Merge pull request #35044 from github/repo-sync

Repo sync

.devcontainer/Dockerfile

@@ -1,7 +1,7 @@
 # To find available Node images, see https://mcr.microsoft.com/en-us/product/devcontainers/javascript-node/tags
 
 # [Choice] Node.js version
-ARG VARIANT="dev-20-bullseye"
+ARG VARIANT="dev-22-bullseye"
 FROM mcr.microsoft.com/devcontainers/javascript-node:${VARIANT}
 
 # [Optional] Uncomment this section to install additional OS packages.

.devcontainer/devcontainer.json

@@ -2,67 +2,67 @@
 // https://github.com/microsoft/vscode-dev-containers/tree/v0.177.0/containers/javascript-node
 // -
 {
-    "name": "docs.github.com",
-    "build": {
-        "dockerfile": "Dockerfile",
-        // Update 'VARIANT' to pick a Node version
-        "args": { "VARIANT": "20" }
-    },
+  "name": "docs.github.com",
+  "build": {
+    "dockerfile": "Dockerfile",
+    // Update 'VARIANT' to pick a Node version
+    "args": { "VARIANT": "22" }
+  },
 
-    // Install features. Type 'feature' in the VS Code command palette for a full list.
-    "features": {
-        "sshd": "latest"
-    },
+  // Install features. Type 'feature' in the VS Code command palette for a full list.
+  "features": {
+    "sshd": "latest"
+  },
 
-    "customizations": {
-        "vscode": {
-            // Set *default* container specific settings.json values on container create.
-            "settings": {
-                "terminal.integrated.shell.linux": "/bin/bash",
-                "cSpell.language": ",en"
-            },
-            // Visual Studio Code extensions which help authoring for docs.github.com.
-            "extensions": [
-                "dbaeumer.vscode-eslint",
-                "sissel.shopify-liquid",
-                "davidanson.vscode-markdownlint",
-                "bierner.markdown-preview-github-styles",
-                "streetsidesoftware.code-spell-checker",
-                "alistairchristie.open-reusables",
-                "AlistairChristie.version-identifier",
-                "peterbe.ghdocs-goer",
-                "GitHub.copilot",
-                "GitHub.copilot-chat"
-            ]
-        },
-        "codespaces": {
-            "repositories": {
-                // allow Codespaces to pull from separate repo when user has access
-                "github/docs-early-access": {
-                    "permissions": {
-                        "contents": "write"
-                    }
-                }
-            }
-        }
+  "customizations": {
+    "vscode": {
+      // Set *default* container specific settings.json values on container create.
+      "settings": {
+        "terminal.integrated.shell.linux": "/bin/bash",
+        "cSpell.language": ",en"
+      },
+      // Visual Studio Code extensions which help authoring for docs.github.com.
+      "extensions": [
+        "dbaeumer.vscode-eslint",
+        "sissel.shopify-liquid",
+        "davidanson.vscode-markdownlint",
+        "bierner.markdown-preview-github-styles",
+        "streetsidesoftware.code-spell-checker",
+        "alistairchristie.open-reusables",
+        "AlistairChristie.version-identifier",
+        "peterbe.ghdocs-goer",
+        "GitHub.copilot",
+        "GitHub.copilot-chat"
+      ]
     },
+    "codespaces": {
+      "repositories": {
+        // allow Codespaces to pull from separate repo when user has access
+        "github/docs-early-access": {
+          "permissions": {
+            "contents": "write"
+          }
+        }
+      }
+    }
+  },
 
-    // Use 'forwardPorts' to make a list of ports inside the container available locally.
-    "forwardPorts": [4000],
+  // Use 'forwardPorts' to make a list of ports inside the container available locally.
+  "forwardPorts": [4000],
 
-    "portsAttributes": {
-        "4000": {
-            "label": "Preview"
-        }
-    },
+  "portsAttributes": {
+    "4000": {
+      "label": "Preview"
+    }
+  },
 
-    // Use 'postCreateCommand' to run commands after the container is created.
-    "postCreateCommand": "npm ci",
+  // Use 'postCreateCommand' to run commands after the container is created.
+  "postCreateCommand": "npm ci",
 
-    // Comment out connect as root instead. More info: https://aka.ms/vscode-remote/containers/non-root.
-    "remoteUser": "node",
+  // Comment out connect as root instead. More info: https://aka.ms/vscode-remote/containers/non-root.
+  "remoteUser": "node",
 
-    "hostRequirements": {
-        "memory": "8gb"
-    }
+  "hostRequirements": {
+    "memory": "8gb"
+  }
 }

.github/workflows/azure-preview-env-deploy-public.yml

@@ -37,7 +37,15 @@ jobs:
   build-and-deploy-azure-preview-public:
     name: Build and deploy Azure preview environment (public)
     runs-on: ubuntu-latest
-    if: github.repository == 'github/docs'
+    # Ensure this is actually a pull request and not a merge group
+    # If its a merge group, report success without doing anything
+    # See https://bit.ly/3qB9nZW > If a job in a workflow is skipped due to a conditional, it will report its status as "Success".
+    if: |
+      (
+        (github.event.pull_request.head.sha)
+         && (github.event.number || github.run_id)
+       )
+       && github.repository == 'github/docs'
     timeout-minutes: 15
     environment:
       name: preview-env-${{ github.event.number }}

.github/workflows/local-dev.yml

@@ -21,8 +21,7 @@ jobs:
       - name: Check out repo
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
 
-      - name: Install dependencies
-        run: npm install
+      - uses: ./.github/actions/node-npm-setup
 
       - uses: ./.github/actions/get-docs-early-access
         if: ${{ github.repository == 'github/docs-internal' }}

Dockerfile

@@ -5,7 +5,7 @@
 # --------------------------------------------------------------------------------
 # To update the sha, run `docker pull node:$VERSION-alpine`
 # look for something like: `Digest: sha256:0123456789abcdef`
-FROM node:20-alpine@sha256:66f7f89199daea88a6b5d5aadaa6d20f7a16a90fc35274deda8e901e267d4bd7 AS base
+FROM node:22-alpine@sha256:c13b26e7e602ef2f1074aef304ce6e9b7dd284c419b35d89fcf3cc8e44a8def9 AS base
 
 # This directory is owned by the node user
 ARG APP_HOME=/home/node/app

content/admin/overview/system-overview.md

@@ -25,7 +25,7 @@ topics:
 
 The root filesystem is included in the distributed machine image. It contains the base operating system and the {% data variables.product.product_name %} application environment. The root filesystem should be treated as ephemeral. Any data on the root filesystem will be replaced when upgrading to future {% data variables.product.product_name %} releases.
 
-The root storage volume is split into two equally-sized partitions. One of the partitions will be mounted as the root filesystem (`/`). The other partition is only mounted during upgrades and rollbacks of upgrades as `/mnt/upgrade`, to facilitate easier rollbacks if necessary. For example, if a 200GB root volume is allocated, there will be 100GB allocated to the root filesystem and 100GB reserved for the upgrades and rollbacks.
+The root storage volume is split into two equally-sized partitions. One of the partitions will be mounted as the root filesystem (`/`). The other partition is only mounted during upgrades and rollbacks of upgrades as `/mnt/upgrade`, to facilitate easier rollbacks if necessary. For example, if a {% ifversion ghes > 3.14 %}400GB root volume is allocated, there will be 200GB allocated to the root filesystem and 200GB{% else %}200GB root volume is allocated, there will be 100GB allocated to the root filesystem and 100GB{% endif %} reserved for the upgrades and rollbacks.
 
 {% ifversion ghes > 3.13 %}In new installations of 3.14 and later, the root storage volume is split into four partitions. Two small partitions are for the supported boot modes (BIOS and UEFI), and the other two equally large partitions are for the {% data variables.product.product_name %} primary, and upgrades and rollbacks.{% endif %}
 

content/code-security/codeql-cli/getting-started-with-the-codeql-cli/preparing-your-code-for-codeql-analysis.md

@@ -2,6 +2,7 @@
 title: Preparing your code for CodeQL analysis
 intro: 'You can build a {% data variables.product.prodname_codeql %} database containing the data needed to analyze your code.'
 shortTitle: Preparing code for analysis
+permissions: '{% data reusables.permissions.repo-checkout %}'
 product: '{% data reusables.gated-features.codeql %}'
 versions:
   fpt: '*'

content/code-security/codeql-cli/getting-started-with-the-codeql-cli/uploading-codeql-analysis-results-to-github.md

@@ -2,6 +2,7 @@
 title: Uploading CodeQL analysis results to GitHub
 shortTitle: Uploading results to GitHub
 intro: 'You can use the {% data variables.product.prodname_codeql_cli %} to upload {% data variables.product.prodname_codeql %} analysis results to {% data variables.product.product_name %}.'
+permissions: '{% data reusables.permissions.code-scanning-all-alerts %}'
 product: '{% data reusables.gated-features.codeql %}'
 versions:
   fpt: '*'
@@ -25,7 +26,12 @@ If you used a method other than the {% data variables.product.prodname_codeql_cl
 
 ## Generating a token for authentication with {% data variables.product.product_name %}
 
-Before you can upload your results to {% data variables.product.product_name %}, you will first need to generate a {% data variables.product.pat_generic %} with the `security_events` write permission. For more information, see "[AUTOTITLE](/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token)."
+Before you can upload your results to {% data variables.product.product_name %}, you will first need to generate a {% data variables.product.pat_generic %}.
+
+* **{% data variables.product.pat_v1_caps %}** requires "{% data variables.product.prodname_code_scanning_caps %} alerts" **Read and write** access for the required repositories.
+* **{% data variables.product.pat_v2_caps %}** requires "repo" **security_events** access.
+
+For more information, see "[AUTOTITLE](/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token)."
 
 If you have installed the {% data variables.product.prodname_codeql_cli %} in a third-party CI system to create results to display in {% data variables.product.prodname_dotcom %} as code scanning alerts, you can use a {% data variables.product.prodname_github_app %} or {% data variables.product.pat_generic %} to upload results to {% data variables.product.product_name %}. For more information, see "[AUTOTITLE](/code-security/code-scanning/integrating-with-code-scanning/using-code-scanning-with-your-existing-ci-system#generating-a-token-for-authentication-with-github)."
 

content/code-security/codeql-for-vs-code/getting-started-with-codeql-for-vs-code/about-codeql-for-vs-code.md

@@ -5,6 +5,7 @@ versions:
   fpt: '*'
   ghec: '*'
   ghes: '*'
+product: '{% data reusables.gated-features.codeql %}'
 topics:
   - Advanced Security
   - Code scanning

content/code-security/codeql-for-vs-code/getting-started-with-codeql-for-vs-code/installing-codeql-for-vs-code.md

@@ -5,6 +5,7 @@ versions:
   fpt: '*'
   ghec: '*'
   ghes: '*'
+product: '{% data reusables.gated-features.codeql %}'
 topics:
   - Advanced Security
   - Code scanning

data/reusables/code-scanning/codeql-license.md

@@ -1,20 +1,5 @@
 ## About the {% data variables.product.prodname_dotcom %} {% data variables.product.prodname_codeql %} license
 
-**License notice:** If you don’t have a {% data variables.product.prodname_enterprise %} license then, by installing this product, you are agreeing to the [{% data variables.product.prodname_dotcom %} {% data variables.product.prodname_codeql %} Terms and Conditions](https://securitylab.github.com/tools/codeql/license).
-
-{% data variables.product.prodname_dotcom %} {% data variables.product.prodname_codeql %} is licensed on a per-user basis. Under the license restrictions, you can use {% data variables.product.prodname_codeql %} to perform the following tasks:
-
-* To perform academic research.
-* To demonstrate the software.
-* To test {% data variables.product.prodname_codeql %} queries that are released under an OSI-approved License to confirm that new versions of those queries continue to find the right vulnerabilities.
-
-Where "OSI-approved License" means an Open Source Initiative (OSI)-approved open source software license.
-
-If you are working with an Open Source Codebase (that is, a codebase that is released under an OSI-approved License) you can also use {% data variables.product.prodname_codeql %} for the following tasks:
-
-* To perform analysis of the Open Source Codebase.
-* If the Open Source Codebase is hosted and maintained on {% data variables.product.prodname_dotcom_the_website %}, to generate {% data variables.product.prodname_codeql %} databases for or during automated analysis, continuous integration, or continuous delivery.
-
-{% data variables.product.prodname_codeql %} can’t be used for automated analysis, continuous integration or continuous delivery, whether as part of normal software engineering processes or otherwise, except in the express cases set forth herein unless you have a license for {% data variables.product.prodname_GH_advanced_security %}.
+**License notice:** If you don’t have a license for {% data variables.product.prodname_GH_advanced_security %} then, by installing this product, you are agreeing to the [{% data variables.product.prodname_dotcom %} {% data variables.product.prodname_codeql %} Terms and Conditions](https://github.com/github/codeql-cli-binaries/blob/main/LICENSE.md).
 
 {% data reusables.advanced-security.ghas-trial %}

data/reusables/enterprise_installation/hardware-considerations-all-platforms.md

@@ -21,7 +21,7 @@ We recommend a high-performance SSD with high input/output operations per second
 Your instance requires a persistent data disk separate from the root disk. For more information, see "[AUTOTITLE](/admin/overview/system-overview)."
 
 >[!WARNING]
->Root storage refers to the total size of your instance's root disk. When the instance is booted you will see 200GB available on the root filesystem. The remaining 200GB is reserved for upgrades. For more information, see "[AUTOTITLE](/admin/overview/system-overview#storage-architecture)."
+>Root storage refers to the total size of your instance's root disk. When the instance is booted you will see {% ifversion ghes > 3.14 %}200GB available on the root filesystem. The remaining 200GB{% else %}100GB available on the root filesystem. The remaining 100GB{% endif %} is reserved for upgrades. For more information, see "[AUTOTITLE](/admin/overview/system-overview#storage-architecture)."
 
 {% ifversion ghes %}
 

data/reusables/permissions/repo-checkout.md

@@ -0,0 +1 @@
+Users with **read** access to a repository

data/reusables/rai/code-scanning/gated-feature-autofix.md

@@ -1 +1,4 @@
-{% data variables.product.prodname_copilot_autofix %} for {% data variables.product.prodname_code_scanning %} is available for all public repositories on {% data variables.product.prodname_dotcom_the_website %}. {% data variables.product.prodname_copilot_autofix %} for {% data variables.product.prodname_code_scanning %} is also available for private repositories owned by organizations that use {% data variables.product.prodname_ghe_cloud %} and have a license for {% data variables.product.prodname_GH_advanced_security %}. For more information, see "[AUTOTITLE](/get-started/learning-about-github/about-github-advanced-security)."
+{% data variables.product.prodname_copilot_autofix %} for {% data variables.product.prodname_code_scanning %} is available for the following repository types:
+
+* Public repositories on {% data variables.product.prodname_dotcom_the_website %}
+* Organization-owned repositories on {% data variables.product.prodname_ghe_cloud %} with [{% data variables.product.prodname_GH_advanced_security %}](/get-started/learning-about-github/about-github-advanced-security) enabled