Merge remote-tracking branch 'private/main'

Author: heiskr

.github/workflows/sync-openapi.yml

@@ -48,6 +48,7 @@ jobs:
           # will be checked out
           repository: github/models-gateway
           path: models-gateway
+          ref: main
 
       - uses: ./.github/actions/node-npm-setup
 

.github/workflows/triage-issue-comments.yml

@@ -47,9 +47,22 @@ jobs:
 
       - uses: ./.github/actions/node-npm-setup
 
+      - name: Check issue exists
+        id: exists
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          ISSUE_URL: ${{ github.event.issue.html_url }}
+        run: |
+          if gh issue view $ISSUE_URL > /dev/null 2>&1
+          then
+            echo "exists=y" >> $GITHUB_OUTPUT
+          else
+            echo "exists=n" >> $GITHUB_OUTPUT
+          fi
+
       - name: Label issues with new comments with 'triage'
         uses: ./.github/actions/labeler
-        if: ${{ steps.is-internal-contributor.outputs.result == 'false' }}
+        if: ${{ steps.is-internal-contributor.outputs.result == 'false' && steps.exists.outputs.exists == 'y' }}
         with:
           addLabels: 'triage'
           ignoreIfLabeled: true

content/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning-with-codeql.md

@@ -47,8 +47,13 @@ For information about {% data variables.product.prodname_code_scanning %} alerts
 
 {% data variables.product.prodname_codeql %} supports both compiled and interpreted languages, and can find vulnerabilities and errors in code that's written in the supported languages.
 
+{% data variables.product.prodname_codeql %} supports the following languages:
+
 {% data reusables.code-scanning.codeql-languages-bullets %}
 
+> [!IMPORTANT]
+> {% data variables.product.prodname_codeql %} does **not** support languages that are not listed above. This includes, but is not limited to, **Rust**, **PHP**, **Scala**, and others. Attempting to use {% data variables.product.prodname_codeql %} with unsupported languages may result in no alerts being generated and incomplete analysis.
+
 ## Modeling custom or niche frameworks
 
 {% data variables.product.github %} experts, security researchers, and community contributors write libraries to model the flow of data in popular frameworks and libraries. If you use custom dependencies that aren't modeled, then you can use the {% data variables.product.prodname_codeql %} extension for {% data variables.product.prodname_vscode %} to create models for these dependencies and use them to extend your analysis. For more information, see [AUTOTITLE](/code-security/codeql-for-vs-code/using-the-advanced-functionality-of-the-codeql-for-vs-code-extension/using-the-codeql-model-editor).

content/code-security/securing-your-organization/enabling-security-features-in-your-organization/applying-the-github-recommended-security-configuration-in-your-organization.md

@@ -17,7 +17,7 @@ topics:
 The {% data variables.product.prodname_github_security_configuration %} is a collection of enablement settings for {% data variables.product.company_short %}'s security features that is created and maintained by subject matter experts at {% data variables.product.company_short %}. The {% data variables.product.prodname_github_security_configuration %} is designed to successfully reduce the security risks for low- and high-impact repositories. We recommend you apply this configuration to all the repositories in your organization.
 
 > [!NOTE]
-> The {% data variables.product.prodname_github_security_configuration %} includes {% data variables.product.prodname_GH_code_security %} and {% data variables.product.prodname_GH_secret_protection %} features. Applying the configuration to private and internal repositories in your organization will incur usage costs or require licenses.
+> The {% data variables.product.prodname_github_security_configuration %} includes {% data variables.product.prodname_GH_code_security %} and {% data variables.product.prodname_GH_secret_protection %} features. Applying the configuration to repositories in your organization will incur usage costs or require licenses.
 
 ## Applying the {% data variables.product.prodname_github_security_configuration %} to all repositories in your organization
 

content/code-security/securing-your-organization/introduction-to-securing-your-organization-at-scale/choosing-a-security-configuration-for-your-repositories.md

@@ -31,7 +31,7 @@ The {% data variables.product.prodname_github_security_configuration %} offers a
 * It is the quickest {% data variables.product.prodname_security_configuration %} to apply to all repositories in your organization.
 * It is designed to effectively secure both low- and high-impact repositories.
 
-The {% data variables.product.prodname_github_security_configuration %} includes {% data variables.product.prodname_GH_code_security %} and {% data variables.product.prodname_GH_secret_protection %} features. Applying the configuration to private and internal repositories in your organization will incur usage costs or require licenses.
+The {% data variables.product.prodname_github_security_configuration %} includes {% data variables.product.prodname_GH_code_security %} and {% data variables.product.prodname_GH_secret_protection %} features. Applying the configuration to repositories in your organization will incur usage costs or require licenses.
 
 To start securing repositories in your organization with the {% data variables.product.prodname_github_security_configuration %}, see [AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/applying-the-github-recommended-security-configuration-in-your-organization).
 

content/github-models/use-github-models/prototyping-with-ai-models.md

@@ -265,7 +265,7 @@ Low, high, and embedding models have different rate limits. To see which type of
     <td>1</td>
   </tr>
   <tr>
-    <th rowspan="4" scope="rowgroup"><b>Azure OpenAI o1 and o3</b></th>
+    <th rowspan="4" scope="rowgroup"><b>Azure OpenAI o1 and o3, xAI Grok-3</b></th>
     <th style="padding-left: 0"><b>Requests per minute</b></th>
     <td>Not applicable</td>
     <td>1</td>

content/github-models/use-github-models/storing-prompts-in-github-repositories.md

@@ -18,39 +18,49 @@ Prompts can be stored as files directly within GitHub repositories. This unlocks
 
 ## Supported file format
 
-Store prompts in markdown files with optional YAML front matter.
+Store prompts in YAML files.
 
-The file can be located anywhere in your repository, but it **must have the extension `.prompt.md`**.
+The file can be located anywhere in your repository, but _must have the extension `.prompt.yml` or `.prompt.yaml`._
 
 Example:
 
-```yaml
----
-name: Summarizer
-description: Summarizes a given text
-model: openai/gpt-4o
-model_parameters:
+``` yaml copy
+name: Text Summarizer
+description: Summarizes input text concisely
+model: gpt-4o-mini
+modelParameters:
   temperature: 0.5
----
-system:
-You are a text summarizer. Your only job is to summarize a given text to you.
-user:
-Summarize the given text:
-<text>
-{% raw %}{{text}}{% endraw %}
-</text>
+messages:
+  - role: system
+    content: You are a text summarizer. Your only job is to summarize text given to you.
+  - role: user
+    content: |
+      Summarize the given text, beginning with "Summary -":
+      <text>
+      {% raw %}{{input}}{% endraw %}
+      </text>
+testData:
+  - input: |
+      The quick brown fox jumped over the lazy dog.
+      The dog was too tired to react.
+    expected: Summary - A fox jumped over a lazy, unresponsive dog.
+evaluators:
+  - name: Output should start with 'Summary -'
+    string:
+      startsWith: 'Summary -'
 ```
 
 ## Prompt structure
 
 Prompts have two key parts:
 
 * **Runtime information** (required)
-  * Prompt templates (system, user, etc.) using simple {{variable}} placeholders
+  * Prompt templates (system, user, etc.) using simple {% raw %}`{{variable}}`{% endraw %} placeholders
 * **Development information** (optional)
   * Human-readable name and description
   * Model identifier and parameters
   * Sample data for testing and evaluations
+  * Data describing the evaluators themselves
 
 ## Limitations
 

data/ui.yml

@@ -47,7 +47,7 @@ search:
     privacy_disclaimer: For product and service improvement purposes, the GitHub Docs team will retain questions and answers generated in the Docs search function. Please see the <a href="https://docs.github.com/privacy"><u>GitHub Privacy Statement</u></a> to review how GitHub collects and uses your data.
   ai:
     disclaimer: <a href="https://docs.github.com/en/copilot/responsible-use-of-github-copilot-features/responsible-use-of-github-copilot-chat-in-githubcom"}>Copilot</a> uses AI. Check for mistakes.
-    references: Additional docs
+    references: Copilot Sources
     loading_status_message: Loading Copilot response...
     done_loading_status_message: Done loading Copilot response
     copy_answer: Copy answer

package.json

@@ -27,14 +27,15 @@
     "content-changes-table-comment": "tsx src/workflows/content-changes-table-comment.ts",
     "copy-fixture-data": "tsx src/tests/scripts/copy-fixture-data.js",
     "count-translation-corruptions": "tsx src/languages/scripts/count-translation-corruptions.ts",
-    "create-enterprise-issue": "tsx src/ghes-releases/scripts/create-enterprise-issue.js",
+    "create-enterprise-issue": "tsx src/ghes-releases/scripts/create-enterprise-issue.ts",
     "debug": "cross-env NODE_ENV=development ENABLED_LANGUAGES=en nodemon --inspect src/frame/server.ts",
     "delete-orphan-translation-files": "tsx src/workflows/delete-orphan-translation-files.ts",
     "deleted-assets-pr-comment": "tsx src/assets/scripts/deleted-assets-pr-comment.ts",
     "deleted-features-pr-comment": "tsx src/data-directory/scripts/deleted-features-pr-comment.ts",
     "deprecate-ghes": "tsx src/ghes-releases/scripts/deprecate/index.ts",
     "deprecate-ghes-archive": "cross-env NODE_OPTIONS=--max-old-space-size=16384 tsx src/ghes-releases/scripts/deprecate/archive-version.ts",
     "dev": "cross-env npm start",
+    "dev-toc": "tsx src/dev-toc/generate.ts",
     "enable-automerge": "tsx src/workflows/enable-automerge.ts",
     "find-orphaned-assets": "tsx src/assets/scripts/find-orphaned-assets.ts",
     "find-orphaned-features": "tsx src/data-directory/scripts/find-orphaned-features/index.ts",
@@ -75,7 +76,7 @@
     "purge-fastly-edge-cache-per-language": "tsx src/languages/scripts/purge-fastly-edge-cache-per-language.js",
     "purge-old-workflow-runs": "tsx src/workflows/purge-old-workflow-runs.js",
     "ready-for-docs-review": "tsx src/workflows/ready-for-docs-review.ts",
-    "release-banner": "tsx src/ghes-releases/scripts/release-banner.js",
+    "release-banner": "tsx src/ghes-releases/scripts/release-banner.ts",
     "reusables": "tsx src/content-render/scripts/reusables-cli.ts",
     "rendered-content-link-checker": "tsx src/links/scripts/rendered-content-link-checker.ts",
     "rendered-content-link-checker-cli": "tsx src/links/scripts/rendered-content-link-checker-cli.ts",
@@ -97,7 +98,7 @@
     "tsc": "tsc --noEmit",
     "unallowed-contributions": "tsx src/workflows/unallowed-contributions.ts",
     "update-data-and-image-paths": "tsx src/early-access/scripts/update-data-and-image-paths.js",
-    "update-enterprise-dates": "tsx src/ghes-releases/scripts/update-enterprise-dates.js",
+    "update-enterprise-dates": "tsx src/ghes-releases/scripts/update-enterprise-dates.ts",
     "update-internal-links": "tsx src/links/scripts/update-internal-links.ts",
     "validate-asset-images": "tsx src/assets/scripts/validate-asset-images.ts",
     "validate-github-github-docs-urls": "tsx src/links/scripts/validate-github-github-docs-urls/index.ts",

src/audit-logs/tests/rendering.js renamed to src/audit-logs/tests/rendering.ts

@@ -20,7 +20,7 @@ describe('audit log events docs', () => {
       path: '/authentication/keeping-your-account-and-data-secure/security-log-events',
       type: 'user',
     },
-  ]
+  ] as const
 
   // This test ensures that the audit log event page components and Markdown
   // file are in sync.  Additionally, it checks all event categories are
@@ -32,7 +32,7 @@ describe('audit log events docs', () => {
         // the enterprise events page has no FPT versioned audit log data
         if (page.type === 'enterprise' && version === 'free-pro-team@latest') continue
 
-        const auditLogEvents = getCategorizedAuditLogEvents(page.type, version, true)
+        const auditLogEvents = getCategorizedAuditLogEvents(page.type, version)
 
         if (Object.keys(auditLogEvents).length === 0) {
           console.warn(`There are no audit log events for ${page.path} with version '${version}'.`)

src/audit-logs/tests/unit/filter-events.js renamed to src/audit-logs/tests/unit/filter-events.ts

@@ -1,70 +1,90 @@
 import { describe, expect, test } from 'vitest'
 
 import { filterByAllowlistValues, filterAndUpdateGhesDataByAllowlistValues } from '../../lib'
+import type { RawAuditLogEventT, VersionedAuditLogData } from '../../types'
 
 describe('audit log event fitering', () => {
   test('matches single allowlist value', () => {
-    const eventsToProcess = [
+    const eventsToProcess: RawAuditLogEventT[] = [
       {
         action: 'repo.create',
         _allowlists: ['user'],
         description: 'repo was created',
+        docs_reference_links: '',
+        ghes: {},
       },
     ]
 
-    const filteredEvents = filterByAllowlistValues(eventsToProcess, 'user')
+    const filteredEvents = filterByAllowlistValues(eventsToProcess, 'user', [], {
+      sha: '',
+      appendedDescriptions: {},
+    })
     expect(filteredEvents[0].action).toEqual('repo.create')
   })
 
   test('matches multiple allowlist values', () => {
-    const eventsToProcess = [
+    const eventsToProcess: RawAuditLogEventT[] = [
       {
         action: 'repo.create',
         _allowlists: ['user'],
         description: 'repo was created',
+        docs_reference_links: '',
+        ghes: {},
       },
       {
         action: 'repo.delete',
         _allowlists: ['organization'],
         description: 'repo was deleted',
+        docs_reference_links: '',
+        ghes: {},
       },
     ]
 
-    const filteredEvents = filterByAllowlistValues(eventsToProcess, ['user', 'organization'])
+    const filteredEvents = filterByAllowlistValues(eventsToProcess, ['user', 'organization'], [], {
+      sha: '',
+      appendedDescriptions: {},
+    })
     expect(filteredEvents[0].action).toEqual('repo.create')
     expect(filteredEvents.length).toEqual(2)
   })
 
   test('does not match non-matching allowlist value', () => {
-    const eventsToProcess = [
+    const eventsToProcess: RawAuditLogEventT[] = [
       {
         action: 'repo.create',
         _allowlists: ['user'],
         description: 'repo was created',
+        docs_reference_links: '',
+        ghes: {},
       },
     ]
 
-    const filteredEvents = filterByAllowlistValues(eventsToProcess, 'organization')
+    const filteredEvents = filterByAllowlistValues(eventsToProcess, 'organization', [], {
+      sha: '',
+      appendedDescriptions: {},
+    })
     expect(filteredEvents.length).toBe(0)
   })
 
   test('ghes filters and updates multiple ghes versions', () => {
-    const eventsToProcess = [
+    const eventsToProcess: RawAuditLogEventT[] = [
       {
         action: 'repo.create',
         description: 'repo was created',
+        docs_reference_links: '',
+        _allowlists: [],
         ghes: {
           '3.10': {
             _allowlists: ['user'],
           },
-          3.11: {
+          '3.11': {
             _allowlists: ['user'],
           },
         },
       },
     ]
 
-    const currentEvents = {
+    const currentEvents: VersionedAuditLogData = {
       'ghes-3.11': {
         organization: [
           {
@@ -90,10 +110,13 @@ describe('audit log event fitering', () => {
       eventsToProcess,
       'user',
       currentEvents,
-      {},
+      {
+        sha: '',
+        appendedDescriptions: {},
+      },
       auditLogPage,
     )
-    const getActions = (version) =>
+    const getActions = (version: string) =>
       currentEvents[version][auditLogPage].map((event) => event.action)
     expect(getActions('ghes-3.10').includes('repo.create')).toBe(true)
     expect(getActions('ghes-3.11').includes('repo.create')).toBe(true)

src/events/components/experiments/experiments.ts

@@ -21,7 +21,7 @@ export const EXPERIMENTS = {
   ai_search_experiment: {
     key: 'ai_search_experiment',
     isActive: true, // Set to false when the experiment is over
-    percentOfUsersToGetExperiment: 20, // 20% of users will get the experiment
+    percentOfUsersToGetExperiment: 30, // 30% of users will get the experiment
     includeVariationInContext: true, // All events will include the `experiment_variation` of the `ai_search_experiment`
     limitToLanguages: ['en'], // Only users with the `en` language will be included in the experiment
     alwaysShowForStaff: true, // When set to true, staff will always see the experiment (determined by the `staffonly` cookie)

src/fixtures/fixtures/data/ui.yml

@@ -47,7 +47,7 @@ search:
     privacy_disclaimer: For product and service improvement purposes, the GitHub Docs team will retain questions and answers generated in the Docs search function. Please see the <a href="https://docs.github.com/privacy"><u>GitHub Privacy Statement</u></a> to review how GitHub collects and uses your data.
   ai:
     disclaimer: <a href="https://docs.github.com/en/copilot/responsible-use-of-github-copilot-features/responsible-use-of-github-copilot-chat-in-githubcom"}>Copilot</a> uses AI. Check for mistakes.
-    references: Additional docs
+    references: Copilot Sources
     loading_status_message: Loading Copilot response...
     done_loading_status_message: Done loading Copilot response
     copy_answer: Copy answer