Merge branch 'main' into rm-deprecated-substr

Author: rsese

.devcontainer/devcontainer.json

@@ -22,7 +22,7 @@
 		"davidanson.vscode-markdownlint",
 		"bierner.markdown-preview-github-styles",
 		"streetsidesoftware.code-spell-checker",
-		"docs.open-reusables"
+		"alistairchristie.open-reusables"
 	],
 
 	// Use 'forwardPorts' to make a list of ports inside the container available locally.

content/actions/security-guides/encrypted-secrets.md

@@ -227,6 +227,10 @@ steps:
 ```
 {% endraw %}
 
+Secrets cannot be directly referenced in `if:` conditionals. Instead, consider setting secrets as job-level environment variables, then referencing the environment variables to conditionally run steps in the job. For more information, see "[Context availability](/actions/learn-github-actions/contexts#context-availability)" and [`jobs.<job_id>.steps[*].if`](/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsif).
+
+If a secret has not been set, the return value of an expression referencing the secret (such as {% raw %}`${{ secrets.SuperSecret }}`{% endraw %} in the example) will be an empty string.
+
 Avoid passing secrets between processes from the command line, whenever possible. Command-line processes may be visible to other users (using the `ps` command) or captured by [security audit events](https://docs.microsoft.com/windows-server/identity/ad-ds/manage/component-updates/command-line-process-auditing). To help protect secrets, consider using environment variables, `STDIN`, or other mechanisms supported by the target process.
 
 If you must pass secrets within a command line, then enclose them within the proper quoting rules. Secrets often contain special characters that may unintentionally affect your shell. To escape these special characters, use quoting with your environment variables. For example:

content/actions/using-workflows/workflow-syntax-for-github-actions.md

@@ -342,6 +342,31 @@ steps:
     uses: actions/[email protected]
 ```
 
+#### Example: Using secrets
+
+Secrets cannot be directly referenced in `if:` conditionals. Instead, consider setting secrets as job-level environment variables, then referencing the environment variables to conditionally run steps in the job.
+
+If a secret has not been set, the return value of an expression referencing the secret (such as {% raw %}`${{ secrets.SuperSecret }}`{% endraw %} in the example) will be an empty string.
+
+{% raw %}
+```yaml
+name: Run a step if a secret has been set
+on: push
+jobs:
+  my-jobname:
+    runs-on: ubuntu-latest
+    env:
+      super_secret: ${{ secrets.SuperSecret }}
+    steps:
+      - if: ${{ env.super_secret != '' }}
+        run: echo 'This step will only run if the secret has a value set.'
+      - if: ${{ env.super_secret == '' }}
+        run: echo 'This step will only run if the secret does not have a value set.'
+```
+{% endraw %}
+
+For more information, see "[Context availability](/actions/learn-github-actions/contexts#context-availability)" and "[Encrypted secrets](/actions/security-guides/encrypted-secrets)."
+
 ### `jobs.<job_id>.steps[*].name`
 
 A name for your step to display on {% data variables.product.prodname_dotcom %}.

content/code-security/dependabot/dependabot-alerts/about-dependabot-alerts.md

@@ -7,7 +7,6 @@ redirect_from:
   - /github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies
   - /code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies
   - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-alerts-for-vulnerable-dependencies
-  - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies
 versions:
   fpt: '*'
   ghes: '*'

content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-supply-chain-security.md

@@ -11,6 +11,7 @@ topics:
   - Repositories
 shortTitle: Understand your supply chain
 children:
+  - /about-supply-chain-security
   - /about-the-dependency-graph
   - /about-dependency-review
   - /exploring-the-dependencies-of-a-repository

content/code-security/supply-chain-security/understanding-your-software-supply-chain/index.md

@@ -163,5 +163,5 @@ You can manage access to {% data variables.product.prodname_GH_advanced_security
 
 - "[Securing your repository](/code-security/getting-started/securing-your-repository)"{% ifversion not fpt %}
 - "[About secret scanning](/github/administering-a-repository/about-secret-scanning)"{% endif %}{% ifversion not ghae %}
-- "[About the dependency graph](/github/visualizing-repository-data-with-graphs/about-the-dependency-graph)"{% endif %}{% ifversion fpt or ghec or ghes > 3.2 %}
-- "[Keeping your dependencies updated automatically](/github/administering-a-repository/keeping-your-dependencies-updated-automatically)"{% endif %}
+- "[About the dependency graph](/github/visualizing-repository-data-with-graphs/about-the-dependency-graph)"{% endif %}{% ifversion fpt or ghec or ghes or ghae-issue-4864 %}
+- "[About supply chain security](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-supply-chain-security)"{% endif %}

content/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization.md

@@ -50,6 +50,12 @@ Before you can use Jekyll to test a site, you must:
   ```
 3. To preview your site, in your web browser, navigate to `http://localhost:4000`.
 
+{% note %}
+
+**Note:** If you are using Ruby 3.0 and Jekyll 4.2.x or older, you will need to add the `webrick` gem to your project's Gemfile prior to running `bundle install`.
+
+{% endnote %}
+
 ## Updating the {% data variables.product.prodname_pages %} gem
 
 Jekyll is an active open source project that is updated frequently. If the `github-pages` gem on your computer is out of date with the `github-pages` gem on the {% data variables.product.prodname_pages %} server, your site may look different when built locally than when published on {% data variables.product.product_name %}. To avoid this, regularly update the `github-pages` gem on your computer.

content/pages/setting-up-a-github-pages-site-with-jekyll/testing-your-github-pages-site-locally-with-jekyll.md

@@ -58,6 +58,7 @@ MessageBird | MessageBird API Key
 Meta | Facebook Access Token
 npm | npm Access Token
 NuGet | NuGet API Key
+Octopus Deploy | Octopus Deploy API Key
 OpenAI | OpenAI API Key
 Palantir | Palantir JSON Web Token
 PlanetScale | PlanetScale Database Password