Merge branch 'main' into main

Author: sophietheking

.github/workflows/azure-prod-build-deploy.yml

@@ -71,6 +71,55 @@ jobs:
       - name: Merge docs-early-access repo's folders
         run: .github/actions-scripts/merge-early-access.sh
 
+      - name: Clone Simplified Chinese
+        uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8
+        with:
+          repository: github/docs-internal.zh-cn
+          token: ${{ secrets.DOCUBOT_REPO_PAT }}
+          path: translations/zh-cn
+
+      - name: Clone Japanese
+        uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8
+        with:
+          repository: github/docs-internal.ja-jp
+          token: ${{ secrets.DOCUBOT_REPO_PAT }}
+          path: translations/ja-jp
+
+      - name: Clone Spanish
+        uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8
+        with:
+          repository: github/docs-internal.es-es
+          token: ${{ secrets.DOCUBOT_REPO_PAT }}
+          path: translations/es-es
+
+      - name: Clone Portuguese
+        uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8
+        with:
+          repository: github/docs-internal.pt-br
+          token: ${{ secrets.DOCUBOT_REPO_PAT }}
+          path: translations/pt-br
+
+      - name: Clone German
+        uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8
+        with:
+          repository: github/docs-internal.de-de
+          token: ${{ secrets.DOCUBOT_REPO_PAT }}
+          path: translations/de-de
+
+      - name: Clone French
+        uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8
+        with:
+          repository: github/docs-internal.fr-fr
+          token: ${{ secrets.DOCUBOT_REPO_PAT }}
+          path: translations/fr-fr
+
+      - name: Clone Russian
+        uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8
+        with:
+          repository: github/docs-internal.ru-ru
+          token: ${{ secrets.DOCUBOT_REPO_PAT }}
+          path: translations/ru-ru
+
       - name: Clone Korean
         uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8
         with:
@@ -85,6 +134,13 @@ jobs:
       # unnecessary weight to the container image.
       - name: Delete old checked in translation directories (TEMPORARY)
         run: |
+          rm -fr translations/zh-CN
+          rm -fr translations/ja-JP
+          rm -fr translations/es-ES
+          rm -fr translations/pt-BR
+          rm -fr translations/de-DE
+          rm -fr translations/fr-FR
+          rm -fr translations/ru-RU
           rm -fr translations/ko-KR
 
       - name: 'Build and push image'

.github/workflows/sync-search-pr.yml

@@ -46,14 +46,20 @@ jobs:
       - name: Check out repo
         uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8
 
+      - name: Cache node_modules
+        uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7
+        with:
+          path: node_modules
+          key: ${{ runner.os }}-node_modules-${{ hashFiles('package*.json') }}
+
       - name: Setup node
         uses: actions/setup-node@8c91899e586c5b171469028077307d293428b516
         with:
           node-version: '16.17.0'
           cache: npm
 
       - name: Install dependencies
-        run: npm ci
+        run: npm install --prefer-offline --no-audit --ignore-scripts
 
       - name: Cache nextjs build
         uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7

content/actions/creating-actions/creating-a-docker-container-action.md

@@ -192,7 +192,11 @@ git push --follow-tags
 
 ## Testing out your action in a workflow
 
-Now you're ready to test your action out in a workflow. When an action is in a private repository, the action can only be used in workflows in the same repository. Public actions can be used by workflows in any repository.
+Now you're ready to test your action out in a workflow. 
+
+{% ifversion private-actions %}- When an action is in a private repository, you can control who can access it. For more information, see "[Allowing access to components in a private repository](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#allowing-access-to-components-in-a-private-repository)."{% else %}- When an action is in a private repository, the action can only be used in workflows in the same repository.{% endif %}
+{% ifversion ghes or ghec or ghae %}{% ifversion internal-actions %}- When an action is in an internal repository, you can control who can access it. For more information, see "[Allowing access to components in an internal repository](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#allowing-access-to-components-in-an-internal-repository)."{% else %}- When an action is in an internal repository, the action can only be used in workflows in the same repository.{% endif %}{% endif %}
+- Public actions can be used by workflows in any repository.
 
 {% data reusables.actions.enterprise-marketplace-actions %}
 

content/actions/creating-actions/dockerfile-support-for-github-actions.md

@@ -85,9 +85,8 @@ Using the example Dockerfile above, {% data variables.product.product_name %} wi
 
 # `$#` expands to the number of arguments and `$@` expands to the supplied `args`
 printf '%d args:' "$#"
-printf $' \'%s\'' "$@"
-printf ' <%s>' "$@"
-echo
+printf " '%s'" "$@"
+printf '\n'
 ```
 
 Your code must be executable. Make sure the `entrypoint.sh` file has `execute` permissions before using it in a workflow. You can modify the permission from your terminal using this command:

content/actions/creating-actions/index.md

@@ -21,7 +21,9 @@ children:
   - /dockerfile-support-for-github-actions
   - /setting-exit-codes-for-actions
   - /publishing-actions-in-github-marketplace
+  - /sharing-actions-and-workflows-from-your-private-repository
   - /sharing-actions-and-workflows-with-your-enterprise
+  - /sharing-actions-and-workflows-with-your-organization
   - /releasing-and-maintaining-actions
   - /developing-a-third-party-cli-action
 ---

content/actions/creating-actions/sharing-actions-and-workflows-from-your-private-repository.md

@@ -0,0 +1,34 @@
+---
+title: Sharing actions and workflows from your private repository
+intro: You can share an action or reusable workflow without publishing them publicly.
+versions:
+  fpt: '*'
+type: tutorial
+topics:
+  - Actions
+  - Action development
+shortTitle: Share from your private repository
+---
+
+## About {% data variables.product.prodname_actions %} access to private repositories
+
+You can share actions and reusable workflows from your private repository, without publishing them publicly, by allowing {% data variables.product.prodname_actions %} workflows to access a private repository that contains the action or reusable workflow. 
+
+Any actions or reusable workflows stored in the private repository can be used in workflows defined in other private repositories owned by the same organization or user. Actions and reusable workflows stored in private repositories cannot be used in public repositories.
+
+{% warning %}
+
+**Warning**: 
+- If you make a private repository accessible to {% data variables.product.prodname_actions %} workflows in other repositories, outside collaborators on the other repositories can indirectly access the private repository, even though they do not have direct access to these repositories. The outside collaborators can view logs for workflow runs when actions or workflows from the private repository are used.
+- {% data reusables.actions.scoped-token-note %}
+
+{% endwarning %}
+
+## Sharing actions and workflows from your private repository
+
+1. Store the action or reusable workflow in a private repository. For more information, see "[About repository visibility](/repositories/creating-and-managing-repositories/about-repositories#about-repository-visibility)."
+1. Configure the repository to allow access to workflows in other private repositories. For more information, see "[Allowing access to components in a private repository](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#allowing-access-to-components-in-a-private-repository)."
+
+## Further reading
+
+- "[Reusing workflows](/actions/using-workflows/reusing-workflows)"

content/actions/creating-actions/sharing-actions-and-workflows-with-your-enterprise.md

@@ -1,6 +1,6 @@
 ---
 title: Sharing actions and workflows with your enterprise
-intro: You can share an action or workflow with your enterprise without publishing the action or workflow publicly.
+intro: You can share an action or reusable workflow with your enterprise without publishing the action or workflow publicly.
 versions:
   feature: internal-actions
 type: tutorial
@@ -10,22 +10,24 @@ topics:
 shortTitle: Share with your enterprise
 ---
 
-## About {% data variables.product.prodname_actions %} access to internal repositories
+## About {% data variables.product.prodname_actions %} access to internal {% ifversion private-actions %}and private {% endif %}repositories
 
-If your organization is owned by an enterprise account, you can share actions and workflows within your enterprise, without publishing the action or workflow publicly, by allowing {% data variables.product.prodname_actions %} workflows to access an internal repository that contains the action or workflow. 
+If your organization is owned by an enterprise account, you can share actions and reusable workflows within your enterprise, without publishing them publicly, by allowing {% data variables.product.prodname_actions %} workflows to access an internal {% ifversion private-actions %}or private {% endif %}repository that contains the action or reusable workflow. 
 
-Any actions or workflows stored in the internal repository can be used in workflows defined in other private and internal repositories owned by the same organization, or by any organization owned by the enterprise. Actions and workflows stored in internal repositories cannot be used in public repositories.
+Any actions or reusable workflows stored in the internal {% ifversion private-actions %}or private {% endif %}repository can be used in workflows defined in other internal or private repositories owned by the same organization, or by any organization owned by the enterprise. Actions and reusable workflows stored in internal repositories cannot be used in public repositories {% ifversion private-actions %}and actions and reusable workflows stored in private repositories cannot be used in public or internal repositories{% endif %}.
 
 {% warning %}
 
-**Warning**: {% data reusables.actions.outside-collaborators-internal-actions %}
+**Warning**: 
+- {% data reusables.actions.outside-collaborators-actions %}
+- {% data reusables.actions.scoped-token-note %}
 
 {% endwarning %}
 
 ## Sharing actions and workflows with your enterprise
 
-1. Store the action or workflow in an internal repository. For more information, see "[About repositories](/repositories/creating-and-managing-repositories/about-repositories#about-internal-repositories)."
-1. Configure the repository to allow access to workflows in other private and internal repositories. For more information, see "[Managing {% data variables.product.prodname_actions %} settings for a repository](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#allowing-access-to-components-in-an-internal-repository)."
+1. Store the action or reusable workflow in an internal {% ifversion private-actions %}or private {% endif %}repository. For more information, see "[About repositories](/repositories/creating-and-managing-repositories/about-repositories)."
+1. Configure the repository to allow access to workflows in other internal {% ifversion private-actions %}or private {% endif %}repositories. For more information, see {% ifversion private-actions %}"[Allowing access to components in a private repository](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#allowing-access-to-components-in-a-private-repository)" and {% endif %}"[Allowing access to components in an internal repository](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#allowing-access-to-components-in-an-internal-repository)."
 
 ## Further reading
 

content/actions/creating-actions/sharing-actions-and-workflows-with-your-organization.md

@@ -0,0 +1,34 @@
+---
+title: Sharing actions and workflows with your organization
+intro: You can share an action or reusable workflow with your organization without publishing the action or workflow publicly.
+versions:
+  fpt: '*'
+type: tutorial
+topics:
+  - Actions
+  - Action development
+shortTitle: Share with your organization
+---
+
+## About {% data variables.product.prodname_actions %} access to private {% ifversion internal-actions %} or internal {% endif %}repositories
+
+You can share actions and reusable workflows within your organization, without publishing them publicly, by allowing {% data variables.product.prodname_actions %} workflows to access a private {% ifversion internal-actions %} or internal {% endif %}repository that contains the action or reusable workflow. 
+
+Any actions or reusable workflows stored in the private repository can be used in workflows defined in other private {% ifversion internal-actions %} or internal {% endif %}repositories owned by the same organization. Actions and reusable workflows stored in internal repositories cannot be used in public repositories {% ifversion private-actions %}and actions and reusable workflows stored in private repositories cannot be used in public or internal repositories{% endif %}.
+
+{% warning %}
+
+**Warning**: 
+- {% data reusables.actions.outside-collaborators-actions %}
+- {% data reusables.actions.scoped-token-note %}
+
+{% endwarning %}
+
+## Sharing actions and workflows with your organization
+
+1. Store the action or reusable workflow in a private {% ifversion internal-actions %} or internal {% endif %}repository. For more information, see "[About repository visibility](/repositories/creating-and-managing-repositories/about-repositories#about-repository-visibility)."
+1. Configure the repository to allow access to workflows in other private repositories. For more information, see "[Allowing access to components in a private repository](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#allowing-access-to-components-in-a-private-repository)."
+
+## Further reading
+
+- "[Reusing workflows](/actions/using-workflows/reusing-workflows)"

content/actions/security-guides/security-hardening-for-github-actions.md

@@ -194,9 +194,12 @@ The same principles described above for using third-party actions also apply to
 {% endif %}
 
 {% ifversion internal-actions %}
-## Allowing workflows to access internal repositories
+## Allowing workflows to access internal {% ifversion private-actions %}and private {% endif %}repositories
+
+{% data reusables.actions.outside-collaborators-actions %} For more information, see "[Sharing actions and workflows with your enterprise](/actions/creating-actions/sharing-actions-and-workflows-with-your-enterprise)."
+
+{% data reusables.actions.scoped-token-note %}
 
-{% data reusables.actions.outside-collaborators-internal-actions %} For more information, see "[Sharing actions and workflows with your enterprise](/actions/creating-actions/sharing-actions-and-workflows-with-your-enterprise)."
 {% endif %}
 
 {% ifversion allow-actions-to-approve-pr %}

content/actions/using-workflows/reusing-workflows.md

@@ -55,7 +55,9 @@ A reusable workflow can be used by another workflow if {% ifversion ghes or ghec
 
 * Both workflows are in the same repository.
 * The called workflow is stored in a public repository{% ifversion actions-workflow-policy %}, and your {% ifversion ghec %}enterprise{% else %}organization{% endif %} allows you to use public reusable workflows{% endif %}.{% ifversion ghes or ghec or ghae %}
-* The called workflow is stored in an internal repository and the settings for that repository allow it to be accessed. For more information, see {% ifversion internal-actions %}"[Sharing actions and workflows with your enterprise](/actions/creating-actions/sharing-actions-and-workflows-with-your-enterprise){% else %}"[Managing {% data variables.product.prodname_actions %} settings for a repository](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#allowing-access-to-components-in-an-internal-repository){% endif %}."{% endif %}
+* The called workflow is stored in an internal repository and the settings for that repository allow it to be accessed. For more information, see {% ifversion internal-actions %}"[Sharing actions and workflows with your enterprise](/actions/creating-actions/sharing-actions-and-workflows-with-your-enterprise){% else %}"[Managing {% data variables.product.prodname_actions %} settings for a repository](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#allowing-access-to-components-in-an-internal-repository){% endif %}."{% endif %}{% ifversion private-actions %}
+* The called workflow is stored in a private repository and the settings for that repository allow it to be accessed. For more information, see {% ifversion ghes or ghec or ghae %}"[Sharing actions and workflows with your enterprise](/actions/creating-actions/sharing-actions-and-workflows-with-your-enterprise)."{% else %}"[Sharing actions and workflows with your organization](/actions/creating-actions/sharing-actions-and-workflows-with-your-organization)" and "[Sharing actions and workflows from your private repository](/actions/creating-actions/sharing-actions-and-workflows-from-your-private-repository)."{% endif %}
+{% endif %}
 
 ## Using runners
 
@@ -80,7 +82,7 @@ Called workflows that are owned by the same user or organization{% ifversion ghe
 {% else %}
 * Reusable workflows can't call other reusable workflows.
 {% endif %}
-* Reusable workflows stored within a private repository can only be used by workflows within the same repository.
+{% ifversion private-actions %}{% else %}* Reusable workflows stored within a private repository can only be used by workflows within the same repository.{% endif %}
 * Any environment variables set in an `env` context defined at the workflow level in the caller workflow are not propagated to the called workflow. For more information about the `env` context, see "[Context and expression syntax for GitHub Actions](/actions/reference/context-and-expression-syntax-for-github-actions#env-context)."{% ifversion actions-reusable-workflow-matrix %}{% else %}
 * The `strategy` property is not supported in any job that calls a reusable workflow.{% endif %}
 

content/actions/using-workflows/workflow-syntax-for-github-actions.md

@@ -148,6 +148,12 @@ A map of the secrets that can be used in the called workflow.
 
 Within the called workflow, you can use the `secrets` context to refer to a secret.
 
+{% note %}
+
+**Note:** If you are passing the secret to a nested reusable workflow, then you must use [`jobs.<job_id>.secrets`](#jobsjob_idsecrets) again to pass the secret. For more information, see "[Reusing workflows](/actions/using-workflows/reusing-workflows#passing-secrets-to-nested-workflows)."
+
+{% endnote %}
+
 If a caller workflow passes a secret that is not specified in the called workflow, this results in an error.
 
 #### Example
@@ -162,14 +168,21 @@ on:
         required: false
 
 jobs:
+
   pass-secret-to-action:
     runs-on: ubuntu-latest
-
     steps:
+    # passing the secret to an action
       - name: Pass the received secret to an action
         uses: ./.github/actions/my-action
         with:
           token: ${{ secrets.access-token }}
+
+  # passing the secret to a nested reusable workflow
+  pass-secret-to-workflow:
+    uses: ./.github/workflows/my-workflow
+    secrets:
+       token: ${{ secrets.access-token }}
 ```
 {% endraw %}