/${userLanguage}${currentPathWithoutLanguage}">here</a>`,
+        content: `This article is also available in <a href="/${userLanguage}${currentPathWithoutLanguage}">${languages[userLanguage].name}</a>.`,
       })
     }
   }

assets/images/help/codespaces/codespaces-diagram.png

@@ -63,6 +63,7 @@ export const LanguagePicker = ({ variant }: Props) => {
           width: unset;
         }
       `}
+      data-testid="language-picker"
     >
       <summary>
         {selectedLang.nativeName || selectedLang.name}

assets/images/help/codespaces/git-status.png

@@ -55,9 +55,10 @@ export const ArticlePage = () => {
               )}
 
               {intro && (
-                <div className="lead-mktg">
-                  <p>{intro}</p>
-                </div>
+                <div 
+                  className="lead-mktg"
+                  dangerouslySetInnerHTML={{ __html: intro }}
+                />
               )}
 
               {permissions && (

assets/images/help/codespaces/new-codespace-button.png

@@ -23,6 +23,7 @@ export const ArticleVersionPicker = () => {
           width: unset;
         }
       `}
+      data-testid="article-version-picker"
     >
       <summary className="f4 h5-mktg btn-outline-mktg btn-mktg p-2">
         <span className="d-md-none d-xl-inline-block">{t('article_version')}</span>{' '}

assets/images/help/codespaces/open-with-codespaces-button-smaller.png

@@ -41,7 +41,7 @@ export const getArticleContextFromRequest = (req: any): ArticleContextT => {
   const page = req.context.page
   return {
     title: page.titlePlainText,
-    intro: page.introPlainText,
+    intro: page.intro,
     renderedPage: req.context.renderedPage || '',
     miniTocItems:
       (req.context.miniTocItems || []).map((item: any) => {

assets/images/help/codespaces/port-forwarding.png

@@ -5,6 +5,10 @@ export type TocItem = {
   fullPath: string
   title: string
   intro?: string
+  childTocItems?: Array<{
+    fullPath: string;
+    title: string;
+    }>
 }
 export type FeaturedLink = {
   title: string

assets/images/help/codespaces/quickstart-forward-port.png

@@ -38,7 +38,7 @@ export const getTocLandingContextFromRequest = (req: any): TocLandingContextT =>
     introPlainText: req.context.page.introPlainText,
     isEarlyAccess: req.context.page?.documentType === 'early-access',
     tocItems: (req.context.genericTocFlat || req.context.genericTocNested || []).map((obj: any) =>
-      pick(obj, ['fullPath', 'title', 'intro'])
+      pick(obj, ['fullPath', 'title', 'intro', 'childTocItems'])
     ),
     variant: req.context.genericTocFlat ? 'expanded' : 'compact',
 

assets/images/help/repository/code-scanning-check-failure-setting-ghae.png

@@ -13,7 +13,7 @@ export const GuideCard = ({ guide }: Props) => {
         className="Box color-shadow-medium height-full d-block hover-shadow-large no-underline color-text-primary p-5"
         href={guide.href}
       >
-        <h2>{guide.title}</h2>
+        <h2 dangerouslySetInnerHTML={{__html: guide.title}} />
         <p className="mt-2 mb-4 color-text-tertiary">{guide.intro}</p>
 
         <footer className="d-flex">

assets/images/help/repository/code-scanning-check-failure-setting.png

@@ -19,22 +19,39 @@ export const TableOfContents = (props: Props) => {
           return null
         }
 
-        const { fullPath: href, title, intro } = item
+        const { fullPath: href, title, intro, childTocItems } = item
         const isActive = router.pathname === href
         return variant === 'compact' ? (
           <li key={href} className="f4 my-1">
             <Link href={href}>{title}</Link>
+            <ul className={cx(variant === 'compact' ? 'list-style-circle pl-5 my-3' : 'list-style-none')}>
+            {(childTocItems || []).map((childItem) => {
+              if (!childItem) {
+                return null
+              }
+              return (
+                <li key={childItem.fullPath} className="f4 mt-1">
+                  <Link
+                    href={childItem.fullPath}
+                    className="Bump-link--hover no-underline py-1 color-border-primary"
+                  >
+                    {childItem.title}
+                  </Link>
+                </li>
+              )
+            })}
+            </ul>
           </li>
         ) : (
           <li key={href} className={cx('mb-5', isActive && 'color-auto-gray-4')}>
             <Link
               href={href}
               className="Bump-link--hover no-underline d-block py-1 border-bottom color-border-primary"
             >
-              <h4>
+              <h2 className="h4">
                 {title}
                 <span className="Bump-link-symbol">→</span>
-              </h4>
+              </h2>
             </Link>
             {intro && <p className="f4 mt-3" dangerouslySetInnerHTML={{ __html: intro }} />}
           </li>

components/DefaultLayout.tsx

@@ -6,6 +6,7 @@ versions:
   fpt: '*'
   ghes: '>=2.22'
   ghae: '*'
+shortTitle: Build & test .NET 
 ---
 
 {% data reusables.actions.enterprise-beta %}
@@ -64,7 +65,7 @@ jobs:
 ## Specifying a .NET version
 
 To use a preinstalled version of the .NET Core SDK on a {% data variables.product.prodname_dotcom %}-hosted runner, use the `setup-dotnet` action. This action finds a specific version of .NET from the tools cache on each runner, and adds the necessary binaries to `PATH`. These changes will persist for the remainder of the job.
- 
+
 The `setup-dotnet` action is the recommended way of using .NET with {% data variables.product.prodname_actions %}, because it ensures consistent behavior across different runners and different versions of .NET. If you are using a self-hosted runner, you must install .NET and add it to `PATH`. For more information, see the [`setup-dotnet`](https://github.com/marketplace/actions/setup-net-core-sdk) action.
 
 ### Using multiple .NET versions
@@ -105,7 +106,7 @@ You can configure your job to use a specific version of .NET, such as `3.1.3`. A
       uses: actions/setup-dotnet@v1
       with:
         # Semantic version range syntax or exact version of a dotnet version
-        dotnet-version: '3.x' 
+        dotnet-version: '3.x'
 ```
 {% endraw %}
 

components/HeaderNotifications.tsx

@@ -10,6 +10,7 @@ type: tutorial
 topics:
   - CI
   - Ruby
+shortTitle: Build & test Ruby
 ---
 
 {% data reusables.actions.enterprise-beta %}

components/LanguagePicker.tsx

@@ -83,15 +83,19 @@ For more information about the `pull_request` event, see "[Workflow syntax for {
 If you scan pull requests, then the results appear as alerts in a pull request check. For more information, see "[Triaging code scanning alerts in pull requests](/code-security/secure-coding/triaging-code-scanning-alerts-in-pull-requests)."
 
 {% ifversion fpt or ghes > 3.1 or ghae-next %}
-### Defining the alert severities causing pull request check failure
+### Defining the severities causing pull request check failure
 
-By default, only alerts with the severity level of `error` will cause a pull request check failure, and a check will still succeed with alerts of lower severities. You can change the levels of alert severities that will cause a pull request check failure in your repository settings.
+By default, only alerts with the severity level of `Error`{% ifversion fpt or ghes > 3.1  or ghae-issue-4697 %} or security severity level of `Critical` or `High`{% endif %} will cause a pull request check failure, and a check will still succeed with alerts of lower severities. You can change the levels of alert severities{% ifversion fpt or ghes > 3.1  or ghae-issue-4697 %} and of security severities{% endif %} that will cause a pull request check failure in your repository settings. For more information about severity levels, see "[Managing code scanning alerts for your repository](/code-security/secure-coding/automatically-scanning-your-code-for-vulnerabilities-and-errors/managing-code-scanning-alerts-for-your-repository#about-alerts-details)."
 
 {% data reusables.repositories.navigate-to-repo %}
 {% data reusables.repositories.sidebar-settings %}
 {% data reusables.repositories.navigate-to-security-and-analysis %}
 1. Under "Code scanning", to the right of "Check Failure", use the drop-down menu to select the level of severity you would like to cause a pull request check failure. 
+{% ifversion fpt or ghes > 3.1  or ghae-issue-4697 %}
 ![Check failure setting](/assets/images/help/repository/code-scanning-check-failure-setting.png)
+{% else %}
+![Check failure setting](/assets/images/help/repository/code-scanning-check-failure-setting-ghae.png)
+{% endif %}
 {% endif %}
 
 ### Avoiding unnecessary scans of pull requests

components/article/ArticlePage.tsx

@@ -34,14 +34,29 @@ By default, {% data variables.product.prodname_code_scanning %} analyzes your co
 
 ## About alerts details
 
-Each alert highlights a problem with the code and the name of the tool that identified it. You can see the line of code that triggered the alert, as well as properties of the alert, such as the severity and the nature of the problem. Alerts also tell you when the issue was first introduced. For alerts identified by {% data variables.product.prodname_codeql %} analysis, you will also see information on how to fix the problem.
+Each alert highlights a problem with the code and the name of the tool that identified it. You can see the line of code that triggered the alert, as well as properties of the alert, such as the severity{% ifversion fpt or ghes > 3.1 or ghae-issue-4697 %}, security severity,{% endif %} and the nature of the problem. Alerts also tell you when the issue was first introduced. For alerts identified by {% data variables.product.prodname_codeql %} analysis, you will also see information on how to fix the problem.
 
 ![Example alert from {% data variables.product.prodname_code_scanning %}](/assets/images/help/repository/code-scanning-alert.png)
 
 If you set up {% data variables.product.prodname_code_scanning %} using {% data variables.product.prodname_codeql %}, this can also detect data-flow problems in your code. Data-flow analysis finds potential security issues in code, such as: using data insecurely, passing dangerous arguments to functions, and leaking sensitive information.
 
 When {% data variables.product.prodname_code_scanning %} reports data-flow alerts, {% data variables.product.prodname_dotcom %} shows you how data moves through the code. {% data variables.product.prodname_code_scanning_capc %} allows you to identify the areas of your code that leak sensitive information, and that could be the entry point for attacks by malicious users.
 
+### About severity levels
+
+Alert severity levels may be `Error`, `Warning`, or `Note`.
+
+By default, any code scanning results with a severity of `error` will cause check failure. {% ifversion fpt or ghes > 3.1 or ghae-next %}You can specify the severity level at which pull requests that trigger code scanning alerts should fail. For more information, see "[Defining the severities causing pull request check failure](/code-security/secure-coding/configuring-code-scanning#defining-the-severities-causing-pull-request-check-failure)."{% endif %}
+
+{% ifversion fpt or ghes > 3.1  or ghae-issue-4697 %}
+### About security severity levels
+
+{% data variables.product.prodname_code_scanning_capc %} displays security severity levels for alerts that are generated by security queries. Security severity levels can be `Critical`, `High`, `Medium`, or `Low`.
+
+To calculate the security severity of an alert, we use Common Vulnerability Scoring System (CVSS) data. CVSS is an open framework for communicating the characteristics and severity of software vulnerabilities, and is commonly used by other security products to score alerts. For more information about how severity levels are calculated, see [the blog post](https://github.blog/changelog/2021-07-19-codeql-code-scanning-new-severity-levels-for-security-alerts/).
+
+By default, any code scanning results with a security severity of `Critical` or `High` will cause a check failure. You can specify which security severity level for code scanning results should cause a check failure. For more information, see "[Defining the severities causing pull request check failure](/code-security/secure-coding/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#defining-the-severities-causing-pull-request-check-failure)."{% endif %}
+
 ## Viewing the alerts for a repository
 
 Anyone with read permission for a repository can see {% data variables.product.prodname_code_scanning %} annotations on pull requests. For more information, see "[Triaging {% data variables.product.prodname_code_scanning %} alerts in pull requests](/code-security/secure-coding/triaging-code-scanning-alerts-in-pull-requests)."

components/article/ArticleVersionPicker.tsx

@@ -29,7 +29,7 @@ In repositories where {% data variables.product.prodname_code_scanning %} is con
 
 If {% data variables.product.prodname_code_scanning %} has any results with a severity of `error`, the check fails and the error is reported in the check results. If all the results found by {% data variables.product.prodname_code_scanning %} have lower severities, the alerts are treated as warnings or notices and the check succeeds. 
 
-{% ifversion fpt or ghes > 3.1 or ghae-next %}You can override the default behavior in your repository settings, by specifying the level of severities that will cause a pull request check failure. For more information, see "[Defining the alert severities causing pull request check failure](/code-security/secure-coding/configuring-code-scanning#defining-the-alert-severities-causing-pull-request-check-failure)".
+{% ifversion fpt or ghes > 3.1 or ghae-next %}You can override the default behavior in your repository settings, by specifying the level of severities {% ifversion fpt or ghes > 3.1  or ghae-issue-4697 %}and security severities {% endif %}that will cause a pull request check failure. For more information, see "[Defining the severities causing pull request check failure](/code-security/secure-coding/configuring-code-scanning#defining-the-severities-causing-pull-request-check-failure)".
 
 {% endif %}If your pull request targets a protected branch that uses {% data variables.product.prodname_code_scanning %}, and the repository owner has configured required status checks, then you must either fix or dismiss all error alerts before the pull request can be merged. For more information, see "[About protected branches](/github/administering-a-repository/about-protected-branches#require-status-checks-before-merging)."
 
@@ -43,7 +43,7 @@ If the repository uses the {% data variables.product.prodname_codeql_workflow %}
 
 ## Triaging an alert on your pull request
 
-When you look at the **Files changed** tab for a pull request, you see annotations for any lines of code that triggered the alert.
+When you look at the **Files changed** tab for a pull request, you see annotations for any lines of code that triggered the alert. The severity of the alert is displayed in the annotation.
 
 ![Alert annotation within a pull request diff](/assets/images/help/repository/code-scanning-pr-annotation.png)