Merge branch 'main' into add-missing-path-posix-for-windows

Author: sarahs

content/github/finding-security-vulnerabilities-and-errors-in-your-code/managing-code-scanning-alerts-for-your-repository.md

@@ -20,6 +20,8 @@ You can set up {% data variables.product.prodname_code_scanning %} to check the
 
 By default, {% data variables.product.prodname_code_scanning %} analyzes your code periodically on the default branch and during pull requests. For information about managing alerts on a pull request, see "[Triaging {% data variables.product.prodname_code_scanning %} alerts in pull requests](/github/finding-security-vulnerabilities-and-errors-in-your-code/triaging-code-scanning-alerts-in-pull-requests)."
 
+{% data reusables.code-scanning.upload-sarif-alert-limit %}
+
 ### About alerts details
 
 Each alert highlights a problem with the code and the name of the tool that identified it. You can see the line of code that triggered the alert, as well as properties of the alert, such as the severity and the nature of the problem. Alerts also tell you when the issue was first introduced. For alerts identified by {% data variables.product.prodname_codeql %} analysis, you will also see information on how to fix the problem.

content/github/finding-security-vulnerabilities-and-errors-in-your-code/running-codeql-code-scanning-in-your-ci-system.md

@@ -91,6 +91,8 @@ You can configure where the {% data variables.product.prodname_codeql_runner %}
 
 To view the command-line reference for the runner, use the `-h` flag. For example, to list all commands run: `codeql-runner-OS -h`, or to list all the flags available for the `init` command run: `codeql-runner-OS init -h` (where `OS` varies according to the executable that you are using). For more information, see "[Configuring {% data variables.product.prodname_code_scanning %} in your CI system](/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-codeql-code-scanning-in-your-ci-system#codeql-runner-command-reference)."
 
+{% data reusables.code-scanning.upload-sarif-alert-limit %}
+
 #### Basic example
 
 This example runs {% data variables.product.prodname_codeql %} analysis on a Linux CI server for the `octo-org/example-repo` repository hosted on `{% data variables.command_line.git_url_example %}`. The process is very simple because the repository contains only languages that can be analyzed by {% data variables.product.prodname_codeql %} directly, without being built (that is, Go, JavaScript, Python, and TypeScript).

content/github/finding-security-vulnerabilities-and-errors-in-your-code/sarif-support-for-code-scanning.md

@@ -40,6 +40,8 @@ If you upload a SARIF file without fingerprint data using the `/code-scanning/sa
 
 You can check a SARIF file is compatible with {% data variables.product.prodname_code_scanning %} by testing it against the {% data variables.product.prodname_dotcom %} ingestion rules. For more information, visit the [Microsoft SARIF validator](https://sarifweb.azurewebsites.net/).
 
+{% data reusables.code-scanning.upload-sarif-alert-limit %}
+
 ### Supported SARIF output file properties
 
 If you use a code analysis engine other than {% data variables.product.prodname_codeql %}, you can review the supported SARIF properties to optimize how your analysis results will appear on {% data variables.product.prodname_dotcom %}.
@@ -82,14 +84,16 @@ Any valid SARIF 2.1.0 output file can be uploaded, however, {% data variables.pr
 
 #### `result` object
 
+{% data reusables.code-scanning.upload-sarif-alert-limit %}
+
 | Name | Description |
 |----|----|
 | `ruleId`| **Optional.** The unique identifier of the rule (`reportingDescriptor.id`). For more information, see the [`reportingDescriptor` object](#reportingdescriptor-object). {% data variables.product.prodname_code_scanning_capc %} uses the rule identifier to filter results by rule on {% data variables.product.prodname_dotcom %}.
 | `ruleIndex`| **Optional.** The index of the associated rule (`reportingDescriptor` object) in the tool component `rules` array. For more information, see the [`run` object](#run-object).
 | `rule`| **Optional.** A reference used to locate the rule (reporting descriptor) for this result. For more information, see the [`reportingDescriptor` object](#reportingdescriptor-object).
 | `level`| **Optional.** The severity of the result. This level overrides the default severity defined by the rule. {% data variables.product.prodname_code_scanning_capc %} uses the level to filter results by severity on {% data variables.product.prodname_dotcom %}.
 | `message.text`| **Required.** A message that describes the result. {% data variables.product.prodname_code_scanning_capc %} displays the message text as the title of the result. Only the first sentence of the message will be displayed when visible space is limited.
-| `locations[]`| **Required.** The set of locations where the result was detected. Only one location should be included unless the problem can only be corrected by making a change at every specified location. **Note:** At least one location is required for {% data variables.product.prodname_code_scanning %} to display a result. {% data variables.product.prodname_code_scanning_capc %} will use this property to decide which file to annotate with the result. Only the first value of this array is used. All other values are ignored.
+| `locations[]`| **Required.** The set of locations where the result was detected up to a maximum of 10. Only one location should be included unless the problem can only be corrected by making a change at every specified location. **Note:** At least one location is required for {% data variables.product.prodname_code_scanning %} to display a result. {% data variables.product.prodname_code_scanning_capc %} will use this property to decide which file to annotate with the result. Only the first value of this array is used. All other values are ignored.
 | `partialFingerprints`| **Required.** A set of strings used to track the unique identity of the result. {% data variables.product.prodname_code_scanning_capc %} uses `partialFingerprints` to accurately identify which results are the same across commits and branches. {% data variables.product.prodname_code_scanning_capc %} will attempt to use `partialFingerprints` if they exist. If you are uploading third-party SARIF files with the `upload-action`, the action will create `partialFingerprints` for you when they are not included in the SARIF file. For more information, see "[Preventing duplicate alerts using fingerprints](#preventing-duplicate-alerts-using-fingerprints)."  **Note:** {% data variables.product.prodname_code_scanning_capc %} only uses the `primaryLocationLineHash`.
 | `codeFlows[].threadFlows[].locations[]`| **Optional.** An array of `location` objects for a `threadFlow` object, which describes the progress of a program through a thread of execution. A `codeFlow` object describes a pattern of code execution used to detect a result. If code flows are provided, {% data variables.product.prodname_code_scanning %} will expand code flows on {% data variables.product.prodname_dotcom %} for the relevant result. For more information, see the [`location` object](#location-object).
 | `relatedLocations[]`| A set of locations relevant to this result. {% data variables.product.prodname_code_scanning_capc %} will link to related locations when they are embedded in the result message. For more information, see the [`location` object](#location-object).

content/github/finding-security-vulnerabilities-and-errors-in-your-code/uploading-a-sarif-file-to-github.md

@@ -39,6 +39,8 @@ The `upload-sarif` action can be configured to run when the `push` and `schedule
 
 If your SARIF file doesn't include `partialFingerprints`, the `upload-sarif` action will calculate the `partialFingerprints` field for you and attempt to prevent duplicate alerts. {% data variables.product.prodname_dotcom %} can only create `partialFingerprints` when the repository contains both the SARIF file and the source code used in the static analysis. For more information about preventing duplicate alerts, see "[About SARIF support for code scanning](/github/finding-security-vulnerabilities-and-errors-in-your-code/about-sarif-support-for-code-scanning#preventing-duplicate-alerts-using-fingerprints)."
 
+{% data reusables.code-scanning.upload-sarif-alert-limit %}
+
 #### Example workflow for SARIF files generated outside of a repository
 
 You can create a new workflow that uploads SARIF files after you commit them to your repository. This is useful when the SARIF file is generated as an artifact outside of your repository.

data/graphql/ghae/schema.docs-ghae.graphql

@@ -3085,12 +3085,12 @@ type Commit implements GitObject & Node & Subscribable & UniformResourceLocatabl
   committedDate: DateTime!
 
   """
-  Check if commited via GitHub web UI.
+  Check if committed via GitHub web UI.
   """
   committedViaWeb: Boolean!
 
   """
-  Committership details of the commit.
+  Committer details of the commit.
   """
   committer: GitActor
 
@@ -3955,6 +3955,12 @@ type ContributionCalendarDay {
   """
   contributionCount: Int!
 
+  """
+  Indication of contributions, relative to other days. Can be used to indicate
+  which color to represent this day on a calendar.
+  """
+  contributionLevel: ContributionLevel!
+
   """
   The day this square represents.
   """
@@ -4006,6 +4012,36 @@ type ContributionCalendarWeek {
   firstDay: Date!
 }
 
+"""
+Varying levels of contributions from none to many.
+"""
+enum ContributionLevel {
+  """
+  Lowest 25% of days of contributions.
+  """
+  FIRST_QUARTILE
+
+  """
+  Highest 25% of days of contributions. More contributions than the third quartile.
+  """
+  FOURTH_QUARTILE
+
+  """
+  No contributions occurred.
+  """
+  NONE
+
+  """
+  Second lowest 25% of days of contributions. More contributions than the first quartile.
+  """
+  SECOND_QUARTILE
+
+  """
+  Second highest 25% of days of contributions. More contributions than second quartile, less than the fourth quartile.
+  """
+  THIRD_QUARTILE
+}
+
 """
 Ordering options for contribution connections.
 """
@@ -5387,7 +5423,7 @@ input CreateTeamDiscussionInput {
   clientMutationId: String
 
   """
-  If true, restricts the visiblity of this discussion to team members and
+  If true, restricts the visibility of this discussion to team members and
   organization admins. If false or not specified, allows any organization member
   to view this discussion.
   """
@@ -6844,6 +6880,11 @@ enum DeploymentStatusState {
   The deployment was successful.
   """
   SUCCESS
+
+  """
+  The deployment is waiting.
+  """
+  WAITING
 }
 
 """
@@ -10458,7 +10499,7 @@ enum GitSignatureState {
   NO_USER
 
   """
-  Valid siganture, though certificate revocation check failed
+  Valid signature, though certificate revocation check failed
   """
   OCSP_ERROR
 
@@ -13512,7 +13553,7 @@ type Milestone implements Closable & Node & UniformResourceLocatable {
   number: Int!
 
   """
-  Indentifies the percentage complete for the milestone
+  Identifies the percentage complete for the milestone
   """
   progressPercentage: Float!
 
@@ -16982,7 +17023,7 @@ type OrgRestoreMemberAuditEntry implements AuditEntry & Node & OrganizationAudit
   restoredCustomEmailRoutingsCount: Int
 
   """
-  The number of issue assignemnts for the restored member.
+  The number of issue assignments for the restored member.
   """
   restoredIssueAssignmentsCount: Int
 
@@ -18502,7 +18543,7 @@ type OrganizationIdentityProvider implements Node {
   id: ID!
 
   """
-  The x509 certificate used by the Identity Provder to sign assertions and responses.
+  The x509 certificate used by the Identity Provider to sign assertions and responses.
   """
   idpCertificate: X509Certificate
 
@@ -19121,7 +19162,7 @@ type PinnedIssueEdge @preview(toggledBy: "elektra-preview") {
 }
 
 """
-An ISO-8601 encoded UTC date string with millisecond precison.
+An ISO-8601 encoded UTC date string with millisecond precision.
 """
 scalar PreciseDateTime
 
@@ -23827,6 +23868,11 @@ type Release implements Node & UniformResourceLocatable {
   """
   isDraft: Boolean!
 
+  """
+  Whether or not the release is the latest releast
+  """
+  isLatest: Boolean!
+
   """
   Whether or not the release is a prerelease
   """
@@ -26277,7 +26323,7 @@ type RepoCreateAuditEntry implements AuditEntry & Node & OrganizationAuditEntryD
   forkParentName: String
 
   """
-  The name of the root repository for this netork.
+  The name of the root repository for this network.
   """
   forkSourceName: String
   id: ID!
@@ -27305,6 +27351,11 @@ type Repository implements Node & ProjectOwner & RepositoryInfo & Starrable & Su
     orderBy: LanguageOrder
   ): LanguageConnection
 
+  """
+  Get the latest release for the repository if one exists.
+  """
+  latestRelease: Release
+
   """
   The license associated with the repository
   """
@@ -28926,7 +28977,7 @@ type RepositoryVulnerabilityAlert implements Node & RepositoryNode {
   dismissReason: String
 
   """
-  When was the alert dimissed?
+  When was the alert dismissed?
   """
   dismissedAt: DateTime
 
@@ -28947,7 +28998,7 @@ type RepositoryVulnerabilityAlert implements Node & RepositoryNode {
   securityAdvisory: SecurityAdvisory
 
   """
-  The associated security vulnerablity
+  The associated security vulnerability
   """
   securityVulnerability: SecurityVulnerability
 
@@ -30065,7 +30116,7 @@ type SmimeSignature implements GitSignature {
 }
 
 """
-Entites that can sponsor others via GitHub Sponsors
+Entities that can sponsor others via GitHub Sponsors
 """
 union Sponsor = Organization | User
 
@@ -35314,7 +35365,7 @@ input UpdateTeamReviewAssignmentInput @preview(toggledBy: "stone-crop-preview")
   excludedTeamMemberIds: [ID!] @possibleTypes(concreteTypes: ["User"])
 
   """
-  The Node ID of the team to update review assginments of
+  The Node ID of the team to update review assignments of
   """
   id: ID! @possibleTypes(concreteTypes: ["Team"])
 
@@ -36710,6 +36761,72 @@ enum UserStatusOrderField {
   UPDATED_AT
 }
 
+"""
+A domain that can be verified for an organization or an enterprise.
+"""
+type VerifiableDomain implements Node {
+  """
+  Identifies the primary key from the database.
+  """
+  databaseId: Int
+
+  """
+  The DNS host name that should be used for verification.
+  """
+  dnsHostName: URI
+
+  """
+  The unicode encoded domain.
+  """
+  domain: URI!
+
+  """
+  Whether a TXT record for verification with the expected host name was found.
+  """
+  hasFoundHostName: Boolean!
+
+  """
+  Whether a TXT record for verification with the expected verification token was found.
+  """
+  hasFoundVerificationToken: Boolean!
+  id: ID!
+
+  """
+  Whether this domain is required to exist for an organization policy to be enforced.
+  """
+  isRequiredForPolicyEnforcement: Boolean!
+
+  """
+  Whether or not the domain is verified.
+  """
+  isVerified: Boolean!
+
+  """
+  The owner of the domain.
+  """
+  owner: VerifiableDomainOwner!
+
+  """
+  The punycode encoded domain.
+  """
+  punycodeEncodedDomain: URI!
+
+  """
+  The time that the current verification token will expire.
+  """
+  tokenExpirationTime: DateTime
+
+  """
+  The current verification token for the domain.
+  """
+  verificationToken: String
+}
+
+"""
+Types that can own a verifiable domain.
+"""
+union VerifiableDomainOwner = Enterprise | Organization
+
 """
 A hovercard context with a message describing how the viewer is related.
 """