Merge branch 'github:main' into main

Author: Theo13111

.devcontainer/Dockerfile

@@ -1,8 +1,8 @@
-# See here for image contents: https://github.com/microsoft/vscode-dev-containers/blob/main/containers/javascript-node/.devcontainer/base.Dockerfile
+# To find available Node images, see https://mcr.microsoft.com/en-us/product/devcontainers/javascript-node/tags
 
 # [Choice] Node.js version
-ARG VARIANT="18-buster"
-FROM mcr.microsoft.com/vscode/devcontainers/javascript-node:0-${VARIANT}
+ARG VARIANT="dev-20-bullseye"
+FROM mcr.microsoft.com/devcontainers/javascript-node:${VARIANT}
 
 # [Optional] Uncomment this section to install additional OS packages.
 # RUN apt-get update && export DEBIAN_FRONTEND=noninteractive \

.devcontainer/devcontainer.json

@@ -6,7 +6,7 @@
     "build": {
         "dockerfile": "Dockerfile",
         // Update 'VARIANT' to pick a Node version
-        "args": { "VARIANT": "18" }
+        "args": { "VARIANT": "20" }
     },
 
     // Set *default* container specific settings.json values on container create.

.eslintrc.cjs

@@ -14,16 +14,4 @@ src/ghes-releases/lib/enterprise-dates.json @github/docs-content-enterprise
 content/actions/deployment/security-hardening-your-deployments/** @github/oidc
 
 # RAI - CELA
-data/reusables/copilot/about-copilot-chat.md @github/legal-product
-content/copilot/github-copilot-in-the-cli/about-github-copilot-in-the-cli.md @github/legal-product
-
-content/code-security/secret-scanning/about-the-regular-expression-generator-for-custom-patterns @github/legal-product
-data/reusables/secret-scanning/beta-custom-pattern-regular-expression-generator.md @github/legal-product
-
-content/code-security/secret-scanning/about-the-detection-of-generic-secrets-with-secret-scanning.md @github/legal-product
-data/reusables/secret-scanning/generic-secret-detection-ai.md @github/legal-product
-
-content/code-security/code-scanning/managing-code-scanning-alerts/about-autofix-for-codeql-code-scanning.md @github/legal-product
-data/reusables/rai/ @github/legal-product
-
-content/copilot/github-copilot-enterprise/copilot-pull-request-summaries/about-copilot-pull-request-summaries.md @github/legal-product
+data/reusables/rai/** @github/legal-product

.github/CODEOWNERS

@@ -13,14 +13,14 @@ Use the table of contents icon <img src="/contributing/images/table-of-contents.
 To get an overview of the project, read the [README](README.md) file. Here are some resources to help you get started with open source contributions:
 
 - [Finding ways to contribute to open source on GitHub](https://docs.github.com/en/get-started/exploring-projects-on-github/finding-ways-to-contribute-to-open-source-on-github)
-- [Set up Git](https://docs.github.com/en/get-started/quickstart/set-up-git)
-- [GitHub flow](https://docs.github.com/en/get-started/quickstart/github-flow)
+- [Set up Git](https://docs.github.com/en/get-started/getting-started-with-git/set-up-git)
+- [GitHub flow](https://docs.github.com/en/get-started/using-github/github-flow)
 - [Collaborating with pull requests](https://docs.github.com/en/github/collaborating-with-pull-requests)
 
 
 ## Getting started
 
-To navigate our codebase with confidence, see [the introduction to working in the docs repository](/contributing/working-in-docs-repository.md) :confetti_ball:. For more information on how we write our markdown files, see [the GitHub Markdown reference](contributing/content-markup-reference.md).
+To navigate our codebase with confidence, see [the introduction to working in the docs repository](/contributing/README.md) :confetti_ball:. For more information on how we write our markdown files, see "[Using Markdown and Liquid in GitHub Docs](https://docs.github.com/en/contributing/writing-for-github-docs/using-markdown-and-liquid-in-github-docs).
 
 Check to see what [types of contributions](/contributing/types-of-contributions.md) we accept before making changes. Some of them don't even require writing a single line of code :sparkles:.
 
@@ -32,7 +32,7 @@ If you spot a problem with the docs, [search if an issue already exists](https:/
 
 #### Solve an issue
 
-Scan through our [existing issues](https://github.com/github/docs/issues) to find one that interests you. You can narrow down the search using `labels` as filters. See [Labels](/contributing/how-to-use-labels.md) for more information. As a general rule, we don’t assign issues to anyone. If you find an issue to work on, you are welcome to open a PR with a fix.
+Scan through our [existing issues](https://github.com/github/docs/issues) to find one that interests you. You can narrow down the search using `labels` as filters. See "[Label reference](https://docs.github.com/en/contributing/collaborating-on-github-docs/label-reference)" for more information. As a general rule, we don’t assign issues to anyone. If you find an issue to work on, you are welcome to open a PR with a fix.
 
 ### Make Changes
 
@@ -62,7 +62,7 @@ For more information about using a codespace for working on GitHub documentation
 
 ### Commit your update
 
-Commit the changes once you are happy with them. Don't forget to [self-review](/contributing/self-review.md) to speed up the review process:zap:.
+Commit the changes once you are happy with them. Don't forget to use the "[Self review checklist](https://docs.github.com/en/contributing/collaborating-on-github-docs/self-review-checklist) to speed up the review process :zap:.
 
 ### Pull Request
 

CODE_OF_CONDUCT.md renamed to .github/CODE_OF_CONDUCT.md

@@ -18,7 +18,7 @@ body:
       label: Code of Conduct
       description: This project has a Code of Conduct that all participants are expected to understand and follow.
       options:
-        - label: I have read and agree to the GitHub Docs project's [Code of Conduct](https://github.com/github/docs/blob/main/CODE_OF_CONDUCT.md)
+        - label: I have read and agree to the GitHub Docs project's [Code of Conduct](https://github.com/github/docs/blob/main/.github/CODE_OF_CONDUCT.md)
           required: true
 
   - type: textarea

CONTRIBUTING.md renamed to .github/CONTRIBUTING.md

@@ -39,7 +39,7 @@ body:
           required: true
         - label: MUST emphasize how the third-party product works with GitHub.
           required: true
-        - label: MUST be written in Markdown format, using [one of the templates provided](contributing/github-partners/README.md#templates).
+        - label: MUST be written in Markdown format, using [one of the templates provided](https://docs.github.com/en/contributing/writing-for-github-docs/templates).
           required: true
         - label: MUST include the name and URL of the GitHub technology partner responsible for maintenance of the documentation being contributed. This should be added via the `contributor.name` and `contributor.URL` properties in the template's YAML frontmatter.
           required: true

.github/ISSUE_TEMPLATE/improve-existing-docs.yaml

@@ -16,7 +16,7 @@ If you made changes to the `content` directory, a table will populate in a comme
 
 ### Check off the following:
 
-- [ ] I have reviewed my changes in staging, available via the **View deployment** link in this PR's timeline.
+- [ ] I have reviewed my changes in staging, available via the **View deployment** link in this PR's timeline (this link will be available after opening the PR).
 
   - For content changes, you will also see an automatically generated comment with links directly to pages you've modified. The comment won't appear if your PR only edits files in the `data` directory.
-- [ ] For content changes, I have completed the [self-review checklist](https://github.com/github/docs/blob/main/contributing/self-review.md#self-review).
+- [ ] For content changes, I have completed the [self-review checklist](https://docs.github.com/en/contributing/collaborating-on-github-docs/self-review-checklist).

.github/ISSUE_TEMPLATE/partner-contributed-documentation.yml

@@ -0,0 +1,46 @@
+name: Warmup pageinfo cache
+
+description: Run this to create a .pageinfo-cache.json.br file
+
+inputs:
+  restore-only:
+    description: Only attempt to restore, don't warm up
+    required: false
+
+runs:
+  using: 'composite'
+  steps:
+    # The caching technique here is to "unboundedly" add to the cache.
+    # By unboundedly, it means the cached item will grow and grow.
+    # The general idea is that we A) restore from cache, B) replace the
+    # file by running the script, and C) save the file back to cache.
+    # Optionally, you can have it just do A (and not B and C).
+
+    - name: Cache .pageinfo-cache.json.br (restore)
+      # You can't use a SHA on these. Only possible with `actions/cache@SHA...`
+      uses: actions/cache/restore@v3
+      with:
+        path: .pageinfo-cache.json.br
+        key: pageinfo-cache-
+        restore-keys: pageinfo-cache-
+
+    # When we use this composite action from the workflows like
+    # Azure Preview Deploy and Azure Production Deploy, we don't have
+    # any Node installed or any of its packages. I.e. we never
+    # run `npm ci` in those actions. For security sake.
+    # So we can't do things that require Node code.
+    # Tests and others will omit the `restore-only` input, but
+    # prepping for Docker build and push, will set it to a non-empty
+    # string which basically means "If you can restore it, great.
+    # If not, that's fine, don't bother".
+    - name: Run script
+      if: ${{ inputs.restore-only == '' }}
+      shell: bash
+      run: npm run precompute-pageinfo
+
+    - name: Cache .remotejson-cache (save)
+      if: ${{ inputs.restore-only == '' }}
+      uses: actions/cache/save@v3
+      with:
+        path: .pageinfo-cache.json.br
+        key: pageinfo-cache-${{ github.sha }}

.github/PULL_REQUEST_TEMPLATE.md

@@ -1,6 +1,6 @@
 name: Set up local Elasticsearch
 
-description: Install a local Elasticseach with version that matches prod
+description: Install a local Elasticsearch with version that matches prod
 
 inputs:
   token:

.github/actions/precompute-pageinfo/action.yml

@@ -30,3 +30,5 @@ updates:
     schedule:
       interval: weekly
       day: thursday
+    ignore:
+      - dependency-name: 'node'

.github/actions/setup-elasticsearch/action.yml

@@ -7,7 +7,7 @@ name: Auto Close Open Source Dependency Updates
 # **Who does it impact**: It helps docs engineering focus on higher value work.
 
 on:
-  pull_request_target:
+  pull_request:
     paths:
       - 'package*.json'
       - 'Gemfile*'
@@ -50,7 +50,7 @@ jobs:
 
       # Because we get far too much spam ;_;
       - name: Lock conversations
-        uses: actions/github-script@98814c53be79b1d30f795b907e553d8679345975
+        uses: actions/github-script@e69ef5462fd455e02edcaf4dd7708eda96b9eda0
         env:
           PR_NUMBER: ${{ github.event.pull_request.number }}
         with:

.github/dependabot.yml

@@ -116,7 +116,7 @@ jobs:
       - if: ${{ env.IS_INTERNAL_BUILD == 'true' }}
         name: Determine which docs-early-access branch to clone
         id: 'check-early-access'
-        uses: actions/github-script@98814c53be79b1d30f795b907e553d8679345975
+        uses: actions/github-script@e69ef5462fd455e02edcaf4dd7708eda96b9eda0
         env:
           BRANCH_NAME: ${{ env.BRANCH_NAME }}
         with:
@@ -157,7 +157,7 @@ jobs:
         run: src/early-access/scripts/merge-early-access.sh
 
       - name: Determine if we should include translations?
-        uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410
+        uses: actions/github-script@e69ef5462fd455e02edcaf4dd7708eda96b9eda0
         id: with-translations
         with:
           script: |
@@ -192,13 +192,16 @@ jobs:
           rsync -rptovR ./user-code/content/./**/*.md ./content
           rsync -rptovR ./user-code/assets/./**/*.png ./assets
           rsync -rptovR ./user-code/data/./**/*.{yml,md} ./data
-          rsync -rptovR ./user-code/components/./**/*.{scss,ts,tsx} ./components
-          rsync -rptovR ./user-code/src/./**/*.tsx ./src
+          rsync -rptovR ./user-code/src/./**/*.{scss,ts,tsx} ./src
 
       - uses: ./.github/actions/warmup-remotejson-cache
         with:
           restore-only: true
 
+      - uses: ./.github/actions/precompute-pageinfo
+        with:
+          restore-only: true
+
       # In addition to making the final image smaller, we also save time by not sending unnecessary files to the docker build context
       - name: 'Prune for preview env'
         run: src/workflows/prune-for-preview-env.sh
@@ -229,7 +232,7 @@ jobs:
         with:
           resourceGroupName: ${{ secrets.PREVIEW_ENV_RESOURCE_GROUP }}
           subscriptionId: ${{ secrets.NONPROD_SUBSCRIPTION_ID }}
-          template: ./azure-preview-env-template.json
+          template: ./src/workflows/azure-preview-env-template.json
           deploymentName: ${{ env.DEPLOYMENT_NAME }}
           parameters: appName="${{ env.APP_NAME }}"
             containerImage="${{ env.DOCKER_IMAGE }}"

.github/workflows/auto-close-dependencies.yml

@@ -5,6 +5,7 @@ name: Azure - Destroy Preview Env
 # **Who does it impact**: All contributors.
 
 on:
+  # Required in lieu of `pull_request` so that PRs created from forks can destroy the preview environment.
   pull_request_target:
     types:
       - closed

.github/workflows/azure-preview-env-deploy.yml

@@ -31,6 +31,9 @@ jobs:
     env:
       DOCKER_IMAGE: ${{ secrets.PROD_REGISTRY_SERVER }}/${{ github.repository }}:${{ github.sha }}
       DOCKER_IMAGE_CACHE_REF: ${{ secrets.PROD_REGISTRY_SERVER }}/${{ github.repository }}:main-production
+      RESOURCE_GROUP_NAME: docs-prod
+      APP_SERVICE_NAME: ghdocs-prod
+      SLOT_NAME: canary
 
     steps:
       - name: 'Az CLI login'
@@ -75,6 +78,10 @@ jobs:
         with:
           restore-only: true
 
+      - uses: ./.github/actions/precompute-pageinfo
+        with:
+          restore-only: true
+
       - uses: ./.github/actions/clone-translations
         with:
           token: ${{ secrets.DOCS_BOT_PAT_READPUBLICKEY }}
@@ -93,58 +100,23 @@ jobs:
 
       - name: 'Update docker-compose.prod.yaml template file'
         run: |
-          sed 's|#{IMAGE}#|${{ env.DOCKER_IMAGE }}|g' docker-compose.prod.tmpl.yaml > docker-compose.prod.yaml
+          sed 's|#{IMAGE}#|${{ env.DOCKER_IMAGE }}|g' src/workflows/docker-compose.prod.tmpl.yaml > docker-compose.prod.yaml
 
       - name: 'Apply updated docker-compose.prod.yaml config to canary slot'
         run: |
-          az webapp config container set --multicontainer-config-type COMPOSE --multicontainer-config-file docker-compose.prod.yaml --slot canary -n ghdocs-prod -g docs-prod
+          az webapp config container set --multicontainer-config-type COMPOSE --multicontainer-config-file docker-compose.prod.yaml --slot ${{ env.SLOT_NAME }} -n ${{ env.APP_SERVICE_NAME }} -g ${{ env.RESOURCE_GROUP_NAME }}
 
       # Watch canary slot instances to see when all the instances are ready
       - name: Check that canary slot is ready
-        uses: actions/github-script@98814c53be79b1d30f795b907e553d8679345975
         env:
           CHECK_INTERVAL: 10000
-        with:
-          script: |
-            const { execSync } = require('child_process')
-
-            const getStatesForSlot = (slot) => {
-              return JSON.parse(
-                execSync(
-                  `az webapp list-instances --slot ${slot} --query "[].state" -n ghdocs-prod -g docs-prod`,
-                  { encoding: 'utf8' }
-                )
-              )
-            }
-
-            let hasStopped = false
-            const waitDuration = parseInt(process.env.CHECK_INTERVAL, 10) || 10000
-            async function doCheck() {
-              const states = getStatesForSlot('canary')
-              console.log(`Instance states:`, states)
-
-              // We must wait until at-least 1 instance has STOPPED to know we're looking at the "next" deployment and not the "previous" one
-              // That way we don't immediately succeed just because all the previous instances were READY
-              if (!hasStopped) {
-                hasStopped = states.some((s) => s === 'STOPPED')
-              }
-
-              const isAllReady = states.every((s) => s === 'READY')
-
-              if (hasStopped && isAllReady) {
-                process.exit(0) // success
-              }
-
-              console.log(`checking again in ${waitDuration}ms`)
-              setTimeout(doCheck, waitDuration)
-            }
-
-            doCheck()
-
-      # TODO - make a request to verify the canary app version aligns with *this* github action workflow commit sha
+          EXPECTED_SHA: ${{ github.sha }}
+          CANARY_BUILD_URL: https://ghdocs-prod-canary.azurewebsites.net/_build
+        run: src/workflows/check-canary-slots.js
+
       - name: 'Swap canary slot to production'
         run: |
-          az webapp deployment slot swap --slot canary --target-slot production -n ghdocs-prod -g docs-prod
+          az webapp deployment slot swap --slot ${{ env.SLOT_NAME }}  --target-slot production -n ${{ env.APP_SERVICE_NAME }} -g ${{ env.RESOURCE_GROUP_NAME }}
 
       - uses: ./.github/actions/slack-alert
         if: ${{ failure() && github.event_name != 'workflow_dispatch' }}