Merge branch 'main' into fix/github-actions-major-versions

Author: nguyenalex836

.github/PULL_REQUEST_TEMPLATE.md

@@ -4,7 +4,7 @@ Thank you for contributing to this project! You must fill out the information be
 
 ### Why:
 
-Closes:
+Closes: ISSUE_NUMBER
 
 <!-- If there's an existing issue for your change, please link to it above.
 If there's _not_ an existing issue, please open one first to make it more likely that this update will be accepted: https://github.com/github/docs/issues/new/choose. -->
@@ -16,6 +16,6 @@ If you made changes to the `content` directory, a table will populate in a comme
 
 ### Check off the following:
 
-- [ ] A subject matter expert (SME) has reviewed the technical accuracy of the content in this PR. In most cases, the author can be the SME. Open source contributions may require a SME review from GitHub staff.
+- [ ] A subject matter expert (SME) has reviewed the technical accuracy of the content in this PR. In most cases, the author can be the SME. Open source contributions may require an SME review from GitHub staff.
 - [ ] The changes in this PR meet [the docs fundamentals that are required for all content](http://docs.github.com/en/contributing/writing-for-github-docs/about-githubs-documentation-fundamentals).
-- [ ] All CI checks are passing.
+- [ ] All CI checks are passing and the changes look good in the preview environment.

.github/workflows/code-changes-comment.yml

@@ -0,0 +1,66 @@
+name: Code changes comment
+
+# **What it does**: When a PR is opened in docs-internal or docs containing code, it comments with instructions on how to deploy and preview the changes.
+# **Why we have it**: To help Docs contributors understand how to preview their changes.
+# **Who does it impact**: docs-internal and docs maintainers and contributors
+
+on:
+  # Required in lieu of `pull_request` so that the comment can be posted to PRs opened from a fork.
+  pull_request_target:
+    types:
+      - opened
+      - synchronize
+    # this applies to any non-content files, this workflow will run for all changed files unless it's ONLY these content-related changes
+    paths-ignore:
+      - 'content/**'
+      - 'data/reusables/**'
+      - 'assets/images/**'
+
+permissions:
+  contents: read
+  pull-requests: write
+
+# This allows a subsequently queued workflow run to interrupt previous runs
+concurrency:
+  group: '${{ github.workflow }} @ ${{ github.event.pull_request.head.label || github.head_ref || github.ref }}'
+  cancel-in-progress: true
+
+jobs:
+  postOnCodeChanges:
+    if: ${{ github.event.pull_request.user.login != 'docs-bot' && (github.repository == 'github/docs-internal' || github.repository == 'github/docs') }}
+    runs-on: ubuntu-latest
+    env:
+      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+    steps:
+      - name: check out repo content
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+
+      - name: Find code changes comment
+        uses: peter-evans/find-comment@3eae4d37986fb5a8592848f6a574fdf654e61f9e
+        id: findComment
+        with:
+          issue-number: ${{ github.event.pull_request.number }}
+          comment-author: 'github-actions[bot]'
+          body-includes: '<!-- CODE_CHANGES_COMMENT -->'
+
+      # TODO: We'll update this comment at a later time with permament-ish links to deployment instructions.
+      - name: Comment on code changes
+        if: ${{ !steps.findComment.outputs.comment-id }}
+        run: |
+          if [[ "${{ github.repository }}" == "github/docs" ]]; then
+            COMMENT_BODY="<!-- CODE_CHANGES_COMMENT -->
+            ## 🚀 Manual Deployment Required
+
+            It looks like this pull request contains code changes. To preview these changes, an internal Hubber will need to manually deploy the changes to one of our staging servers.
+
+            Thank you for your contribution!"
+          else
+            COMMENT_BODY="<!-- CODE_CHANGES_COMMENT -->
+            ## 🚀 Manual Deployment Required
+
+            It looks like this pull request contains code changes. To preview these changes, you will need to deploy them manually.
+
+            Thank you for your contribution!"
+          fi
+
+          gh pr comment ${{ github.event.pull_request.number }} --body "$COMMENT_BODY"

.github/workflows/codeowners-content-systems.yml

@@ -28,6 +28,7 @@ on:
     paths:
       - 'content/**'
       - 'data/reusables/**'
+      - 'assets/images/**'
 
 permissions:
   contents: read
@@ -48,21 +49,28 @@ jobs:
       - name: check out repo content
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
 
-      - name: Get preview app info
-        env:
-          APP_NAME_SEED: ${{ secrets.PREVIEW_ENV_NAME_SEED }}
-        run: src/workflows/get-preview-app-info.sh
-
       - uses: ./.github/actions/node-npm-setup
 
+      # We're setting the URLs manually until we merge in-progress work. We can utilize review server and its helper functions in a later iteration.
+      - name: Set APP_URL
+        run: |
+          if [[ "${{ github.repository }}" == "github/docs-internal" ]]; then
+            echo "APP_URL=https://docs-review.github.com" >> $GITHUB_ENV
+          elif [[ "${{ github.repository }}" == "github/docs" ]]; then
+            echo "APP_URL=https://os-docs-review.github.com" >> $GITHUB_ENV
+          fi
+
       - name: Get changes table
         id: changes
         timeout-minutes: 30
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          REVIEW_SERVER_ACCESS_TOKEN: ${{ secrets.REVIEW_SERVER_ACCESS_TOKEN }}
           APP_URL: ${{ env.APP_URL }}
           BASE_SHA: ${{ github.event.pull_request.base.sha || inputs.BASE_SHA }}
           HEAD_SHA: ${{ github.event.pull_request.head.sha || inputs.HEAD_SHA }}
+          # HEAD_BRANCH isn't necessary for the table comment, but lets us list the branch in the review server menu bar
+          HEAD_BRANCH: ${{ github.event.pull_request.head.ref }}
         run: npm run content-changes-table-comment
 
       - name: Find content directory changes comment
@@ -81,10 +89,10 @@ jobs:
           issue-number: ${{ github.event.pull_request.number || inputs.PR_NUMBER }}
           body: |
             <!-- MODIFIED_CONTENT_LINKING_COMMENT -->
-            ## Automatically generated comment ℹ️
-            **This comment is automatically generated and will be overwritten every time changes are committed to this branch.**
+            ## 👓 Previews for changed content
+            **This comment is 🤖 automatically generated and will be overwritten every time changes are committed to this branch.**
 
-            The table contains an overview of files in the `content` directory that have been changed in this pull request. It's provided to make it easy to review your changes on the staging site. Please note that changes to the `data` directory will not show up in this table.
+            The table contains an overview of files in the `content` directory that have been changed in this pull request. It's provided to make it easy to review your changes on the review server. Please note that changes to the `data` directory will not show up in this table.
 
             ---
 
@@ -93,7 +101,6 @@ jobs:
             ${{ steps.changes.outputs.changesTable }}
 
             ---
-            fpt: Free, Pro, Team
-            ghec: GitHub Enterprise Cloud
-            ghes: GitHub Enterprise Server
+            Key: **fpt**: Free, Pro, Team; **ghec**: GitHub Enterprise Cloud; **ghes**: GitHub Enterprise Server
+            _This table is posted from the [${{ github.workflow }}](https://github.com/${{ github.repository }}/blob/${{ github.sha }}/.github/workflows/content-changes-table-comment.yml) workflow._
           edit-mode: replace

.github/workflows/content-changes-table-comment.yml

@@ -146,7 +146,7 @@ jobs:
 
           git add data/reusables/code-scanning/codeql-query-tables
           git commit -m "Update CodeQL query tables"
-          git push origin $branchname
+          git push -u origin $branchname
 
           echo "Creating pull request..."
           gh pr create \

.github/workflows/generate-code-scanning-query-lists.yml

@@ -46,7 +46,7 @@ jobs:
             This PR has been automatically closed because there has been no response to
             to our request for more information from the original author. Please reach out
             if you have the information we requested, or open a [new issue](https://github.com/github/docs/issues/new/choose)
-            to describing your changes. Then we can begin the review process.
+            to describe your changes. Then we can begin the review process.
 
       - name: Check out repo
         if: ${{ failure() }}

.github/workflows/no-response.yaml

@@ -0,0 +1,41 @@
+name: Reviewers - Content Systems
+
+# **What it does**: Automatically add reviewers based on paths, but only for the docs-internal repo.
+# **Why we have it**: So we can have reviewers automatically without getting open source notifications.
+# **Who does it impact**: Docs team.
+
+on:
+  pull_request:
+    paths:
+      - 'contributing/content-*.md'
+      - 'content/contributing/**.md'
+      - .github/workflows/reviewers-content-systems.yml
+
+permissions:
+  contents: read
+  pull-requests: write
+  repository-projects: read
+
+jobs:
+  reviewers-content-systems:
+    if: >-
+      ${{ github.repository == 'github/docs-internal' &&
+          !github.event.pull_request.draft &&
+          !contains(github.event.pull_request.labels.*.name, 'reviewers-content-systems') &&
+          github.event.pull_request.head.ref != 'repo-sync' }}
+    runs-on: ubuntu-latest
+    env:
+      PR: ${{ github.event.pull_request.html_url }}
+      GH_TOKEN: ${{ secrets.DOCS_BOT_PAT_WRITEORG_PROJECT }}
+
+    steps:
+      - name: Check out repo
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+
+      - name: Add content systems as a reviewer
+        run: |
+          labels=$(gh pr view ${{ github.event.pull_request.number }} --json labels --jq '.labels[].name')
+          if ! echo "$labels" | grep -q 'reviewers-content-systems'; then
+            gh pr edit $PR --add-reviewer github/docs-content-systems
+            gh pr edit $PR --add-label reviewers-content-systems
+          fi

.github/workflows/reviewers-content-systems.yml

@@ -1,4 +1,4 @@
-name: Add Dependabot Core Maintainers as Reviewers
+name: Reviewers - Dependabot
 
 # **What it does**: Automatically add reviewers based on paths, for docs-internal and docs repos.
 # **Why we have it**: So dependabot maintainers can be notified about relevant pull requests.
@@ -10,25 +10,33 @@ on:
       - 'data/reusable/dependabot/**'
       - 'content/code-security/dependabot/**'
       - 'content/rest/dependabot/**'
+      - '.github/workflows/reviewers-dependabot.yml'
+
+permissions:
+  contents: read
+  pull-requests: write
+  repository-projects: read
 
 jobs:
   add-reviewer:
-    if: github.repository == 'github/docs-internal' || github.repository == 'github/docs'
+    if: >-
+      ${{ github.repository == 'github/docs-internal' &&
+          !github.event.pull_request.draft &&
+          !contains(github.event.pull_request.labels.*.name, 'reviewers-dependabot') &&
+          github.event.pull_request.head.ref != 'repo-sync' }}
     runs-on: ubuntu-latest
+    env:
+      GH_TOKEN: ${{ secrets.DOCS_BOT_PAT_WRITEORG_PROJECT }}
+      PR: ${{ github.event.pull_request.html_url }}
+
     steps:
       - name: Check out repo
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
 
       - name: Add Dependabot Core Maintainers as reviewers
-        env:
-          GH_TOKEN: ${{ secrets.DOCS_BOT_PAT_WRITEORG_PROJECT }}
-          PR: ${{ github.event.pull_request.html_url }}
         run: |
-          has_reviewer=$(
-            gh pr view $PR --json reviews |
-            jq 'any(.reviews[]; select(length > 0))'
-          )
-          if ! $has_reviewer
-          then
+          labels=$(gh pr view ${{ github.event.pull_request.number }} --json labels --jq '.labels[].name')
+          if ! echo "$labels" | grep -q 'reviewers-dependabot'; then
             gh pr edit $PR --add-reviewer github/dependabot-updates-reviewers
+            gh pr edit $PR --add-label reviewers-dependabot
           fi

.github/workflows/reviewers-dependabot.yml

@@ -1,4 +1,4 @@
-name: Codeowners - Docs Engineering
+name: Reviewers - Docs Engineering
 
 # **What it does**: Automatically add reviewers based on paths, but only for the docs-internal repo.
 # And sets the 'engineering' label on the PR. It also edits the PR body to add a template
@@ -23,37 +23,36 @@ on:
       - '!src/**.json' # So that Docs Engineering isn't reviewing automated pipeline data PRs
       - '!src/**.yml' # So that Docs Engineering isn't reviewing automated pipeline data PRs
       - '.github/**'
+      - 'config/**'
       - '**Dockerfile'
       - 'package*.json'
-      - .github/workflows/codeowners-docs-engineering.yml
+      - .github/workflows/reviewers-docs-engineering.yml
+
+permissions:
+  contents: read
+  pull-requests: write
+  repository-projects: read
 
 jobs:
   codeowners-docs-engineering:
     if: >-
       ${{ github.repository == 'github/docs-internal' &&
           !github.event.pull_request.draft &&
-          !contains(github.event.pull_request.labels.*.name, 'engineering') &&
+          !contains(github.event.pull_request.labels.*.name, 'reviewers-docs-engineering') &&
           github.event.pull_request.head.ref != 'repo-sync' }}
     runs-on: ubuntu-latest
     env:
-      GH_TOKEN: ${{ secrets.DOCS_BOT_PAT_WRITEORG_PROJECT }}
       PR: ${{ github.event.pull_request.html_url }}
+      GH_TOKEN: ${{ secrets.DOCS_BOT_PAT_WRITEORG_PROJECT }}
 
     steps:
       - name: Check out repo
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
 
-      - name: Label as engineering
-        run: gh pr edit $PR --add-label engineering
-
-      - name: Add Docs Engineering as a reviewer
+      - name: Add docs engineering as a reviewer
         run: |
-          needs_review=$(
-            gh pr view $PR --json reviews |
-            jq '.reviews |
-            length == 0 or all(.author.login == "${{github.event.pull_request.user.login}}")'
-          )
-          if $needs_review
-          then
+          labels=$(gh pr view ${{ github.event.pull_request.number }} --json labels --jq '.labels[].name')
+          if ! echo "$labels" | grep -q 'reviewers-docs-engineering'; then
             gh pr edit $PR --add-reviewer github/docs-engineering
+            gh pr edit $PR --add-label reviewers-docs-engineering
           fi

.github/workflows/codeowners-docs-engineering.yml .github/workflows/reviewers-docs-engineering.yml

@@ -1,4 +1,4 @@
-name: Codeowners - Legal
+name: Reviewers - Legal
 
 # **What it does**: Enforces reviews of Responsible AI (RAI) content by the GitHub legal team. Because RAI content can live anywhere in the content directory, it becomes a maintenance problem to use CODEOWNERS to enforce review on each article.
 # **Why we have it**: RAI content must be reviewed by the GitHub legal team.
@@ -15,7 +15,7 @@ on:
       - synchronize
     paths:
       - 'content/**'
-      - .github/workflows/codeowners-legal.yml
+      - .github/workflows/reviewers-legal.yml
 
 permissions:
   contents: read
@@ -27,6 +27,7 @@ jobs:
     if: >-
       ${{ github.repository == 'github/docs-internal' &&
           !github.event.pull_request.draft &&
+          !contains(github.event.pull_request.labels.*.name, 'reviewers-legal') &&
           github.event.pull_request.head.ref != 'repo-sync' }}
     runs-on: ubuntu-latest
     steps:
@@ -62,7 +63,7 @@ jobs:
       - name: Check for reviewers-legal label, add if missing and request review
         if: steps.checkContentType.outputs.containsContentType == 'true'
         env:
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GH_TOKEN: ${{ secrets.DOCS_BOT_PAT_WRITEORG_PROJECT }}
           PR: ${{ github.event.pull_request.html_url }}
         run: |
           labels=$(gh pr view ${{ github.event.pull_request.number }} --json labels --jq '.labels[].name')