Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into files-dev-docs

Author: pauljewellmsft

.github/policies/disallow-edits.yml

@@ -10,7 +10,7 @@ configuration:
           - payloadType: Pull_Request
           - isAction:
               action: Opened
-          - or:              
+          - or:
               - filesMatchPattern:
                   matchAny: true
                   pattern: articles/aks/*
@@ -121,4 +121,74 @@ configuration:
               reply: >-
                 @${issueAuthor} - You tried to add content to a folder path that has been removed from this repository. Your pull request will be automatically closed. Submit your changes to the updated repository, which can be identified by clicking the Edit this Document link at the top of any published article for that product or service.
           - closePullRequest
+
+      - description: Alert authors to edits in the /articles/reliability folder.
+        if:
+          # If a PR in the articles/reliability folder is opened, and the PR author isn't Anastasia or John...
+          - payloadType: Pull_Request
+          - filesMatchPattern:
+              matchAny: true
+              pattern: articles/reliability/*
+          - isAction:
+              action: Opened
+          - not:
+              or:
+                - isActivitySender:
+                    user: anaharris-ms
+                - isActivitySender:
+                    user: johndowns
+        then:
+          # Mention Anastasia and John, add a reply asking the PR author not to sign off on the PR, and add the needs-human-review label.
+          - mentionUsers:
+              mentionees:
+                - anaharris-ms
+                - johndowns
+              replyTemplate: >-
+                Tagging authors for this folder: ${mentionees}
+          - addReply:
+              reply: >-
+                @${issueAuthor} - Please do NOT sign off on this pull request. The Reliability Hub owners will sign off for you.
+          - addLabel:
+              label: needs-human-review
+
+      - description: Disallow sign-off for articles in the /articles/reliability folder.
+        if:
+          # If a 'sign-off' comment is added to a PR in the articles/reliability folder , and the PR author isn't Anastasia or John...
+          - payloadType: Issue_Comment
+          - isPullRequest
+          - filesMatchPattern:
+              matchAny: true
+              pattern: articles/reliability/*
+          - commentContains:
+              pattern: \#sign-off
+              isRegex: false
+          - not:
+              or:
+                - isActivitySender:
+                    user: anaharris-ms
+                - isActivitySender:
+                    user: johndowns
+        then:
+          # Add the do-not-merge label, remove the ready-to-merge label, and add a reply asking the PR author not to sign off on the PR.
+          - addReply:
+              reply: >-
+                @${issueAuthor} - Please do NOT sign off on this pull request. The Reliability Hub owners will sign off for you.
+          - addLabel:
+              label: do-not-merge
+          - removeLabel:
+              label: ready-to-merge
+      
+      - description: Write a message if the breadcrumb file is modified in the azure-docs-pr repository.
+        if:
+        - payloadType: Pull_Request
+        - isAction:
+            action: Opened
+        - filesMatchPattern:
+              matchAny: true
+              pattern: bread/*
+              
+        then:
+          - addReply:
+              reply: >-
+                @${issueAuthor} - This PR modifies the breadcrumb file for the entire repository: bread/toc.yml. This file supports the on-site navigation for 100s of services. Please make sure your changes to the breadcrumb file are intentional. Do not delete this file. 
           

.github/workflows/stale.yml

@@ -0,0 +1,40 @@
+name: Mark stale pull requests
+
+permissions:
+  issues: write
+  pull-requests: write
+      
+on:
+  schedule:
+  - cron: "0 */6 * * *"
+
+jobs:
+  stale:
+
+    runs-on: ubuntu-latest
+   
+    steps:
+    - uses: actions/stale@v3
+      with:
+        repo-token: ${{ secrets.GITHUB_TOKEN }}
+        days-before-pr-stale: 14
+        days-before-pr-close: 90
+        stale-pr-label: inactive
+        close-pr-label: auto-close
+        exempt-pr-labels: keep-open
+        operations-per-run: 1300
+        ascending: false
+        # start-date: '2021-03-19'
+        stale-pr-message: >
+          This pull request has been inactive for at least 14 days.
+
+          If you are finished with your changes, don't forget to sign off. See the [platform guide](https://review.learn.microsoft.com/help/platform/prmerger-hashtag-commands?branch=main) for instructions.
+             
+          [Get Help](https://review.learn.microsoft.com/help/platform/help-options?branch=main)  
+          
+          [Learn Support Teams Channel](https://teams.microsoft.com/l/channel/19%3a7ecffca1166a4a3986fed528cf0870ee%40thread.skype/General?groupId=de9ddba4-2574-4830-87ed-41668c07a1ca&tenantId=72f988bf-86f1-41af-91ab-2d7cd011db47)  
+          
+          [Resolve Merge Conflicts](https://review.learn.microsoft.com/help/contribute/resolve-merge-conflicts?branch=main)  
+        close-pr-message: >
+          This pull request has been inactive for 90 days, and an `auto-close` label has been added. At this time, the system is closing the PR automatically. If you decide to continue working on your changes, scroll to the bottom of the pull request comments and select the **Reopen pull request** button.
+          <br/>

articles/api-management/api-management-howto-protect-backend-with-aad.md

@@ -79,7 +79,7 @@ For details about app registration, see [Quickstart: Configure an application to
 
 ## Authorization workflow
 
-1. A user or application acquires a token from Microsoft Entra ID with permissions that grant access to the backend-app. 
+1. A user or application acquires a token from Microsoft Entra ID with permissions that grant access to the backend-app. If you use the v2 endpoint, ensure that the accessTokenAcceptedVersion property is set to 2 in the application manifest of the back end app and any client app that you configure.
 
 1. The token is added in the Authorization header of API requests to API Management. 
 

articles/api-management/api-management-howto-setup-delegation.md

@@ -178,7 +178,7 @@ using (var encoder = new HMACSHA512(Convert.FromBase64String(key)))
 }
 ```
 
-### NodeJS code to generate hash of returnUrl
+### Node.js code to generate hash of returnUrl
 
 ```
 var crypto = require('crypto');

articles/app-service/configure-authentication-file-based.md

@@ -81,7 +81,7 @@ The following exhausts possible configuration options within the file:
             "url_scheme_of_your_app://easyauth.callback"
         ],
         "cookieExpiration": {
-            "convention": "FixedTime|IdentityDerived",
+            "convention": "FixedTime|IdentityProviderDerived",
             "timeToExpiration": "<timespan>"
         },
         "nonce": {

articles/app-service/configure-language-python.md

@@ -19,6 +19,9 @@ This article describes how [Azure App Service](overview.md) runs Python apps, ho
 
 The App Service deployment engine automatically activates a virtual environment and runs `pip install -r requirements.txt` for you when you deploy a [Git repository](deploy-local-git.md), or when you deploy a [zip package](deploy-zip.md) [with build automation enabled](deploy-zip.md#enable-build-automation-for-zip-deploy).
 
+> [!NOTE]
+> Currently App Service requires `requirements.txt` in your project's root directory, even if you're using modern Python packaging tools such as `pyproject.toml`.
+
 This guide provides key concepts and instructions for Python developers who use a built-in Linux container in App Service. If you've never used Azure App Service, first follow the [Python quickstart](quickstart-python.md) and [Flask](tutorial-python-postgresql-app-flask.md), [Django](tutorial-python-postgresql-app-django.md), or [FastAPI](tutorial-python-postgresql-app-fastapi.md) with PostgreSQL tutorial.
 
 You can use either the [Azure portal](https://portal.azure.com) or the Azure CLI for configuration:

articles/app-service/includes/configure-language-java/java-variants.md

@@ -10,10 +10,3 @@ Azure App Service runs Java web applications on a fully managed service in three
 * Java SE - Can run an app deployed as a JAR package that contains an embedded server (such as Spring Boot, Dropwizard, Quarkus, or one with an embedded Tomcat or Jetty server).   
 * Tomcat - The built-in Tomcat server can run an app deployed as a WAR package.
 * JBoss EAP - Supported for Linux apps in the Free, Premium v3, and Isolated v2 pricing tiers only. The built-in JBoss EAP server can run an app deployed as a WAR or EAR package.
-
-::: zone pivot="java-javase"
-
-> [!NOTE]
-> For Spring applications, we recommend using Azure Spring Apps. However, you can still use Azure App Service as a destination. See [Java Workload Destination Guidance](https://aka.ms/javadestinations) for advice.
-
-::: zone-end

articles/app-service/includes/deploy-github-actions/deploy-github-actions-openid-connect.md

@@ -122,7 +122,7 @@ jobs:
 
 # [Java SE](#tab/java)
 
-Build and deploy a Java Spring app to Azure using an Azure service principal. The example uses GitHub secrets for the `client-id`, `tenant-id`, and `subscription-id` values. You can also pass these values directly in the sign-in action.
+Build and deploy a Java Spring Boot app to Azure using an Azure service principal. The example uses GitHub secrets for the `client-id`, `tenant-id`, and `subscription-id` values. You can also pass these values directly in the sign-in action.
 
 ```yaml
 name: Java CI with Maven

articles/app-service/includes/deploy-github-actions/deploy-github-actions-publish-profile.md

@@ -93,7 +93,7 @@ jobs:
 
 # [Java SE](#tab/java)
 
-Build and deploy a Java Spring app to Azure using an Azure publish profile. The `publish-profile` input references the `AZURE_WEBAPP_PUBLISH_PROFILE` secret that you created earlier.
+Build and deploy a Java Spring Boot app to Azure using an Azure publish profile. The `publish-profile` input references the `AZURE_WEBAPP_PUBLISH_PROFILE` secret that you created earlier.
 
 ```yaml
 name: Java CI with Maven

articles/app-service/includes/deploy-github-actions/deploy-github-actions-service-principal.md

@@ -110,7 +110,7 @@ jobs:
 
 # [Java SE](#tab/java)
 
-Build and deploy a Java Spring app to Azure using an Azure service principal. The `creds` input references the `AZURE_CREDENTIALS` secret that you created earlier.
+Build and deploy a Java Spring Boot app to Azure using an Azure service principal. The `creds` input references the `AZURE_CREDENTIALS` secret that you created earlier.
 
 ```yaml
 name: Java CI with Maven