Merge branch 'main' into 5765-private-profile

Author: Martin Lopes

.devcontainer/test-custom-devcontainer/devcontainer.json

@@ -11,6 +11,12 @@
 		"sissel.shopify-liquid"
 	],
 
+	"hostRequirements": {
+	   "cpus": 8,
+	   "memory": "8gb",
+	   "storage": "32gb" 
+	},
+		
 	// Use 'forwardPorts' to make a list of ports inside the container available locally.
 	"forwardPorts": [5000],
 

.github/actions-scripts/enterprise-server-issue-templates/release-issue.md

@@ -59,6 +59,7 @@ jobs:
       IS_INTERNAL_BUILD: ${{ github.repository == 'github/docs-internal' }}
       # This may also run in forked repositories, not just 'github/docs'
       IS_PUBLIC_BUILD: ${{ github.repository != 'github/docs-internal' }}
+      NONPROD_REGISTRY_USERNAME: ${{ fromJSON('["ghdocs", "ghdocsinternal"]')[github.repository == 'github/docs-internal'] }}
 
     steps:
       - name: 'Az CLI login'
@@ -70,7 +71,7 @@ jobs:
         uses: azure/docker-login@81744f9799e7eaa418697cb168452a2882ae844a
         with:
           login-server: ${{ secrets.NONPROD_REGISTRY_SERVER }}
-          username: ${{ secrets.NONPROD_REGISTRY_USERNAME }}
+          username: ${{ env.NONPROD_REGISTRY_USERNAME }}
           password: ${{ secrets.NONPROD_REGISTRY_PASSWORD }}
 
       - name: Set up Docker Buildx
@@ -205,7 +206,7 @@ jobs:
           parameters: appName="${{ env.APP_NAME }}"
             containerImage="${{ env.DOCKER_IMAGE }}"
             dockerRegistryUrl="${{ secrets.NONPROD_REGISTRY_SERVER }}"
-            dockerRegistryUsername="${{ secrets.NONPROD_REGISTRY_USERNAME }}"
+            dockerRegistryUsername="${{ env.NONPROD_REGISTRY_USERNAME }}"
             dockerRegistryPassword="${{ secrets.NONPROD_REGISTRY_PASSWORD }}"
           # this shows warnings in the github actions console, because the flag is passed through a validation run,
           # but it *is* functional during the actual execution

.github/workflows/azure-preview-env-deploy.yml

@@ -51,6 +51,8 @@ jobs:
         run: npm ci
 
       - name: Run broken github/github link check
+        env:
+          WAF_TOKEN: ${{ secrets.WAF_TOKEN }}
         run: |
           script/check-github-github-links.js > broken_github_github_links.md
 

.github/workflows/check-broken-links-github-github.yml

@@ -31,8 +31,8 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579
-      - uses: github/codeql-action/init@1a927e9307bc11970b2c679922ebc4d03a5bd980
+      - uses: github/codeql-action/init@1ed1437484560351c5be56cf73a48a279d116b78
         with:
           languages: javascript # comma separated list of values from {go, python, javascript, java, cpp, csharp} (not YET ruby, sorry!)
-      - uses: github/codeql-action/analyze@1a927e9307bc11970b2c679922ebc4d03a5bd980
+      - uses: github/codeql-action/analyze@1ed1437484560351c5be56cf73a48a279d116b78
         continue-on-error: true

.github/workflows/codeql.yml

@@ -55,7 +55,7 @@ jobs:
 
       - name: Create pull request
         id: create-pull-request
-        uses: peter-evans/create-pull-request@f22a7da129c901513876a2380e2dae9f8e145330
+        uses: peter-evans/create-pull-request@bd72e1b7922d417764d27d30768117ad7da78a0e
         env:
           # Disable pre-commit hooks; they don't play nicely here
           HUSKY: '0'

.github/workflows/enterprise-dates.yml

@@ -26,6 +26,7 @@ jobs:
     env:
       ENABLE_EARLY_ACCESS: ${{ github.repository == 'github/docs-internal' }}
       DOCKER_IMAGE_CACHE_REF: ${{ secrets.NONPROD_REGISTRY_SERVER }}/${{ github.repository }}:main-preview
+      NONPROD_REGISTRY_USERNAME: ${{ fromJSON('["ghdocs", "ghdocsinternal"]')[github.repository == 'github/docs-internal'] }}
 
     steps:
       - name: 'Az CLI login'
@@ -37,7 +38,7 @@ jobs:
         uses: azure/docker-login@81744f9799e7eaa418697cb168452a2882ae844a
         with:
           login-server: ${{ secrets.NONPROD_REGISTRY_SERVER }}
-          username: ${{ secrets.NONPROD_REGISTRY_USERNAME }}
+          username: ${{ env.NONPROD_REGISTRY_USERNAME }}
           password: ${{ secrets.NONPROD_REGISTRY_PASSWORD }}
 
       - name: Set up Docker Buildx

.github/workflows/main-preview-docker-cache.yml

@@ -14,7 +14,7 @@ permissions:
 
 jobs:
   stale_needs-sme:
-    if: ${{ github.repository == 'github/docs'' }}
+    if: ${{ github.repository == 'github/docs' }}
     runs-on: ubuntu-latest
 
     steps:

.github/workflows/needs-sme-stale-check.yaml

@@ -15,7 +15,7 @@ permissions:
   pull-requests: write
 
 jobs:
-  add-comment:
+  add-issue-comment:
     if: ${{ github.repository == 'github/docs' && (github.event.label.name == 'needs SME' && github.event_name == 'issues' || github.event_name == 'pull_request_target') }}
     runs-on: ubuntu-latest
     steps:
@@ -24,8 +24,13 @@ jobs:
           issue-number: ${{ github.event.issue.number }}
           body: |
             Thanks for opening an issue! We've triaged this issue for technical review by a subject matter expert :eyes:
+
+  add-pr-comment:
+    if: ${{ github.repository == 'github/docs' && github.event.label.name == 'needs SME' }}
+    runs-on: ubuntu-latest
+    steps:
       - uses: peter-evans/create-or-update-comment@a35cf36e5301d70b76f316e867e7788a55a31dae
         with:
-          issue-number: ${{ github.event.pull_request_target.number }}
+          issue-number: ${{ github.event.pull_request.number }}
           body: |
             Thanks for opening a pull request! We've triaged this issue for technical review by a subject matter expert :eyes:

.github/workflows/needs-sme-workflow.yml

@@ -44,7 +44,7 @@ jobs:
       - name: Remove script results file
         run: rm ./results.md
       - name: Create pull request
-        uses: peter-evans/create-pull-request@f22a7da129c901513876a2380e2dae9f8e145330
+        uses: peter-evans/create-pull-request@bd72e1b7922d417764d27d30768117ad7da78a0e
         env:
           # Disable pre-commit hooks; they don't play nicely here
           HUSKY: '0'