Merge branch 'main' into render-product-landing-introlinks-dynamically

Author: sarahs

assets/images/help/commits/signature-verification-statuses.png

@@ -86,7 +86,7 @@ jobs:
     steps:
     - uses: actions/checkout@v2
     - name: Setup dotnet ${{ matrix.dotnet-version }}
-      uses: actions/setup-dotnet@v1.7.2
+      uses: actions/setup-dotnet@v1
       with:
         dotnet-version: ${{ matrix.dotnet-version }}
     # You can test your matrix by printing the current dotnet version
@@ -102,7 +102,7 @@ You can configure your job to use a specific version of .NET, such as `3.1.3`. A
 {% raw %}
 ```yaml
     - name: Setup .NET 3.x
-      uses: actions/setup-dotnet@v2
+      uses: actions/setup-dotnet@v1
       with:
         # Semantic version range syntax or exact version of a dotnet version
         dotnet-version: '3.x' 
@@ -118,7 +118,7 @@ You can configure your job to use a specific version of .NET, such as `3.1.3`. A
 steps:
 - uses: actions/checkout@v2
 - name: Setup dotnet
-  uses: actions/setup-dotnet@v1.7.2
+  uses: actions/setup-dotnet@v1
   with:
     dotnet-version: '3.1.x'
 - name: Install dependencies
@@ -139,7 +139,7 @@ For more information, see "[Caching dependencies to speed up workflows](/actions
 steps:
 - uses: actions/checkout@v2
 - name: Setup dotnet
-  uses: actions/setup-dotnet@v1.7.2
+  uses: actions/setup-dotnet@v1
   with:
     dotnet-version: '3.1.x'
 - uses: actions/cache@v2
@@ -171,7 +171,7 @@ You can use the same commands that you use locally to build and test your code.
 steps:
 - uses: actions/checkout@v2
 - name: Setup dotnet
-  uses: actions/setup-dotnet@v1.7.2
+  uses: actions/setup-dotnet@v1
   with:
     dotnet-version: '3.1.x'
 - name: Install dependencies
@@ -206,7 +206,7 @@ jobs:
       steps:
       - uses: actions/checkout@v2
       - name: Setup dotnet
-        uses: actions/setup-dotnet@v1.7.2
+        uses: actions/setup-dotnet@v1
         with:
           dotnet-version: ${{ matrix.dotnet-version }}
       - name: Install dependencies

assets/images/help/commits/vigilant-mode-checkbox.png

@@ -0,0 +1,122 @@
+---
+title: Building and testing Xamarin applications
+intro: You can create a continuous integration (CI) workflow in GitHub Actions to build and test your Xamarin application.
+product: '{% data reusables.gated-features.actions %}'
+versions:
+  free-pro-team: '*'
+  enterprise-server: '>=2.22'
+  github-ae: '*'
+type: 'tutorial'
+topics:
+  - 'CI'
+  - 'Xamarin'
+  - 'Xamarin.iOS'
+  - 'Xamarin.Android'
+  - 'Android'
+  - 'iOS'
+---
+
+{% data reusables.actions.enterprise-beta %}
+{% data reusables.actions.enterprise-github-hosted-runners %}
+{% data reusables.actions.ae-beta %}
+
+### Introduction
+
+This guide shows you how to create a workflow that performs continuous integration (CI) for your Xamarin project. The workflow you create will allow you to see when commits to a pull request cause build or test failures against your default branch; this approach can help ensure that your code is always healthy.
+
+{% data variables.product.prodname_actions %}-hosted macOS runner stores Xamarin SDK versions and the associated Mono versions as a set of symlinks to Xamarin SDK locations that are available by a single bundle symlink. For a full list of available Xamarin SDK versions and their corresponding bundles, see the runners documentation:
+
+* [macOS 10.15](https://github.com/actions/virtual-environments/blob/main/images/macos/macos-10.15-Readme.md#xamarin-bundles)
+* [macOS 11.0](https://github.com/actions/virtual-environments/blob/main/images/macos/macos-11.0-Readme.md#xamarin-bundles)
+
+{% data reusables.github-actions.macos-runner-preview %}
+
+### Prerequisites
+
+We recommend that you have a basic understanding of Xamarin, .NET Core SDK, YAML, workflow configuration options, and how to create a workflow file. For more information, see:
+
+- "[Workflow syntax for {% data variables.product.prodname_actions %}](/actions/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions)"
+- "[Getting started with .NET](https://dotnet.microsoft.com/learn)"
+- "[Learn Xamarin](https://dotnet.microsoft.com/learn/xamarin)"
+
+### Bulding Xamarin.iOS apps
+
+The example below demonstrates how to change the default Xamarin bundle and build  a Xamarin.iOS application.
+
+{% raw %}
+```yaml
+name: Build Xamarin.iOS app
+
+on: [push]
+
+jobs:
+  build:
+
+    runs-on: macos-latest
+
+    steps:
+    - uses: actions/checkout@v2
+    - name: Select default Xamarin bundle to 6_12_6
+      run: |
+        XAMARIN_SDK=6_12_6
+        $VM_ASSETS/select-xamarin-sdk.sh $XAMARIN_SDK
+    
+    - name: Set default Xcode 12.3
+      run: |
+        XCODE_ROOT=/Applications/Xcode_12.3.0.app
+        echo "MD_APPLE_SDK_ROOT=$XCODE_ROOT" >> $GITHUB_ENV
+        sudo xcode-select -s $XCODE_ROOT
+
+    - name: Setup .NET Core SDK 5.0.x
+      uses: actions/setup-dotnet@v1
+      with:
+        dotnet-version: '5.0.x'
+
+    - name: Install dependencies
+      run: nuget restore <sln_file_path>
+
+    - name: Build
+      run: msbuild <csproj_file_path> /p:Configuration=Debug /p:Platform=iPhoneSimulator /t:Rebuild
+```
+{% endraw %}
+
+### Bulding Xamarin.Android apps
+
+The example below demonstrates how to change default the Xamarin bundle and build a Xamarin.Android application.
+
+{% raw %}
+```yaml
+name: Build Xamarin.Android app
+
+on: [push]
+
+jobs:
+  build:
+
+    runs-on: macos-latest
+
+    steps:
+    - uses: actions/checkout@v2
+    - name: Select default Xamarin bundle to 6_12_6
+      run: |
+        XAMARIN_SDK=6_12_6
+        $VM_ASSETS/select-xamarin-sdk.sh $XAMARIN_SDK
+
+    - name: Setup .NET Core SDK 5.0.x
+      uses: actions/setup-dotnet@v1
+      with:
+        dotnet-version: '5.0.x'
+
+    - name: Install dependencies
+      run: nuget restore <sln_file_path>
+
+    - name: Build
+      run: msbuild <csproj_file_path> /t:PackageForAndroid /p:Configuration=Debug
+```
+{% endraw %}
+
+### Specifying a .NET version
+
+To use a preinstalled version of the .NET Core SDK on a {% data variables.product.prodname_dotcom %}-hosted runner, use the `setup-dotnet` action. This action finds a specific version of .NET from the tools cache on each runner, and adds the necessary binaries to `PATH`. These changes will persist for the remainder of the job.
+ 
+The `setup-dotnet` action is the recommended way of using .NET with {% data variables.product.prodname_actions %}, because it ensures consistent behavior across different runners and different versions of .NET. If you are using a self-hosted runner, you must install .NET and add it to `PATH`. For more information, see the [`setup-dotnet`](https://github.com/marketplace/actions/setup-net-core-sdk) action.

content/actions/guides/building-and-testing-net.md

@@ -42,6 +42,7 @@ includeGuides:
   - /actions/guides/building-and-testing-java-with-maven
   - /actions/guides/building-and-testing-java-with-gradle
   - /actions/guides/building-and-testing-java-with-ant
+  - /actions/guides/building-and-testing-xamarin-applications
   - /actions/guides/installing-an-apple-certificate-on-macos-runners-for-xcode-development
   - /actions/guides/publishing-nodejs-packages
   - /actions/guides/publishing-java-packages-with-maven
@@ -84,6 +85,7 @@ includeGuides:
 <!-- {% link_in_list /building-and-testing-java-with-gradle %} -->
 <!-- {% link_in_list /building-and-testing-java-with-ant %} -->
 <!-- {% link_in_list /installing-an-apple-certificate-on-macos-runners-for-xcode-development %} -->
+<!-- {% link_in_list /building-and-testing-xamarin-applications %} -->
 <!-- {% link_in_list /about-packaging-with-github-actions %} -->
 <!-- {% link_in_list /publishing-nodejs-packages %} -->
 <!-- {% link_in_list /publishing-java-packages-with-maven %} -->

content/actions/guides/building-and-testing-xamarin-applications.md

@@ -47,6 +47,8 @@ For each branch protection rule, you can choose to enable or disable the followi
 - [Allow force pushes](#allow-force-pushes)
 - [Allow deletions](#allow-deletions)
 
+For more information on how to set up branch protection, see "[Managing a branch protection rule](/github/administering-a-repository/managing-a-branch-protection-rule)."
+
 #### Require pull request reviews before merging
 
 {% data reusables.pull_requests.required-reviews-for-prs-summary %}
@@ -100,7 +102,15 @@ When you enable required commit signing on a branch, contributors {% if currentV
 
 {% note %}
 
+{% if currentVersion == "free-pro-team@latest" %}
+**Notes:** 
+
+* If you have enabled vigilant mode, which indicates that your commits will always be signed, any commits that {% data variables.product.prodname_dotcom %} identifies as "Partially verified" are permitted on branches that require signed commits. For more information about vigilant mode, see "[Displaying verification statuses for all of your commits](/github/authenticating-to-github/displaying-verification-statuses-for-all-of-your-commits)."
+* If a collaborator pushes an unsigned commit to a branch that requires commit signatures, the collaborator will need to rebase the commit to include a verified signature, then force push the rewritten commit to the branch.
+
+{% else %}
 **Note:** If a collaborator pushes an unsigned commit to a branch that requires commit signatures, the collaborator will need to rebase the commit to include a verified signature, then force push the rewritten commit to the branch.
+{% endif %}
 
 {% endnote %}
 

content/actions/guides/index.md

@@ -1,6 +1,6 @@
 ---
 title: About commit signature verification
-intro: 'Using GPG or S/MIME, you can sign tags and commits locally. These tags or commits are marked as verified on {% data variables.product.product_name %} so other people can trust that the changes come from a trusted source.'
+intro: 'Using GPG or S/MIME, you can sign tags and commits locally. These tags or commits are marked as verified on {% data variables.product.product_name %} so other people can be confident that the changes come from a trusted source.'
 redirect_from:
   - /articles/about-gpg-commit-and-tag-signatures/
   - /articles/about-gpg/
@@ -16,15 +16,34 @@ topics:
 
 ### About commit signature verification
 
-You can sign commits and tags locally, so other people can verify that your work comes from a trusted source. If a commit or tag has a GPG or S/MIME signature that is cryptographically verifiable, {% data variables.product.product_name %} marks the commit or tag as verified.
+You can sign commits and tags locally, to give other people confidence about the origin of a change you have made. If a commit or tag has a GPG or S/MIME signature that is cryptographically verifiable, GitHub marks the commit or tag {% if currentVersion == "free-pro-team@latest" %}"Verified" or "Partially verified."{% else %}"Verified."{% endif %}
 
 ![Verified commit](/assets/images/help/commits/verified-commit.png)
 
-If a commit or tag has a signature that cannot be verified, {% data variables.product.product_name %} marks the commit or tag as unverified.
+{% if currentVersion == "free-pro-team@latest" %}
+Commits and tags have the following verification statuses, depending on whether you have enabled vigilant mode. By default vigilant mode is not enabled. For information on how to enable vigilant mode, see "[Displaying verification statuses for all of your commits](/github/authenticating-to-github/displaying-verification-statuses-for-all-of-your-commits)."
+
+{% data reusables.identity-and-permissions.vigilant-mode-beta-note %}
+
+#### Default statuses
+
+| Status         | Description |
+| -------------- | ----------- |
+| **Verified**   | The commit is signed and the signature was successfully verified.
+| **Unverified** | The commit is signed but the signature could not be verified.
+| No verification status | The commit is not signed.
+
+#### Statuses with vigilant mode enabled
+
+{% data reusables.identity-and-permissions.vigilant-mode-verification-statuses %}
+
+{% else %}
+If a commit or tag has a signature that can't be verified, {% data variables.product.product_name %} marks the commit or tag "Unverified."
+{% endif %}
 
 Repository administrators can enforce required commit signing on a branch to block all commits that are not signed and verified. For more information, see "[About protected branches](/github/administering-a-repository/about-protected-branches#require-signed-commits)."
 
-You can check the verification status of your signed commits or tags on {% data variables.product.product_name %} and view why your commit signatures might be unverified. For more information, see "[Checking your commit and tag signature verification status](/articles/checking-your-commit-and-tag-signature-verification-status)."
+{% data reusables.identity-and-permissions.verification-status-check %}
 
 {% if currentVersion == "free-pro-team@latest" %}
 {% data variables.product.product_name %} will automatically use GPG to sign commits you make using the {% data variables.product.product_name %} web interface, except for when you squash and merge a pull request that you are not the author of. You can optionally choose to have {% data variables.product.product_name %} sign commits you make in {% data variables.product.prodname_codespaces %}. Commits signed by {% data variables.product.product_name %} will have a verified status on {% data variables.product.product_name %}. You can verify the signature locally using the public key available at https://github.com/web-flow.gpg. For more information about enabling GPG verification for your codespaces, see "[Managing GPG verification for {% data variables.product.prodname_codespaces %}](/github/developing-online-with-codespaces/managing-gpg-verification-for-codespaces)."

content/github/administering-a-repository/about-protected-branches.md

@@ -17,23 +17,20 @@ topics:
 
 1. On {% data variables.product.product_name %}, navigate to your pull request.
 {% data reusables.repositories.review-pr-commits %}
-3. Next to your commit's abbreviated commit hash, there is a box that shows whether your commit signature is verified or unverified.
+3. Next to your commit's abbreviated commit hash, there is a box that shows whether your commit signature is verified{% if currentVersion == "free-pro-team@latest" %}, partially verified,{% endif %} or unverified.
 ![Signed commit](/assets/images/help/commits/gpg-signed-commit-verified-without-details.png)
-4. To view more detailed information about the commit signature, click **Verified** or **Unverified**.
+4. To view more detailed information about the commit signature, click **Verified**{% if currentVersion == "free-pro-team@latest" %}, **Partially verified**,{% endif %} or **Unverified**.
 ![Verified signed commit](/assets/images/help/commits/gpg-signed-commit_verified_details.png)
 
-If your commit signature is unverified, you can learn more about why by clicking the **Unverified** box.
-![Unverified signed commit](/assets/images/help/commits/gpg-signed-commit-unverified-details.png)
-
 ### Checking your tag signature verification status
 
 {% data reusables.repositories.navigate-to-repo %}
 {% data reusables.repositories.releases %}
 2. At the top of the Releases page, click **Tags**.
 ![Tags page](/assets/images/help/releases/tags-list.png)
-3. Next to your tag description, there is a box that shows whether your tag signature is verified or unverified.
+3. Next to your tag description, there is a box that shows whether your tag signature is verified{% if currentVersion == "free-pro-team@latest" %}, partially verified,{% endif %} or unverified.
 ![verified tag signature](/assets/images/help/commits/gpg-signed-tag-verified.png)
-4. To view more detailed information about the tag signature, click **Verified** or **Unverified**. If your tag signature is unverified, you can learn more about why by clicking the **Unverified** box.
+4. To view more detailed information about the tag signature, click **Verified**{% if currentVersion == "free-pro-team@latest" %}, **Partially verified**,{% endif %} or **Unverified**. 
 ![Verified signed tag](/assets/images/help/commits/gpg-signed-tag-verified-details.png)
 
 ### Further reading

content/github/authenticating-to-github/about-commit-signature-verification.md

@@ -0,0 +1,36 @@
+---
+title: Displaying verification statuses for all of your commits
+shortTitle: Displaying verification for all commits
+intro: You can enable vigilant mode for commit signature verification to mark all of your commits and tags with a signature verification status.
+versions:
+  free-pro-team: '*'
+topics:
+  - identity
+  - access management
+---
+
+{% data reusables.identity-and-permissions.vigilant-mode-beta-note %}
+
+### About vigilant mode
+
+When you work locally on your computer, Git allows you to set the author of your changes and the identity of the committer. This, potentially, makes it difficult for other people to be confident that commits and tags you create were actually created by you. To help solve this problem you can sign your commits and tags. For more information, see "[Signing commits](/github/authenticating-to-github/signing-commits)" and "[Signing tags](/github/authenticating-to-github/signing-tags)." {% data variables.product.prodname_dotcom %} marks signed commits and tags with a verification status. 
+
+By default commits and tags are marked "Verified" if they are signed with a GPG or S/MIME key that was successfully verified. If a commit or tag has a signature that can't be verified, {% data variables.product.prodname_dotcom %} marks the commit or tag "Unverified." In all other cases no verification status is displayed.
+
+However, you can give other users increased confidence in the identity attributed to your commits and tags by enabling vigilant mode in your {% data variables.product.prodname_dotcom %} settings. With vigilant mode enabled, all of your commits and tags are marked with one of three verification statuses.
+
+![Signature verification statuses](/assets/images/help/commits/signature-verification-statuses.png)
+
+{% data reusables.identity-and-permissions.vigilant-mode-verification-statuses %}
+
+You should only enable vigilant mode if you sign all of your commits and tags. After enabling this mode, any unsigned commits or tags that you generate locally and push to {% data variables.product.prodname_dotcom %} will be marked "Unverified."
+
+{% data reusables.identity-and-permissions.verification-status-check %}
+
+### Enabling vigilant mode
+
+{% data reusables.user_settings.access_settings %}
+{% data reusables.user_settings.ssh %}
+3. On the SSH Settings page, under "Vigilant mode," select **Flag unsigned commits as unverified**.
+
+   ![Flag unsigned commits as unverified checkbox](/assets/images/help/commits/vigilant-mode-checkbox.png)

content/github/authenticating-to-github/checking-your-commit-and-tag-signature-verification-status.md

@@ -82,6 +82,7 @@ topics:
     {% link_in_list /error-were-doing-an-ssh-key-audit %}
 {% topic_link_in_list /managing-commit-signature-verification %}
     {% link_in_list /about-commit-signature-verification %}
+    {% link_in_list /displaying-verification-statuses-for-all-of-your-commits %}
     {% link_in_list /checking-for-existing-gpg-keys %}
     {% link_in_list /generating-a-new-gpg-key %}
     {% link_in_list /adding-a-new-gpg-key-to-your-github-account %}