Merge branch 'main' into amit-e-patch-2

ramyaparimi · web-flow · commit d8327255c46f · 2021-11-30T09:10:12.000-06:00
diff --git a/.github/workflows/create-translation-batch-pr.yml b/.github/workflows/create-translation-batch-pr.yml
@@ -27,12 +27,12 @@ jobs:
         include:
           - language: pt-BR
             language_code: pt
-          # - language: zh-CN
-          #   language_code: cn
-          # - language: ja-JP
-          #   language_code: ja
-          # - language: es-ES
-          #   language_code: es
+          - language: zh-CN
+            language_code: cn
+          - language: ja-JP
+            language_code: ja
+          - language: es-ES
+            language_code: es
     steps:
       - name: Set branch name
         id: set-branch
@@ -89,7 +89,7 @@ jobs:
 
       - name: Commit crowdin sync
         run: |
-          git add .
+          git add translations/${{ matrix.language }}
           git commit -m "Add crowdin translations" || echo "Nothing to commit"
 
       - name: 'Setup node'
@@ -102,51 +102,59 @@ jobs:
       - name: Reset files with broken liquid tags
         run: |
           node script/i18n/reset-files-with-broken-liquid-tags.js --language=${{ matrix.language_code }}
-          git add . && git commit -m "run script/i18n/reset-files-with-broken-liquid-tags.js --language=${{ matrix.language_code }}" || echo "Nothing to commit"
+          git add translations/${{ matrix.language }} && git commit -m "run script/i18n/reset-files-with-broken-liquid-tags.js --language=${{ matrix.language_code }}" || echo "Nothing to commit"
 
       # step 5 in docs-engineering/crowdin.md using script from docs-internal#22709
       - name: Reset known broken files
         run: |
           node script/i18n/reset-known-broken-translation-files.js
-          git add . && git commit -m "run script/i18n/reset-known-broken-translation-files.js" || echo "Nothing to commit"
+          git add translations/${{ matrix.language }} && git commit -m "run script/i18n/reset-known-broken-translation-files.js" || echo "Nothing to commit"
         env:
           GITHUB_TOKEN: ${{ secrets.DOCUBOT_REPO_PAT }}
 
       # step 6 in docs-engineering/crowdin.md
       - name: Homogenize frontmatter
         run: |
           node script/i18n/homogenize-frontmatter.js
-          git add . && git commit -m "Run script/i18n/homogenize-frontmatter.js" || echo "Nothing to commit"
+          git add translations/${{ matrix.language }} && git commit -m "Run script/i18n/homogenize-frontmatter.js" || echo "Nothing to commit"
 
       # step 7 in docs-engineering/crowdin.md
       - name: Fix translation errors
         run: |
           node script/i18n/fix-translation-errors.js
-          git add . && git commit -m "Run script/i18n/fix-translation-errors.js" || echo "Nothing to commit"
+          git add translations/${{ matrix.language }} && git commit -m "Run script/i18n/fix-translation-errors.js" || echo "Nothing to commit"
 
       # step 8a in docs-engineering/crowdin.md
       - name: Check parsing
         run: |
           node script/i18n/lint-translation-files.js --check parsing
-          git add . && git commit -m "Run script/i18n/lint-translation-files.js --check parsing" || echo "Nothing to commit"
+          git add translations/${{ matrix.language }} && git commit -m "Run script/i18n/lint-translation-files.js --check parsing" || echo "Nothing to commit"
 
       # step 8b in docs-engineering/crowdin.md
       - name: Check rendering
         run: |
           node script/i18n/lint-translation-files.js --check rendering
-          git add . && git commit -m "Run script/i18n/lint-translation-files.js --check rendering" || echo "Nothing to commit"
+          git add translations/${{ matrix.language }} && git commit -m "Run script/i18n/lint-translation-files.js --check rendering" || echo "Nothing to commit"
+
+      - name: Check in CSV report
+        run: |
+          mkdir -p log
+          csvFile=log/${{ matrix.language_code }}-resets.csv
+          script/i18n/report-reset-files.js --report-type=csv --language=${{ matrix.language_code }} --log-file=/tmp/batch.log > $csvFile
+          git add -f $csvFile && git commit -m "Check in ${{ matrix.language }} CSV report" || echo "Nothing to commit"
 
       - name: Create Pull Request
         env:
           GITHUB_TOKEN: ${{ secrets.DOCUBOT_REPO_PAT }}
         # We'll try to create the pull request based on the changes we pushed up in the branch.
         # If there are actually no differences between the branch and `main`, we'll delete it.
         run: |
+          script/i18n/report-reset-files.js --report-type=pull-request-body --language=${{ matrix.language_code }} --log-file=/tmp/batch.log > /tmp/pr-body.txt
           git push origin ${{ steps.set-branch.outputs.BRANCH_NAME }}
-          gh pr create -t "New translation batch for ${{ matrix.language }}" \
+          gh pr create --title "New translation batch for ${{ matrix.language }}" \
             --base=main \
             --head=${{ steps.set-branch.outputs.BRANCH_NAME }} \
-            -b "New batch for ${{ matrix.language }} created by [this workflow]($GITHUB_SERVER_URL/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID)" ||  git push origin :${{ steps.set-branch.outputs.BRANCH_NAME }}
+            --body-file /tmp/pr-body.txt || git push origin :${{ steps.set-branch.outputs.BRANCH_NAME }}
 
       # When the maximum execution time is reached for this job, Actions cancels the workflow run.
       # This emits a notification for the first responder to triage.
diff --git a/content/account-and-profile/managing-subscriptions-and-notifications-on-github/setting-up-notifications/configuring-notifications.md b/content/account-and-profile/managing-subscriptions-and-notifications-on-github/setting-up-notifications/configuring-notifications.md
@@ -147,7 +147,8 @@ Email notifications from {% data variables.product.product_location %} contain t
     - There are updates in repositories or team discussions you're watching or in a conversation you're participating in. For more information, see "[About participating and watching notifications](#about-participating-and-watching-notifications)."
     - You gain access to a new repository or you've joined a new team. For more information, see "[Automatic watching](#automatic-watching)."{% ifversion fpt or ghes or ghae-issue-4864 or ghec %}
     - There are new {% data variables.product.prodname_dependabot_alerts %} in your repository. For more information, see "[{% data variables.product.prodname_dependabot_alerts %} notification options](#dependabot-alerts-notification-options)." {% endif %} {% ifversion fpt or ghec %}
-    - There are workflow runs updates on repositories set up with {% data variables.product.prodname_actions %}. For more information, see "[{% data variables.product.prodname_actions %} notification options](#github-actions-notification-options)."{% endif %}
+    - There are workflow runs updates on repositories set up with {% data variables.product.prodname_actions %}. For more information, see "[{% data variables.product.prodname_actions %} notification options](#github-actions-notification-options)."{% endif %}{% ifversion fpt or ghec or ghes > 3.3 or ghae-issue-5668 %}
+    - There are new deploy keys added to repositories that belong to organizations that you're an owner of. For more information, see "[Organization alerts notification options](#organization-alerts-notification-options)."{% endif %}
 
 ## Automatic watching
 
@@ -218,6 +219,13 @@ Choose how you want to receive workflow run updates for repositories that you ar
 
 {% endif %}
 
+{% ifversion fpt or ghec or ghes > 3.3 or ghae-issue-5668 %}
+## Organization alerts notification options 
+
+If you're an organization owner, you'll receive email notifications by default when organization members add new deploy keys to repositories within the organization. You can unsubscribe from these notifications. On the notification settings page, under "Organization alerts", unselect **Email**. 
+
+{% endif %}
+
 {% ifversion fpt or ghes or ghec %}
 ## Managing your notification settings with {% data variables.product.prodname_mobile %}
 
diff --git a/content/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services.md b/content/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services.md
@@ -38,12 +38,11 @@ To add the {% data variables.product.prodname_dotcom %} OIDC provider to IAM, se
 
 To configure the role and trust in IAM, see the AWS documentation for ["Assuming a Role"](https://github.com/aws-actions/configure-aws-credentials#assuming-a-role) and ["Creating a role for web identity or OpenID connect federation"](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-idp_oidc.html).
 
-By default, the validation only includes the audience (`aud`) condition, so you must manually add a subject (`sub`) condition. Edit the trust relationship to add the `sub` field to the validation conditions. For example:
+Edit the trust relationship to add the `sub` field to the validation conditions. For example:
 
 ```json{:copy}
 "Condition": {
   "StringEquals": {
-    "token.actions.githubusercontent.com:aud": "https://github.com/octo-org",
     "token.actions.githubusercontent.com:sub": "repo:octo-org/octo-repo:ref:refs/heads/octo-branch"
   }
 }
@@ -86,7 +85,7 @@ env:
 # permission can be added at job level or workflow level    
 permissions:
       id-token: write
-      contents: write    # This is required for actions/checkout@v1
+      contents: read    # This is required for actions/checkout@v1
 jobs:
   S3PackageUpload:
     runs-on: ubuntu-latest
diff --git a/content/actions/learn-github-actions/expressions.md b/content/actions/learn-github-actions/expressions.md
@@ -306,7 +306,7 @@ if: {% raw %}${{ cancelled() }}{% endraw %}
 
 ### failure
 
-Returns `true` when any previous step of a job fails.
+Returns `true` when any previous step of a job fails. If you have a chain of dependent jobs, `failure()` returns `true` if any ancestor job fails.
 
 #### Example
 
diff --git a/content/authentication/keeping-your-account-and-data-secure/reviewing-your-deploy-keys.md b/content/authentication/keeping-your-account-and-data-secure/reviewing-your-deploy-keys.md
@@ -23,3 +23,6 @@ shortTitle: Deploy keys
 	![Deploy key list](/assets/images/help/settings/settings-deploy-key-review.png)
 
 For more information, see "[Managing deploy keys](/guides/managing-deploy-keys)."
+
+## Further reading
+- [Configuring notifications](/account-and-profile/managing-subscriptions-and-notifications-on-github/setting-up-notifications/configuring-notifications#organization-alerts-notification-options)
diff --git a/content/developers/overview/managing-deploy-keys.md b/content/developers/overview/managing-deploy-keys.md
@@ -185,3 +185,7 @@ This means that you cannot automate the creation of accounts. But if you want to
 [collaborator]: /articles/inviting-collaborators-to-a-personal-repository
 [outside-collaborator]: /articles/adding-outside-collaborators-to-repositories-in-your-organization
 [team]: /articles/adding-organization-members-to-a-team
+
+## Further reading
+- [Configuring notifications](/account-and-profile/managing-subscriptions-and-notifications-on-github/setting-up-notifications/configuring-notifications#organization-alerts-notification-options)
+
diff --git a/middleware/archived-enterprise-versions-assets.js b/middleware/archived-enterprise-versions-assets.js
@@ -1,9 +1,12 @@
 import path from 'path'
+
+import got from 'got'
+
 import patterns from '../lib/patterns.js'
 import isArchivedVersion from '../lib/is-archived-version.js'
-import got from 'got'
+import { cacheControlFactory } from './cache-control.js'
 
-const ONE_DAY = 24 * 60 * 60 // 1 day in seconds
+const cacheControl = cacheControlFactory(60 * 60 * 24)
 
 // This module handles requests for the CSS and JS assets for
 // deprecated GitHub Enterprise versions by routing them to static content in
@@ -31,7 +34,7 @@ export default async function archivedEnterpriseVersionsAssets(req, res, next) {
     res.set('x-is-archived', 'true')
     res.set('x-robots-tag', 'noindex')
     // Allow the browser and Fastly to cache these
-    res.set('cache-control', `public, max-age=${ONE_DAY}`)
+    cacheControl(res)
     return res.send(r.body)
   } catch (err) {
     return next(404)
diff --git a/middleware/archived-enterprise-versions.js b/middleware/archived-enterprise-versions.js
@@ -9,13 +9,16 @@ import versionSatisfiesRange from '../lib/version-satisfies-range.js'
 import isArchivedVersion from '../lib/is-archived-version.js'
 import got from 'got'
 import readJsonFile from '../lib/read-json-file.js'
+import { cacheControlFactory } from './cache-control.js'
 const archivedRedirects = readJsonFile(
   './lib/redirects/static/archived-redirects-from-213-to-217.json'
 )
 const archivedFrontmatterFallbacks = readJsonFile(
   './lib/redirects/static/archived-frontmatter-fallbacks.json'
 )
 
+const cacheControl = cacheControlFactory(60 * 60 * 24 * 365)
+
 async function getRemoteJSON(url) {
   if (_getRemoteJSONCache.has(url)) {
     return _getRemoteJSONCache.get(url)
@@ -42,6 +45,7 @@ export default async function archivedEnterpriseVersions(req, res, next) {
     req.path.startsWith('/en/') &&
     versionSatisfiesRange(requestedVersion, `<${firstVersionDeprecatedOnNewSite}`)
   ) {
+    cacheControl(res)
     return res.redirect(301, req.baseUrl + req.path.replace(/^\/en/, ''))
   }
 
@@ -53,6 +57,7 @@ export default async function archivedEnterpriseVersions(req, res, next) {
   ) {
     const redirect = archivedRedirects[req.path]
     if (redirect && redirect !== req.path) {
+      cacheControl(res)
       return res.redirect(301, redirect)
     }
   }
@@ -64,6 +69,7 @@ export default async function archivedEnterpriseVersions(req, res, next) {
       // make redirects found via redirects.json redirect with a 301
       if (redirectJson[req.path]) {
         res.set('x-robots-tag', 'noindex')
+        cacheControl(res)
         return res.redirect(301, redirectJson[req.path])
       }
     } catch (err) {
@@ -78,6 +84,7 @@ export default async function archivedEnterpriseVersions(req, res, next) {
     // make stubbed redirect files (which exist in versions <2.13) redirect with a 301
     const staticRedirect = r.body.match(patterns.staticRedirect)
     if (staticRedirect) {
+      cacheControl(res)
       return res.redirect(301, staticRedirect[1])
     }
 
@@ -87,6 +94,7 @@ export default async function archivedEnterpriseVersions(req, res, next) {
     for (const fallbackRedirect of getFallbackRedirects(req, requestedVersion) || []) {
       try {
         await got(getProxyPath(fallbackRedirect, requestedVersion))
+        cacheControl(res)
         return res.redirect(301, fallbackRedirect)
       } catch (err) {
         // noop
diff --git a/middleware/cache-control.js b/middleware/cache-control.js
@@ -0,0 +1,13 @@
+// Return a function you can pass a Response object to and it will
+// set the `Cache-Control` header.
+//
+// For example:
+//
+//    const cacheControlYear = getCacheControl(60 * 60 * 24 * 365)
+//    ...
+//    cacheControlYear(res)
+//    res.send(body)
+//
+export function cacheControlFactory(maxAge = 60 * 60, public_ = true) {
+  return (res) => res.set('cache-control', `${public_ ? 'public, ' : ''}max-age=${maxAge}`)
+}
diff --git a/script/i18n/fix-translation-errors.js b/script/i18n/fix-translation-errors.js
@@ -33,7 +33,9 @@ async function main() {
     try {
       fileContents = await readFileAsync(path, 'utf8')
     } catch (e) {
-      console.error(e.message)
+      if (fs.existsSync(path)) {
+        console.error(e.message)
+      }
       return null
     }
 
diff --git a/script/i18n/lint-translation-files.js b/script/i18n/lint-translation-files.js
@@ -79,7 +79,9 @@ function lintAndResetFiles(checkType) {
   // We are not passing --prefer-main because we want to remove the file so we
   // reset it directly to the English source
   filesToReset.forEach((file) => {
-    execSync(`script/i18n/reset-translated-file.js ${file}`)
+    execSync(`script/i18n/reset-translated-file.js ${file} --reason="${checkType} error"`, {
+      stdio: 'inherit',
+    })
   })
 
   // Print a message with next steps
diff --git a/script/i18n/report-reset-files.js b/script/i18n/report-reset-files.js
@@ -0,0 +1,85 @@
+#!/usr/bin/env node
+
+import program from 'commander'
+import fs from 'fs'
+import languages from '../../lib/languages.js'
+
+const defaultWorkflowUrl = [
+  process.env.GITHUB_SERVER_URL,
+  process.env.GITHUB_REPOSITORY,
+  'actions/runs',
+  process.env.GITHUB_RUN_ID,
+].join('/')
+
+const reportTypes = {
+  'pull-request-body': pullRequestBodyReport,
+  csv: csvReport,
+}
+
+program
+  .description('Reads a translation batch log and generates a report')
+  .requiredOption('--language <language>', 'The language to compare')
+  .requiredOption('--log-file <log-file>', 'The batch log file')
+  .requiredOption(
+    '--report-type <report-type>',
+    'The batch log file, I.E: ' + Object.keys(reportTypes).join(', ')
+  )
+  .option('--workflow-url <workflow-url>', 'The workflow url', defaultWorkflowUrl)
+  .parse(process.argv)
+
+const options = program.opts()
+const language = languages[options.language]
+const { logFile, workflowUrl, reportType } = options
+
+if (!Object.keys(reportTypes).includes(reportType)) {
+  throw new Error(`Invalid report type: ${reportType}`)
+}
+
+const logFileContents = fs.readFileSync(logFile, 'utf8')
+
+const revertLines = logFileContents
+  .split('\n')
+  .filter((line) => line.match(/^-> reverted to English/))
+  .filter((line) => line.match(language.dir))
+
+const reportEntries = revertLines.sort().map((line) => {
+  const [, file, reason] = line.match(/^-> reverted to English: (.*) Reason: (.*)$/)
+  return { file, reason }
+})
+
+function pullRequestBodyReport() {
+  const body = [
+    `New translation batch for ${language.name}. Product of [this workflow](${workflowUrl}).`,
+    '\n',
+    `## ${reportEntries.length} files reverted.`,
+  ]
+
+  const filesByReason = {}
+
+  reportEntries.forEach(({ file, reason }) => {
+    filesByReason[reason] = filesByReason[reason] || []
+    filesByReason[reason].push(file)
+  })
+
+  Object.keys(filesByReason)
+    .sort()
+    .forEach((reason) => {
+      const files = filesByReason[reason]
+      body.push(`\n### ${reason}`)
+      body.push(`\n${files.length} files:\n`)
+      const checkBoxes = files.map((file) => `- [ ] ${file}`)
+      body.push(checkBoxes)
+    })
+
+  return body.join('\n')
+}
+
+function csvReport() {
+  const lines = reportEntries.map(({ file, reason }) => {
+    return [file, reason].join(',')
+  })
+
+  return ['file,reason', lines].flat().join('\n')
+}
+
+console.log(reportTypes[reportType]())
diff --git a/script/i18n/reset-files-with-broken-liquid-tags.js b/script/i18n/reset-files-with-broken-liquid-tags.js
diff --git a/script/i18n/reset-known-broken-translation-files.js b/script/i18n/reset-known-broken-translation-files.js
diff --git a/script/i18n/reset-translated-file.js b/script/i18n/reset-translated-file.js
diff --git a/script/i18n/test-render-translation.js b/script/i18n/test-render-translation.js
