Skip to content

Commit 8ae6c71

Browse files
authored
Merge branch 'main' into oxidizegithub
2 parents 69120e8 + a451540 commit 8ae6c71

File tree

1,073 files changed

+11017
-3954
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

1,073 files changed

+11017
-3954
lines changed

.github/branch_protection_settings/main.json

+17-2
Original file line numberDiff line numberDiff line change
@@ -41,7 +41,10 @@
4141
"workflows",
4242
"lint-code",
4343
"secret-scanning",
44-
"pagelist"
44+
"pagelist",
45+
"docs-internal-docker-image / docs-internal-docker-image",
46+
"docs-internal-docker-security / docs-internal-docker-security",
47+
"docs-internal-moda-config-bundle / docs-internal-moda-config-bundle"
4548
],
4649
"contexts_url": "https://api.github.com/repos/github/docs-internal/branches/main/protection/required_status_checks/contexts",
4750
"checks": [
@@ -85,7 +88,19 @@
8588
{ "context": "workflows", "app_id": 15368 },
8689
{ "context": "lint-code", "app_id": 15368 },
8790
{ "context": "secret-scanning", "app_id": 15368 },
88-
{ "context": "pagelist", "app_id": 15368 }
91+
{ "context": "pagelist", "app_id": 15368 },
92+
{
93+
"context": "docs-internal-docker-image / docs-internal-docker-image",
94+
"app_id": 15368
95+
},
96+
{
97+
"context": "docs-internal-docker-security / docs-internal-docker-security",
98+
"app_id": 15368
99+
},
100+
{
101+
"context": "docs-internal-moda-config-bundle / docs-internal-moda-config-bundle",
102+
"app_id": 15368
103+
}
89104
]
90105
},
91106
"restrictions": {

.github/workflows/azure-prod-build-deploy.yml

-3
Original file line numberDiff line numberDiff line change
@@ -5,9 +5,6 @@ name: Azure Production - Build and Deploy
55
# **Who does it impact**: All contributors.
66

77
on:
8-
push:
9-
branches:
10-
- main
118
workflow_dispatch:
129

1310
permissions:

.github/workflows/codeowners-legal.yml

+7-11
Original file line numberDiff line numberDiff line change
@@ -20,6 +20,7 @@ on:
2020
permissions:
2121
contents: read
2222
pull-requests: write
23+
repository-projects: read
2324

2425
jobs:
2526
codeowners-legal:
@@ -33,7 +34,7 @@ jobs:
3334
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
3435
with:
3536
# Picking this number is a "best guess". If we make it too large,
36-
# the checkout will take potentially unnecessariily long.
37+
# the checkout will take potentially unnecessarily long.
3738
# This reduces the chance that tj-actions/changed-files has to
3839
# fetch deeper history. But if it needs to, it will.
3940
fetch-depth: 10
@@ -58,19 +59,14 @@ jobs:
5859
CHANGED_FILE_PATHS: ${{ steps.changed-files.outputs.all_changed_files }}
5960
CONTENT_TYPE: 'rai'
6061

61-
- name: Add Legal team as a reviewer
62+
- name: Check for reviewers-legal label, add if missing and request review
6263
if: steps.checkContentType.outputs.containsContentType == 'true'
6364
env:
64-
# The GH CLI uses a slightly different env name for
65-
# the token than the GITHUB_TOKEN used by actions
66-
GH_TOKEN: ${{ secrets.DOCS_BOT_PAT_WRITEORG_PROJECT }}
65+
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
6766
PR: ${{ github.event.pull_request.html_url }}
6867
run: |
69-
has_reviewer=$(
70-
gh pr view $PR --json reviews |
71-
jq 'any(.reviews[]; select(length > 0))'
72-
)
73-
if ! $has_reviewer
74-
then
68+
labels=$(gh pr view ${{ github.event.pull_request.number }} --json labels --jq '.labels[].name')
69+
if ! echo "$labels" | grep -q 'reviewers-legal'; then
7570
gh pr edit $PR --add-reviewer github/legal-product
71+
gh pr edit $PR --add-label reviewers-legal
7672
fi

.github/workflows/delete-orphan-translation-files.yml

+2-1
Original file line numberDiff line numberDiff line change
@@ -129,7 +129,8 @@ jobs:
129129
--title "Delete orphan files ($current_daystamp)" \
130130
--body '👋 humans. This PR was generated from docs-internal/.github/workflows/delete-orphan-translation-files.yml.
131131
' \
132-
--repo "${{ matrix.language_repo }}"
132+
--repo "${{ matrix.language_repo }}" \
133+
--head=$branch_name
133134
echo "Merge created PR..."
134135
retry_command gh pr merge --merge --auto --delete-branch "$branch_name"
135136

.github/workflows/generate-code-scanning-query-lists.yml

+1-1
Original file line numberDiff line numberDiff line change
@@ -146,7 +146,7 @@ jobs:
146146
147147
git add data/reusables/code-scanning/codeql-query-tables
148148
git commit -m "Update CodeQL query tables"
149-
git push origin $branchname
149+
git push -u origin $branchname
150150
151151
echo "Creating pull request..."
152152
gh pr create \

.github/workflows/purge-fastly.yml

+4-5
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,7 @@ name: Purge Fastly
55
# **Who does it impact**: Writers and engineers.
66

77
on:
8+
deployment_status:
89
workflow_dispatch:
910
inputs:
1011
nuke_all:
@@ -16,9 +17,6 @@ on:
1617
description: "Comma separated languages. E.g. 'en,ja, es' (defaults to all)"
1718
required: false
1819
default: ''
19-
push:
20-
branches:
21-
- main
2220

2321
permissions:
2422
contents: read
@@ -29,11 +27,12 @@ env:
2927

3028
jobs:
3129
send-purges:
30+
# Run when workflow_dispatch is the event (manual) or when deployment_status is the event (automatic) and it's a successful production deploy
3231
if: >-
3332
${{
3433
github.repository == 'github/docs-internal' &&
35-
(github.event_name != 'workflow_run' ||
36-
github.event.workflow_run.conclusion == 'success')
34+
(github.event_name != 'deployment_status' ||
35+
github.event.deployment_status.state == 'success' && github.event.deployment_status.environment == 'production')
3736
}}
3837
runs-on: ubuntu-latest
3938
steps:

.github/workflows/sync-audit-logs.yml

+9-4
Original file line numberDiff line numberDiff line change
@@ -33,7 +33,7 @@ jobs:
3333
# need to use a token from a user with access to github/audit-log-allowlists for this step
3434
GITHUB_TOKEN: ${{ secrets.DOCS_BOT_PAT_WRITEORG_PROJECT }}
3535
run: |
36-
npm run audit-log-sync
36+
npm run sync-audit-log
3737
3838
- name: Get the audit-log-allowlists SHA being synced
3939
id: audit-log-allowlists
@@ -54,7 +54,11 @@ jobs:
5454
# If nothing to commit, exit now. It's fine. No orphans.
5555
changes=$(git diff --name-only | wc -l)
5656
untracked=$(git status --untracked-files --short | wc -l)
57-
if [[ $changes -eq 0 ]] && [[ $untracked -eq 0 ]]; then
57+
filesChanged=$(git diff --name-only)
58+
# There will always be at least one file changed:
59+
# src/audit-logs/lib/config.json
60+
# If the config file is the only file changed, exit.
61+
if [[ $changes -eq 1 ]] && [[ $untracked -eq 1 ]] && [[ $filesChanged == *lib/config.json ]]; then
5862
echo "There are no changes to commit or untracked files. Exiting..."
5963
exit 0
6064
fi
@@ -83,7 +87,8 @@ jobs:
8387
8488
If CI does not pass or other problems arise, contact #docs-engineering on slack.' \
8589
--repo github/docs-internal \
86-
--label audit-log-pipeline
90+
--label audit-log-pipeline \
91+
--head=$branchname
8792
8893
# can't approve your own PR, approve with Actions
8994
unset GITHUB_TOKEN
@@ -93,7 +98,7 @@ jobs:
9398
# Actions can't merge the PR so back to docs-bot to merge the PR
9499
unset GITHUB_TOKEN
95100
gh auth login --with-token <<< "${{ secrets.DOCS_BOT_PAT_WORKFLOW_READORG }}"
96-
gh pr merge --auto --delete-branch
101+
gh pr merge --auto
97102
98103
- uses: ./.github/actions/slack-alert
99104
if: ${{ failure() && github.event_name != 'workflow_dispatch' }}

.github/workflows/sync-codeql-cli.yml

+8-2
Original file line numberDiff line numberDiff line change
@@ -91,13 +91,13 @@ jobs:
9191
branchname=codeql-cli-update-${{ steps.semmle-code.outputs.OPENAPI_COMMIT_SHA }}
9292
9393
branchCheckout=$(git checkout -b $branchname)
94-
if [[! $? -eq 0 ]]; then
94+
if [[ ! $? -eq 0 ]]; then
9595
echo "Branch $branchname already exists in `github/docs-internal`. Exiting..."
9696
exit 0
9797
fi
9898
git add .
9999
git commit -m "Update CodeQL CLI data"
100-
git push origin $branchname
100+
git push -u origin $branchname
101101
102102
echo "Creating pull request..."
103103
gh pr create \
@@ -109,3 +109,9 @@ jobs:
109109
If CI does not pass or other problems arise, contact #docs-engineering on slack.' \
110110
--repo github/docs-internal \
111111
--label "codeql-cli-pipeline,skip FR board,ready-for-doc-review"
112+
113+
- uses: ./.github/actions/slack-alert
114+
if: ${{ failure() && github.event_name != 'workflow_dispatch' }}
115+
with:
116+
slack_channel_id: ${{ secrets.DOCS_ALERTS_SLACK_CHANNEL_ID }}
117+
slack_token: ${{ secrets.SLACK_DOCS_BOT_TOKEN }}

.github/workflows/sync-graphql.yml

+2-2
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
name: Update GraphQL files
1+
name: Sync GraphQL schema
22

33
# **What it does**: This updates our GraphQL schemas.
44
# **Why we have it**: We want our GraphQL docs up to date.
@@ -25,7 +25,7 @@ jobs:
2525
env:
2626
# need to use a token from a user with access to github/github for this step
2727
GITHUB_TOKEN: ${{ secrets.DOCS_BOT_PAT_WRITEORG_PROJECT }}
28-
run: npm run graphql-sync
28+
run: npm run sync-graphql
2929
- name: Create pull request
3030
id: create-pull-request
3131
uses: peter-evans/create-pull-request@6cd32fd93684475c31847837f87bb135d40a2b79 # pin @v7.0.3

.github/workflows/sync-openapi.yml

+2-1
Original file line numberDiff line numberDiff line change
@@ -101,7 +101,8 @@ jobs:
101101
102102
If CI does not pass or other problems arise, contact #docs-engineering on slack.' \
103103
--repo github/docs-internal \
104-
--label github-openapi-bot
104+
--label github-openapi-bot \
105+
--head=$branchname \
105106
106107
- uses: ./.github/actions/slack-alert
107108
if: ${{ failure() && github.event_name != 'workflow_dispatch' }}

.github/workflows/sync-secret-scanning.yml

+2-1
Original file line numberDiff line numberDiff line change
@@ -76,7 +76,8 @@ jobs:
7676
7777
If CI does not pass or other problems arise, contact #docs-engineering on Slack.' \
7878
--repo github/docs-internal \
79-
--label secret-scanning-pipeline,'skip FR board',ready-for-doc-review
79+
--label secret-scanning-pipeline,'skip FR board',ready-for-doc-review \
80+
--head=$branchname
8081
8182
- uses: ./.github/actions/slack-alert
8283
if: ${{ failure() && github.event_name != 'workflow_dispatch' }}

0 commit comments

Comments
 (0)