Skip to content

repo sync #1746

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 5 commits into from
Dec 2, 2020
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 0 additions & 2 deletions content/actions/guides/publishing-nodejs-packages.md
Original file line number Diff line number Diff line change
Expand Up @@ -8,8 +8,6 @@ redirect_from:
versions:
free-pro-team: '*'
enterprise-server: '>=2.22'
authors:
- GitHub
---

{% data reusables.actions.enterprise-beta %}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -11,8 +11,6 @@ redirect_from:
versions:
free-pro-team: '*'
enterprise-server: '>=2.22'
authors:
- GitHub
---

{% data reusables.actions.enterprise-beta %}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -958,7 +958,6 @@ The Docker image to use as the container to run the action. The value can be the

### `jobs.<job_id>.container.credentials`


{% data reusables.actions.registry-credentials %}

#### Example
Expand Down
57 changes: 30 additions & 27 deletions includes/guide-card.html
Original file line number Diff line number Diff line change
@@ -1,37 +1,40 @@
{% assign authorsString = guide.page.authors | join: ", @" %}
{% if guide.page.authors %}
{% assign authors = guide.page.authors %}
{% else %}
{% assign authors = 'GitHub' | split: ' ' %}
{% endif %}
{% assign authorsString = authors | join: ", @" %}

<div class="col-lg-4 col-12 mb-3">
<a class="Box box-shadow-medium height-full d-block hover-shadow-large no-underline text-gray-dark p-5" href="{{ guide.href }}">
<h2>{{ guide.title }}</h2>
<p class="mt-2 mb-4 text-gray-light">{{ guide.intro }}</p>

{% if guide.page.authors and guide.page.authors.length > 0 %}
<footer class="d-flex">
<div class="mr-1">
{% if guide.page.authors.length == 1 %}
<img class="avatar avatar-2 circle mr-1" src="https://github.com/{{ guide.page.authors[0] }}.png" alt="@{{ guide.page.authors[0] }}" />
{% else %}
<div class="AvatarStack AvatarStack--three-plus">
<div
class="AvatarStack-body tooltipped tooltipped-se tooltipped-align-left-1"
aria-label="@{{ authorsString }}"
>
{% for author in guide.page.authors %}
<img
class="avatar circle"
alt="@{{ author }}"
src="https://github.com/{{ author }}.png"
/>
{% endfor %}
</div>
<footer class="d-flex">
<div class="mr-1">
{% if authors.length == 1 %}
<img class="avatar avatar-2 circle mr-1" src="https://github.com/{{ authors[0] }}.png" alt="@{{ authors[0] }}" />
{% else %}
<div class="AvatarStack AvatarStack--three-plus">
<div
class="AvatarStack-body tooltipped tooltipped-se tooltipped-align-left-1"
aria-label="@{{ authorsString }}"
>
{% for author in authors %}
<img
class="avatar circle"
alt="@{{ author }}"
src="https://github.com/{{ author }}.png"
/>
{% endfor %}
</div>
{% endif %}
</div>
</div>
{% endif %}
</div>

<div>
@{{ authorsString }}
</div>
</footer>
{% endif %}
<div>
@{{ authorsString }}
</div>
</footer>
</a>
</div>
15 changes: 15 additions & 0 deletions javascripts/fake-hogan.js
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
// This module overrides "Hogan" that instantsearch.js uses
// Hogan uses `new Function`,
// so we can't use it with our content security policy.
// Turns out, we use all our own templates anyway,
// so we just have to shim out Hogan so it doesn't error!

export default {
compile (template) {
return {
render (data) {
return ''
}
}
}
}
4 changes: 1 addition & 3 deletions middleware/csp.js
Original file line number Diff line number Diff line change
Expand Up @@ -30,9 +30,7 @@ module.exports = contentSecurityPolicy({
],
scriptSrc: [
"'self'",
'data:',
"'unsafe-eval'", // exception for Algolia instantsearch
"'unsafe-inline'"
'data:'
],
frameSrc: [ // exceptions for GraphQL Explorer
'https://graphql-explorer.githubapp.com', // production env
Expand Down
2 changes: 0 additions & 2 deletions tests/rendering/server.js
Original file line number Diff line number Diff line change
Expand Up @@ -53,8 +53,6 @@ describe('server', () => {
expect(csp.get('img-src').includes('octodex.github.com')).toBe(true)

expect(csp.get('script-src').includes("'self'")).toBe(true)
expect(csp.get('script-src').includes("'unsafe-eval'")).toBe(true) // exception for Algolia instantsearch
expect(csp.get('script-src').includes("'unsafe-inline'")).toBe(true)

expect(csp.get('style-src').includes("'self'")).toBe(true)
expect(csp.get('style-src').includes("'unsafe-inline'")).toBe(true)
Expand Down
10 changes: 9 additions & 1 deletion webpack.config.js
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ const CopyWebpackPlugin = require('copy-webpack-plugin')
const { EnvironmentPlugin } = require('webpack')

module.exports = {
devtool: 'source-map', // this prevents webpack from using eval
entry: './javascripts/index.js',
output: {
filename: 'index.js',
Expand Down Expand Up @@ -70,5 +71,12 @@ module.exports = {
]
}),
new EnvironmentPlugin(['NODE_ENV'])
]
],
resolve: {
alias: {
// Hogan uses `new Function` which breaks content security policy
// Turns out, we aren't even using it anyways!
'hogan.js': path.resolve(__dirname, 'javascripts/fake-hogan.js')
}
}
}