Merge pull request #13746 from github/repo-sync

Octomerger · web-flow · commit 4b9b605c3984 · 2022-01-05T12:28:00.000-06:00
repo sync
diff --git a/.github/workflows/orphaned-assets-check.yml b/.github/workflows/orphaned-assets-check.yml
@@ -0,0 +1,30 @@
+name: 'Orphaned assets check'
+
+# **What it does**: Checks that there are no files in ./assets/ that aren't mentioned in any source file.
+# **Why we have it**: To avoid orphans into the repo.
+# **Who does it impact**: Docs content.
+
+on:
+  pull_request:
+
+permissions:
+  contents: read
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579
+
+      - name: Setup node
+        uses: actions/setup-node@04c56d2f954f1e4c69436aa54cfef261a018f458
+        with:
+          node-version: 16.13.x
+          cache: npm
+
+      - name: Install
+        run: npm ci
+
+      - name: Check for orphaned assets
+        run: ./script/find-orphaned-assets.mjs --verbose --exit
diff --git a/assets/images/help/organizations/enterprise-owners-list-on-org-page.png b/assets/images/help/organizations/enterprise-owners-list-on-org-page.png
diff --git a/assets/images/help/organizations/enterprise-owners-sidebar.png b/assets/images/help/organizations/enterprise-owners-sidebar.png
diff --git a/assets/images/octicons/search-16.svg b/assets/images/octicons/search-16.svg
@@ -0,0 +1 @@
+<svg height="16" viewBox="0 0 16 16" width="16" xmlns="http://www.w3.org/2000/svg"><path d="m11.5 7a4.499 4.499 0 1 1 -8.998 0 4.499 4.499 0 0 1 8.998 0zm-.82 4.74a6 6 0 1 1 1.06-1.06l3.04 3.04a.75.75 0 1 1 -1.06 1.06z" fill="#6a737d" fill-rule="evenodd"/></svg>
diff --git a/assets/images/octicons/search-24.svg b/assets/images/octicons/search-24.svg
@@ -0,0 +1 @@
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" width="24" height="24"><path fill="#6a737d" fill-rule="evenodd" d="M14.53 15.59a8.25 8.25 0 111.06-1.06l5.69 5.69a.75.75 0 11-1.06 1.06l-5.69-5.69zM2.5 9.25a6.75 6.75 0 1111.74 4.547.746.746 0 00-.443.442A6.75 6.75 0 012.5 9.25z"></path></svg>
diff --git a/content/account-and-profile/setting-up-and-managing-your-github-user-account/managing-your-membership-in-organizations/viewing-peoples-roles-in-an-organization.md b/content/account-and-profile/setting-up-and-managing-your-github-user-account/managing-your-membership-in-organizations/viewing-peoples-roles-in-an-organization.md
@@ -1,6 +1,7 @@
 ---
 title: Viewing people's roles in an organization
 intro: 'You can view a list of the people in your organization and filter by their role. For more information on organization roles, see "[Roles in an organization](/organizations/managing-peoples-access-to-your-organization-with-roles/roles-in-an-organization)."'
+permissions: "Organization members can see people's roles in the organization."
 redirect_from:
   - /articles/viewing-people-s-roles-in-an-organization
   - /articles/viewing-peoples-roles-in-an-organization
@@ -15,14 +16,51 @@ topics:
   - Accounts
 shortTitle: View people in an organization
 ---
+
+## View organization roles
+
+{% data reusables.profile.access_org %}
+{% data reusables.user_settings.access_org %}
+{% data reusables.organizations.people %}
+4. You will see a list of the people in your organization. To filter the list by role, click **Role** and select the role you're searching for.
+  ![click-role](/assets/images/help/organizations/view-list-of-people-in-org-by-role.png)
+
+{% ifversion fpt %}
+
+If your organization uses {% data variables.product.prodname_ghe_cloud %}, you can also view the enterprise owners who manage billing settings and policies for all your enterprise's organizations. For more information, see [the {% data variables.product.prodname_ghe_cloud %} documentation](/enterprise-cloud@latest/account-and-profile/setting-up-and-managing-your-github-user-account/managing-your-membership-in-organizations/viewing-peoples-roles-in-an-organization#view-enterprise-owners-and-their-roles-in-an-organization).
+
+{% endif %}
+
+{% if enterprise-owners-visible-for-org-members %}
+## View enterprise owners and their roles in an organization
+
+If your organization is managed by an enterprise account, then you can view the enterprise owners who manage billing settings and policies for all of your enterprise's organizations. For more information about enterprise accounts, see "[Types of {% data variables.product.prodname_dotcom %} accounts](/get-started/learning-about-github/types-of-github-accounts)."
+
+You can also view whether an enterprise owner has a specific role in the organization. Enterprise owners can also be an organization member, any other organization role, or be unaffililated with the organization.
+
 {% note %}
 
-**Note:** You must be an organization member to see people's roles in your organization.
+**Note:** If you're an organization owner, you can also invite an enterprise owner to have a role in the organization. If an enterprise owner accepts the invitation, a seat or license in the organization is used from the available licenses for your enterprise. For more information about how licensing works, see "[Roles in an enterprise](/admin/user-management/managing-users-in-your-enterprise/roles-in-an-enterprise#enterprise-owner)."
 
 {% endnote %}
 
+| **Enterprise role** | **Organization role** | **Organization access or impact** |
+|----|----|----|----|
+| Enterprise owner | Unaffililated or no official organization role | Cannot access organization content or repositories but manages enterprise settings and policies that impact your organization. |
+| Enterprise owner | Organization owner | Able to configure organization settings and manage access to the organization's resources through teams, etc. | 
+| Enterprise owner | Organization member | Able to access organization resources and content, such as repositories, without access to the organization's settings. |
+
+To review all roles in an organization, see "[Roles in an organization](/organizations/managing-peoples-access-to-your-organization-with-roles/roles-in-an-organization)." {% ifversion ghec %} An organization member can also have a custom role for a specific repository. For more information, see "[Managing custom repository roles for an organization](/organizations/managing-peoples-access-to-your-organization-with-roles/managing-custom-repository-roles-for-an-organization)."{% endif %}
+
+For more information about the enterprise owner role, see "[Roles in an enterprise](/admin/user-management/managing-users-in-your-enterprise/roles-in-an-enterprise#enterprise-owner)." 
+
 {% data reusables.profile.access_org %}
 {% data reusables.user_settings.access_org %}
 {% data reusables.organizations.people %}
-4. You will see a list of the people in your organization. To filter the list by role, click **Role** and select the role you're searching for.
-  ![click-role](/assets/images/help/organizations/view-list-of-people-in-org-by-role.png)
+4. In the left sidebar, under "Enterprise permissions", click **Enterprise owners**.
+  ![Screenshot of "Enterprise owners" option in sidebar menu](/assets/images/help/organizations/enterprise-owners-sidebar.png)
+5. View the list of the enterprise owners for your enterprise. If the enterprise owner is also a member of your organization, you can see their role in the organization.
+
+  ![Screenshot of list of Enterprise owners and their role in the organization](/assets/images/help/organizations/enterprise-owners-list-on-org-page.png)
+
+{% endif %}
diff --git a/content/admin/user-management/managing-users-in-your-enterprise/roles-in-an-enterprise.md b/content/admin/user-management/managing-users-in-your-enterprise/roles-in-an-enterprise.md
@@ -42,7 +42,7 @@ Enterprise owners have complete control over the enterprise and can take every a
 
 Enterprise owners cannot access organization settings or content unless they are made an organization owner or given direct access to an organization-owned repository. Similarly, owners of organizations in your enterprise do not have access to the enterprise itself unless you make them enterprise owners.
 
-An enterprise owner will only consume a license if they are an owner or member of at least one organization within the enterprise. {% ifversion ghec %}Enterprise owners must have a personal account on {% data variables.product.prodname_dotcom %}.{% endif %} As a best practice, we recommend making only a few people in your company enterprise owners, to reduce the risk to your business.
+An enterprise owner will only consume a license if they are an owner or member of at least one organization within the enterprise. Even if an enterprise owner has a role in multiple organizations, they will consume a single license. {% ifversion ghec %}Enterprise owners must have a personal account on {% data variables.product.prodname_dotcom %}.{% endif %} As a best practice, we recommend making only a few people in your company enterprise owners, to reduce the risk to your business.
 
 ## Enterprise members
 
diff --git a/content/pull-requests/collaborating-with-pull-requests/working-with-forks/about-forks.md b/content/pull-requests/collaborating-with-pull-requests/working-with-forks/about-forks.md
@@ -31,7 +31,7 @@ If you're a member of a {% data variables.product.prodname_emu_enterprise %}, th
 
 Deleting a fork will not delete the original upstream repository. You can make any changes you want to your fork—add collaborators, rename files, generate {% data variables.product.prodname_pages %}—with no effect on the original.{% ifversion fpt or ghec %} You cannot restore a deleted forked repository. For more information, see "[Restoring a deleted repository](/articles/restoring-a-deleted-repository)."{% endif %}
 
-In open source projects, forks are often used to iterate on ideas or changes before they are offered back to the upstream repository. When you make changes in your user-owned fork and open a pull request that compares your work to the upstream repository, you can give anyone with push access to the upstream repository permission to push changes to your pull request branch. This speeds up collaboration by allowing repository maintainers the ability to make commits or run tests locally to your pull request branch from a user-owned fork before merging. You cannot give push permissions to a fork owned by an organization.
+In open source projects, forks are often used to iterate on ideas or changes before they are offered back to the upstream repository. When you make changes in your user-owned fork and open a pull request that compares your work to the upstream repository, you can give anyone with push access to the upstream repository permission to push changes to your pull request branch (including deleting the branch). This speeds up collaboration by allowing repository maintainers the ability to make commits or run tests locally to your pull request branch from a user-owned fork before merging. You cannot give push permissions to a fork owned by an organization. 
 
 {% data reusables.repositories.private_forks_inherit_permissions %}
 
diff --git a/contributing/content-style-guide.md b/contributing/content-style-guide.md
@@ -448,16 +448,17 @@ Format checkbox names in bold and omit the word “checkbox.” To describe choo
 - **Use:** Select **Enable for all new repositories**.
 - **Avoid:** Check the “Enable for all new repositories” checkbox.
 
-### Dropdown menus
-
-Format dropdown menus in bold and format clickable items within a menu in bold. Select dropdown menus (regardless of whether the menu name is a word or an octicon), and click their menu items.
-- **Use:** Select the **Backup email addresses** dropdown menu and click **Only allow primary email**.
-
 ### Dynamic text
 
 Use capital letters to indicate text that changes in the user interface or that the user needs to supply in a command or code snippet.
 - **Use:** Click **Add USERNAME to REPONAME**.
 
+### Lists and list items
+
+Format lists and clickable list items in bold. To describe interacting with a list, such as a dropdown menu or UI element that expands, regardless of whether the list name is a word or an octicon, write "select." To describe choosing a list item, write "click."
+- **Use:** Select the **Backup email addresses** dropdown menu and click **Only allow primary email**.
+- **Avoid:** Click the "Backup email addresses" dropdown menu and click **Only allow primary email**.
+
 ### Location
 
 Describe a user interface element’s location with standard terms.
diff --git a/data/features/enterprise-owners-visible-for-org-members.yml b/data/features/enterprise-owners-visible-for-org-members.yml
@@ -0,0 +1,6 @@
+# Reference: Issue #5741 in docs-content
+# Documentation for enterprise owners UI updates
+versions:
+  ghes: '>=3.4'
+  ghae: 'issue-####'
+  ghec: '*'
diff --git a/data/reusables/repositories/private_forks_inherit_permissions.md b/data/reusables/repositories/private_forks_inherit_permissions.md
@@ -1 +1 @@
-Private forks inherit the permissions structure of the upstream or parent repository. For example, if the upstream repository is private and gives read/write access to a team, then the same team will have read/write access to any forks of the private upstream repository. This helps owners of private repositories maintain control over their code.
+Private forks inherit the permissions structure of the upstream or parent repository. This helps owners of private repositories maintain control over their code. For example, if the upstream repository is private and gives read/write access to a team, then the same team will have read/write access to any forks of the private upstream repository. Only team permissions (not individual permissions) are inherited by private forks.
diff --git a/data/reusables/secret-scanning/partner-secret-list-private-repo.md b/data/reusables/secret-scanning/partner-secret-list-private-repo.md
@@ -113,7 +113,9 @@ Google | Google OAuth Client Secret | google_oauth_client_secret{% endif %}
 Google | Google OAuth Refresh Token | google_oauth_refresh_token{% endif %}
 {%- ifversion fpt or ghec or ghes > 3.1 or ghae %}
 Grafana | Grafana API Key | grafana_api_key{% endif %}
-Hashicorp Terraform | Terraform Cloud / Enterprise API Token | terraform_api_token
+HashiCorp | Terraform Cloud / Enterprise API Token | terraform_api_token
+HashiCorp | HashiCorp Vault Batch Token | hashicorp_vault_batch_token
+HashiCorp | HashiCorp Vault Service Token | hashicorp_vault_service_token
 Hubspot | Hubspot API Key | hubspot_api_key
 {%- ifversion fpt or ghec or ghes > 3.1 or ghae %}
 Intercom | Intercom Access Token | intercom_access_token{% endif %}
diff --git a/lib/rest/static/decorated/api.github.com.json b/lib/rest/static/decorated/api.github.com.json
diff --git a/lib/rest/static/dereferenced/api.github.com.deref.json b/lib/rest/static/dereferenced/api.github.com.deref.json
@@ -183609,6 +183609,14 @@
                             "type": "string",
                             "description": "The name of the rule used to detect the alert."
                           },
+                          "tags": {
+                            "nullable": true,
+                            "type": "array",
+                            "description": "A set of tags applicable for the rule.",
+                            "items": {
+                              "type": "string"
+                            }
+                          },
                           "severity": {
                             "nullable": true,
                             "type": "string",
@@ -183759,6 +183767,10 @@
                         "rule": {
                           "id": "js/zipslip",
                           "severity": "error",
+                          "tags": [
+                            "security",
+                            "external/cwe/cwe-022"
+                          ],
                           "description": "Arbitrary file write during zip extraction",
                           "name": "js/zipslip"
                         },
@@ -183821,6 +183833,10 @@
                         "rule": {
                           "id": "js/zipslip",
                           "severity": "error",
+                          "tags": [
+                            "security",
+                            "external/cwe/cwe-022"
+                          ],
                           "description": "Arbitrary file write during zip extraction",
                           "name": "js/zipslip"
                         },
diff --git a/middleware/index.js b/middleware/index.js
@@ -64,8 +64,9 @@ import next from './next.js'
 import renderPage from './render-page.js'
 import assetPreprocessing from './asset-preprocessing.js'
 
-const { NODE_ENV } = process.env
+const { DEPLOYMENT_ENV, NODE_ENV } = process.env
 const isDevelopment = NODE_ENV === 'development'
+const isAzureDeployment = DEPLOYMENT_ENV === 'azure'
 const isTest = NODE_ENV === 'test' || process.env.GITHUB_ACTIONS === 'true'
 
 // Catch unhandled promise rejections and passing them to Express's error handler
@@ -79,8 +80,14 @@ export default function (app) {
   if (!isTest) app.use(timeout)
   app.use(abort)
 
-  // *** Development tools ***
-  app.use(morgan('dev', { skip: (req, res) => !isDevelopment }))
+  // *** Request logging ***
+  // Enabled in development and azure deployed environments
+  // Not enabled in Heroku because the Heroku router + papertrail already logs the request information
+  app.use(
+    morgan(isAzureDeployment ? 'combined' : 'dev', {
+      skip: (req, res) => !(isDevelopment || isAzureDeployment),
+    })
+  )
 
   // *** Observability ***
   if (process.env.DD_API_KEY) {
diff --git a/script/find-orphaned-assets.mjs b/script/find-orphaned-assets.mjs
@@ -12,8 +12,15 @@ import path from 'path'
 import program from 'commander'
 import walk from 'walk-sync'
 
+const EXCEPTIONS = new Set([
+  // These files are dynamically referenced in Search.tsx
+  // so they're referred to as `... search-${iconSize}.svg`
+  'assets/images/octicons/search-16.svg',
+  'assets/images/octicons/search-24.svg',
+])
+
 program
-  .description('Print all images that are in ./assets/ but not found in any markdown')
+  .description('Print all images that are in ./assets/ but not found in any source files')
   .option('-e, --exit', 'Exit script by count of orphans (useful for CI)')
   .option('-v, --verbose', 'Verbose outputs')
   .option('--json', 'Output in JSON format')
@@ -76,18 +83,18 @@ async function main(opts) {
 
   verbose && console.log(`${allImages.size.toLocaleString()} images found in total.`)
 
-  for (const markdownFile of sourceFiles) {
-    const content = fs.readFileSync(markdownFile, 'utf-8')
+  for (const sourceFile of sourceFiles) {
+    const content = fs.readFileSync(sourceFile, 'utf-8')
     for (const imagePath of allImages) {
       const needle = imagePath.split(path.sep).slice(-2).join('/')
-      if (content.includes(needle)) {
+      if (content.includes(needle) || EXCEPTIONS.has(imagePath)) {
         allImages.delete(imagePath)
       }
     }
   }
 
   if (verbose && allImages.size) {
-    console.log('The following files are not mentioned anywhere in any Markdown file')
+    console.log('The following files are not mentioned anywhere in any source file')
   }
   if (json) {
     console.log(JSON.stringify([...allImages], undefined, 2))
