Merge branch 'main' into plural-scopes-allowed

.github/workflows/openapi-decorate.yml

@@ -36,6 +36,11 @@ jobs:
 
       - name: Checkout repository code
         uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8
+        with:
+          # In order to fail gracefully when a branch already exists
+          # in the "Create pull request" step, we need to be able
+          # to get all existing branches.
+          fetch-depth: 0
 
         # Check out a nested repository inside of previous checkout
       - name: Checkout rest-api-description repo
@@ -85,7 +90,7 @@ jobs:
           branchname=openapi-update-${{ steps.rest-api-description.outputs.OPENAPI_COMMIT_SHA }}
 
           branchCheckout=$(git checkout -b $branchname)
-          if [[! $? -eq 0 ]]; then
+          if ! [[ $? -eq 0 ]]; then
             echo "Branch $branchname already exists in `github/docs-internal`. Exiting..."
             exit 0
           fi

.github/workflows/test.yml

@@ -45,6 +45,7 @@ jobs:
               { name: 'content', path: 'tests/content', },
               { name: 'graphql', path: 'tests/graphql', },
               { name: 'events', path: 'src/events/tests', },
+              { name: 'automated-pipelines', path: 'src/automated-pipelines/tests', },
               { name: 'linting', path: 'tests/linting', },
               { name: 'meta', path: 'tests/meta', },
               { name: 'routing', path: 'tests/routing', },
@@ -96,7 +97,8 @@ jobs:
           # links can and should be updated.
           ./script/update-internal-links.js --dry-run --check --strict --verbose \
             tests/fixtures/content \
-            --exclude tests/fixtures/content/get-started/foo/typo-autotitling.md
+            --exclude tests/fixtures/content/get-started/foo/typo-autotitling.md \
+            --exclude tests/fixtures/content/get-started/foo/anchor-autotitling.md
           ./script/update-internal-links.js --dry-run --check --strict --verbose \
             tests/fixtures/data
 

.gitignore

@@ -14,7 +14,7 @@ coverage/
 .next
 .eslintcache
 *.tsbuildinfo
-translations/
+/translations/
 .node-version
 
 # blc: broken link checker

components/LinkPreviewPopover.tsx

@@ -89,7 +89,10 @@ function popoverWrap(element: HTMLLinkElement) {
     // rely on the server.
     // We can remove this if statement once preview hover cards are
     // enabled everywhere.
-    if (new URL(element.href).pathname.split('/')[2] !== 'pages') return
+    const pathnameSplit = new URL(element.href).pathname.split('/')
+    // Check for both when you're on free-pro-team@latest and any
+    // other version too.
+    if (!(pathnameSplit[2] === 'pages' || pathnameSplit[3] === 'pages')) return
 
     // But, is it an in-page anchor link? If so, get the title, intro
     // and product from within the DOM. But only if we can use the anchor

content/actions/monitoring-and-troubleshooting-workflows/using-workflow-run-logs.md

@@ -63,7 +63,6 @@ You can download the log files from your workflow run. You can also download a w
 
   ![Screenshot of the log for a job. In the header, a gear icon is outlined in dark orange.](/assets/images/help/actions/download-logs-drop-down.png)
 
-
   {% ifversion re-run-jobs %}
 
   {% note %}
@@ -82,11 +81,11 @@ You can delete the log files from your workflow run. {% data reusables.repositor
 {% data reusables.repositories.actions-tab %}
 {% data reusables.repositories.navigate-to-workflow %}
 {% data reusables.repositories.view-run %}
-1. In the upper right corner, click {% octicon "kebab-horizontal" aria-label="Show options" %}.
+1. In the upper-right corner, select the {% octicon "kebab-horizontal" aria-label="Show workflow options" %} dropdown menu, then click **Delete all logs**.
 
-    ![Kebab-horizontal icon](/assets/images/help/repository/workflow-run-kebab-horizontal-icon-updated-2.png)
+    ![Screenshot of the page for a workflow run. In the top-right corner, a button, labeled with a kebab icon, is outlined in dark orange.](/assets/images/help/actions/workflow-run-kebab-horizontal-icon.png)
 
-2. To delete the log files, click the **Delete all logs** button and review the confirmation prompt.
+1. Review the confirmation prompt.
 
 After deleting logs, the **Delete all logs** button is removed to indicate that no log files remain in the workflow run.
 

content/admin/identity-and-access-management/managing-iam-for-your-enterprise/about-authentication-for-your-enterprise.md

@@ -37,7 +37,7 @@ By default, each member must create a personal account on {% data variables.loca
 
 If you configure additional SAML access restriction, each member must create and manage a personal account on {% data variables.location.product_location %}. You grant access to your enterprise, and the member can access your enterprise's resources after both signing into the account on {% data variables.location.product_location %} and successfully authenticating with your SAML identity provider (IdP). The member can contribute to other enterprises, organizations, and repositories on {% data variables.location.product_location %} using their personal account. For more information about requiring SAML authentication for all access your enterprise's resources, see "[AUTOTITLE](/admin/identity-and-access-management/using-saml-for-enterprise-iam/about-saml-for-enterprise-iam)."
 
-You can choose between configuring SAML at the enterprise level, which applies the same SAML configuration to all organizations within the enterprise, and configuring SAML separately for individual organizations. For more information, see "[AUTOTITLE](#deciding-whether-to-configure-saml-at-the-enterprise-level-or-the-organization-level)."
+You can choose between configuring SAML at the enterprise level, which applies the same SAML configuration to all organizations within the enterprise, and configuring SAML separately for individual organizations. For more information, see "[Deciding whether to configure SAML at the enterprise level or the organization level](#deciding-whether-to-configure-saml-at-the-enterprise-level-or-the-organization-level)."
 
 ### Authentication with {% data variables.product.prodname_emus %} and federation
 

content/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-code-security-and-analysis-for-your-enterprise.md

@@ -39,6 +39,8 @@ You can enforce policies to manage the use of code security and analysis feature
 
 Across all organizations owned by your enterprise, you can allow members with admin permissions for repositories to enable or disable {% data variables.product.prodname_dependabot_alerts %} and change {% data variables.product.prodname_dependabot_alerts %} settings.
 
+{% data reusables.enterprise.role-permission-hierarchy %}
+
 {% data reusables.enterprise-accounts.access-enterprise %}
 {% data reusables.enterprise-accounts.policies-tab %}
 {% data reusables.enterprise-accounts.code-security-and-analysis-policies %}
@@ -52,6 +54,8 @@ Across all organizations owned by your enterprise, you can allow members with ad
 
 {% data reusables.advanced-security.about-ghas-organization-policy %}
 
+{% data reusables.enterprise.role-permission-hierarchy %}
+
 {% data reusables.enterprise-accounts.access-enterprise %}
 {% data reusables.enterprise-accounts.policies-tab %}{% ifversion security-feature-enablement-policies %}
 {% data reusables.enterprise-accounts.code-security-and-analysis-policies %}{% else %}
@@ -79,6 +83,8 @@ Across all of your enterprise's organizations, you can allow or disallow people
 
 Across all of your enterprise's organizations, you can allow or disallow people with admin access to repositories to manage and configure {% data variables.product.prodname_secret_scanning %} for the repositories. {% data reusables.advanced-security.ghas-must-be-enabled %}
 
+{% data reusables.enterprise.role-permission-hierarchy %}
+
 {% data reusables.enterprise-accounts.access-enterprise %}
 {% data reusables.enterprise-accounts.policies-tab %}
 {% data reusables.enterprise-accounts.code-security-and-analysis-policies %}

content/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-security-settings-in-your-enterprise.md

@@ -80,6 +80,8 @@ You can use a SSH certificate authorities (CA) to allow members of any organizat
 
 If you require SSH certificates for your enterprise, enterprise members should use a special URL for Git operations over SSH. For more information, see "[AUTOTITLE](/organizations/managing-git-access-to-your-organizations-repositories/about-ssh-certificate-authorities#about-ssh-urls-with-ssh-certificates)."
 
+ {% data reusables.enterprise.certificate-authority-usage %}
+
 {% data reusables.enterprise-accounts.access-enterprise %}
 {% data reusables.enterprise-accounts.settings-tab %}
 {% data reusables.enterprise-accounts.security-tab %}

content/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning.md

@@ -19,7 +19,6 @@ topics:
   - Code scanning
 ---
 
-
 {% data reusables.code-scanning.beta %}
 {% data reusables.code-scanning.enterprise-enable-code-scanning %}
 
@@ -57,3 +56,11 @@ You can configure {% data variables.product.prodname_code_scanning %} to use the
 {% data reusables.code-scanning.interoperable-with-tools-that-output-sarif %}
 
 You can run third-party analysis tools within {% data variables.product.product_name %} using actions or within an external CI system. For more information, see "[AUTOTITLE](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning-for-a-repository)" or "[AUTOTITLE](/code-security/code-scanning/integrating-with-code-scanning/uploading-a-sarif-file-to-github)."
+
+{% ifversion code-scanning-tool-status }
+
+## About the {% data variables.code-scanning.tool_status_page %}
+
+The {% data variables.code-scanning.tool_status_page %} shows useful information about all of your code scanning tools. If code scanning is not working as you'd expect, the {% data variables.code-scanning.tool_status_page %} is a good starting point for debugging problems. For more information, see "[AUTOTITLE](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-the-tool-status-page)".
+
+{% endif %}

content/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-the-tool-status-page.md

@@ -0,0 +1,100 @@
+---
+title: About the tool status page for code scanning
+shortTitle: Code scanning tool status
+allowTitleToDifferFromFilename: true
+intro: The {% data variables.code-scanning.tool_status_page %} shows useful information about all of your code scanning tools. If code scanning is not working as you'd expect, the {% data variables.code-scanning.tool_status_page %} is a good starting point for debugging problems.
+product: '{% data reusables.gated-features.code-scanning %}'
+versions:
+  feature: code-scanning-tool-status-page
+type: overview
+topics:
+  - Advanced Security
+  - Code scanning
+  - CodeQL
+---
+
+{% data reusables.code-scanning.enterprise-enable-code-scanning %}
+
+## About the {% data variables.code-scanning.tool_status_page %}
+
+The {% data variables.code-scanning.tool_status_page %} shows useful information about all of your {% data variables.product.prodname_code_scanning %} tools. If {% data variables.product.prodname_code_scanning %} is not working as you'd expect, the {% data variables.code-scanning.tool_status_page %} is a good starting point for debugging problems.
+
+Using the {% data variables.code-scanning.tool_status_page %}, you can see how well code scanning tools are working for a repository, when files in the repository were first scanned and most recently scanned, and when scans are scheduled. For integrated tools like {% data variables.product.prodname_codeql %}, you can also see more detailed information, including a percentage of files scanned and specific error messages.
+
+You can also see the rules your code was checked against by each configuration of a {% data variables.product.prodname_code_scanning %} tool and download a summary of the results.
+
+{% note %}
+
+**Note:** The {% data variables.code-scanning.tool_status_page %} shows how tools are working at the repository level, not the organization level. The tool status is only shown for the default branch of the repository for which that tool is configured.
+
+{% endnote %}
+
+## Viewing the {% data variables.code-scanning.tool_status_page %} for a repository
+
+The code scanning alerts page for each repository includes a tools banner with a summary of the health of your code scanning analysis, and access to the {% data variables.code-scanning.tool_status_page %} to explore your setup.
+
+{% data reusables.repositories.navigate-to-repo %}
+{% data reusables.repositories.sidebar-security %}
+{% data reusables.repositories.sidebar-code-scanning-alerts %}
+1. Click **Tool status** in the tools banner.
+  ![Screenshot showing how to access the tool status page from a repository. The "Tool status" button is highlighted in a dark orange outline.](/assets/images/help/repository/code-scanning-tool-status-page-access.png)
+
+## Using the {% data variables.code-scanning.tool_status_page %}
+
+In the {% data variables.code-scanning.tool_status_page %}, you'll see a summary for one tool, highlighted in the sidebar. You can use the sidebar to view summaries for different tools.
+
+![Screenshot showing the tool status page, with the CodeQL tool selected.](/assets/images/help/repository/code-scanning-tool-status-page.png)
+
+For integrated tools such as {% data variables.product.prodname_codeql %}, you can see a percentage total of all the files most recently scanned in your repository, organized by programming language. For information about what files are considered to have been scanned by {% data variables.product.prodname_codeql %}, see "[How {% data variables.product.prodname_codeql %} defines scanned files](#how-codeql-defines-scanned-files)." You can also download detailed language reports in CSV format. For more information, see "[Downloading details of the files analyzed](#downloading-details-of-the-files-analyzed)."
+
+The three possible tool statuses are: all configurations are working, some configurations need attention, and some configurations are not working.
+
+### Accessing detailed information about tools
+
+When you want to see more detailed information for the currently displayed tool, you can select a specific setup under "Setup types".
+
+Under "Configurations" on the left of the screen, you can see information for each analysis run by this setup type, and any relevant error messages. To see detailed information about the most recent analysis run, select a configuration in the sidebar. You can download details of exactly which rules were run in that scan of the code and how many alerts were found by each rule. For more information, see "[Downloading lists of rules used](#downloading-lists-of-rules-used)."
+
+![Screenshot showing detailed information about CodeQL in the tool status page.](/assets/images/help/repository/code-scanning-tool-status-page-detailed.png)
+
+This view will also show error messages. For more information, see "[Debugging using the tool status page](#debugging-using-the-tool-status-page)."
+
+### How {% data variables.product.prodname_codeql %} defines scanned files
+
+A file is reported as scanned by {% data variables.product.prodname_codeql %} if some of the lines of code in that file were processed. If you're using a standard configuration of the {% data variables.product.prodname_codeql %} action, the scanned files shown in the {% data variables.code-scanning.tool_status_page %} will include source code files for all languages that {% data variables.product.prodname_codeql %} can analyze. If you use an advanced setup, you can optionally define which files for interpreted languages should be scanned using the the `paths` and `paths-ignore` configuration properties. For more information, see "[AUTOTITLE](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning-with-codeql)" and "[AUTOTITLE](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/customizing-code-scanning)."
+
+For compiled languages, the {% data variables.code-scanning.tool_status_page %} reports files that were present before running autobuild or any manual build steps. This means that files generated during the build process are not shown in the {% data variables.code-scanning.tool_status_page %}. For more information, see "[AUTOTITLE](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-the-codeql-workflow-for-compiled-languages#about-autobuild-for-codeql)."
+
+### Downloading details of the files analyzed
+
+For integrated tools such as {% data variables.product.prodname_codeql %}, you can download detailed reports from the {% data variables.code-scanning.tool_status_page %} in CSV format. This will show:
+
+* Which configuration was used to scan each file.
+* The file path.
+* The programming language of the file.
+* Whether the file was successfully extracted.
+
+To download a report, select a tool you're interested in. Then on the top right of the page, click the **{% octicon "download" aria-label="Download language CSV report" %}** button.
+
+### Downloading lists of rules used
+
+You can download the list of rules that {% data variables.product.prodname_code_scanning %} is checking against, in CSV format. This will show:
+
+* The configuration used.
+* The rule source.
+* The SARIF identifier.
+* How many alerts were found.
+
+To download a report, select a configuration you're interested in. Then click **{% octicon "kebab-horizontal" aria-label="Scanned files menu"  %}** on the top right of the page, and select **{% octicon "download" aria-hidden="true"  %} Download list of rules used**.
+
+## Debugging using the {% data variables.code-scanning.tool_status_page %}
+
+If you see that there is a problem with your analysis from the {% data variables.product.prodname_code_scanning %} alerts page, you can use the {% data variables.code-scanning.tool_status_page %} to identify the problem. For integrated tools, you can see specific error messages in the detailed information section, related to specific {% data variables.product.prodname_code_scanning %} tools. These error messages contain information about why the tool may not be performing as expected, and actions you can take. For more information about how to access this section of the {% data variables.code-scanning.tool_status_page %}, see "[Accessing detailed information about tools](#accessing-detailed-information-about-tools)."
+
+{% note %}
+
+**Note:** If you have set up {% data variables.product.prodname_codeql %} using advanced setup and then set up default setup on the same repository, the {% data variables.code-scanning.tool_status_page %} will only show the default setup.
+
+{% endnote %}
+
+For more information, see "[AUTOTITLE](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/troubleshooting-your-default-setup-for-codeql)" and "[AUTOTITLE](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/troubleshooting-the-codeql-workflow)."

content/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning-for-a-repository.md

@@ -42,6 +42,12 @@ You decide how to generate {% data variables.product.prodname_code_scanning %} a
 
 {% data reusables.code-scanning.codeql-action-version-ghes %}
 
+{% ifversion code-scanning-tool-status }
+
+The {% data variables.code-scanning.tool_status_page %} shows useful information about all of your code scanning tools. If code scanning is not working as you'd expect, the {% data variables.code-scanning.tool_status_page %} is a good starting point for debugging problems. For more information, see "[AUTOTITLE](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-the-tool-status-page)".
+
+{% endif %}
+
 {% ifversion ghae %}
 ## Prerequisites
 

content/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/index.md

@@ -19,6 +19,7 @@ children:
   - /about-code-scanning-alerts
   - /triaging-code-scanning-alerts-in-pull-requests
   - /configuring-code-scanning-for-a-repository
+  - /about-the-tool-status-page
   - /managing-code-scanning-alerts-for-your-repository
   - /tracking-code-scanning-alerts-in-issues-using-task-lists
   - /customizing-code-scanning