Merge pull request #60624 from github/repo-sync

Repo sync

Author: docs-bot

content/actions/reference/workflows-and-actions/contexts.md

@@ -174,7 +174,7 @@ The `github` context contains information about the workflow run and the event t
 |---------------|------|-------------|
 | `github` | `object` | The top-level context available during any job or step in a workflow. This object contains all the properties listed below. |
 | `github.action` | `string` | The name of the action currently running, or the [`id`](/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsid) of a step. {% data variables.product.prodname_dotcom %} removes special characters, and uses the name `__run` when the current step runs a script without an `id`. If you use the same action more than once in the same job, the name will include a suffix with the sequence number with underscore before it. For example, the first script you run will have the name `__run`, and the second script will be named `__run_2`. Similarly, the second invocation of `actions/checkout` will be `actionscheckout2`. |
-| `github.action_path` | `string` | The path where an action is located. This property is only supported in composite actions. You can use this path to access files located in the same repository as the action, for example by changing directories to the path: {% raw %} `cd ${{ github.action_path }}` {% endraw %}. |
+| `github.action_path` | `string` | The path where an action is located. This property is only supported in composite actions. You can use this path to access files located in the same repository as the action, for example by changing directories to the path (using the corresponding enviroment variable): {% raw %} `cd "$GITHUB_ACTION_PATH"` {% endraw %}. For more information on evironment variables, see [AUTOTITLE](/actions/reference/security/secure-use#use-an-intermediate-environment-variable). |
 | `github.action_ref` | `string` | For a step executing an action, this is the ref of the action being executed. For example, `v2`.<br><br>{% data reusables.actions.composite-actions-unsupported-refs %} |
 | `github.action_repository` | `string` | For a step executing an action, this is the owner and repository name of the action. For example, `actions/checkout`.<br><br>{% data reusables.actions.composite-actions-unsupported-refs %} |
 | `github.action_status` | `string` | For a composite action, the current result of the composite action. |

content/code-security/concepts/supply-chain-security/about-the-dependabot-yml-file.md

@@ -43,7 +43,7 @@ The `dependabot.yml` file controls how {% data variables.product.prodname_depend
 
 ## Where to store the `dependabot.yml` file
 
-You must store this file in the `.github` directory of your repository in the default branch (typically `main`). The path is:  `.github/dependabot.yml`.
+You must store this file in the `.github` directory of your repository in the default branch (typically `main`), at `.github/dependabot.yml` or `.github/dependabot.yaml`.
 
 ## How the `dependabot.yml` file works