Merge branch 'main' into 2418-visibility-reminder

Author: felicitymay

.github/workflows/build-docker-image.yml

@@ -0,0 +1,23 @@
+# Make sure the Docker container still builds
+
+name: Build Docker image
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    branches-ignore:
+      - translations
+
+env:
+  CI: true
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out repo
+        uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
+      - name: Build the container
+        run: docker build .

.github/workflows/close-external-repo-sync-prs.yml

@@ -0,0 +1,61 @@
+name: Check for External Repo Sync PR
+
+on:
+  pull_request:
+    types:
+      - opened
+      - reopened
+    branches:
+      - main
+
+jobs:
+  invalid-repo-sync-check:
+    name: Close external Repo Sync PRs
+    if: ${{ github.repository == 'github/docs' && github.ref == 'refs/heads/repo-sync' }}
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/github-script@626af12fe9a53dc2972b48385e7fe7dec79145c9
+        with:
+          github-token: ${{ secrets.DOCUBOT_FR_PROJECT_BOARD_WORKFLOWS_REPO_ORG_READ_SCOPES }}
+          script: |
+
+            const prCreator = context.payload.sender.login
+
+            // If the PR creator is the expected account, stop now
+            if (prCreator === 'Octomerger') {
+              return
+            }
+
+            try {
+              await github.teams.getMembershipForUserInOrg({
+                org: 'github',
+                team_slug: 'employees',
+                username: prCreator
+              })
+
+              // If the PR creator is a GitHub employee, stop now
+              return
+            } catch (err) {
+              // An error will be thrown if the user is not a GitHub employee.
+              // That said, we still want to proceed anyway!
+            }
+
+            const pr = context.payload.pull_request
+            const { owner, repo } = context.repo
+
+            // Close the PR and add the invalid label
+            await github.issues.update({
+              owner: owner,
+              repo: repo,
+              issue_number: pr.number,
+              labels: ['invalid'],
+              state: 'closed'
+            })
+
+            // Comment on the PR
+            await github.issues.createComment({
+              owner: owner,
+              repo: repo,
+              issue_number: pr.number,
+              body: "Please leave this `repo-sync` branch to the robots!\n\nI'm going to close this pull request now, but feel free to open a new issue or ask any questions in [discussions](https://github.com/github/docs/discussions)!"
+            })

.github/workflows/test-translations.yml

@@ -17,6 +17,9 @@ jobs:
         with:
           ref: translations # check out the 'translations' branch
 
+      - name: Check out tip of main
+        run: git fetch --depth=1 origin main
+
       - name: Setup node
         uses: actions/setup-node@c46424eee26de4078d34105d3de3cc4992202b1e
         with:
@@ -41,6 +44,9 @@ jobs:
       - name: Run linter
         run: npx eslint .
 
+      - name: Lint translated content
+        run: npm run lint-translation
+
       - name: Check dependencies
         run: npm run check-deps
 

.github/workflows/triage-stale-check.yml

@@ -12,8 +12,8 @@ jobs:
       - uses: actions/stale@af4072615903a8b031f986d25b1ae3bf45ec44d4
         with:
           repo-token: ${{ secrets.GITHUB_TOKEN }}
-          stale-pr-message: 'This PR is stale because it has been open 7 days with no activity and will be automatically closed in 3 days. To keep this PR open, update the PR by adding a comment or pushing a commit.'
-          days-before-stale: 7
+          stale-pr-message: 'This PR is stale because it has been open 21 days with no activity and will be automatically closed in 10 days. To keep this PR open, update the PR by adding a comment or pushing a commit.'
+          days-before-stale: 21
           days-before-close: 10
           stale-pr-label: 'stale'
           exempt-pr-labels: 'never-stale'

.github/workflows/triage-unallowed-contributions.yml

@@ -78,7 +78,7 @@ jobs:
         with:
           github-token: ${{secrets.GITHUB_TOKEN}}
           script: |
-            constFilesArr = [
+            const badFilesArr = [
               'translations/**',
               'lib/rest/static/**',
               '.github/workflows/**',

Dockerfile

@@ -7,18 +7,21 @@
 # A temporary image that installs production-only dependencies
 
 FROM node:14-alpine as installation
+RUN apk add --no-cache python make g++
 ENV NODE_ENV production
 WORKDIR /usr/src/docs
 COPY package*.json ./
 
 # Install the project's dependencies
-RUN npm ci
+RUN npm ci --production
 
 # --------------------------------------------------------------------------------
 # BUNDLE IMAGE
 # A temporary image that installs dependencies and builds the production-ready front-end bundles.
 
 FROM node:14-alpine as bundles
+RUN apk add --no-cache python make g++
+ENV NODE_ENV production
 WORKDIR /usr/src/docs
 # Install the files used to create the bundles
 COPY package*.json ./
@@ -27,7 +30,8 @@ COPY stylesheets ./stylesheets
 COPY lib ./lib
 COPY webpack.config.js ./webpack.config.js
 # Install the project's dependencies and build the bundles
-RUN npm ci && npm run build
+RUN npm ci --production
+RUN npm run build
 
 # --------------------------------------------------------------------------------
 # MAIN IMAGE
@@ -52,16 +56,23 @@ COPY --chown=node:node --from=bundles /usr/src/docs/dist /usr/src/docs/dist
 # We should always be running in production mode
 ENV NODE_ENV production
 
+# Use Lunr instead of Algolia
+ENV USE_LUNR true
+
 # Copy only what's needed to run the server
 COPY --chown=node:node assets ./assets
 COPY --chown=node:node content ./content
 COPY --chown=node:node data ./data
 COPY --chown=node:node includes ./includes
+COPY --chown=node:node layouts ./layouts
 COPY --chown=node:node lib ./lib
 COPY --chown=node:node middleware ./middleware
 COPY --chown=node:node translations ./translations
 COPY --chown=node:node server.js ./server.js
 COPY --chown=node:node package*.json ./
+COPY --chown=node:node feature-flags.json ./
 
+EXPOSE 80
 EXPOSE 443
+EXPOSE 4000
 CMD ["node", "server.js"]

assets/images/help/settings/token_description.png

@@ -20,7 +20,7 @@ For encryption in transit, {% data variables.product.product_name %} uses Transp
 
 The key that you provide is stored in a hardware security module (HSM) in a key vault that {% data variables.product.company_short %} manages.
 
-To configure your encryption key, use the REST API. There are a number of API endpoints, for example to check the status of encryption, update your encryption key, and delete your encryption key. Note that deleting your key will freeze your enterprise. For more information about the API endpoints, see "[Encryption at rest](/rest/reference/enterprise-admin#encryption-at-rest)" in the REST API documentation.
+To configure your encryption key, use the REST API. There are a number of API endpoints, for example to check the status of encryption, update your encryption key, and disable your encryption key. Note that disabling your key will freeze your enterprise. For more information about the API endpoints, see "[Encryption at rest](/rest/reference/enterprise-admin#encryption-at-rest)" in the REST API documentation.
 
 ### Adding or updating an encryption key
 
@@ -48,24 +48,24 @@ Your 2048 bit RSA private key should be in PEM format, for example in a file cal
    curl -X GET http(s)://<em>hostname</em>/api/v3/enterprise/encryption/status/<em>request_id</em>
    ```
 
-### Deleting your encryption key
+### Disabling your encryption key
 
-To freeze your enterprise, for example in the case of a breach, you can disable encryption at rest by deleting your encryption key.
+To freeze your enterprise, for example in the case of a breach, you can disable encryption at rest by marking your encryption key as disabled.
 
-To unfreeze your enterprise after you've deleted your encryption key, contact support. For more information, see "[About {% data variables.contact.enterprise_support %}](/admin/enterprise-support/about-github-enterprise-support)."
-
-1. To delete your key and disable encryption at rest, use the `DELETE /enterprise/encryption` endpoint.
+1. To disable your key and encryption at rest, use the `DELETE /enterprise/encryption` endpoint. This operation does not delete the key permanently.
 
    ```shell
    curl -X DELETE http(s)://<em>hostname</em>/api/v3/enterprise/encryption
    ```
 
-2. Optionally, check the status of the delete operation.
+2. Optionally, check the status of the delete operation. It takes approximately ten minutes to disable encryption at rest.
 
    ```shell
    curl -X GET http(s)://<em>hostname</em>/api/v3/enterprise/encryption/status/<em>request_id</em>
    ```
 
+To unfreeze your enterprise after you've disabled your encryption key, contact support. For more information, see "[About {% data variables.contact.enterprise_support %}](/admin/enterprise-support/about-github-enterprise-support)."
+
 ### Further reading
 
 - "[Encryption at rest](/rest/reference/enterprise-admin#encryption-at-rest)" in the REST API documentation 

content/admin/configuration/configuring-data-encryption-for-your-enterprise.md

@@ -9,7 +9,7 @@ versions:
 
 ### About tags in {% data variables.product.prodname_desktop %}
 
-{% data variables.product.prodname_desktop %} allows you to create annotated tags. You can use a tag to mark an individual point in your repository's history, including a version number for a release. For more information about release tags, see "[About releases](/github/administering-a-repository/about-releases)."
+{% data variables.product.prodname_desktop %} allows you to create annotated tags. Tags are associated with commits, so you can use a tag to mark an individual point in your repository's history, including a version number for a release. For more information about release tags, see "[About releases](/github/administering-a-repository/about-releases)."
 
 {% data reusables.desktop.tags-push-with-commits %}
 
@@ -45,3 +45,7 @@ versions:
 
 {% data reusables.desktop.history-tab %}
 {% data reusables.desktop.delete-tag %}
+
+### Further reading
+
+- "[Git Basics - Tagging](https://git-scm.com/book/en/v2/Git-Basics-Tagging)" in the Git documentation

content/desktop/contributing-and-collaborating-using-github-desktop/managing-tags.md

@@ -42,7 +42,7 @@ Name | Type | Description
 {
   "access_token": "e72e16c7e42f292c6912e7710c838347ae178b4a",
   "expires_in": "28800",
-  "refresh_token": "r1.c1b4a2e77838347a7e420ce178f2e7c6912e1692",
+  "refresh_token": "r1.c1b4a2e77838347a7e420ce178f2e7c6912e169246c34e1ccbf66c46812d16d5b1a9dc86a149873c",
   "refresh_token_expires_in": "15811200",
   "scope": "",
   "token_type": "bearer"