Merge branch 'main' into fix-nav

Author: chiedo

content/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning.md

@@ -52,6 +52,32 @@ The default {% data variables.product.prodname_codeql_workflow %} uses the `pull
 
 For more information about the `pull_request` event, see "[Workflow syntax for {% data variables.product.prodname_actions %}](/actions/reference/workflow-syntax-for-github-actions#onpushpull_requestbranchestags)."
 
+#### Avoiding unnecessary scans of pull requests
+
+You might want to avoid a code scan being triggered on specific pull requests targeted against the default branch, irrespective of which files have been changed. You can configure this by specifying `on:pull_request:paths-ignore` or `on:pull_request:paths` in the {% data variables.product.prodname_code_scanning %} workflow. For example, if the only changes in a pull request are to files with the file extensions `.md` or `.txt` you can use the following `paths-ignore` array.
+
+``` yaml
+on:
+  push:
+    branches: [main, protected]
+  pull_request:
+    branches: [main]
+    paths-ignore:
+      - '**/*.md'
+      - '**/*.txt'
+```
+
+{% note %}
+
+**Notes**
+
+* `on:pull_request:paths-ignore` and `on:pull_request:paths` set conditions that determine whether the actions in the workflow will run on a pull request. They don't determine what files will be analyzed when the actions _are_ run. When a pull request contains any files that are not matched by `on:pull_request:paths-ignore` or `on:pull_request:paths`, the workflow runs the actions and scans all of the files changed in the pull request, including those matched by `on:pull_request:paths-ignore` or `on:pull_request:paths`, unless the files have been excluded. For information on how to exclude files from analysis, see "[Specifying directories to scan](#specifying-directories-to-scan)."
+* For {% data variables.product.prodname_codeql %} {% data variables.product.prodname_code_scanning %} workflow files, don't use the `paths-ignore` or `paths` keywords with the `on:push` event as this is likely to cause missing analyses. For accurate results, {% data variables.product.prodname_codeql %} {% data variables.product.prodname_code_scanning %} needs to be able to compare new changes with the analysis of the previous commit.
+
+{% endnote %}
+
+For more information about using `on:pull_request:paths-ignore` and `on:pull_request:paths` to determine when a workflow will run for a pull request, see "[Workflow syntax for {% data variables.product.prodname_actions %}](/actions/reference/workflow-syntax-for-github-actions#onpushpull_requestpaths)."
+
 #### Scanning on a schedule
 
 If you use the default {% data variables.product.prodname_codeql_workflow %}, the workflow will scan the code in your repository once a week, in addition to the scans triggered by events. To adjust this schedule, edit the `cron` value in the workflow. For more information, see "[Workflow syntax for {% data variables.product.prodname_actions %}](/actions/reference/workflow-syntax-for-github-actions#onschedule)."
@@ -235,13 +261,13 @@ If you only want to run custom queries, you can disable the default security que
 
 #### Specifying directories to scan
 
-For the interpreted languages that {% data variables.product.prodname_codeql %} supports (Python and JavaScript/TypeScript), you can restrict {% data variables.product.prodname_code_scanning %} to files in specific directories by adding a `paths` array to the configuration file. You can exclude the files in specific directories from scans by adding a `paths-ignore` array.
+For the interpreted languages that {% data variables.product.prodname_codeql %} supports (Python and JavaScript/TypeScript), you can restrict {% data variables.product.prodname_code_scanning %} to files in specific directories by adding a `paths` array to the configuration file. You can exclude the files in specific directories from analysis by adding a `paths-ignore` array.
 
 ``` yaml
-paths: 
+paths:
   - src 
 paths-ignore: 
-  - node_modules
+  - src/node_modules
   - '**/*.test.js'
 ```
 
@@ -254,7 +280,7 @@ paths-ignore:
 
 {% endnote %}
 
-For C/C++, C#, and Java, if you want to limit {% data variables.product.prodname_code_scanning %} to specific directories in your project, you must specify appropriate build steps in the workflow. The commands you need to use to exclude a directory from the build will depend on your build system. For more information, see "[Configuring the {% data variables.product.prodname_codeql %} workflow for compiled languages](/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-the-codeql-workflow-for-compiled-languages#adding-build-steps-for-a-compiled-language)."
+For compiled languages, if you want to limit {% data variables.product.prodname_code_scanning %} to specific directories in your project, you must specify appropriate build steps in the workflow. The commands you need to use to exclude a directory from the build will depend on your build system. For more information, see "[Configuring the {% data variables.product.prodname_codeql %} workflow for compiled languages](/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-the-codeql-workflow-for-compiled-languages#adding-build-steps-for-a-compiled-language)."
 
 You can quickly analyze small portions of a monorepo when you modify code in specific directories. You'll need to both exclude directories in your build steps and use the `paths-ignore` and `paths` keywords for [`on.<push|pull_request>`](/actions/reference/workflow-syntax-for-github-actions#onpushpull_requestpaths) in your workflow.
 

content/github/managing-your-work-on-github/about-labels.md

@@ -14,7 +14,7 @@ versions:
 
 ### Table of Contents
 
-{% topic_link_in_list /managing-your-work-with-issues %}
+{% topic_link_in_list /managing-your-work-with-issues-and-pull-requests %}
     {% link_in_list /about-issues %}
     {% link_in_list /creating-an-issue %}
 <!-- if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.15" -->
@@ -27,6 +27,7 @@ versions:
     {% link_in_list /pinning-an-issue-to-your-repository %}
 <!-- endif -->
     {% link_in_list /creating-a-permanent-link-to-a-code-snippet %}
+    {% link_in_list /managing-labels %}
     {% link_in_list /about-task-lists %}
     {% link_in_list /about-automation-for-issues-and-pull-requests-with-query-parameters %}
     {% link_in_list /file-attachments-on-issues-and-pull-requests %}
@@ -35,12 +36,6 @@ versions:
     {% link_in_list /disabling-issues %}
     {% link_in_list /linking-a-pull-request-to-an-issue %}
     {% link_in_list /about-duplicate-issues-and-pull-requests %}
-{% topic_link_in_list /labeling-issues-and-pull-requests %}
-    {% link_in_list /about-labels %}
-    {% link_in_list /creating-a-label %}
-    {% link_in_list /applying-labels-to-issues-and-pull-requests %}
-    {% link_in_list /editing-a-label %}
-    {% link_in_list /deleting-a-label %}
 {% topic_link_in_list /managing-project-boards %}
     {% link_in_list /about-project-boards %}
     {% link_in_list /creating-a-project-board %}