Skip to content

Commit 36b6336

Browse files
wrslatzwrslatz
authored
Merge branch 'main' into gha-hardening-pull-request-target
2 parents ca12535 + 4ba9eea commit 36b6336

File tree

135 files changed

+1002
-1024
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

135 files changed

+1002
-1024
lines changed

.github/workflows/all-documents.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -20,7 +20,7 @@ jobs:
2020
runs-on: ubuntu-latest
2121
steps:
2222
- name: Check out repo
23-
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
23+
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
2424

2525
- uses: ./.github/actions/node-npm-setup
2626

.github/workflows/article-api-docs.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -22,7 +22,7 @@ jobs:
2222
if: github.repository == 'github/docs-internal' || github.repository == 'github/docs'
2323
steps:
2424
- name: Checkout
25-
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
25+
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
2626

2727
- uses: ./.github/actions/node-npm-setup
2828

.github/workflows/changelog-prompt.yml

Lines changed: 66 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,66 @@
1+
name: Changelog prompt when a PR is closed
2+
3+
on:
4+
pull_request:
5+
types: [closed]
6+
7+
permissions:
8+
contents: read
9+
pull-requests: write
10+
11+
jobs:
12+
comment-on-pr:
13+
# This workflow should only run on the 'github/docs-internal' repository because it posts changelog instructions
14+
# and links that are specific to the internal documentation process and resources.
15+
# It also only runs if PR is merged into the main branch.
16+
if: github.repository == 'github/docs-internal' && github.event.pull_request.merged == true && github.event.pull_request.base.ref == 'main'
17+
18+
runs-on: ubuntu-latest
19+
20+
steps:
21+
- name: Check if PR author is in docs-content team
22+
id: check_team
23+
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
24+
with:
25+
github-token: ${{ secrets.DOCS_BOT_PAT_BASE }}
26+
script: |
27+
try {
28+
const pr = context.payload.pull_request;
29+
await github.rest.teams.getMembershipForUserInOrg({
30+
org: 'github',
31+
team_slug: 'docs-content',
32+
username: pr.user.login,
33+
});
34+
core.exportVariable('CONTINUE_WORKFLOW', 'true');
35+
} catch(err) {
36+
core.info("Workflow triggered by a merged PR, but the PR author is not a member of the docs-content team.");
37+
core.exportVariable('CONTINUE_WORKFLOW', 'false');
38+
}
39+
40+
- name: Post changelog instructions comment
41+
42+
if: env.CONTINUE_WORKFLOW == 'true'
43+
44+
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
45+
with:
46+
github-token: ${{ secrets.DOCS_BOT_PAT_BASE }}
47+
script: |
48+
// Get PR author username
49+
const pr = context.payload.pull_request;
50+
const prAuthor = pr.user.login;
51+
52+
// Compose the comment body with readable YAML and correct formatting
53+
const commentBody =
54+
"👋 @" + prAuthor +
55+
" - Did this PR add noteworthy changes to the GitHub docs? If so, you might want to publicize this by adding an entry to " +
56+
"the [Docs changelog](https://github.com/github/docs-internal/blob/main/CHANGELOG.md).\n\n" +
57+
"To do this, type `/changelog` in a new comment on this PR and complete the fields.\n\n" +
58+
"A message will be posted to the **#docs-changelog** channel and a PR will be raised to update the [CHANGELOG.md](/CHANGELOG.md) file.";
59+
60+
// Post the comment
61+
await github.rest.issues.createComment({
62+
owner: context.repo.owner,
63+
repo: context.repo.repo,
64+
issue_number: pr.number,
65+
body: commentBody
66+
});

.github/workflows/check-broken-links-github-github.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -24,7 +24,7 @@ jobs:
2424
REPORT_REPOSITORY: github/docs-content
2525
steps:
2626
- name: Checkout
27-
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
27+
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
2828
with:
2929
# To prevent issues with cloning early access content later
3030
persist-credentials: 'false'

.github/workflows/close-on-invalid-label.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -37,7 +37,7 @@ jobs:
3737

3838
- name: Check out repo
3939
if: ${{ failure() && github.event_name != 'pull_request_target' }}
40-
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
40+
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
4141

4242
- uses: ./.github/actions/slack-alert
4343
if: ${{ failure() && github.event_name != 'pull_request_target' }}

.github/workflows/codeql.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -35,7 +35,7 @@ jobs:
3535
if: github.repository == 'github/docs-internal' || github.repository == 'github/docs'
3636
runs-on: ubuntu-latest
3737
steps:
38-
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
38+
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
3939
- uses: github/codeql-action/init@eb055d739abdc2e8de2e5f4ba1a8b246daa779aa # v3.26.0
4040
with:
4141
languages: javascript # comma separated list of values from {go, python, javascript, java, cpp, csharp, ruby}

.github/workflows/confirm-internal-staff-work-in-docs.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -83,7 +83,7 @@ jobs:
8383

8484
- name: Check out repo
8585
if: ${{ failure() && github.event_name != 'pull_request_target' }}
86-
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
86+
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
8787
- uses: ./.github/actions/slack-alert
8888
if: ${{ failure() && github.event_name != 'pull_request_target' }}
8989
with:

.github/workflows/content-lint-markdown.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -23,7 +23,7 @@ jobs:
2323
runs-on: ${{ fromJSON('["ubuntu-latest", "ubuntu-20.04-xl"]')[github.repository == 'github/docs-internal'] }}
2424
steps:
2525
- name: Check out repo
26-
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
26+
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
2727

2828
- name: Set up Node and dependencies
2929
uses: ./.github/actions/node-npm-setup

.github/workflows/content-linter-rules-docs.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -25,7 +25,7 @@ jobs:
2525
if: github.repository == 'github/docs-internal' || github.repository == 'github/docs'
2626
steps:
2727
- name: Checkout
28-
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
28+
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
2929

3030
- uses: ./.github/actions/node-npm-setup
3131

.github/workflows/copy-api-issue-to-internal.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -73,7 +73,7 @@ jobs:
7373

7474
- name: Check out repo
7575
if: ${{ failure() && github.event_name != 'workflow_dispatch' && github.repository == 'github/docs-internal' }}
76-
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
76+
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
7777
- uses: ./.github/actions/slack-alert
7878
if: ${{ failure() && github.event_name != 'workflow_dispatch' && github.repository == 'github/docs-internal' }}
7979
with:

0 commit comments

Comments
 (0)