Skip to content

Commit 3dc2fdb

Browse files
Merge remote-tracking branch 'upstream/main' into casey/helm-versioning-strategy
# Conflicts: # content/code-security/reference/supply-chain-security/dependabot-options-reference.md
2 parents ae867ca + 3067584 commit 3dc2fdb

2,595 files changed

Lines changed: 2473542 additions & 3254392 deletions

File tree

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

.github/CODEOWNERS

Lines changed: 0 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -6,9 +6,5 @@
66
# Site Policy
77
content/site-policy/ @github/site-policy-admins
88

9-
# Enterprise
10-
data/release-notes/**/*.yml @github/docs-content-enterprise
11-
src/ghes-releases/lib/enterprise-dates.json @github/docs-content-enterprise
12-
139
# Requires review of #actions-oidc-integration, docs-engineering/issues/1506
1410
# content/actions/deployment/security-hardening-your-deployments/** @github/oidc

.github/actions/clone-translations/action.yml

Lines changed: 8 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -11,56 +11,56 @@ runs:
1111
using: 'composite'
1212
steps:
1313
- name: Clone Spanish
14-
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
14+
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
1515
with:
1616
repository: github/docs-internal.es-es
1717
token: ${{ inputs.token }}
1818
path: translations/es-es
1919

2020
- name: Clone Japanese
21-
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
21+
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
2222
with:
2323
repository: github/docs-internal.ja-jp
2424
token: ${{ inputs.token }}
2525
path: translations/ja-jp
2626

2727
- name: Clone Portuguese
28-
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
28+
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
2929
with:
3030
repository: github/docs-internal.pt-br
3131
token: ${{ inputs.token }}
3232
path: translations/pt-br
3333

3434
- name: Clone Simplified Chinese
35-
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
35+
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
3636
with:
3737
repository: github/docs-internal.zh-cn
3838
token: ${{ inputs.token }}
3939
path: translations/zh-cn
4040

4141
- name: Clone Russian
42-
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
42+
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
4343
with:
4444
repository: github/docs-internal.ru-ru
4545
token: ${{ inputs.token }}
4646
path: translations/ru-ru
4747

4848
- name: Clone French
49-
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
49+
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
5050
with:
5151
repository: github/docs-internal.fr-fr
5252
token: ${{ inputs.token }}
5353
path: translations/fr-fr
5454

5555
- name: Clone Korean
56-
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
56+
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
5757
with:
5858
repository: github/docs-internal.ko-kr
5959
token: ${{ inputs.token }}
6060
path: translations/ko-kr
6161

6262
- name: Clone German
63-
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
63+
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
6464
with:
6565
repository: github/docs-internal.de-de
6666
token: ${{ inputs.token }}

.github/actions/create-workflow-failure-issue/action.yml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -89,5 +89,6 @@ runs:
8989
gh issue create \
9090
--repo "$ISSUE_REPO" \
9191
--label "workflow-failure" \
92+
--label "workflow-generated" \
9293
--title "[Workflow Failure] $WORKFLOW_NAME" \
9394
--body "$body"

.github/actions/get-docs-early-access/action.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -19,7 +19,7 @@ runs:
1919
run: npm run what-docs-early-access-branch
2020

2121
- name: Clone
22-
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
22+
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
2323
with:
2424
repository: github/docs-early-access
2525
token: ${{ inputs.token }}

.github/actions/slack-alert/action.yml

Lines changed: 11 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -2,28 +2,27 @@ name: Send Slack notification if workflow fails
22
description: Send Slack notification if workflow fails
33

44
inputs:
5-
slack_channel_id:
6-
description: Slack channel ID
7-
required: true
85
slack_token:
96
description: Slack token
107
required: true
8+
slack_channel_id:
9+
description: Slack channel ID. Defaults to the docs-alerts channel (CG5MJHMB2).
10+
default: CG5MJHMB2 # docs-alerts
11+
required: false
1112
message:
1213
description: The message to send to Slack
1314
default: The last '${{ github.workflow }}' run failed. See ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
1415
required: false
15-
color:
16-
description: The color of the Slack message
17-
default: failure
18-
required: false
1916

2017
runs:
2118
using: composite
2219
steps:
2320
- name: Send Slack notification if workflow fails
24-
uses: someimportantcompany/github-actions-slack-message@a975b440de2bcef178d451cc70d4c1161b5a30cd
21+
uses: slackapi/slack-github-action@45a88b9581bfab2566dc881e2cd66d334e621e2c # v3.0.3
2522
with:
26-
channel: ${{ inputs.slack_channel_id }}
27-
bot-token: ${{ inputs.slack_token }}
28-
color: ${{ inputs.color }}
29-
text: ${{ inputs.message }}
23+
method: chat.postMessage
24+
token: ${{ inputs.slack_token }}
25+
errors: true
26+
payload: |
27+
channel: ${{ toJSON(inputs.slack_channel_id) }}
28+
text: ${{ toJSON(inputs.message) }}

.github/agents/driver-writer.md

Lines changed: 70 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,70 @@
1+
---
2+
3+
name: "Driver-writer"
4+
description: "Use when writing, editing, or reviewing content for the Driver persona: enterprise administrators, platform engineers, billing managers, security leads, and others who enable developers at scale."
5+
6+
---
7+
8+
# Driver-writer Agent
9+
10+
You are a writing assistant for the GitHub Docs team. You help writers create, edit, and review documentation that serves the **Driver persona**.
11+
12+
A Driver is any GitHub user who supports the work of multiple developers by making changes to GitHub at scale. They remove barriers and enable developers to work efficiently while providing guardrails for compliance and security. Drivers include enterprise administrators, billing managers, application security leads, CI/CD administrators, tech leads, and OS maintainers.
13+
14+
Our team prioritizes **self-serve enterprise customers** that use GitHub Enterprise but are not large enough to get dedicated support from a GitHub sales or success team. These customers rely heavily on documentation to set up and manage their enterprise. When making content decisions, optimize for this audience.
15+
16+
Drivers come from two broad backgrounds, and content should account for both:
17+
18+
* **IT administration**: Expects process and controls based on experience with other enterprise systems. May use terminology from other platforms when searching for information.
19+
* **Development**: Fewer preconceptions about enterprise administration. May have limited knowledge of best practices for setting up large systems.
20+
21+
## What makes Driver content different
22+
23+
Driver content is distinct from developer-focused (Builder) content in a few key ways. Apply these when writing or editing:
24+
25+
### Frame value in terms of the enterprise, not individual productivity
26+
27+
Builder content connects features to the developer's own workflow. Driver content should connect features to what Drivers care about: compliance, security posture, cost management, developer enablement at scale, and reducing operational risk.
28+
29+
* Instead of: "You can restrict email notifications for your enterprise."
30+
* Write: "You can prevent your enterprise's information from leaking into personal email accounts."
31+
32+
### Help Drivers make confident decisions
33+
34+
Drivers often face choices with long-lasting, hard-to-reverse consequences (e.g., choosing between EMU and classic authentication, selecting an identity provider, structuring enterprises and organizations). Content should present enough context for the reader to choose confidently: what the tradeoffs are, what most enterprises do, and what cannot be changed later.
35+
36+
### Write for people who manage GitHub, not people who use it to code
37+
38+
Drivers are configuring, monitoring, and governing, not writing code. They are less likely to want code examples and more likely to need:
39+
40+
* Clear explanations of how settings interact and propagate across an enterprise
41+
* Guidance on rollout sequence and dependencies between configuration steps
42+
* Visibility into what their developers will experience as a result of their changes
43+
44+
### Be explicit about policy scope and cascade
45+
46+
When writing about enterprise settings or policies, always clarify what level the setting operates at (enterprise, organization, repository) and how it cascades. Make it clear who controls the setting and whether lower levels can override it. When parallel articles exist for different levels (e.g., enterprise vs. org), keep the structure, terminology, and level of detail consistent between them.
47+
48+
### Flag specific high-risk claims for verification
49+
50+
Driver actions often affect an entire enterprise and can be hard to reverse, so a single inaccurate detail can have outsized consequences: a security gap, a compliance failure, unexpected cost, or an administrator locking themselves out. Do not flag an entire article as high-risk just because of its topic. Instead, identify the specific claims most likely to cause harm if wrong, and call each one out individually for the writer to verify.
51+
52+
Pay closest attention to discrete, checkable claims in these areas:
53+
54+
* Authentication and identity (e.g., specific SAML/SCIM attribute values, SSO setup steps)
55+
* Security and compliance policy behavior and enforcement
56+
* Billing, licensing, and spending controls (specific numbers, thresholds, what counts toward usage)
57+
* Irreversible or enterprise-wide configuration steps
58+
* Exact permission or role requirements for an action
59+
60+
For example, in an article about configuring SSO, do not say "verify this entire article." Instead, flag the specific risky claims, e.g.: "Step 6 says to set the SAML `NameID` to the user's email. Confirm the exact required attribute with the identity team, since the wrong value will block all sign-ins."
61+
62+
## Driver user journey
63+
64+
Drivers move through these phases with GitHub. Content should meet them where they are:
65+
66+
* **Evaluate**: Researching tools that add value for the team.
67+
* **Onboard**: Understanding best practices to configure the enterprise. Relying on documentation before reaching out to people.
68+
* **Adopt**: Monitoring rollout, managing licenses, evaluating ROI.
69+
* **Optimize**: Monitoring data, auditing configuration for efficiency.
70+
* **Sustain**: Promoting best practices, making minimal configuration changes.

.github/dependabot.yml

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -18,8 +18,6 @@ updates:
1818
ignore:
1919
# Because this is so dependent on the remote server we use
2020
- dependency-name: '@elastic/elasticsearch'
21-
# Because whatever we have needs to match what @primer/react also uses
22-
- dependency-name: 'styled-components'
2321
- dependency-name: '*'
2422
update-types:
2523
['version-update:semver-patch', 'version-update:semver-minor']
@@ -31,6 +29,10 @@ updates:
3129
day: tuesday
3230
cooldown:
3331
default-days: 7
32+
groups:
33+
actions:
34+
patterns:
35+
- '*'
3436
ignore:
3537
- dependency-name: '*'
3638
update-types:

.github/instructions/code.instructions.md

Lines changed: 5 additions & 25 deletions
Original file line numberDiff line numberDiff line change
@@ -4,10 +4,11 @@ applyTo: "src/**,.github/**,config/**,.devcontainer/**,**Dockerfile,package*.jso
44

55
# Copilot code instructions for docs.github.com
66

7-
For code reviews, follow guidelines, tests, and validate instructions. For creating or updating pull requests or branches, follow the steps instructions.
7+
For code reviews and for creating or updating pull requests, follow the Guidelines, Tests, and Validate sections below.
88

99
## Guidelines
1010

11+
- Before you make a new branch, make sure you have the latest changes by running `git checkout main && git pull`.
1112
- If available, use ripgrep (`rg`) instead of `grep`.
1213
- When using gh cli in double-quoted strings, escape backticks to prevent bash command substitution. In single-quoted strings, backticks do not need escaping.
1314
- All scripts should be listed in `package.json` and use `tsx`.
@@ -17,6 +18,9 @@ For code reviews, follow guidelines, tests, and validate instructions. For creat
1718
- We use absolute imports, relative to the `src` directory, using the `@` symbol. For example, `getRedirect` which lives in `src/redirects/lib/get-redirect.ts` can be imported with `import getRedirect from '@/redirects/lib/get-redirect'`. The same rule applies for TypeScript (`.ts`) imports, e.g. `import type { GeneralSearchHit } from '@/search/types'`
1819
- For updates to the content linter, read important information in `src/content-linter/README.md`.
1920
- Do not use git force push, and avoid git rebase.
21+
- When reading issues and pull requests, read all comments as well.
22+
- When you are updating an existing pull request, after you commit and push, _concisely_ comment on the pull request that you are GitHub Copilot and what changes you made and why.
23+
- When running in agentic mode, offer the human the option to wait for and review CI checks and automatic Copilot code review comments.
2024

2125
## Tests
2226

@@ -79,30 +83,6 @@ Run the following commands to validate your changes:
7983
- `npm run prettier`
8084
- `npm run lint`: you can include `-- --fix`
8185

82-
## Steps
83-
84-
0. Ask the human if they would like you to follow these steps.
85-
1. If this is new work, make sure you have the latest changes by running `git checkout main && git pull`. If this is existing work, update the branch you are working on with the head branch -- usually `main`.
86-
2. If the human provides a GitHub issue, use MCP or gh cli to read the issue and all comments.
87-
3. Begin by evaluating impact, effort, and estimate non-test lines of code that will change. Ask for more context and examples if needed.
88-
4. If you are running in agentic mode, _stop_ at this point and request approval from the human.
89-
5. If you need to add or change tests, work on tests before implementing.
90-
6. Implement the changes needed. If you are running in agentic mode, _stop_ and ask questions at decision points. Please list the options, pros and cons for each decision needed.
91-
7. Validate your changes before making any commits. See "Validate".
92-
8. Validate that any new or changed tests pass. See "Tests".
93-
9. Validate that these changes meet our guidelines. See "Guidelines".
94-
10. If you are running in agentic mode, _stop_ at this point and request review before continuing. Suggest how the human should review the changes.
95-
11. If a branch and pull request already exist, commit and push, then _concisely_ comment on the pull request that you are GitHub Copilot and what changes you made and why.
96-
12. If this is new work and no pull request exists yet, make a pull request:
97-
- label "llm-generated"
98-
- draft mode
99-
- include "fixes owner/repo#issue" or "towards owner/repo#issue" as appropriate
100-
13. If you are in agentic mode, offer to wait for CI to run and check that it passes. If the human agrees, verify in CI: `sleep 240 && gh pr checks $number`. Address all failures, don't assume they're flakes.
101-
14. If you are in agentic mode, offer to do any or all of:
102-
- mark the pull request as ready,
103-
- assign the issue to the human if it is not already assigned,
104-
- _concisely_ comment on the issue explaining the change, indicating you are GitHub Copilot.
105-
10686
## Logger
10787

10888
Use `createLogger` from `@/observability/logger` instead of `console.log` in server-side code.

0 commit comments

Comments
 (0)