Merge branch 'main' into fix/invokeprompt-12157

Author: sdwheeler

.github/actions/.pwsh/scripts/Test-Authorization.ps1

@@ -69,7 +69,8 @@ param(
   [Parameter(Mandatory, ParameterSetName='Path')]
   [string[]]$TargetPath,
   [ValidateSet('Admin', 'Maintain', 'Pull', 'Push', 'Triage')]
-  [string[]]$ValidPermissions = @('Admin', 'Maintain')
+  [string[]]$ValidPermissions = @('Admin', 'Maintain'),
+  [string[]]$AuthorizedAccounts
 )
 
 begin {
@@ -101,6 +102,10 @@ begin {
       Console = Format-ConsoleStyle -Text $User -DefinedStyle UserName
       Markdown = "``$User``"
     }
+    AuthorizedAccounts = @{
+      Console = Format-ConsoleStyle -Text 'AuthorizedAccounts' -DefinedStyle Success
+      Markdown = '`AuthorizedAccounts`'
+    }
   }
   if (![string]::IsNullOrEmpty($TargetBranch)) {
     $ConsoleBranch = Format-ConsoleStyle -Text $TargetBranch -StyleComponent $TargetStyle
@@ -123,6 +128,19 @@ begin {
 }
 
 process {
+  if ($AuthorizedAccounts.Count -gt 0 -and $User -in $AuthorizedAccounts) {
+    $template = "Account {0} is explicitly permitted per the {1} parameter."
+    $message  = @{
+      summary = ($template -f $Texts.Author.Markdown, $Texts.AuthorizedAccounts.Markdown)
+      console = ($template -f $Texts.Author.Console,  $Texts.AuthorizedAccounts.Console)
+    }
+    $null = $Summary.AppendLine('## Authorization').AppendLine()
+    $null = $Summary.AppendLine($message.summary).AppendLine()
+    # Console Logging
+    $message.console
+
+    return
+  }
   try {
     $Permissions = Get-AuthorPermission -Owner $Owner -Repo $Repo -Author $User
   } catch {
@@ -149,7 +167,7 @@ process {
     "$Prefix`t$Setting"
   }
   #endregion Permission Retrieval Messaging
-  
+
   $null = $Summary.AppendLine('## Result').AppendLine()
 
   # Check for authorization; if the user has any of the valid permissions, they

.github/actions/commenting/expectations/v1/Parameters.psd1

@@ -1,7 +1,7 @@
 @{
     Parameters = @(
       @{
-        Name = 'Repository'
+        Name = 'repository'
         Type = 'string'
         IfNullOrEmpty = {
           param($ErrorTarget)
@@ -31,7 +31,7 @@
       }
 
       @{
-        Name = 'Message_Body'
+        Name = 'message_body'
         Type = 'String'
         IfNullOrEmpty = {
           param($ErrorTarget)
@@ -75,7 +75,7 @@
       }
 
       @{
-        Name = 'Message_Path'
+        Name = 'message_path'
         Type = 'String'
         IfNullOrEmpty = {
           param($ErrorTarget)

.github/actions/reporting/stale-content/v1/Parameters.psd1

@@ -1,7 +1,7 @@
 @{
   Parameters = @(
     @{
-      Name = 'Relative_Folder_Path'
+      Name = 'relative_folder_path'
       Type = 'String[]'
       IfNullOrEmpty = {
         param($ErrorTarget)
@@ -33,7 +33,7 @@
     }
 
     @{
-      Name = 'Exclude_Folder_Segment'
+      Name = 'exclude_folder_segment'
       Type = 'String[]'
       IfNullOrEmpty = {
         param($ErrorTarget)
@@ -56,7 +56,7 @@
     }
 
     @{
-      Name = 'Days_Until_Stale'
+      Name = 'days_until_stale'
       Type = 'Int'
       IfNullOrEmpty = {
         param($ErrorTarget)
@@ -91,7 +91,7 @@
     }
 
     @{
-      Name = 'Stale_Since_Date'
+      Name = 'stale_since_date'
       Type = 'DateTime'
       IfNullOrEmpty = {
         param($ErrorTarget)
@@ -125,7 +125,7 @@
     }
 
     @{
-      Name = 'Upload_Artifact'
+      Name = 'upload_artifact'
       Type = 'Bool'
       IfNullOrEmpty = {
         param($ErrorTarget)
@@ -166,7 +166,7 @@
     }
 
     @{
-      Name = 'Export_As_Csv'
+      Name = 'export_as_csv'
       Type = 'Bool'
       IfNullOrEmpty = {
         param($ErrorTarget)
@@ -206,7 +206,7 @@
     }
 
     @{
-      Name = 'Export_Path'
+      Name = 'export_path'
       Type = 'string'
       IfNullOrEmpty = {
         param($ErrorTarget)

.github/actions/reporting/versioned-content/v1/Parameters.psd1

@@ -1,7 +1,7 @@
 @{
   Parameters = @(
     @{
-      Name = 'Repository'
+      Name = 'repository'
       Type = 'String'
       IfNullOrEmpty = {
         param($ErrorTarget)
@@ -31,7 +31,7 @@
     }
 
     @{
-      Name = 'Number'
+      Name = 'number'
       Type = 'Int'
       IfNullOrEmpty = {
         param($ErrorTarget)
@@ -61,7 +61,7 @@
     }
 
     @{
-      Name = 'Include_Path_Pattern'
+      Name = 'include_path_pattern'
       Type = 'String[]'
       IfNullOrEmpty = {
         # It's okay if this parameter is not specified.
@@ -84,7 +84,7 @@
       }
     }
     @{
-      Name = 'Exclude_Path_Pattern'
+      Name = 'exclude_path_pattern'
       Type = 'String[]'
       IfNullOrEmpty = {
         # It's okay if this parameter is not specified.

.github/actions/verification/authorization/v1/Parameters.psd1

@@ -1,7 +1,7 @@
 @{
   Parameters = @(
     @{
-      Name = 'Repository'
+      Name = 'repository'
       Type = 'string'
       IfNullOrEmpty = {
         param($ErrorTarget)
@@ -29,9 +29,26 @@
         return $Parameters
       }
     }
+    @{
+      Name = 'authorized_accounts'
+      Type = 'String[]'
+      Process = {
+        param($Parameters, $Value, $ErrorTarget)
+
+        [string[]]$SpecifiedAccounts = $Value -split ',' | Where-Object {
+           -not [string]::IsNullOrEmpty($_)
+        }
+
+        if ($SpecifiedAccounts.Count -gt 0) {
+          $Parameters.AuthorizedAccounts = $SpecifiedAccounts
+          Write-HostParameter -Name AuthorizedAccounts -Value $Parameters.AuthorizedAccounts
+        }
+        return $Parameters
+      }
+    }
 
     @{
-      Name = 'Permissions'
+      Name = 'permissions'
       Type = 'String[]'
       IfNullOrEmpty = {
           param($ErrorTarget)
@@ -99,7 +116,7 @@
     }
 
     @{
-      Name = 'Target'
+      Name = 'target'
       Type = 'String[]'
       IfNullOrEmpty = {
         param($ErrorTarget)
@@ -172,7 +189,7 @@
     }
 
     @{
-      Name = 'User'
+      Name = 'user'
       Type = 'String'
       IfNullOrEmpty = {
         param($ErrorTarget)
@@ -203,4 +220,4 @@
       }
     }
   )
-}
+}

.github/actions/verification/authorization/v1/action.yml

@@ -4,6 +4,16 @@ description: |
   branch of a repository or to submit a PR editing repo configuration.
 author: PowerShell Docs Team
 inputs:
+  authorized_accounts:
+    description: |
+      Defines one or more authorized accounts to skip permission-checking for. This is best used
+      for bot accounts, which may not have specific permissions to a repository but are used by
+      the organization's automation. Must be a comma-separated string of account names.
+
+      If a user is in the authorized accounts list, the action skips checking permissions and
+      passes for that user.
+    required: false
+    default: ''
   permissions:
     description: |
       The permissions a user requires to perform a given task. Must be a comma-separated string of
@@ -84,6 +94,7 @@ runs:
         INPUT_PERMISSIONS: ${{ inputs.permissions }}
         INPUT_TARGET: ${{ inputs.target }}
         INPUT_USER: ${{ inputs.user }}
+        INPUT_AUTHORIZED_ACCOUNTS: ${{ inputs.authorized_accounts }}
         GITHUB_TOKEN: ${{ inputs.token }}
       run: |
         Write-Output "::group::Generic Setup"

.github/actions/verification/authorization/v1/readme.md

@@ -54,14 +54,18 @@ jobs:
         uses: MicrosoftDocs/PowerShell-Docs/.github/actions/verification/authorization/v1@main
         with:
           token: ${{ github.token }}
+          authorized_accounts: 'learn-build-service-prod[bot]'
 ```
 
 This workflow uses the `pull_request_target` trigger to check whether a Pull Request author is
 permitted to submit their Pull Request to the `live` branch. It only runs on Pull Requests which
 target the `live` branch, so other Pull Requests don't get a skipped message for this check.
 
 It passes the GitHub token to the action but does not specify a target, relying on the default for
-that input, which is the `live` branch.
+that input, which is the `live` branch. It does specify that the `learn-build-service-prod[bot]`
+managed account is authorized with the `authorized_accounts` parameter. If the account creating a
+PR to the `live` branch is the managed account or has either the `Maintain` or `Admin` permission,
+the workflow will pass.
 
 ### Verifying authorization to change sensitive files
 
@@ -104,6 +108,21 @@ authorization to change files in those paths.
 
 ## Inputs
 
+### `authorized_accounts`
+
+Defines one or more authorized accounts to skip permission-checking for. This is best used for bot
+accounts, which may not have specific permissions to a repository but are used by the
+organization's automation. Must be a comma-separated string of account names.
+
+If a user is in the authorized accounts list, the action skips checking permissions and passes for
+that user.
+
+```yaml
+required : false
+type     : string
+default  : ''
+```
+
 ### `permissions`
 
 The permissions a user requires to perform a given task. Must be a comma-separated string of valid

.github/actions/verification/checklist/v1/Parameters.psd1

@@ -1,7 +1,7 @@
 @{
   Parameters = @(
     @{
-      Name = 'Body'
+      Name = 'body'
       Type = 'string'
       IfNullOrEmpty = {
         param($ErrorTarget)
@@ -30,7 +30,7 @@
     }
 
     @{
-      Name          = 'Reference_Url'
+      Name          = 'reference_url'
       Type          = 'string'
       IfNullOrEmpty = {
         param($ErrorTarget)

.github/workflows/checklist.yml

@@ -24,7 +24,7 @@ jobs:
     steps:
       - name: Checkout Repository
         id: checkout_repo
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
       - name: Verify Checklist
         id: verify_checklist
         uses: ./.github/actions/verification/checklist/v1

.github/workflows/expectations.yml

@@ -20,7 +20,7 @@ jobs:
     steps:
       - name: Checkout Repository
         id: checkout_repo
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
       - name: Comment on Community PRs
         uses: ./.github/actions/commenting/expectations/v1
         with: