Merge branch 'main' into updated-env-docs

Author: SiaraMist

.devcontainer/devcontainer.json

@@ -58,6 +58,9 @@
     // Use 'postCreateCommand' to run commands after the container is created.
     "postCreateCommand": "npm ci",
 
+    // Use 'updateContentCommand' to run commands to be included in Codespace pre-builds
+    "updateContentCommand": "git clone https://github.com/github/rest-api-description.git",
+
     // Comment out connect as root instead. More info: https://aka.ms/vscode-remote/containers/non-root.
     "remoteUser": "node",
 

.github/workflows/azure-preview-env-deploy.yml

@@ -79,7 +79,7 @@ jobs:
           creds: ${{ secrets.NONPROD_AZURE_CREDENTIALS }}
 
       - name: 'Docker login'
-        uses: azure/docker-login@83efeb77770c98b620c73055fbb59b2847e17dc0
+        uses: azure/docker-login@15c4aadf093404726ab2ff205b2cdd33fa6d054c
         with:
           login-server: ${{ secrets.NONPROD_REGISTRY_SERVER }}
           username: ${{ env.NONPROD_REGISTRY_USERNAME }}
@@ -206,7 +206,7 @@ jobs:
         run: src/workflows/prune-for-preview-env.sh
 
       - name: 'Build and push image'
-        uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0
+        uses: docker/build-push-action@ca052bb54ab0790a636c9b5f226502c73d547a25
         with:
           context: .
           push: true

.github/workflows/azure-prod-build-deploy.yml

@@ -42,7 +42,7 @@ jobs:
           creds: ${{ secrets.PROD_AZURE_CREDENTIALS }}
 
       - name: 'Docker login'
-        uses: azure/docker-login@83efeb77770c98b620c73055fbb59b2847e17dc0
+        uses: azure/docker-login@15c4aadf093404726ab2ff205b2cdd33fa6d054c
         with:
           login-server: ${{ secrets.PROD_REGISTRY_SERVER }}
           username: ${{ secrets.PROD_REGISTRY_USERNAME }}
@@ -90,7 +90,7 @@ jobs:
           token: ${{ secrets.DOCS_BOT_PAT_READPUBLICKEY }}
 
       - name: 'Build and push image'
-        uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0
+        uses: docker/build-push-action@ca052bb54ab0790a636c9b5f226502c73d547a25
         with:
           context: .
           push: true

.github/workflows/azure-staging-build-deploy.yml

@@ -50,7 +50,7 @@ jobs:
           creds: ${{ secrets.PROD_AZURE_CREDENTIALS }}
 
       - name: 'Docker login'
-        uses: azure/docker-login@83efeb77770c98b620c73055fbb59b2847e17dc0
+        uses: azure/docker-login@15c4aadf093404726ab2ff205b2cdd33fa6d054c
         with:
           login-server: ${{ secrets.NONPROD_REGISTRY_SERVER }}
           username: ${{ secrets.NONPROD_REGISTRY_USERNAME }}
@@ -91,7 +91,7 @@ jobs:
         run: src/early-access/scripts/merge-early-access.sh
 
       - name: 'Build and push image'
-        uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0
+        uses: docker/build-push-action@ca052bb54ab0790a636c9b5f226502c73d547a25
         with:
           context: .
           push: true

.github/workflows/codeql.yml

@@ -10,6 +10,9 @@ on:
       - main
     paths:
       - '**/*.js'
+      - '**/*.ts'
+      - '**/*.jsx'
+      - '**/*.tsx'
       - '.github/workflows/codeql.yml'
   # This is so that when CodeQL runs on a pull request, it can compare
   # against the state of the base branch.

.github/workflows/comment-release-note-info.yml

@@ -0,0 +1,32 @@
+# This workflow provides information when a contributor edits a release note file
+
+name: Comment on release note changes
+
+on:
+  pull_request:
+    types:
+      - opened
+    paths:
+      - data/release-notes/enterprise-server/**
+
+permissions:
+  contents: read
+  pull-requests: write
+
+jobs:
+  comment:
+    # Do not add this comment on PRs created by the bot during the standard patch release process
+    # or in the github/docs repository
+    if: github.event.pull_request.user.login != 'release-controller[bot]' && github.repository == 'github/docs-internal'
+    runs-on: ubuntu-latest
+    steps:
+      - uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043
+        with:
+          issue-number: ${{ github.event.pull_request.number }}
+          body: |
+            Thank you for updating our GitHub Enterprise Server release notes. A member of the `docs-content-enterprise` team will review your changes.
+
+            - If the change is urgent, post in `#docs-content-enterprise` on Slack.
+            - Review the [style guide for release notes](https://docs.github.com/en/contributing/style-guide-and-content-model/style-guide#release-notes).
+            - If you're updating or adding a note, add a datestamp in the format `[Updated: YYYY-MM-DD]`.
+            - If you're removing a note, add an "[Errata](https://docs.github.com/en/contributing/style-guide-and-content-model/style-guide#errata)" section with details of the change.

.github/workflows/generate-code-scanning-query-lists.yml

@@ -106,6 +106,12 @@ jobs:
           GITHUB_TOKEN: ${{ secrets.DOCS_BOT_PAT_READPUBLICKEY }}
           DRY_RUN: ${{ github.event_name == 'pull_request'}}
         run: |
+
+          # When we started, we downloaded the CodeQL CLI here in this workflow.
+          # We have no intention of checking that in but we also don't want
+          # `git status ...` to show it as an untracked file.
+          rm -fr ./codeql
+
           # If nothing to commit, exit now. It's fine. No orphans.
           changes=$(git diff --name-only | wc -l)
           untracked=$(git status --untracked-files --short | wc -l)

.github/workflows/link-check-daily.yml

@@ -52,7 +52,7 @@ jobs:
         uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0
         with:
           path: external-link-checker-db.json
-          key: external-link-checker-${{ hashFiles('src/links/scripts/rendered-content-link-checker.js') }}
+          key: external-link-checker-${{ hashFiles('src/links/scripts/rendered-content-link-checker.ts') }}
 
       - name: Insight into external link checker DB json file (before)
         run: |
@@ -87,7 +87,7 @@ jobs:
           EXTERNAL_SERVER_ERRORS_AS_WARNINGS: true
           FAIL_ON_FLAW: false
         timeout-minutes: 30
-        run: node src/links/scripts/rendered-content-link-checker.js
+        run: npm run rendered-content-link-checker
 
       - name: Insight into external link checker DB json file (after)
         run: |

.github/workflows/link-check-on-pr.yml

@@ -50,4 +50,4 @@ jobs:
           # been loaded.
           ENABLED_LANGUAGES: en
           FAIL_ON_FLAW: true
-        run: node src/links/scripts/rendered-content-link-checker.js
+        run: npm run rendered-content-link-checker

.github/workflows/main-preview-docker-cache.yml

@@ -35,7 +35,7 @@ jobs:
           creds: ${{ secrets.NONPROD_AZURE_CREDENTIALS }}
 
       - name: 'Docker login'
-        uses: azure/docker-login@83efeb77770c98b620c73055fbb59b2847e17dc0
+        uses: azure/docker-login@15c4aadf093404726ab2ff205b2cdd33fa6d054c
         with:
           login-server: ${{ secrets.NONPROD_REGISTRY_SERVER }}
           username: ${{ env.NONPROD_REGISTRY_USERNAME }}
@@ -68,7 +68,7 @@ jobs:
         run: src/workflows/prune-for-preview-env.sh
 
       - name: 'Build and push image'
-        uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0
+        uses: docker/build-push-action@ca052bb54ab0790a636c9b5f226502c73d547a25
         with:
           context: .
           push: true