Merge branch 'main' into update-dh-desktop-supported-editors

Author: mchammer01

.devcontainer/test-custom-devcontainer/devcontainer.json

@@ -1,43 +1,20 @@
-// For format details, see https://aka.ms/devcontainer.json. For config options, see the README at:
-// https://github.com/microsoft/vscode-dev-containers/tree/v0.177.0/containers/javascript-node
-// -
 {
-	"name": "docs.github.com",
-	"build": {
-		"dockerfile": "Dockerfile",
-		// Update 'VARIANT' to pick a Node version: 12, 14, 16
-		"args": { "VARIANT": "16" }
-	},
+	"name": "test",
 
-	// Set *default* container specific settings.json values on container create.
 	"settings": {
-		"terminal.integrated.shell.linux": "/bin/bash",
-		"cSpell.language": ",en"
+		"terminal.integrated.shell.linux": "/bin/zsh",
 	},
 
-	// Install features. Type 'feature' in the VS Code command palette for a full list.
-	"features": {
-		"git-lfs": "latest"
-	 },
-
 	// Visual Studio Code extensions which help authoring for docs.github.com.
 	"extensions": [
 		"dbaeumer.vscode-eslint",
-		"sissel.shopify-liquid",
-		"davidanson.vscode-markdownlint",
-		"bierner.markdown-preview-github-styles",
-		"streetsidesoftware.code-spell-checker",
-		"alistairchristie.open-reusables"
+		"sissel.shopify-liquid"
 	],
 
 	// Use 'forwardPorts' to make a list of ports inside the container available locally.
-	"forwardPorts": [4000],
+	"forwardPorts": [5000],
 
 	// Use 'postCreateCommand' to run commands after the container is created.
-	//"postCreateCommand": "git lfs pull && npm ci",
-	"postCreateCommand": "echo This file was created by the postCreateCommand in the custom devcontainer.json > aaa-TEST.txt",
-
-	// Comment out connect as root instead. More info: https://aka.ms/vscode-remote/containers/non-root.
-	"remoteUser": "node"
+	"postCreateCommand": "echo test > aaa-TEST.txt"
 
 }

.github/workflows/optimize-images.yml

@@ -16,7 +16,8 @@ permissions:
 
 jobs:
   optimize-images-on-pr:
-    if: github.repository == 'github/docs-internal' || github.repository == 'github/docs'
+    # We can't make commits on forks
+    if: github.repository == 'github/docs-internal'
     runs-on: ubuntu-latest
     steps:
       - name: Check out repo on head ref

assets/images/help/graphs/dependency-review-action.png

@@ -127,7 +127,13 @@ export const RestReferencePage = ({
         as="li"
         key={item.contents}
         className={item.platform}
-        sx={{ listStyle: 'none', padding: '2px' }}
+        sx={{
+          listStyle: 'none',
+          padding: '2px',
+          ':hover': {
+            bg: 'var(--color-canvas-inset)',
+          },
+        }}
       >
         <div className={cx('lh-condensed d-block width-full')}>
           <div className="d-inline-flex" dangerouslySetInnerHTML={{ __html: item.contents }} />

assets/images/help/organizations/org-audit-log-export-git-events.png

@@ -16,7 +16,18 @@ const renderTocItem = (item: MiniTocItem) => {
       as="li"
       key={item.contents}
       className={item.platform}
-      sx={{ listStyle: 'none', padding: '2px' }}
+      sx={{
+        listStyle: 'none',
+        padding: '2px',
+        ':hover': {
+          bg: 'var(--color-canvas-inset)',
+        },
+        'ul > li': {
+          ':hover': {
+            bg: 'var(--color-neutral-subtle)',
+          },
+        },
+      }}
     >
       <div className={cx('lh-condensed d-block width-full')}>
         <div dangerouslySetInnerHTML={{ __html: item.contents }} />

assets/images/help/organizations/org-audit-log-export.png

@@ -58,10 +58,10 @@ The {% data variables.product.prodname_actions %} service will then automaticall
 
 By default, self-hosted runners will automatically perform a software update whenever a new version of the runner software is available.  If you use ephemeral runners in containers then this can lead to repeated software updates when a new runner version is released.  Turning off automatic updates allows you to update the runner version on the container image directly on your own schedule.
 
-If you want to turn off automatic software updates and install software updates yourself, you can specify the `--disableupdate` parameter when starting the runner.  For example:
+To turn off automatic software updates and install software updates yourself, specify the `--disableupdate` flag when registering your runner using `config.sh`. For example:
 
 ```shell
-./run.sh --disableupdate
+./config.sh --url <em>https://github.com/octo-org</em> --token <em>example-token</em> --disableupdate
 ```
 
 If you disable automatic updates, you must still update your runner version regularly.  New functionality in {% data variables.product.prodname_actions %} requires changes in both the {% data variables.product.prodname_actions %} service _and_ the runner software.  The runner may not be able to correctly process jobs that take advantage of new features in {% data variables.product.prodname_actions %} without a software update.

assets/images/help/repository/social-preview-transparency.png

@@ -48,6 +48,12 @@ To help prevent accidental disclosure, {% data variables.product.product_name %}
 - **Consider requiring review for access to secrets**
     - You can use required reviewers to protect environment secrets. A workflow job cannot access environment secrets until approval is granted by a reviewer. For more information about storing secrets in environments or requiring reviews for environments, see "[Encrypted secrets](/actions/reference/encrypted-secrets)" and "[Using environments for deployment](/actions/deployment/using-environments-for-deployment)."
 
+{% warning %}
+
+**Warning**: Any user with write access to your repository has read access to all secrets configured in your repository. Therefore, you should ensure that the credentials being used within workflows have the least privileges required.
+
+{% endwarning %}
+
 ## Using `CODEOWNERS` to monitor changes
 
 You can use the `CODEOWNERS` feature to control how changes are made to your workflow files. For example, if all your workflow files are stored in `.github/workflows`, you can add this directory to the code owners list, so that any proposed changes to these files will first require approval from a designated reviewer.
@@ -300,7 +306,7 @@ For example, you can use the audit log to track the `org.update_actions_secret`
   ![Audit log entries](/assets/images/help/repository/audit-log-entries.png)
 
 The following tables describe the {% data variables.product.prodname_actions %} events that you can find in the audit log. For more information on using the audit log, see
-"[Reviewing the audit log for your organization](/organizations/keeping-your-organization-secure/reviewing-the-audit-log-for-your-organization#searching-the-audit-log)."
+"[Reviewing the audit log for your organization](/organizations/keeping-your-organization-secure/reviewing-the-audit-log-for-your-organization#searching-the-audit-log)" and "[Reviewing audit logs for your enterprise](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise)."
 
 {% ifversion fpt or ghec %}
 ### Events for environments
@@ -318,6 +324,7 @@ The following tables describe the {% data variables.product.prodname_actions %}
 | Action | Description
 |------------------|-------------------
 | `repo.actions_enabled` | Triggered when {% data variables.product.prodname_actions %} is enabled for a repository. Can be viewed using the UI. This event is not visible when you access the audit log using the REST API. For more information, see "[Using the REST API](#using-the-rest-api)."
+| `repo.update_actions_access_settings` | Triggered when the setting to control how your repository is used by {% data variables.product.prodname_actions %} workflows in other repositories is changed.
 {% endif %}
 
 ### Events for secret management