diff --git a/.github/workflows/check-all-english-links.yml b/.github/workflows/check-all-english-links.yml
index 060a861b9726..15ea8c0fed86 100644
--- a/.github/workflows/check-all-english-links.yml
+++ b/.github/workflows/check-all-english-links.yml
@@ -1,6 +1,7 @@
name: Check all English links
on:
+ workflow_dispatch:
schedule:
- cron: "40 19 * * *" # once a day at 19:40 UTC / 11:40 PST
@@ -16,15 +17,15 @@ jobs:
- name: npm run build
run: npm run build
- name: Run script
- run: script/check-external-links en > broken_links.md
+ run: script/check-english-links.js > broken_links.md
- name: Check if any broken links
id: check
run: |
- if [ "$(grep 'All links are good' broken_links.md)" ]; then
+ if [ "$(grep '0 broken links found' broken_links.md)" ]; then
echo ::set-output name=continue::no
else
echo "::set-output name=continue::yes"
- echo "::set-output name=title::$(grep 'found on help.github.com' broken_links.md)"
+ echo "::set-output name=title::$(head -1 broken_links.md)"
fi
- if: ${{ steps.check.outputs.continue == 'yes' }}
name: Create issue from file
diff --git a/.github/workflows/repo-freeze-check.yml b/.github/workflows/repo-freeze-check.yml
new file mode 100644
index 000000000000..1ea8d4b3c325
--- /dev/null
+++ b/.github/workflows/repo-freeze-check.yml
@@ -0,0 +1,27 @@
+name: Repo Freeze Check
+
+on:
+ pull_request:
+ types:
+ - opened
+ - reopened
+ - synchronize
+ - ready_for_review
+ - unlocked
+ branches:
+ - main
+
+env:
+ FREEZE: ${{ secrets.FREEZE }}
+
+jobs:
+ check-freezer:
+ name: Prevent merging during deployment freezes
+ runs-on: ubuntu-latest
+ steps:
+
+ - name: Fail if repo merges are paused
+ if: ${{ env.FREEZE == 'true' }}
+ run: |
+ echo 'Merges into the "main" branch on this repo are currently paused!'
+ exit 1
diff --git a/.gitignore b/.gitignore
index e7bc933f8e81..44c66526adf1 100644
--- a/.gitignore
+++ b/.gitignore
@@ -4,8 +4,6 @@
node_modules
npm-debug.log
coverage
-
-# blc: broken link checker
-blc_output.log
-blc_output_internal.log
-dist
\ No newline at end of file
+.linkinator
+broken_links.md
+dist
diff --git a/content/actions/index.md b/content/actions/index.md
index 49ed125257d6..44ba757b9213 100644
--- a/content/actions/index.md
+++ b/content/actions/index.md
@@ -7,7 +7,8 @@ introLinks:
reference: /actions/reference
featuredLinks:
guides:
- - /actions/guides/setting-up-continuous-integration-using-workflow-templates
+ - /actions/learn-github-actions
+ - /actions/guides/about-continuous-integration
- /actions/guides/about-packaging-with-github-actions
gettingStarted:
- /actions/managing-workflow-runs
@@ -15,6 +16,10 @@ featuredLinks:
popular:
- /actions/reference/workflow-syntax-for-github-actions
- /actions/reference/events-that-trigger-workflows
+ - /actions/learn-github-actions
+ - /actions/reference/context-and-expression-syntax-for-github-actions
+ - /actions/reference/workflow-commands-for-github-actions
+ - /actions/reference/environment-variables
changelog:
- title: Self-Hosted Runner Group Access Changes
date: '2020-10-16'
diff --git a/content/actions/reference/specifications-for-github-hosted-runners.md b/content/actions/reference/specifications-for-github-hosted-runners.md
index 77ee73e11e80..041e4b518948 100644
--- a/content/actions/reference/specifications-for-github-hosted-runners.md
+++ b/content/actions/reference/specifications-for-github-hosted-runners.md
@@ -31,7 +31,7 @@ You can specify the runner type for each job in a workflow. Each job in a workfl
{% data variables.product.prodname_dotcom %} hosts Linux and Windows runners on Standard_DS2_v2 virtual machines in Microsoft Azure with the {% data variables.product.prodname_actions %} runner application installed. The {% data variables.product.prodname_dotcom %}-hosted runner application is a fork of the Azure Pipelines Agent. Inbound ICMP packets are blocked for all Azure virtual machines, so ping or traceroute commands might not work. For more information about the Standard_DS2_v2 machine resources, see "[Dv2 and DSv2-series](https://docs.microsoft.com/azure/virtual-machines/dv2-dsv2-series#dsv2-series)" in the Microsoft Azure documentation.
-{% data variables.product.prodname_dotcom %} uses [MacStadium](https://www.macstadium.com/) to host the macOS runners.
+{% data variables.product.prodname_dotcom %} hosts macOS runners in {% data variables.product.prodname_dotcom %}'s own macOS Cloud.
#### Administrative privileges of {% data variables.product.prodname_dotcom %}-hosted runners
diff --git a/content/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-codeql-code-scanning-in-your-ci-system.md b/content/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-codeql-code-scanning-in-your-ci-system.md
index 492b672a0332..2e9b9ce6389e 100644
--- a/content/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-codeql-code-scanning-in-your-ci-system.md
+++ b/content/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-codeql-code-scanning-in-your-ci-system.md
@@ -97,7 +97,7 @@ If the `autobuild` command can't build your code, you can run the build steps yo
By default, the {% data variables.product.prodname_codeql_runner %} uploads results from {% data variables.product.prodname_code_scanning %} when you run the `analyze` command. You can also upload SARIF files separately, by using the `upload` command.
-Once you've uploaded the data, {% data variables.product.prodname_dotcom %} displays the alerts in your repository. For more information, see "[Managing {% data variables.product.prodname_code_scanning %} alerts for your repository](/github/finding-security-vulnerabilities-and-errors-in-your-code/managing-code-scanning-alerts-for-your-repository#viewing-an-alert)."
+Once you've uploaded the data, {% data variables.product.prodname_dotcom %} displays the alerts in your repository. For more information, see "[Managing {% data variables.product.prodname_code_scanning %} alerts for your repository](/github/finding-security-vulnerabilities-and-errors-in-your-code/managing-code-scanning-alerts-for-your-repository#viewing-the-alerts-for-a-repository)."
### {% data variables.product.prodname_codeql_runner %} command reference
diff --git a/content/github/finding-security-vulnerabilities-and-errors-in-your-code/enabling-code-scanning-for-a-repository.md b/content/github/finding-security-vulnerabilities-and-errors-in-your-code/enabling-code-scanning-for-a-repository.md
index d44cd2e445b5..5da0365e9974 100644
--- a/content/github/finding-security-vulnerabilities-and-errors-in-your-code/enabling-code-scanning-for-a-repository.md
+++ b/content/github/finding-security-vulnerabilities-and-errors-in-your-code/enabling-code-scanning-for-a-repository.md
@@ -62,7 +62,7 @@ After enabling {% data variables.product.prodname_code_scanning %} for your repo
1. Review the logging output from the actions in this workflow as they run.
-1. Once all jobs are complete, you can view the details of any {% data variables.product.prodname_code_scanning %} alerts that were identified. For more information, see "[Managing {% data variables.product.prodname_code_scanning %} alerts for your repository](/github/finding-security-vulnerabilities-and-errors-in-your-code/managing-code-scanning-alerts-for-your-repository#viewing-an-alert)."
+1. Once all jobs are complete, you can view the details of any {% data variables.product.prodname_code_scanning %} alerts that were identified. For more information, see "[Managing {% data variables.product.prodname_code_scanning %} alerts for your repository](/github/finding-security-vulnerabilities-and-errors-in-your-code/managing-code-scanning-alerts-for-your-repository#viewing-the-alerts-for-a-repository)."
{% note %}
diff --git a/content/github/finding-security-vulnerabilities-and-errors-in-your-code/managing-code-scanning-alerts-for-your-repository.md b/content/github/finding-security-vulnerabilities-and-errors-in-your-code/managing-code-scanning-alerts-for-your-repository.md
index 4dd31e54ebf4..aa465eca39b0 100644
--- a/content/github/finding-security-vulnerabilities-and-errors-in-your-code/managing-code-scanning-alerts-for-your-repository.md
+++ b/content/github/finding-security-vulnerabilities-and-errors-in-your-code/managing-code-scanning-alerts-for-your-repository.md
@@ -1,7 +1,7 @@
---
title: Managing code scanning alerts for your repository
shortTitle: Managing alerts
-intro: 'You can view, fix, {% if currentVersion == "enterprise-server@2.22" %}or close{% else %}dismiss, or delete{% endif %} alerts for potential vulnerabilities or errors in your project''s code.'
+intro: 'From the security view, you can view, fix, {% if currentVersion == "enterprise-server@2.22" %}or close{% else %}dismiss, or delete{% endif %} alerts for potential vulnerabilities or errors in your project''s code.'
product: '{% data reusables.gated-features.code-scanning %}'
permissions: 'If you have write permission to a repository you can manage {% data variables.product.prodname_code_scanning %} alerts for that repository.'
versions:
@@ -30,9 +30,11 @@ If you enable {% data variables.product.prodname_code_scanning %} using {% data
When {% data variables.product.prodname_code_scanning %} reports data-flow alerts, {% data variables.product.prodname_dotcom %} shows you how data moves through the code. {% data variables.product.prodname_code_scanning_capc %} allows you to identify the areas of your code that leak sensitive information, and that could be the entry point for attacks by malicious users.
-### Viewing an alert
+### Viewing the alerts for a repository
-Anyone with read permission for a repository can see {% data variables.product.prodname_code_scanning %} alerts on pull requests. However, you need write permission to view a summary of alerts for repository on the **Security** tab. By default, alerts are shown for the default branch.
+Anyone with read permission for a repository can see {% data variables.product.prodname_code_scanning %} annotations on pull requests. For more information, see "[Triaging {% data variables.product.prodname_code_scanning %} alerts in pull requests](/github/finding-security-vulnerabilities-and-errors-in-your-code/triaging-code-scanning-alerts-in-pull-requests)."
+
+You need write permission to view a summary of all the alerts for a repository on the **Security** tab. By default, alerts are shown for the default branch.
{% data reusables.repositories.navigate-to-repo %}
{% data reusables.repositories.sidebar-security %}
@@ -48,7 +50,7 @@ Anyone with read permission for a repository can see {% data variables.product.p
Anyone with write permission for a repository can fix an alert by committing a correction to the code. If the repository has {% data variables.product.prodname_code_scanning %} scheduled to run on pull requests, it's best to raise a pull request with your correction. This will trigger {% data variables.product.prodname_code_scanning %} analysis of the changes and test that your fix doesn't introduce any new problems. For more information, see "[Configuring {% data variables.product.prodname_code_scanning %}](/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning)" and "[Triaging {% data variables.product.prodname_code_scanning %} alerts in pull requests](/github/finding-security-vulnerabilities-and-errors-in-your-code/triaging-code-scanning-alerts-in-pull-requests)."
-If you have write permission for a repository, you can view fixed alerts by viewing the summary of alerts and clicking **Closed**. For more information, see "[Viewing an alert](#viewing-an-alert)." The "Closed" list shows fixed alerts and alerts that users have {% if currentVersion == "enterprise-server@2.22" %}closed{% else %}dismissed{% endif %}.
+If you have write permission for a repository, you can view fixed alerts by viewing the summary of alerts and clicking **Closed**. For more information, see "[Viewing the alerts for a repository](#viewing-the-alerts-for-a-repository)." The "Closed" list shows fixed alerts and alerts that users have {% if currentVersion == "enterprise-server@2.22" %}closed{% else %}dismissed{% endif %}.
Alerts may be fixed in one branch but not in another. You can use the "Branch" drop-down menu, on the summary of alerts, to check whether an alert is fixed in a particular branch.
diff --git a/content/github/finding-security-vulnerabilities-and-errors-in-your-code/triaging-code-scanning-alerts-in-pull-requests.md b/content/github/finding-security-vulnerabilities-and-errors-in-your-code/triaging-code-scanning-alerts-in-pull-requests.md
index 0013b8b96bb9..e77754121257 100644
--- a/content/github/finding-security-vulnerabilities-and-errors-in-your-code/triaging-code-scanning-alerts-in-pull-requests.md
+++ b/content/github/finding-security-vulnerabilities-and-errors-in-your-code/triaging-code-scanning-alerts-in-pull-requests.md
@@ -3,7 +3,7 @@ title: Triaging code scanning alerts in pull requests
shortTitle: Triaging alerts in pull requests
intro: 'When {% data variables.product.prodname_code_scanning %} identifies a problem in a pull request, you can review the highlighted code and resolve the alert.'
product: '{% data reusables.gated-features.code-scanning %}'
-permissions: 'If you have write permission to a repository, you can resolve {% data variables.product.prodname_code_scanning %} alerts for that repository.'
+permissions: 'If you have read permission for a repository, you can see annotations on pull requests. With write permission, you can see detailed information and resolve {% data variables.product.prodname_code_scanning %} alerts for that repository.'
versions:
free-pro-team: '*'
enterprise-server: '>=2.22'
@@ -31,9 +31,9 @@ When you look at the **Files changed** tab for a pull request, you see annotatio
-Some annotations contain links with extra context for the alert. In the example above, from {% data variables.product.prodname_codeql %} analysis, you can click **user-provided value** to see where the untrusted data enters the data flow (this is referred to as the source). In this case you can view the full path from the source to the code that uses the data (the sink) by clicking **Show paths**. This makes it easy to check whether the data is untrusted or if the analysis failed to recognize a data sanitization step between the source and the sink. For information about analyzing data flow using {% data variables.product.prodname_codeql %}, see "[About data flow analysis](https://help.semmle.com/QL/learn-ql/intro-to-data-flow.html)."
+If you have write permission for the repository, some annotations contain links with extra context for the alert. In the example above, from {% data variables.product.prodname_codeql %} analysis, you can click **user-provided value** to see where the untrusted data enters the data flow (this is referred to as the source). In this case you can also view the full path from the source to the code that uses the data (the sink) by clicking **Show paths**. This makes it easy to check whether the data is untrusted or if the analysis failed to recognize a data sanitization step between the source and the sink. For information about analyzing data flow using {% data variables.product.prodname_codeql %}, see "[About data flow analysis](https://help.semmle.com/QL/learn-ql/intro-to-data-flow.html)."
-For more information about an alert, click **Show more details** on the annotation. This allows you to see all of the context and metadata provided by the tool in an alert view. In the example below, you can see tags showing the severity, type, and relevant common weakness enumerations (CWEs) for the problem. The view also shows which commit introduced the problem.
+To see more information about an alert, users with write permission can click the **Show more details** link shown in the annotation. This allows you to see all of the context and metadata provided by the tool in an alert view. In the example below, you can see tags showing the severity, type, and relevant common weakness enumerations (CWEs) for the problem. The view also shows which commit introduced the problem.
In the detailed view for an alert, some {% data variables.product.prodname_code_scanning %} tools, like {% data variables.product.prodname_codeql %} analysis, also include a description of the problem and a **Show more** link for guidance on how to fix your code.
@@ -41,11 +41,11 @@ In the detailed view for an alert, some {% data variables.product.prodname_code_
### {% if currentVersion == "enterprise-server@2.22" %}Resolving{% else %}Fixing{% endif %} an alert on your pull request
-Anyone with write permission for a repository can fix a {% data variables.product.prodname_code_scanning %} alert that's identified on a pull request. If you commit changes to the pull request this triggers a new run of the pull request checks. If your changes fix the problem, the alert is closed and the annotation removed.
+Anyone with push access to a pull request can fix a {% data variables.product.prodname_code_scanning %} alert that's identified on that pull request. If you commit changes to the pull request this triggers a new run of the pull request checks. If your changes fix the problem, the alert is closed and the annotation removed.
{% if currentVersion == "enterprise-server@2.22" %}
-If you don't think that an alert needs to be fixed, you can close the alert manually. {% data reusables.code-scanning.close-alert-examples %} The **Close** button is available in annotations and in the alerts view if you have write permission for the repository.
+If you don't think that an alert needs to be fixed, users with write permission can close the alert manually. {% data reusables.code-scanning.close-alert-examples %} The **Close** button is available in annotations and in the alerts view if you have write permission for the repository.
{% data reusables.code-scanning.false-positive-fix-codeql %}
@@ -63,4 +63,4 @@ An alternative way of closing an alert is to dismiss it. You can dismiss an aler
For more information about dismissing alerts, see "[Managing {% data variables.product.prodname_code_scanning %} alerts for your repository](/github/finding-security-vulnerabilities-and-errors-in-your-code/managing-code-scanning-alerts-for-your-repository#dismissing-or-deleting-alerts)."
-{% endif %}
\ No newline at end of file
+{% endif %}
diff --git a/content/github/setting-up-and-managing-organizations-and-teams/repository-permission-levels-for-an-organization.md b/content/github/setting-up-and-managing-organizations-and-teams/repository-permission-levels-for-an-organization.md
index 3d052e45e8c0..96dea8173e4e 100644
--- a/content/github/setting-up-and-managing-organizations-and-teams/repository-permission-levels-for-an-organization.md
+++ b/content/github/setting-up-and-managing-organizations-and-teams/repository-permission-levels-for-an-organization.md
@@ -104,7 +104,10 @@ In addition to managing organization-level settings, organization owners have ad
| Receive [{% data variables.product.prodname_dependabot_alerts %} for vulnerable dependencies](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies) in a repository | | | | | **X** |
| [Dismiss {% data variables.product.prodname_dependabot_alerts %}](/github/managing-security-vulnerabilities/viewing-and-updating-vulnerable-dependencies-in-your-repository) | | | | | **X** |
| [Designate additional people or teams to receive {% data variables.product.prodname_dependabot_alerts %}](/github/administering-a-repository/managing-security-and-analysis-settings-for-your-repository) for vulnerable dependencies | | | | | **X** |
-| [Manage data use settings for your private repository](/github/understanding-how-github-uses-and-protects-your-data/managing-data-use-settings-for-your-private-repository) | | | | | **X** |{% endif %}{% if currentVersion == "free-pro-team@latest" %}| Create [security advisories](/github/managing-security-vulnerabilities/about-github-security-advisories) | | | | | **X** | {% endif %}
+| [Manage data use settings for your private repository](/github/understanding-how-github-uses-and-protects-your-data/managing-data-use-settings-for-your-private-repository) | | | | | **X** |
+| Create [security advisories](/github/managing-security-vulnerabilities/about-github-security-advisories) | | | | | **X** | {% endif %}{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.21" %}
+| [View {% data variables.product.prodname_code_scanning %} alerts on pull requests](/github/finding-security-vulnerabilities-and-errors-in-your-code/triaging-code-scanning-alerts-in-pull-requests) | **X** | **X** | **X** | **X** | **X** |
+| [List, dismiss, and delete {% data variables.product.prodname_code_scanning %} alerts](/github/finding-security-vulnerabilities-and-errors-in-your-code/managing-code-scanning-alerts-for-your-repository) | | | **X** | **X** | **X** |{% endif %}
| [Manage the forking policy for a repository](/github/administering-a-repository/managing-the-forking-policy-for-your-repository) | | | | | **X** |
| [Transfer repositories into the organization](/articles/restricting-repository-creation-in-your-organization) | | | | | **X** |
| [Delete or transfer repositories out of the organization](/articles/setting-permissions-for-deleting-or-transferring-repositories) | | | | | **X** |
diff --git a/contributing/localization-checklist.md b/contributing/localization-checklist.md
index 2a617dde53e8..a44110425a54 100644
--- a/contributing/localization-checklist.md
+++ b/contributing/localization-checklist.md
@@ -1,6 +1,6 @@
# Localization Prep Checklist
-Use the following checklist to help make your files more translation-friendly. For additional information, refer to the [style guide](contribution/content-style-guide.md).
+Use the following checklist to help make your files more translation-friendly. For additional information, refer to the [style guide](content-style-guide.md).
- [ ] Use examples that are generic and can be understood by most people.
- [ ] Avoid controversial examples or culturally specific to a group.
diff --git a/layouts/product-landing.html b/layouts/product-landing.html
index 32a8af6fe56a..91c2d11fbb28 100644
--- a/layouts/product-landing.html
+++ b/layouts/product-landing.html
@@ -28,41 +28,51 @@