Merge branch 'main' into desktop-git-tags

Author: chiedo

.github/workflows/triage-unallowed-contributions.yml

@@ -78,25 +78,23 @@ jobs:
         with:
           github-token: ${{secrets.GITHUB_TOKEN}}
           script: |
-            const changedFiles = ${{steps.filter.outputs.notAllowed_files}}
-            const restFiles = ${{steps.filter.outputs.openapi_files}}
-            const translationFiles = ${{steps.filter.outputs.translation_files}}
-            const markdownFiles = changedFiles.map(file => `- \`${file}\`\n`).join('')
+            constFilesArr = [
+              'translations/**',
+              'lib/rest/static/**',
+              '.github/workflows/**',
+              '.github/CODEOWNERS',
+              'translations/**',
+              'assets/fonts/**',
+              'data/graphql/**',
+              'lib/graphql/**',
+              'lib/redirects/**',
+              'lib/rest/**',
+              'lib/webhooks/**'
+            ]
 
-            let reviewMessage = `👋 Hey there spelunker. It looks like you've modified some files that we can't accept as contributions.\n${markdownFiles}\n\nYou'll need to revert all of these ☝️ files using [GitHub Desktop](https://docs.github.com/en/free-pro-team@latest/desktop/contributing-and-collaborating-using-github-desktop/reverting-a-commit) or \`git checkout origin/main <file name>\`. Once you get those files reverted, we can continue with the review process. :octocat:`
+            const badFiles = badFilesArr.join('\n')
 
-            if (restFiles.length > 0) {
-              reviewMessage += "\n\nIt looks like you've modified the OpenAPI schema (`lib/rest/static/**`). While we aren't accepting changes to the schema directly, you can open an issue for any updates to the REST API docs. Head on over to the [`github/rest-api-description`](https://github.com/github/rest-api-description/issues/new?assignees=&labels=Inaccuracy&template=schema-inaccuracy.md&title=%5BSchema+Inaccuracy%5D+%3CDescribe+Problem%3E) repository to open an issue. ⚡"
-            }
-
-            if (translationFiles.length > 0) {
-              await github.issues.addLabels({
-                ...context.repo,
-                issue_number: context.payload.number,
-                labels: ['localization']
-              })
-              reviewMessage += "\n\nIt looks like you've modified translated content. Unfortunately, we are not able to accept pull requests for translated content. Our translation process involves an integration with an external service at crowdin.com, where all translation activity happens. We hope to eventually open up the translation process to the open source community, but we're not there yet. See https://github.com/github/docs/blob/main/CONTRIBUTING.md#earth_asia-translations for more details."
-            }
+            let reviewMessage = `👋 Hey there spelunker. It looks like you've modified some files that we can't accept as contributions. The complete list of files we can't accept are:\n${badFiles}\n\nYou'll need to revert all of the files you changed in that list using [GitHub Desktop](https://docs.github.com/en/free-pro-team@latest/desktop/contributing-and-collaborating-using-github-desktop/reverting-a-commit) or \`git checkout origin/main <file name>\`. Once you get those files reverted, we can continue with the review process. :octocat:`
 
             await github.pulls.createReview({
               ...context.repo,

content/actions/reference/workflow-syntax-for-github-actions.md

@@ -1199,7 +1199,7 @@ For more information about branch, tag, and path filter syntax, see "[`on.<push|
 | `'**'` | Matches all branch and tag names. This is the default behavior when you don't use a `branches` or `tags` filter. | `all/the/branches`<br/><br/>`every/tag` |
 | `'*feature'` | The `*` character is a special character in YAML. When you start a pattern with `*`, you must use quotes. | `mona-feature`<br/><br/>`feature`<br/><br/>`ver-10-feature` |
 | `v2*` | Matches branch and tag names that start with `v2`. | `v2`<br/><br/>`v2.0`<br/><br/>`v2.9` |
-| `v[12].[0-9]+.[0-9]+` | Matches all semantic versioning tags with major version 1 or 2 | `v1.10.1`<br/><br/>`v2.0.0` |
+| `v[12].[0-9]+.[0-9]+` | Matches all semantic versioning branches and tags with major version 1 or 2 | `v1.10.1`<br/><br/>`v2.0.0` |
 
 #### Patterns to match file paths
 

content/github/administering-a-repository/about-dependabot-version-updates.md

@@ -15,9 +15,9 @@ versions:
 
 {% data variables.product.prodname_dependabot %} takes the effort out of maintaining your dependencies. You can use it to ensure that your repository automatically keeps up with the latest releases of the packages and applications it depends on.
 
-You enable {% data variables.product.prodname_dependabot_version_updates %} by checking a configuration file in to your repository. The configuration file specifies the location of the manifest, or other package definition files, stored in your repository. {% data variables.product.prodname_dependabot %} uses this information to check for outdated packages and applications. {% data variables.product.prodname_dependabot %} determines if there is a new version of a dependency by looking at the semantic versioning ([semver](https://semver.org/)) of the dependency to decide whether it should update to that version. For certain package managers, {% data variables.product.prodname_dependabot_version_updates %} also supports vendoring. Vendored (or cached) dependencies are dependencies that are checked in to a specific directory in a repository, rather than referenced in a manifest. Vendored dependencies are available at build time even if package servers are unavailable. {% data variables.product.prodname_dependabot_version_updates %} can be configured to check vendored dependencies for new versions and update them if necessary. 
+You enable {% data variables.product.prodname_dependabot_version_updates %} by checking a configuration file into your repository. The configuration file specifies the location of the manifest, or of other package definition files, stored in your repository. {% data variables.product.prodname_dependabot %} uses this information to check for outdated packages and applications. {% data variables.product.prodname_dependabot %} determines if there is a new version of a dependency by looking at the semantic versioning ([semver](https://semver.org/)) of the dependency to decide whether it should update to that version. For certain package managers, {% data variables.product.prodname_dependabot_version_updates %} also supports vendoring. Vendored (or cached) dependencies are dependencies that are checked in to a specific directory in a repository rather than referenced in a manifest. Vendored dependencies are available at build time even if package servers are unavailable. {% data variables.product.prodname_dependabot_version_updates %} can be configured to check vendored dependencies for new versions and update them if necessary. 
 
-When {% data variables.product.prodname_dependabot %} identifies an outdated dependency, it raises a pull request to update the manifest to the latest version of the dependency. For vendored dependencies, {% data variables.product.prodname_dependabot %} raises a pull request to directly replace the outdated dependency with the new version. You check that your tests pass, review the changelog and release notes included in the pull request summary, and then merge it. For more information, see "[Enabling and disabling version updates](/github/administering-a-repository/enabling-and-disabling-version-updates)."
+When {% data variables.product.prodname_dependabot %} identifies an outdated dependency, it raises a pull request to update the manifest to the latest version of the dependency. For vendored dependencies, {% data variables.product.prodname_dependabot %} raises a pull request to replace the outdated dependency with the new version directly. You check that your tests pass, review the changelog and release notes included in the pull request summary, and then merge it. For more information, see "[Enabling and disabling version updates](/github/administering-a-repository/enabling-and-disabling-version-updates)."
 
 If you enable security updates, {% data variables.product.prodname_dependabot %} also raises pull requests to update vulnerable dependencies. For more information, see "[About {% data variables.product.prodname_dependabot_security_updates %}](/github/managing-security-vulnerabilities/about-dependabot-security-updates)."
 

data/release-notes/3-0/0-rc1.yml

@@ -1,6 +1,6 @@
 date: '2021-01-12'
 release_candidate: true
-intro: Release notes are now published on the documentation site. The new location makes it easier to learn about new releases and features at the same time. Historical release notes are available on [GitHub Enterprise Releases](https://enterprise.github.com/releases).
+intro: Release candidate versions should be tested on non-production environments. For more information about the Release Candidate Program, see the [GitHub Blog](https://github.blog/2020-12-03-improving-the-ghes-release-process-release-candidates/) or "[About upgrades to new releases](/admin/overview/about-upgrades-to-new-releases)".
 sections:
   features:
     - heading: GitHub Actions

data/release-notes/3-0/0-rc2.yml

@@ -0,0 +1,23 @@
+date: '2021-01-29'
+release_candidate: true
+intro: Release candidate versions should be tested on non-production environments. For more information about the Release Candidate Program, see the [GitHub Blog](https://github.blog/2020-12-03-improving-the-ghes-release-process-release-candidates/) or "[About upgrades to new releases](/admin/overview/about-upgrades-to-new-releases)."
+sections:
+  bugs:
+    - heading: Fixes for known issues from Release Candidate 1
+      notes:
+        - If you disabled GitHub Actions following an unsuccessful attempt to set up GitHub Actions, then you will not be able to create the first user and use the appliance.
+        - The "Mandatory message viewed" audit log event was not being saved.
+        - '`ghe-config-apply` needed to run on a replica during an initial setup before `ghe-repl-setup` could run to start replication.'
+        - Removing yourself as an enterprise owner returned a 404.
+    - heading: Fixes for other issues
+      notes:
+        - Issues with migrations and upgrades to 3.0.0 have been fixed.
+        - Backup Utilities versioning now works for release candidate versions.
+        - Generating a support bundle resulted in an error in the orchestrator logs.
+        - A large restore could result in Redis running out of memory.
+        - The checkbox to enable GitHub Actions in the Management Console is now visible with any authentication method.
+        - GitHub Actions can only be enabled if the required storage is also configured.
+        - '`ghe-repl-status` could silently fail if MSSQL replication is not configured.'
+
+  known_issues:
+    - The known issues for Release Candidate 1 still apply, excluding the bug fixes listed.

data/reusables/webhooks/pull_request_webhook_properties.md

@@ -1,3 +1,3 @@
 Key | Type | Description
 ----|------|-------------
-`action`|`string` | The action that was performed. Can be one of  `opened`, `edited`, `closed`, `assigned`, `unassigned`, `review_requested`, `review_request_removed`, `ready_for_review`, `labeled`, `unlabeled`, `synchronize`, `locked`, `unlocked`, or `reopened`. If the action is `closed` and the `merged` key is `false`, the pull request was closed with unmerged commits. If the action is `closed` and the `merged` key is `true`, the pull request was merged.
+`action`|`string` | The action that was performed. Can be one of  `opened`, `edited`, `closed`, `assigned`, `unassigned`, `review_requested`, `review_request_removed`, `ready_for_review`, `converted_to_draft`, `labeled`, `unlabeled`, `synchronize`, `locked`, `unlocked`, or `reopened`. If the action is `closed` and the `merged` key is `false`, the pull request was closed with unmerged commits. If the action is `closed` and the `merged` key is `true`, the pull request was merged.

lib/page.js

@@ -4,12 +4,10 @@ const path = require('path')
 const cheerio = require('cheerio')
 const patterns = require('./patterns')
 const getMapTopicContent = require('./get-map-topic-content')
-const rewriteAssetPathsToS3 = require('./rewrite-asset-paths-to-s3')
 const getApplicableVersions = require('./get-applicable-versions')
 const encodeBracketedParentheses = require('./encode-bracketed-parentheses')
 const generateRedirectsForPermalinks = require('./redirects/permalinks')
 const getEnglishHeadings = require('./get-english-headings')
-const useEnglishHeadings = require('./use-english-headings')
 const getTocItems = require('./get-toc-items')
 const pathUtils = require('./path-utils')
 const Permalink = require('./permalink')
@@ -154,6 +152,12 @@ class Page {
       this.markdown = await this.getMarkdown()
     }
 
+    // use English IDs/anchors for translated headings, so links don't break (see #8572)
+    if (this.languageCode !== 'en') {
+      const englishHeadings = getEnglishHeadings(this, context.pages)
+      context.englishHeadings = englishHeadings
+    }
+
     this.intro = await renderContent(this.rawIntro, context)
     this.introPlainText = await renderContent(this.rawIntro, context, { textOnly: true })
     this.title = await renderContent(this.rawTitle, context, { textOnly: true, encodeEntities: true })
@@ -185,6 +189,7 @@ class Page {
       }))
     }
 
+    context.relativePath = this.relativePath
     const html = await renderContent(markdown, context)
 
     // product frontmatter may contain liquid
@@ -227,29 +232,14 @@ class Page {
       })
     }
 
-    const $ = cheerio.load(html)
-
     // set a flag so layout knows whether to render a mac/windows/linux switcher element
-    this.includesPlatformSpecificContent = $('[class^="platform-"], .mac, .windows, .linux').length > 0
-
-    // rewrite asset paths to s3 if it's a dotcom article on any GHE version
-    // or if it's an enterprise article on any GHE version EXCEPT latest version
-    rewriteAssetPathsToS3($, context.currentVersion, this.relativePath)
-
-    // use English IDs/anchors for translated headings, so links don't break (see #8572)
-    if (this.languageCode !== 'en') {
-      const englishHeadings = getEnglishHeadings(this, context.pages)
-      if (englishHeadings) useEnglishHeadings($, englishHeadings)
-    }
-
-    // wrap ordered list images in a container div
-    $('ol > li img').each((i, el) => {
-      $(el).wrap('<div class="procedural-image-wrapper" />')
-    })
-
-    const cleanedHTML = $('body').html()
+    this.includesPlatformSpecificContent = (
+      html.includes('extended-markdown mac') ||
+      html.includes('extended-markdown windows') ||
+      html.includes('extended-markdown linux')
+    )
 
-    return cleanedHTML
+    return html
   }
 
   // Allow other modules (like custom liquid tags) to make one-off requests

lib/render-content/create-processor.js

@@ -11,6 +11,9 @@ const graphql = require('highlightjs-graphql').definer
 const remarkCodeExtra = require('remark-code-extra')
 const codeHeader = require('./plugins/code-header')
 const rewriteLocalLinks = require('./plugins/rewrite-local-links')
+const useEnglishHeadings = require('./plugins/use-english-headings')
+const rewriteAssetPathsToS3 = require('./plugins/rewrite-asset-paths-to-s3')
+const wrapInElement = require('./plugins/wrap-in-element')
 
 module.exports = function createProcessor (context) {
   return unified()
@@ -19,9 +22,12 @@ module.exports = function createProcessor (context) {
     .use(emoji)
     .use(remark2rehype, { allowDangerousHTML: true })
     .use(slug)
+    .use(useEnglishHeadings, context)
     .use(autolinkHeadings, { behavior: 'wrap' })
     .use(highlight, { languages: { graphql }, subset: false })
     .use(raw)
+    .use(rewriteAssetPathsToS3, context)
+    .use(wrapInElement, { selector: 'ol > li img', wrapper: 'div.procedural-image-wrapper' })
     .use(rewriteLocalLinks, { languageCode: context.currentLanguage, version: context.currentVersion })
     .use(html)
 }

lib/render-content/plugins/rewrite-asset-paths-to-s3.js

@@ -0,0 +1,45 @@
+const visit = require('unist-util-visit')
+const latestEnterpriseRelease = require('../../enterprise-server-releases').latest
+const nonEnterpriseDefaultVersion = require('../../non-enterprise-default-version')
+const { getS3BucketPathFromVersion } = require('../../s3-bucket-path-utils')
+const allVersions = require('../../all-versions')
+const s3BasePath = 'https://github-images.s3.amazonaws.com'
+
+const matcher = node => (
+  node.type === 'element' &&
+  node.tagName === 'img' &&
+  node.properties.src &&
+  node.properties.src.startsWith('/assets/images')
+)
+
+// This module rewrites asset paths on Enterprise versions to S3 paths.
+// Source example: /assets/images/foo.png
+// Rewritten: https://github-images.s3.amazonaws.com/enterprise/2.20/assets/images/foo.png
+// The one exception is Admin pages on the latest GHES release.
+module.exports = function rewriteAssetPathsToS3 ({ currentVersion, relativePath }) {
+  // Bail if we don't have a relativePath in this context
+  if (!relativePath) return
+
+  // skip if this is the homepage
+  if (relativePath === 'index.md') return
+
+  // if the current version is non-enterprise, do not rewrite
+  if (currentVersion === nonEnterpriseDefaultVersion) return
+
+  // the relativePath starts with the product, like /admin/foo or /github/foo
+  const product = relativePath.split('/')[0]
+
+  // if this is an Admin page on the latest GHES release, do not rewrite
+  if (product === 'admin' && allVersions[currentVersion].currentRelease === latestEnterpriseRelease) return
+
+  // if the version is enterprise-server@2.22, use `enterprise/2.22` as the bucket path
+  // otherwise, use the plan name, e.g., `github-ae`
+  const bucketPath = getS3BucketPathFromVersion(currentVersion)
+
+  return tree => {
+    visit(tree, matcher, node => {
+      // Rewrite the node's src
+      node.properties.src = `${s3BasePath}/${bucketPath}${node.properties.src}`
+    })
+  }
+}

lib/render-content/plugins/rewrite-local-links.js

@@ -26,8 +26,8 @@ module.exports = function rewriteLocalLinks ({ languageCode, version }) {
   // There's no languageCode or version passed, so nothing to do
   if (!languageCode || !version) return
 
-  return ast => {
-    visit(ast, matcher, node => {
+  return tree => {
+    visit(tree, matcher, node => {
       const newHref = getNewHref(node, languageCode, version)
       if (newHref) {
         node.properties.href = newHref