Merge branch 'main' into patch-1

.eslintignore

@@ -0,0 +1 @@
+dist/

.eslintrc.js

@@ -0,0 +1,28 @@
+module.exports = {
+  env: {
+    browser: true,
+    commonjs: true,
+    es2020: true,
+    node: true
+  },
+  parser: 'babel-eslint',
+  extends: [
+    'eslint:recommended',
+    'standard'
+  ],
+  parserOptions: {
+    ecmaVersion: 11
+  },
+  rules: {
+  },
+  overrides: [
+    {
+      files: [
+        '**/tests/**/*.js'
+      ],
+      env: {
+        jest: true
+      }
+    }
+  ]
+}

.github/PULL_REQUEST_TEMPLATE.md

@@ -22,6 +22,6 @@ Thanks again!
 
 ### Check off the following:
 - [ ] All of the tests are passing.
-- [ ] I have reviewed my changes in staging.
+- [ ] I have reviewed my changes in staging. (look for the **deploy-to-heroku** link in your pull request, then click **View deployment**)
 - [ ] For content changes, I have reviewed the [localization checklist](https://github.com/github/docs/blob/main/contributing/localization-checklist.md)
 - [ ] For content changes, I have reviewed the [Content style guide for GitHub Docs](https://github.com/github/docs/blob/main/contributing/content-style-guide.md).

.github/actions-scripts/enterprise-algolia-label.js

@@ -0,0 +1,36 @@
+#!/usr/bin/env node
+
+const fs = require('fs')
+const core = require('@actions/core')
+const eventPayload = JSON.parse(fs.readFileSync(process.env.GITHUB_EVENT_PATH, 'utf8'))
+
+// This workflow-run script does the following:
+// 1. Gets an array of labels on a PR.
+// 2. Finds one with the relevant Algolia text; if none found, exits early.
+// 3. Gets the version substring from the label string.
+
+const labelText = 'sync-english-index-for-'
+const labelsArray = eventPayload.pull_request.labels
+
+// Exit early if no labels are on this PR
+if (!(labelsArray && labelsArray.length)) {
+  process.exit(0)
+}
+
+// Find the relevant label
+const algoliaLabel = labelsArray
+  .map(label => label.name)
+  .find(label => label.startsWith(labelText))
+
+// Exit early if no relevant label is found
+if (!algoliaLabel) {
+  process.exit(0)
+}
+
+// Given: sync-english-index-for-enterprise-server@3.0
+// Returns: enterprise-server@3.0
+const versionToSync = algoliaLabel.split(labelText)[1]
+
+// Store the version so we can access it later in the workflow
+core.setOutput('versionToSync', versionToSync)
+process.exit(0)

.github/allowed-actions.js

@@ -22,7 +22,7 @@ module.exports = [
   'juliangruber/find-pull-request-action@64d55773c959748ad30a4184f4dc102af1669f7b',
   'juliangruber/read-file-action@e0a316da496006ffd19142f0fd594a1783f3b512',
   'pascalgn/automerge-action@c9bd182',
-  'peter-evans/create-issue-from-file@35e304e2a12caac08c568247a2cb46ecd0c3ecc5',
+  'peter-evans/create-issue-from-file@a04ce672e3acedb1f8e416b46716ddfd09905326',
   'peter-evans/create-pull-request@938e6aea6f8dbdaced2064e948cb806c77fe87b8',
   'rachmari/actions-add-new-issue-to-column@1a459ef92308ba7c9c9dc2fcdd72f232495574a9',
   'rachmari/labeler@832d42ec5523f3c6d46e8168de71cd54363e3e2e',

.github/workflows/60-days-stale-check.yml

@@ -1,20 +1,21 @@
 name: 60 Days Stale Check
 on:
   schedule:
-  - cron: "40 16 * * *"  # Run each day at 16:40 UTC / 8:40 PST
+    - cron: '40 16 * * *' # Run each day at 16:40 UTC / 8:40 PST
 
 jobs:
   stale:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/stale@af4072615903a8b031f986d25b1ae3bf45ec44d4
-      with:
-        repo-token: ${{ secrets.GITHUB_TOKEN }}
-        stale-issue-message: 'This issue is stale because it has been open 60 days with no activity.'
-        stale-pr-message: 'This PR is stale because it has been open 60 days with no activity.'
-        days-before-stale: 60
-        days-before-close: -1
-        only-labels: 'engineering'
-        stale-issue-label: 'stale'
-        stale-pr-label: 'stale'
-
+      - uses: actions/stale@af4072615903a8b031f986d25b1ae3bf45ec44d4
+        with:
+          repo-token: ${{ secrets.GITHUB_TOKEN }}
+          stale-issue-message: 'This issue is stale because it has been open 60 days with no activity.'
+          stale-pr-message: 'This PR is stale because it has been open 60 days with no activity.'
+          days-before-stale: 60
+          days-before-close: -1
+          only-labels: 'engineering'
+          stale-issue-label: 'stale'
+          stale-pr-label: 'stale'
+          exempt-pr-labels: 'never-stale'
+          exempt-issue-labels: 'never-stale'

.github/workflows/auto-label-prs.yml

@@ -1,12 +1,12 @@
 name: Auto label Pull Requests
 on:
-- pull_request
+  pull_request:
 
 jobs:
   triage:
     if: github.repository == 'github/docs-internal'
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/labeler@5f867a63be70efff62b767459b009290364495eb
-      with:
-        repo-token: "${{ secrets.GITHUB_TOKEN }}"
+      - uses: actions/labeler@5f867a63be70efff62b767459b009290364495eb
+        with:
+          repo-token: '${{ secrets.GITHUB_TOKEN }}'

.github/workflows/automerge-dependencies.yml

@@ -3,10 +3,10 @@ name: Auto Merge Dependency Updates
 on:
   pull_request:
     paths:
-      - "package*.json"
-      - "Gemfile*"
-      - "Dockerfile"
-      - ".github/workflows/**"
+      - 'package*.json'
+      - 'Gemfile*'
+      - 'Dockerfile'
+      - '.github/workflows/**'
   pull_request_review:
     types:
       - edited

.github/workflows/automerge.yml

@@ -23,14 +23,14 @@ jobs:
     if: contains(github.event.pull_request.labels.*.name, 'automerge') || contains(github.event.pull_request.labels.*.name, 'autosquash')
     steps:
       - name: automerge
-        uses: "pascalgn/automerge-action@c9bd182"
+        uses: 'pascalgn/automerge-action@c9bd182'
         env:
-          GITHUB_TOKEN: "${{ secrets.OCTOMERGER_PAT_WITH_REPO_AND_WORKFLOW_SCOPE }}"
-          MERGE_METHOD_LABELS: "automerge=merge,autosquash=squash"
-          MERGE_COMMIT_MESSAGE: "pull-request-title"
-          MERGE_METHOD: "merge"
-          MERGE_FORKS: "true"
-          MERGE_RETRIES: "50"
-          MERGE_RETRY_SLEEP: "10000" # ten seconds
-          UPDATE_LABELS: "automerge,autosquash"
-          UPDATE_METHOD: "merge"
+          GITHUB_TOKEN: '${{ secrets.OCTOMERGER_PAT_WITH_REPO_AND_WORKFLOW_SCOPE }}'
+          MERGE_METHOD_LABELS: 'automerge=merge,autosquash=squash'
+          MERGE_COMMIT_MESSAGE: 'pull-request-title'
+          MERGE_METHOD: 'merge'
+          MERGE_FORKS: 'true'
+          MERGE_RETRIES: '50'
+          MERGE_RETRY_SLEEP: '10000' # ten seconds
+          UPDATE_LABELS: 'automerge,autosquash'
+          UPDATE_METHOD: 'merge'

.github/workflows/browser-test.yml

@@ -20,18 +20,22 @@ jobs:
           paths: '[".github/workflows/browser-test.yml","assets/**", "content/**", "data/**", "includes/**", "javascripts/**", "jest-puppeteer.config.js", "jest.config.js", "layouts/**", "lib/**", "middleware/**", "package-lock.json", "package.json", "server.js", "translations/**", "webpack.config.js"]'
   build:
     needs: see_if_should_skip
-    if: ${{ needs.see_if_should_skip.outputs.should_skip != 'true' }}
     runs-on: ubuntu-latest
     steps:
-      - name: Checkout
+      # Each of these ifs needs to be repeated at each step to make sure the required check still runs
+      # Even if if doesn't do anything
+      - if: ${{ needs.see_if_should_skip.outputs.should_skip != 'true' }}
+        name: Checkout
         uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
 
-      - name: Install
+      - if: ${{ needs.see_if_should_skip.outputs.should_skip != 'true' }}
+        name: Install
         uses: ianwalter/puppeteer@12728ddef82390d1ecd4732fb543f62177392fbb
         with:
           args: npm ci
 
-      - name: Test
+      - if: ${{ needs.see_if_should_skip.outputs.should_skip != 'true' }}
+        name: Test
         uses: ianwalter/puppeteer@12728ddef82390d1ecd4732fb543f62177392fbb
         with:
           args: npm run browser-test

.github/workflows/check-all-english-links.yml

@@ -3,7 +3,7 @@ name: Check all English links
 on:
   workflow_dispatch:
   schedule:
-    - cron:  "40 19 * * *" # once a day at 19:40 UTC / 11:40 PST
+    - cron: '40 19 * * *' # once a day at 19:40 UTC / 11:40 PST
 
 jobs:
   check_all_english_links:
@@ -11,22 +11,22 @@ jobs:
     if: github.repository == 'github/docs-internal'
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
-    - name: npm ci
-      run: npm ci
-    - name: npm run build
-      run: npm run build
-    - name: Run script
-      run: script/check-english-links.js > broken_links.md
-    - if: ${{ failure() }} 
-      name: Get title for issue
-      id: check
-      run: echo "::set-output name=title::$(head -1 broken_links.md)"
-    - if: ${{ failure() }}
-      name: Create issue from file
-      uses: peter-evans/create-issue-from-file@35e304e2a12caac08c568247a2cb46ecd0c3ecc5
-      with:
-        token: ${{ secrets.DOCUBOT_FR_PROJECT_BOARD_WORKFLOWS_REPO_ORG_READ_SCOPES }}
-        title: ${{ steps.check.outputs.title }}
-        content-filepath: ./broken_links.md
-        labels: broken link report
+      - uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
+      - name: npm ci
+        run: npm ci
+      - name: npm run build
+        run: npm run build
+      - name: Run script
+        run: script/check-english-links.js > broken_links.md
+      - if: ${{ failure() }}
+        name: Get title for issue
+        id: check
+        run: echo "::set-output name=title::$(head -1 broken_links.md)"
+      - if: ${{ failure() }}
+        name: Create issue from file
+        uses: peter-evans/create-issue-from-file@a04ce672e3acedb1f8e416b46716ddfd09905326
+        with:
+          token: ${{ secrets.DOCUBOT_FR_PROJECT_BOARD_WORKFLOWS_REPO_ORG_READ_SCOPES }}
+          title: ${{ steps.check.outputs.title }}
+          content-filepath: ./broken_links.md
+          labels: broken link report

.github/workflows/codeql.yml

@@ -1,19 +1,19 @@
-name: "CodeQL analysis"
+name: CodeQL analysis
 
 on:
   push:
     paths:
-    - '**/*.js'
-    - '.github/workflows/codeql.yml'
+      - '**/*.js'
+      - '.github/workflows/codeql.yml'
 
 jobs:
   build:
-    runs-on: ubuntu-latest 
+    runs-on: ubuntu-latest
 
     steps:
-    - uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
-    - uses: github/codeql-action/init@v1
-      with:
-        languages: javascript # comma separated list of values from {go, python, javascript, java, cpp, csharp} (not YET ruby, sorry!)
-    - uses: github/codeql-action/analyze@v1
-      continue-on-error: true
+      - uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
+      - uses: github/codeql-action/init@v1
+        with:
+          languages: javascript # comma separated list of values from {go, python, javascript, java, cpp, csharp} (not YET ruby, sorry!)
+      - uses: github/codeql-action/analyze@v1
+        continue-on-error: true

.github/workflows/crowdin.yml

@@ -3,7 +3,7 @@ name: Crowdin Sync
 on:
   workflow_dispatch:
   schedule:
-    - cron: "33 2 * * *" # every day at 2:33 UTC at least until automerge is working 
+    - cron: '33 2 * * *' # every day at 2:33 UTC at least until automerge is working
 
 jobs:
   sync_with_crowdin:
@@ -20,7 +20,7 @@ jobs:
           upload_translations: false
           download_translations: true
           create_pull_request: true
-          
+
           # Using a custom config temporarily to avoid clobbering the existing crowdin.yml
           # that is used by the github-help-docs OAuth integration.
           config: 'crowdin.yml'
@@ -35,17 +35,15 @@ jobs:
           crowdin_branch_name: main
 
         env:
-          # Using an @octoglot token instead of the default Actions-provided GITHUB_TOKEN here 
+          # Using an @octoglot token instead of the default Actions-provided GITHUB_TOKEN here
           # so that subsequent workflows will be able to run on the pull request created by this workflow.
           GITHUB_TOKEN: ${{ secrets.OCTOGLOT_PAT_WITH_REPO_AND_WORKFLOW_SCOPE }}
 
           # This is a numeric id, not to be confused with Crowdin API v1 "project identifier" string
           # See "API v2" on https://crowdin.com/project/<your-project>/settings#api
           CROWDIN_PROJECT_ID: ${{ secrets.CROWDIN_PROJECT_ID }}
-          
+
           # A personal access token, not to be confused with Crowdin API v1 "API key"
           # See https://crowdin.com/settings#api-key to generate a token
           # This token was created by logging into Crowdin with the octoglot user
           CROWDIN_PERSONAL_TOKEN: ${{ secrets.CROWDIN_PERSONAL_TOKEN }}
-
-          

.github/workflows/dry-run-sync-algolia-search-indices.yml

@@ -9,23 +9,23 @@ jobs:
     if: github.repository == 'github/docs-internal'
     runs-on: ubuntu-latest
     steps:
-    - name: checkout
-      uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
-    - uses: actions/setup-node@56899e050abffc08c2b3b61f3ec6a79a9dc3223d
-      with:
-        node-version: 14.x
-    - name: cache node modules
-      uses: actions/cache@0781355a23dac32fd3bac414512f4b903437991a
-      with:
-        path: ~/.npm
-        key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
-        restore-keys: |
-          ${{ runner.os }}-node-
-    - name: npm ci
-      run: npm ci
-    - name: (Dry run) sync indices
-      env:
-        ALGOLIA_APPLICATION_ID: ${{ secrets.ALGOLIA_APPLICATION_ID }}
-        ALGOLIA_API_KEY: ${{ secrets.ALGOLIA_API_KEY }}
-        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      run: npm run sync-search-dry-run
+      - name: checkout
+        uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
+      - uses: actions/setup-node@56899e050abffc08c2b3b61f3ec6a79a9dc3223d
+        with:
+          node-version: 14.x
+      - name: cache node modules
+        uses: actions/cache@0781355a23dac32fd3bac414512f4b903437991a
+        with:
+          path: ~/.npm
+          key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
+          restore-keys: |
+            ${{ runner.os }}-node-
+      - name: npm ci
+        run: npm ci
+      - name: (Dry run) sync indices
+        env:
+          ALGOLIA_APPLICATION_ID: ${{ secrets.ALGOLIA_APPLICATION_ID }}
+          ALGOLIA_API_KEY: ${{ secrets.ALGOLIA_API_KEY }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: npm run sync-search-dry-run

.github/workflows/first-responder-docs-content.yml

@@ -1,7 +1,12 @@
 name: First responder docs-content
 on:
   pull_request:
-    types: [reopened, opened, ready_for_review, closed, unlabeled]
+    types:
+      - reopened
+      - opened
+      - ready_for_review
+      - closed
+      - unlabeled
 
 jobs:
   first-responder-triage-pr:
@@ -10,46 +15,46 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-    - name: Check if the event originated from a team member
-      uses: actions/github-script@626af12fe9a53dc2972b48385e7fe7dec79145c9
-      id: set-result
-      with:
-        github-token: ${{secrets.DOCUBOT_FR_PROJECT_BOARD_WORKFLOWS_REPO_ORG_READ_SCOPES}}
-        result-encoding: string
-        script: |
-          const repoName = context.payload.repository.name
-          const ownerName = context.payload.repository.owner.login
-          const issueNumber = (context.eventName === "issues") ? context.payload.issue.number : context.payload.number
-          const updatedIssueInformation = await github.issues.get({
-            owner: ownerName,
-            repo: repoName,
-            issue_number: issueNumber
-          })
-          const teamMembers = await github.request(
-            `/orgs/github/teams/docs/members`
-          )
-          const logins = teamMembers.data.map(member => member.login)
-          // ignore PRs opened by docs bot accounts
-          logins.push('Octomerger', 'octoglot')
-          if (logins.some(login => login === updatedIssueInformation.data.user.login)) {
-            console.log(`This issue or pull request was authored by a member of the github/docs team.`)
-            return 'true'
-          }
-          console.log(`This issue or pull request was authored by an external contributor.`)
-          return 'false'
-    - name: Label external contributor pull requests with docs-content-fr
-      uses: rachmari/labeler@832d42ec5523f3c6d46e8168de71cd54363e3e2e
-      if: steps.set-result.outputs.result == 'false'
-      with:
-        repo-token: "${{ secrets.DOCUBOT_FR_PROJECT_BOARD_WORKFLOWS_REPO_ORG_READ_SCOPES }}"
-        add-labels: "docs-content-fr"
-    - name: Triage to FR PR project column
-      uses: rachmari/actions-add-new-issue-to-column@1a459ef92308ba7c9c9dc2fcdd72f232495574a9
-      if: steps.set-result.outputs.result == 'false'
-      with:
-        action-token: ${{ secrets.DOCUBOT_FR_PROJECT_BOARD_WORKFLOWS_REPO_ORG_READ_SCOPES }}
-        project-url: "https://github.com/orgs/github/projects/1367"
-        column-name: "Docs-internal external contributor PRs"
+      - name: Check if the event originated from a team member
+        uses: actions/github-script@626af12fe9a53dc2972b48385e7fe7dec79145c9
+        id: set-result
+        with:
+          github-token: ${{secrets.DOCUBOT_FR_PROJECT_BOARD_WORKFLOWS_REPO_ORG_READ_SCOPES}}
+          result-encoding: string
+          script: |
+            const repoName = context.payload.repository.name
+            const ownerName = context.payload.repository.owner.login
+            const issueNumber = (context.eventName === "issues") ? context.payload.issue.number : context.payload.number
+            const updatedIssueInformation = await github.issues.get({
+              owner: ownerName,
+              repo: repoName,
+              issue_number: issueNumber
+            })
+            const teamMembers = await github.request(
+              `/orgs/github/teams/docs/members`
+            )
+            const logins = teamMembers.data.map(member => member.login)
+            // ignore PRs opened by docs bot accounts
+            logins.push('Octomerger', 'octoglot')
+            if (logins.some(login => login === updatedIssueInformation.data.user.login)) {
+              console.log(`This issue or pull request was authored by a member of the github/docs team.`)
+              return 'true'
+            }
+            console.log(`This issue or pull request was authored by an external contributor.`)
+            return 'false'
+      - name: Label external contributor pull requests with docs-content-fr
+        uses: rachmari/labeler@832d42ec5523f3c6d46e8168de71cd54363e3e2e
+        if: steps.set-result.outputs.result == 'false'
+        with:
+          repo-token: '${{ secrets.DOCUBOT_FR_PROJECT_BOARD_WORKFLOWS_REPO_ORG_READ_SCOPES }}'
+          add-labels: 'docs-content-fr'
+      - name: Triage to FR PR project column
+        uses: rachmari/actions-add-new-issue-to-column@1a459ef92308ba7c9c9dc2fcdd72f232495574a9
+        if: steps.set-result.outputs.result == 'false'
+        with:
+          action-token: ${{ secrets.DOCUBOT_FR_PROJECT_BOARD_WORKFLOWS_REPO_ORG_READ_SCOPES }}
+          project-url: 'https://github.com/orgs/github/projects/1367'
+          column-name: 'Docs-internal external contributor PRs'
 
   first-responder-remove-pr:
     name: Remove PR from FR project board
@@ -57,29 +62,29 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-    - name: Remove card from project
-      uses: actions/github-script@626af12fe9a53dc2972b48385e7fe7dec79145c9
-      with:
-        github-token: ${{secrets.DOCUBOT_FR_PROJECT_BOARD_WORKFLOWS_REPO_ORG_READ_SCOPES}}
-        result-encoding: string
-        script: |
-          const issueToRemove = context.payload.number
-          const cards = await github.projects.listCards({
-            column_id: 11130889
-          })
-          cards.data.forEach(card => {
-            if (card.content_url) {
-              const cardIssueNumber = parseInt(card.content_url.split('/').pop(), 10)
-              if (cardIssueNumber === issueToRemove) {
-                const cards = github.projects.deleteCard({
-                  card_id: card.id
-                })
+      - name: Remove card from project
+        uses: actions/github-script@626af12fe9a53dc2972b48385e7fe7dec79145c9
+        with:
+          github-token: ${{secrets.DOCUBOT_FR_PROJECT_BOARD_WORKFLOWS_REPO_ORG_READ_SCOPES}}
+          result-encoding: string
+          script: |
+            const issueToRemove = context.payload.number
+            const cards = await github.projects.listCards({
+              column_id: 11130889
+            })
+            cards.data.forEach(card => {
+              if (card.content_url) {
+                const cardIssueNumber = parseInt(card.content_url.split('/').pop(), 10)
+                if (cardIssueNumber === issueToRemove) {
+                  const cards = github.projects.deleteCard({
+                    card_id: card.id
+                  })
+                }
               }
-            }
-          })
-    - name: Remove docs-content-fr label if not already removed
-      if: github.event.action == 'closed'
-      uses: rachmari/labeler@832d42ec5523f3c6d46e8168de71cd54363e3e2e
-      with:
-        repo-token: "${{ secrets.DOCUBOT_FR_PROJECT_BOARD_WORKFLOWS_REPO_ORG_READ_SCOPES }}"
-        remove-labels: "docs-content-fr"
+            })
+      - name: Remove docs-content-fr label if not already removed
+        if: github.event.action == 'closed'
+        uses: rachmari/labeler@832d42ec5523f3c6d46e8168de71cd54363e3e2e
+        with:
+          repo-token: '${{ secrets.DOCUBOT_FR_PROJECT_BOARD_WORKFLOWS_REPO_ORG_READ_SCOPES }}'
+          remove-labels: 'docs-content-fr'

.github/workflows/js-lint.yml

@@ -21,7 +21,7 @@ jobs:
         with:
           cancel_others: 'false'
           github_token: ${{ github.token }}
-          paths: '["**/*.js", "package*.json", ".github/workflows/js-lint.yml"]'
+          paths: '["**/*.js", "package*.json", ".github/workflows/js-lint.yml", ".eslint*"]'
 
   lint:
     runs-on: ubuntu-latest
@@ -53,7 +53,7 @@ jobs:
         run: npm ci
 
       - name: Run linter
-        run: npx standard
+        run: npx eslint .
 
       - name: Check dependencies
         run: npm run check-deps

.github/workflows/merged-notification.yml

@@ -1,7 +1,8 @@
 name: Merged notification
 on:
   pull_request_target:
-    types: ['closed']
+    types:
+      - 'closed'
 
 jobs:
   comment:

.github/workflows/pa11y.yml

@@ -1,8 +1,8 @@
-name: "Pa11y"
+name: Pa11y
 on:
   workflow_dispatch:
   schedule:
-    - cron: "25 17 * * *" # once a day at 17:25 UTC / 11:50 PST
+    - cron: '25 17 * * *' # once a day at 17:25 UTC / 11:50 PST
 jobs:
   test:
     runs-on: ubuntu-latest

.github/workflows/ping-staging-apps.yml

@@ -2,7 +2,7 @@ name: Ping staging apps
 
 on:
   schedule:
-    - cron:  "*/20 * * * *" # every twenty minutes
+    - cron: '*/20 * * * *' # every twenty minutes
 
 jobs:
   ping_staging_apps:
@@ -12,10 +12,10 @@ jobs:
     env:
       HEROKU_API_TOKEN: ${{ secrets.HEROKU_API_TOKEN }}
     steps:
-    - uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
-    - name: npm ci
-      run: npm ci
-    - name: npm run build
-      run: npm run build
-    - name: Run script
-      run: script/ping-staging-apps.js
+      - uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
+      - name: npm ci
+        run: npm ci
+      - name: npm run build
+        run: npm run build
+      - name: Run script
+        run: script/ping-staging-apps.js

.github/workflows/remove-unused-assets.yml

@@ -5,7 +5,7 @@ env:
 
 on:
   schedule:
-    - cron:  "20 15 * * 0" # run every Sunday at 20:15 UTC / 12:15 PST
+    - cron: '20 15 * * 0' # run every Sunday at 20:15 UTC / 12:15 PST
 
 jobs:
   remove_unused_assets:
@@ -13,42 +13,43 @@ jobs:
     if: github.repository == 'github/docs-internal'
     runs-on: ubuntu-latest
     steps:
-    - if: ${{ env.FREEZE == 'true' }}
-      run: |
-        echo 'The repo is currently frozen! Exiting this workflow.'
-        exit 1 # prevents further steps from running
-    - name: Checkout
-      uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
-    - name: npm ci
-      run: npm ci
-    - name: Run scripts
-      run: |
-        script/remove-unused-assets.js > results.md
-        script/remove-extraneous-translation-files.js
-    - name: Get script results to use in PR body
-      id: results
-      uses: juliangruber/read-file-action@e0a316da496006ffd19142f0fd594a1783f3b512
-      with:
-        path: ./results.md
-    - name: Remove script results file
-      run: rm -rf ./results.md
-    - name: Create pull request
-      uses: peter-evans/create-pull-request@938e6aea6f8dbdaced2064e948cb806c77fe87b8
-      with:
-        # need to use a token with repo and workflow scopes for this step
-        token: ${{ secrets.OCTOMERGER_PAT_WITH_REPO_AND_WORKFLOW_SCOPE }}
-        commit-message: Action ran script/remove-unused-assets.js
-        title: Remove unused assets
-        body: "Hello! This PR removes some files that exist in the repo but are not used in content or data files:\n\n
-          ${{ steps.results.outputs.content }}
-          \n\nIf you have any questions, please contact @github/docs-engineering."
-        labels: unused assets
-        project: Core docs work for the current week
-        project-column: Should do
-        branch: remove-unused-assets
-    - if: ${{ failure() }}
-      name: Delete remote branch (if previous steps failed)
-      uses: dawidd6/action-delete-branch@47743101a121ad657031e6704086271ca81b1911
-      with:
-        github_token: ${{ secrets.GITHUB_TOKEN }}
-        branches: remove-unused-assets
+      - if: ${{ env.FREEZE == 'true' }}
+        run: |
+          echo 'The repo is currently frozen! Exiting this workflow.'
+          exit 1 # prevents further steps from running
+      - name: Checkout
+        uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
+      - name: npm ci
+        run: npm ci
+      - name: Run scripts
+        run: |
+          script/remove-unused-assets.js > results.md
+          script/remove-extraneous-translation-files.js
+      - name: Get script results to use in PR body
+        id: results
+        uses: juliangruber/read-file-action@e0a316da496006ffd19142f0fd594a1783f3b512
+        with:
+          path: ./results.md
+      - name: Remove script results file
+        run: rm -rf ./results.md
+      - name: Create pull request
+        uses: peter-evans/create-pull-request@938e6aea6f8dbdaced2064e948cb806c77fe87b8
+        with:
+          # need to use a token with repo and workflow scopes for this step
+          token: ${{ secrets.OCTOMERGER_PAT_WITH_REPO_AND_WORKFLOW_SCOPE }}
+          commit-message: Action ran script/remove-unused-assets.js
+          title: Remove unused assets
+          body:
+            "Hello! This PR removes some files that exist in the repo but are not used in content or data files:\n\n
+            ${{ steps.results.outputs.content }}
+            \n\nIf you have any questions, please contact @github/docs-engineering."
+          labels: unused assets
+          project: Core docs work for the current week
+          project-column: Should do
+          branch: remove-unused-assets
+      - if: ${{ failure() }}
+        name: Delete remote branch (if previous steps failed)
+        uses: dawidd6/action-delete-branch@47743101a121ad657031e6704086271ca81b1911
+        with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          branches: remove-unused-assets

.github/workflows/repo-freeze-check.yml

@@ -19,9 +19,8 @@ jobs:
     name: Prevent merging during deployment freezes
     runs-on: ubuntu-latest
     steps:
-
-    - name: Fail if repo merges are paused
-      if: ${{ env.FREEZE == 'true' }}
-      run: |
-        echo 'Merges into the "main" branch on this repo are currently paused!'
-        exit 1
+      - name: Fail if repo merges are paused
+        if: ${{ env.FREEZE == 'true' }}
+        run: |
+          echo 'Merges into the "main" branch on this repo are currently paused!'
+          exit 1

.github/workflows/repo-freeze-reminders.yml

@@ -2,7 +2,7 @@ name: Repo Freeze Reminders
 
 on:
   schedule:
-  - cron: "00 11 * * *" # once per day around 11:00am UTC
+    - cron: '00 11 * * *' # once per day around 11:00am UTC
 
 env:
   FREEZE: ${{ secrets.FREEZE }}
@@ -13,13 +13,12 @@ jobs:
     runs-on: ubuntu-latest
     if: github.repository == 'github/docs-internal'
     steps:
-
-    - name: Send Slack notification if repo is frozen
-      if: ${{ env.FREEZE == 'true' }}
-      uses: rtCamp/action-slack-notify@e17352feaf9aee300bf0ebc1dfbf467d80438815
-      env:
-        SLACK_WEBHOOK: ${{ secrets.DOCS_ALERTS_SLACK_WEBHOOK }}
-        SLACK_USERNAME: docs-repo-sync
-        SLACK_ICON_EMOJI: ':freezing_face:'
-        SLACK_COLOR: '#51A0D5' # Carolina Blue
-        SLACK_MESSAGE: All repo-sync runs will fail for ${{ github.repository }} because the repo is currently frozen!
+      - name: Send Slack notification if repo is frozen
+        if: ${{ env.FREEZE == 'true' }}
+        uses: rtCamp/action-slack-notify@e17352feaf9aee300bf0ebc1dfbf467d80438815
+        env:
+          SLACK_WEBHOOK: ${{ secrets.DOCS_ALERTS_SLACK_WEBHOOK }}
+          SLACK_USERNAME: docs-repo-sync
+          SLACK_ICON_EMOJI: ':freezing_face:'
+          SLACK_COLOR: '#51A0D5' # Carolina Blue
+          SLACK_MESSAGE: All repo-sync runs will fail for ${{ github.repository }} because the repo is currently frozen!

.github/workflows/repo-sync.yml

@@ -1,14 +1,14 @@
 # The docs.github.com project has two repositories: github/docs (public) and github/docs-internal (private)
-# 
+#
 # This GitHub Actions workflow keeps the main branch of those two repos in sync.
-# 
+#
 # For more details, see https://github.com/repo-sync/repo-sync#how-it-works
 
 name: Repo Sync
 
 on:
   schedule:
-  - cron: "*/15 * * * *" # every 15 minutes
+    - cron: '*/15 * * * *' # every 15 minutes
 
 env:
   FREEZE: ${{ secrets.FREEZE }}
@@ -18,65 +18,63 @@ jobs:
     name: Check for deployment freezes
     runs-on: ubuntu-latest
     steps:
-
-    - name: Exit if repo is frozen
-      if: ${{ env.FREEZE == 'true' }}
-      run: |
-        echo 'The repo is currently frozen! Exiting this workflow.'
-        exit 1 # prevents further steps from running
+      - name: Exit if repo is frozen
+        if: ${{ env.FREEZE == 'true' }}
+        run: |
+          echo 'The repo is currently frozen! Exiting this workflow.'
+          exit 1 # prevents further steps from running
 
   repo-sync:
     name: Repo Sync
     needs: check-freezer
     runs-on: ubuntu-latest
     steps:
+      - name: Check out repo
+        uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
 
-    - name: Check out repo
-      uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
+      - name: Sync repo to branch
+        uses: repo-sync/github-sync@3832fe8e2be32372e1b3970bbae8e7079edeec88
+        env:
+          GITHUB_TOKEN: ${{ secrets.OCTOMERGER_PAT_WITH_REPO_AND_WORKFLOW_SCOPE }}
+        with:
+          source_repo: ${{ secrets.SOURCE_REPO }} # https://${access_token}@github.com/github/the-other-repo.git
+          source_branch: main
+          destination_branch: repo-sync
+          github_token: ${{ secrets.OCTOMERGER_PAT_WITH_REPO_AND_WORKFLOW_SCOPE }}
 
-    - name: Sync repo to branch
-      uses: repo-sync/github-sync@3832fe8e2be32372e1b3970bbae8e7079edeec88
-      env:
-        GITHUB_TOKEN: ${{ secrets.OCTOMERGER_PAT_WITH_REPO_AND_WORKFLOW_SCOPE }}
-      with:
-        source_repo: ${{ secrets.SOURCE_REPO }} # https://${access_token}@github.com/github/the-other-repo.git
-        source_branch: main
-        destination_branch: repo-sync
-        github_token: ${{ secrets.OCTOMERGER_PAT_WITH_REPO_AND_WORKFLOW_SCOPE }}
+      - name: Create pull request
+        uses: repo-sync/pull-request@33777245b1aace1a58c87a29c90321aa7a74bd7d
+        env:
+          GITHUB_TOKEN: ${{ secrets.OCTOMERGER_PAT_WITH_REPO_AND_WORKFLOW_SCOPE }}
+        with:
+          source_branch: repo-sync
+          destination_branch: main
+          pr_title: 'repo sync'
+          pr_body: "This is an automated pull request to sync changes between the public and private repos.\n\n:robot: This pull request should be merged (not squashed) to preserve continuity across repos, so please let a bot do the merging!"
+          pr_label: automerge,autoupdate
+          github_token: ${{ secrets.OCTOMERGER_PAT_WITH_REPO_AND_WORKFLOW_SCOPE }}
 
-    - name: Create pull request
-      uses: repo-sync/pull-request@33777245b1aace1a58c87a29c90321aa7a74bd7d
-      env:
-        GITHUB_TOKEN: ${{ secrets.OCTOMERGER_PAT_WITH_REPO_AND_WORKFLOW_SCOPE }}
-      with:
-        source_branch: repo-sync
-        destination_branch: main
-        pr_title: "repo sync"
-        pr_body: "This is an automated pull request to sync changes between the public and private repos.\n\n:robot: This pull request should be merged (not squashed) to preserve continuity across repos, so please let a bot do the merging!"
-        pr_label: automerge,autoupdate
-        github_token: ${{ secrets.OCTOMERGER_PAT_WITH_REPO_AND_WORKFLOW_SCOPE }}
+      - name: Find pull request
+        uses: juliangruber/find-pull-request-action@64d55773c959748ad30a4184f4dc102af1669f7b
+        id: find-pull-request
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          branch: repo-sync
+          base: main
 
-    - name: Find pull request
-      uses: juliangruber/find-pull-request-action@64d55773c959748ad30a4184f4dc102af1669f7b
-      id: find-pull-request
-      with:
-        github-token: ${{ secrets.GITHUB_TOKEN }}
-        branch: repo-sync
-        base: main
+      - name: Approve pull request
+        if: ${{ steps.find-pull-request.outputs.number }}
+        uses: juliangruber/approve-pull-request-action@c530832d4d346c597332e20e03605aa94fa150a8
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          number: ${{ steps.find-pull-request.outputs.number }}
 
-    - name: Approve pull request
-      if: ${{ steps.find-pull-request.outputs.number }}
-      uses: juliangruber/approve-pull-request-action@c530832d4d346c597332e20e03605aa94fa150a8
-      with:
-        github-token: ${{ secrets.GITHUB_TOKEN }}
-        number: ${{ steps.find-pull-request.outputs.number }}
-
-    - name: Send Slack notification if workflow fails
-      uses: rtCamp/action-slack-notify@e17352feaf9aee300bf0ebc1dfbf467d80438815
-      if: ${{ failure() }}
-      env:
-        SLACK_WEBHOOK: ${{ secrets.DOCS_ALERTS_SLACK_WEBHOOK }}
-        SLACK_USERNAME: docs-repo-sync
-        SLACK_ICON_EMOJI: ':ohno:'
-        SLACK_COLOR: '#B90E0A' # Crimson
-        SLACK_MESSAGE: The last repo-sync run for ${{github.repository}} failed. See https://github.com/${{github.repository}}/actions?query=workflow%3A%22Repo+Sync%22
+      - name: Send Slack notification if workflow fails
+        uses: rtCamp/action-slack-notify@e17352feaf9aee300bf0ebc1dfbf467d80438815
+        if: ${{ failure() }}
+        env:
+          SLACK_WEBHOOK: ${{ secrets.DOCS_ALERTS_SLACK_WEBHOOK }}
+          SLACK_USERNAME: docs-repo-sync
+          SLACK_ICON_EMOJI: ':ohno:'
+          SLACK_COLOR: '#B90E0A' # Crimson
+          SLACK_MESSAGE: The last repo-sync run for ${{github.repository}} failed. See https://github.com/${{github.repository}}/actions?query=workflow%3A%22Repo+Sync%22

.github/workflows/send-eng-issues-to-backlog.yml

@@ -1,20 +1,22 @@
 name: Send Issue to EPD backlog
 
-on: 
-  issues: 
-    types: [labeled, reopened]
-    
+on:
+  issues:
+    types:
+      - labeled
+      - reopened
+
 jobs:
   triage:
     if: github.repository == 'github/docs-internal'
     runs-on: ubuntu-latest
     continue-on-error: true
     steps:
-    - name: Add issues with engineering label to project board
-      if: contains(github.event.issue.labels.*.name, 'engineering') || contains(github.event.issue.labels.*.name, 'design') || contains(github.event.issue.labels.*.name, 'Design')
-      uses: actions/github-script@626af12fe9a53dc2972b48385e7fe7dec79145c9
-      with:
-          github-token: ${{ secrets.DOCUBOT_FR_PROJECT_BOARD_WORKFLOWS_REPO_ORG_READ_SCOPES }} 
+      - name: Add issues with engineering label to project board
+        if: contains(github.event.issue.labels.*.name, 'engineering') || contains(github.event.issue.labels.*.name, 'design') || contains(github.event.issue.labels.*.name, 'Design')
+        uses: actions/github-script@626af12fe9a53dc2972b48385e7fe7dec79145c9
+        with:
+          github-token: ${{ secrets.DOCUBOT_FR_PROJECT_BOARD_WORKFLOWS_REPO_ORG_READ_SCOPES }}
           script: |
             var column_id = 9659080;
             try {

.github/workflows/start-new-engineering-pr-workflow.yml

@@ -1,9 +1,11 @@
 name: Start new engineering PR workflow
 
-on: 
+on:
   pull_request_target:
-    types: [opened, reopened]
-    
+    types:
+      - opened
+      - reopened
+
 jobs:
   triage:
     runs-on: ubuntu-latest
@@ -12,52 +14,52 @@ jobs:
       DRAFT_COLUMN_ID: 10095775
       REGULAR_COLUMN_ID: 10095779
     steps:
-    - uses: actions/github-script@626af12fe9a53dc2972b48385e7fe7dec79145c9
-      continue-on-error: true
-      with:
+      - uses: actions/github-script@626af12fe9a53dc2972b48385e7fe7dec79145c9
+        continue-on-error: true
+        with:
           github-token: ${{ secrets.DOCUBOT_FR_PROJECT_BOARD_WORKFLOWS_REPO_ORG_READ_SCOPES }}
           script: |
-              // Only assign the engineering folks
-              try { 
-                await github.teams.getMembershipForUserInOrg({
-                  org: 'github',
-                  team_slug: 'docs-engineering',
-                  username: context.payload.sender.login,
-                });
-              } catch(err) {
-                return
-              }
+            // Only assign the engineering folks
+            try {
+              await github.teams.getMembershipForUserInOrg({
+                org: 'github',
+                team_slug: 'docs-engineering',
+                username: context.payload.sender.login,
+              });
+            } catch(err) {
+              return
+            }
 
-              // Set column ID
-              const column_id = context.payload.pull_request.draft
-                ? process.env.DRAFT_COLUMN_ID
-                : process.env.REGULAR_COLUMN_ID
+            // Set column ID
+            const column_id = context.payload.pull_request.draft
+              ? process.env.DRAFT_COLUMN_ID
+              : process.env.REGULAR_COLUMN_ID
 
-              // Try to create the card on the GitHub Project
-              try {
-                await github.projects.createCard({
-                  column_id: column_id,
-                  content_type: 'PullRequest',
-                  content_id: context.payload.pull_request.id
-                });
-              } catch(error) {
-                console.log(error);
-              }
+            // Try to create the card on the GitHub Project
+            try {
+              await github.projects.createCard({
+                column_id: column_id,
+                content_type: 'PullRequest',
+                content_id: context.payload.pull_request.id
+              });
+            } catch(error) {
+              console.log(error);
+            }
 
 
-              // Try to set the author as the assignee
-              const owner = context.payload.repository.owner.login
-              const repo = context.payload.repository.name
+            // Try to set the author as the assignee
+            const owner = context.payload.repository.owner.login
+            const repo = context.payload.repository.name
 
-              try {
-                await github.issues.addAssignees({
-                  owner: owner,
-                  repo: repo,
-                  issue_number: context.payload.pull_request.number,
-                  assignees: [
-                    context.payload.sender.login
-                  ]
-                });
-              } catch(error) {
-                console.log(error);
-              }
+            try {
+              await github.issues.addAssignees({
+                owner: owner,
+                repo: repo,
+                issue_number: context.payload.pull_request.number,
+                assignees: [
+                  context.payload.sender.login
+                ]
+              });
+            } catch(error) {
+              console.log(error);
+            }

.github/workflows/sync-algolia-search-indices.yml

@@ -4,7 +4,7 @@ on:
   workflow_dispatch:
   push:
     branches:
-    - main
+      - main
 
 jobs:
   updateIndices:
@@ -12,29 +12,29 @@ jobs:
     if: github.repository == 'github/docs-internal'
     runs-on: ubuntu-latest
     steps:
-    - name: checkout
-      uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
-    - uses: actions/setup-node@56899e050abffc08c2b3b61f3ec6a79a9dc3223d
-      with:
-        node-version: 14.x
-    - name: cache node modules
-      uses: actions/cache@0781355a23dac32fd3bac414512f4b903437991a
-      with:
-        path: ~/.npm
-        key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
-        restore-keys: |
-          ${{ runner.os }}-node-
-    - name: npm ci
-      run: npm ci
-    - name: sync indices
-      env:
-        ALGOLIA_APPLICATION_ID: ${{ secrets.ALGOLIA_APPLICATION_ID }}
-        ALGOLIA_API_KEY: ${{ secrets.ALGOLIA_API_KEY }}
-        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      run: npm run sync-search
-    - name: Send slack notification if workflow run fails
-      uses: rtCamp/action-slack-notify@e17352feaf9aee300bf0ebc1dfbf467d80438815
-      if: failure()
-      env:
-        SLACK_WEBHOOK: ${{ secrets.DOCS_ALERTS_SLACK_WEBHOOK }}
-        SLACK_MESSAGE: The last Algolia workflow run for ${{github.repository}} failed. See https://github.com/github/docs-internal/actions?query=workflow%3AAlgolia
+      - name: checkout
+        uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
+      - uses: actions/setup-node@56899e050abffc08c2b3b61f3ec6a79a9dc3223d
+        with:
+          node-version: 14.x
+      - name: cache node modules
+        uses: actions/cache@0781355a23dac32fd3bac414512f4b903437991a
+        with:
+          path: ~/.npm
+          key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
+          restore-keys: |
+            ${{ runner.os }}-node-
+      - name: npm ci
+        run: npm ci
+      - name: sync indices
+        env:
+          ALGOLIA_APPLICATION_ID: ${{ secrets.ALGOLIA_APPLICATION_ID }}
+          ALGOLIA_API_KEY: ${{ secrets.ALGOLIA_API_KEY }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: npm run sync-search
+      - name: Send slack notification if workflow run fails
+        uses: rtCamp/action-slack-notify@e17352feaf9aee300bf0ebc1dfbf467d80438815
+        if: failure()
+        env:
+          SLACK_WEBHOOK: ${{ secrets.DOCS_ALERTS_SLACK_WEBHOOK }}
+          SLACK_MESSAGE: The last Algolia workflow run for ${{github.repository}} failed. See https://github.com/github/docs-internal/actions?query=workflow%3AAlgolia

.github/workflows/sync-single-english-algolia-index.yml

@@ -0,0 +1,46 @@
+name: Algolia Sync Single English Index
+
+on:
+  pull_request:
+    types:
+      - labeled
+      - unlabeled
+      - opened
+      - reopened
+      - synchronize
+      - ready_for_review
+      - unlocked
+
+# This workflow requires a label in the format `sync-english-index-for-<PLAN@RELEASE>`
+jobs:
+  updateIndices:
+    name: Update English index for single version based on a label's version
+    if: github.repository == 'github/docs-internal'
+    runs-on: ubuntu-latest
+    steps:
+      - name: checkout
+        uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
+      - uses: actions/setup-node@56899e050abffc08c2b3b61f3ec6a79a9dc3223d
+        with:
+          node-version: 14.x
+      - name: cache node modules
+        uses: actions/cache@0781355a23dac32fd3bac414512f4b903437991a
+        with:
+          path: ~/.npm
+          key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
+          restore-keys: |
+            ${{ runner.os }}-node-
+      - name: npm ci
+        run: npm ci
+      - name: Get version from Algolia label if present; only continue if the label is found.
+        id: getVersion
+        run: $GITHUB_WORKSPACE/.github/actions-scripts/enterprise-algolia-label.js
+      - if: ${{ steps.getVersion.outputs.versionToSync }}
+        name: Sync English index for single version
+        env:
+          VERSION: ${{ steps.getVersion.outputs.versionToSync }}
+          LANGUAGE: 'en'
+          ALGOLIA_APPLICATION_ID: ${{ secrets.ALGOLIA_APPLICATION_ID }}
+          ALGOLIA_API_KEY: ${{ secrets.ALGOLIA_API_KEY }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: npm run sync-search

.github/workflows/test-translations.yml

@@ -4,7 +4,7 @@ name: Node.js Tests - Translations
 
 on:
   schedule:
-    - cron: "10 20 * * *" # once a day at 20:10 UTC / 12:10 PST
+    - cron: '10 20 * * *' # once a day at 20:10 UTC / 12:10 PST
 
 jobs:
   lint:
@@ -38,7 +38,7 @@ jobs:
         run: npm ci
 
       - name: Run linter
-        run: npx standard
+        run: npx eslint .
 
       - name: Check dependencies
         run: npm run check-deps
@@ -78,4 +78,4 @@ jobs:
       - name: Run tests
         run: npx jest tests/${{ matrix.test-group }}/
         env:
-          NODE_OPTIONS: "--max_old_space_size=4096"
+          NODE_OPTIONS: '--max_old_space_size=4096'

.github/workflows/test-windows.yml

@@ -5,10 +5,7 @@ name: Node.js Tests - Windows
 on:
   workflow_dispatch:
   schedule:
-    - cron: "50 19 * * *" # once a day at 19:50 UTC / 11:50 PST
-
-env:
-  CI: true
+    - cron: '50 19 * * *' # once a day at 19:50 UTC / 11:50 PST
 
 jobs:
   test:
@@ -48,4 +45,4 @@ jobs:
       - name: Run tests
         run: npx jest tests/${{ matrix.test-group }}/
         env:
-          NODE_OPTIONS: "--max_old_space_size=4096"
+          NODE_OPTIONS: '--max_old_space_size=4096'

.github/workflows/test.yml

@@ -31,7 +31,6 @@ jobs:
 
   test:
     needs: see_if_should_skip
-    if: ${{ needs.see_if_should_skip.outputs.should_skip != 'true' }}
     runs-on: ubuntu-latest
     timeout-minutes: 60
     strategy:
@@ -39,20 +38,26 @@ jobs:
       matrix:
         test-group: [content, meta, rendering, routing, unit, links-and-images]
     steps:
-      - name: Check out repo
+      # Each of these ifs needs to be repeated at each step to make sure the required check still runs
+      # Even if if doesn't do anything
+      - if: ${{ needs.see_if_should_skip.outputs.should_skip != 'true' }}
+        name: Check out repo
         uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
 
-      - name: Setup node
+      - if: ${{ needs.see_if_should_skip.outputs.should_skip != 'true' }}
+        name: Setup node
         uses: actions/setup-node@56899e050abffc08c2b3b61f3ec6a79a9dc3223d
         with:
           node-version: 14.x
 
-      - name: Get npm cache directory
+      - if: ${{ needs.see_if_should_skip.outputs.should_skip != 'true' }}
+        name: Get npm cache directory
         id: npm-cache
         run: |
           echo "::set-output name=dir::$(npm config get cache)"
 
-      - name: Cache node modules
+      - if: ${{ needs.see_if_should_skip.outputs.should_skip != 'true' }}
+        name: Cache node modules
         uses: actions/cache@0781355a23dac32fd3bac414512f4b903437991a
         with:
           path: ${{ steps.npm-cache.outputs.dir }}
@@ -60,20 +65,23 @@ jobs:
           restore-keys: |
             ${{ runner.os }}-node-
 
-      - name: Install dependencies
+      - if: ${{ needs.see_if_should_skip.outputs.should_skip != 'true' }}
+        name: Install dependencies
         run: npm ci
 
-      - name: Run build script
+      - if: ${{ needs.see_if_should_skip.outputs.should_skip != 'true' }}
+        name: Run build script
         run: npm run build
 
-      - name: Run tests
+      - if: ${{ needs.see_if_should_skip.outputs.should_skip != 'true' }}
+        name: Run tests
         run: npx jest tests/${{ matrix.test-group }}/
         env:
-          NODE_OPTIONS: "--max_old_space_size=4096"
+          NODE_OPTIONS: '--max_old_space_size=4096'
 
       - name: Send Slack notification if workflow fails
         uses: rtCamp/action-slack-notify@e17352feaf9aee300bf0ebc1dfbf467d80438815
         if: failure() && github.ref == 'early-access'
         env:
           SLACK_WEBHOOK: ${{ secrets.DOCS_ALERTS_SLACK_WEBHOOK }}
-          SLACK_MESSAGE: "Tests are failing on the `early-access` branch. https://github.com/github/docs-internal/tree/early-access"
+          SLACK_MESSAGE: 'Tests are failing on the `early-access` branch. https://github.com/github/docs-internal/tree/early-access'

.github/workflows/translations.yml

@@ -2,7 +2,7 @@ name: Translations
 
 on:
   schedule:
-   - cron: "20 19 * * *"  # once a day at 19:20 UTC / 11:20 PST
+    - cron: '20 19 * * *' # once a day at 19:20 UTC / 11:20 PST
 
 env:
   FREEZE: ${{ secrets.FREEZE }}
@@ -12,45 +12,45 @@ jobs:
     if: github.repository == 'github/docs-internal'
     runs-on: ubuntu-latest
     steps:
-    - if: ${{ env.FREEZE == 'true' }}
-      run: |
-        echo 'The repo is currently frozen! Exiting this workflow.'
-        exit 1 # prevents further steps from running
-    - name: Find original Pull Request
-      uses: juliangruber/find-pull-request-action@64d55773c959748ad30a4184f4dc102af1669f7b
-      id: pr
-      with:
-        github-token: ${{ secrets.GITHUB_TOKEN }}
-        branch: translations
-    - if: ${{ steps.pr.outputs.number }}
-      name: Check if already labeled
-      uses: actions/github-script@626af12fe9a53dc2972b48385e7fe7dec79145c9
-      id: has-label
-      with:
-        script: |
-          const { data: labels } = await github.issues.listLabelsOnIssue({
-            owner: context.repo.owner,
-            repo: context.repo.repo,
-            issue_number: ${{ steps.pr.outputs.number }}
-          })
-          if (labels.find(label => label.name === 'automerge')) {
-            return 'ok'
-          }
-    - if: ${{ !steps.has-label.outputs.result }}
-      name: Approve Pull Request
-      uses: juliangruber/approve-pull-request-action@c530832d4d346c597332e20e03605aa94fa150a8
-      with:
-        github-token: ${{ secrets.GITHUB_TOKEN }}
-        number: ${{ steps.pr.outputs.number }}
-    - if: ${{ !steps.has-label.outputs.result }}
-      name: Add automerge label
-      uses: actions/github-script@626af12fe9a53dc2972b48385e7fe7dec79145c9
-      with:
-        github-token: ${{ secrets.GITHUB_TOKEN }}
-        script: |
-          github.issues.addLabels({
-            owner: context.repo.owner,
-            repo: context.repo.repo,
-            issue_number: ${{ steps.pr.outputs.number }},
-            labels: ['automerge']
-          })
+      - if: ${{ env.FREEZE == 'true' }}
+        run: |
+          echo 'The repo is currently frozen! Exiting this workflow.'
+          exit 1 # prevents further steps from running
+      - name: Find original Pull Request
+        uses: juliangruber/find-pull-request-action@64d55773c959748ad30a4184f4dc102af1669f7b
+        id: pr
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          branch: translations
+      - if: ${{ steps.pr.outputs.number }}
+        name: Check if already labeled
+        uses: actions/github-script@626af12fe9a53dc2972b48385e7fe7dec79145c9
+        id: has-label
+        with:
+          script: |
+            const { data: labels } = await github.issues.listLabelsOnIssue({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              issue_number: ${{ steps.pr.outputs.number }}
+            })
+            if (labels.find(label => label.name === 'automerge')) {
+              return 'ok'
+            }
+      - if: ${{ !steps.has-label.outputs.result }}
+        name: Approve Pull Request
+        uses: juliangruber/approve-pull-request-action@c530832d4d346c597332e20e03605aa94fa150a8
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          number: ${{ steps.pr.outputs.number }}
+      - if: ${{ !steps.has-label.outputs.result }}
+        name: Add automerge label
+        uses: actions/github-script@626af12fe9a53dc2972b48385e7fe7dec79145c9
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          script: |
+            github.issues.addLabels({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              issue_number: ${{ steps.pr.outputs.number }},
+              labels: ['automerge']
+            })

.github/workflows/triage-issue-comments.yml

@@ -1,7 +1,8 @@
 name: Triage new issue comments
 on:
   issue_comment:
-    types: [created]
+    types:
+      - created
 
 jobs:
   triage-issue-comments:
@@ -9,38 +10,38 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-    - name: Check if the event originated from a team member
-      uses: actions/github-script@626af12fe9a53dc2972b48385e7fe7dec79145c9
-      id: is-internal-contributor
-      with:
-        github-token: ${{secrets.GITHUB_TOKEN}}
-        result-encoding: string
-        script: |
-          const repo = context.payload.repository.name
-          const org = context.payload.repository.owner.login
-          const actor = context.actor
-          let collaboratorStatus = ''
-          try {
-            collaboratorStatus = await github.request('GET /repos/{owner}/{repo}/collaborators/{username}', {
-              owner: org,
-              repo: repo,
-              username: actor
-            })
-            console.log(`This issue was commented on by a Hubber.`)
-            return 'true'
-          } catch (error) {
-            console.log(`This issue was commented on by an external contributor.`)
-            return 'false'
-          }
-    - name: Label issues with new comments with 'triage'
-      uses: rachmari/labeler@832d42ec5523f3c6d46e8168de71cd54363e3e2e
-      if: (steps.is-internal-contributor.outputs.result == 'false')
-      with:
-        repo-token: "${{ secrets.GITHUB_TOKEN }}"
-        add-labels: "triage"
-    - name: Triage to project board
-      uses: rachmari/actions-add-new-issue-to-column@1a459ef92308ba7c9c9dc2fcdd72f232495574a9
-      with:
-        action-token: ${{ secrets.GITHUB_TOKEN }}
-        project-url: "https://github.com/github/docs/projects/1"
-        column-name: "Triage"
+      - name: Check if the event originated from a team member
+        uses: actions/github-script@626af12fe9a53dc2972b48385e7fe7dec79145c9
+        id: is-internal-contributor
+        with:
+          github-token: ${{secrets.GITHUB_TOKEN}}
+          result-encoding: string
+          script: |
+            const repo = context.payload.repository.name
+            const org = context.payload.repository.owner.login
+            const actor = context.actor
+            let collaboratorStatus = ''
+            try {
+              collaboratorStatus = await github.request('GET /repos/{owner}/{repo}/collaborators/{username}', {
+                owner: org,
+                repo: repo,
+                username: actor
+              })
+              console.log(`This issue was commented on by a Hubber.`)
+              return 'true'
+            } catch (error) {
+              console.log(`This issue was commented on by an external contributor.`)
+              return 'false'
+            }
+      - name: Label issues with new comments with 'triage'
+        uses: rachmari/labeler@832d42ec5523f3c6d46e8168de71cd54363e3e2e
+        if: (steps.is-internal-contributor.outputs.result == 'false')
+        with:
+          repo-token: '${{ secrets.GITHUB_TOKEN }}'
+          add-labels: 'triage'
+      - name: Triage to project board
+        uses: rachmari/actions-add-new-issue-to-column@1a459ef92308ba7c9c9dc2fcdd72f232495574a9
+        with:
+          action-token: ${{ secrets.GITHUB_TOKEN }}
+          project-url: 'https://github.com/github/docs/projects/1'
+          column-name: 'Triage'

.github/workflows/triage-issues.yml

@@ -1,7 +1,9 @@
 name: Triage new issues
 on:
   issues:
-    types: [reopened, opened]
+    types:
+      - reopened
+      - opened
 
 jobs:
   triage_issues:
@@ -9,14 +11,14 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-    - name: Label new issues with 'triage'
-      uses: rachmari/labeler@832d42ec5523f3c6d46e8168de71cd54363e3e2e
-      with:
-        repo-token: "${{ secrets.GITHUB_TOKEN }}"
-        add-labels: "triage"
-    - name: Triage to project board
-      uses: rachmari/actions-add-new-issue-to-column@1a459ef92308ba7c9c9dc2fcdd72f232495574a9
-      with:
-        action-token: ${{ secrets.GITHUB_TOKEN }}
-        project-url: "https://github.com/github/docs/projects/1"
-        column-name: "Triage"
+      - name: Label new issues with 'triage'
+        uses: rachmari/labeler@832d42ec5523f3c6d46e8168de71cd54363e3e2e
+        with:
+          repo-token: '${{ secrets.GITHUB_TOKEN }}'
+          add-labels: 'triage'
+      - name: Triage to project board
+        uses: rachmari/actions-add-new-issue-to-column@1a459ef92308ba7c9c9dc2fcdd72f232495574a9
+        with:
+          action-token: ${{ secrets.GITHUB_TOKEN }}
+          project-url: 'https://github.com/github/docs/projects/1'
+          column-name: 'Triage'

.github/workflows/triage-pull-requests.yml

@@ -1,7 +1,9 @@
 name: Triage new pull requests
 on:
   pull_request:
-    types: [reopened, opened]
+    types:
+      - reopened
+      - opened
 
 jobs:
   triage_pulls:
@@ -9,14 +11,14 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-    - name: Label new pull requests with 'triage'
-      uses: rachmari/labeler@832d42ec5523f3c6d46e8168de71cd54363e3e2e
-      with:
-        repo-token: "${{ secrets.GITHUB_TOKEN }}"
-        add-labels: "triage"
-    - name: Triage to project board
-      uses: rachmari/actions-add-new-issue-to-column@1a459ef92308ba7c9c9dc2fcdd72f232495574a9
-      with:
-        action-token: ${{ secrets.GITHUB_TOKEN }}
-        project-url: "https://github.com/github/docs/projects/1"
-        column-name: "Triage"
+      - name: Label new pull requests with 'triage'
+        uses: rachmari/labeler@832d42ec5523f3c6d46e8168de71cd54363e3e2e
+        with:
+          repo-token: '${{ secrets.GITHUB_TOKEN }}'
+          add-labels: 'triage'
+      - name: Triage to project board
+        uses: rachmari/actions-add-new-issue-to-column@1a459ef92308ba7c9c9dc2fcdd72f232495574a9
+        with:
+          action-token: ${{ secrets.GITHUB_TOKEN }}
+          project-url: 'https://github.com/github/docs/projects/1'
+          column-name: 'Triage'

.github/workflows/triage-stale-check.yml

@@ -1,7 +1,7 @@
 name: Public Repo Stale Check
 on:
   schedule:
-  - cron: "45 16 * * *"  # Run each day at 16:45 UTC / 8:45 PST
+    - cron: '45 16 * * *' # Run each day at 16:45 UTC / 8:45 PST
 
 jobs:
   stale:
@@ -9,10 +9,12 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-    - uses: actions/stale@af4072615903a8b031f986d25b1ae3bf45ec44d4
-      with:
-        repo-token: ${{ secrets.GITHUB_TOKEN }}
-        stale-pr-message: 'This PR is stale because it has been open 7 days with no activity and will be automatically closed in 3 days. To keep this PR open, update the PR by adding a comment or pushing a commit.'
-        days-before-stale: 7
-        days-before-close: 10
-        stale-pr-label: 'stale'
+      - uses: actions/stale@af4072615903a8b031f986d25b1ae3bf45ec44d4
+        with:
+          repo-token: ${{ secrets.GITHUB_TOKEN }}
+          stale-pr-message: 'This PR is stale because it has been open 7 days with no activity and will be automatically closed in 3 days. To keep this PR open, update the PR by adding a comment or pushing a commit.'
+          days-before-stale: 7
+          days-before-close: 10
+          stale-pr-label: 'stale'
+          exempt-pr-labels: 'never-stale'
+          exempt-issue-labels: 'never-stale'

.github/workflows/update-graphql-files.yml

@@ -10,63 +10,64 @@ env:
 
 on:
   schedule:
-    - cron:  "20 16 * * *" # run every day at 16:20 UTC / 8:20 PST
+    - cron: '20 16 * * *' # run every day at 16:20 UTC / 8:20 PST
 
 jobs:
   update_graphql_files:
     if: github.repository == 'github/docs-internal'
     runs-on: ubuntu-latest
     steps:
-    - if: ${{ env.FREEZE == 'true' }}
-      run: |
-        echo 'The repo is currently frozen! Exiting this workflow.'
-        exit 1 # prevents further steps from running
-    - name: Checkout
-      uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
-    - name: Set up Ruby
-      uses: actions/setup-ruby@5f29a1cd8dfebf420691c4c9a0e832e2fae5a526
-      with:
-        ruby-version: '2.4'
-    - name: Install Ruby dependencies
-      run: |
-        gem install bundler
-        bundle install
-    - name: Install Node.js dependencies
-      run: npm ci
-    - name: Run updater scripts
-      env:
-        # need to use a token from a user with access to github/github for this step
-        GITHUB_TOKEN: ${{ secrets.ZEKE_PAT_WITH_REPO_AND_WORKFLOW_SCOPE_FOR_REPO_SYNC }}
-      # technically the changelog should only be updated once per day, but we can safely
-      # run build-changelog-from-markdown.js in its current form once per hour; when we
-      # rewrite the changelog script, we may need to run it in a separate workflow on a
-      # once-per-day schedule; see details in https://github.com/github/docs-internal/issues/12722.
-      run: |
-        script/graphql/update-files.js
-        script/graphql/build-changelog-from-markdown.js
-    - name: Create pull request
-      id: create-pull-request
-      uses: peter-evans/create-pull-request@938e6aea6f8dbdaced2064e948cb806c77fe87b8
-      with:
-        # need to use a token with repo and workflow scopes for this step
-        token: ${{ secrets.OCTOMERGER_PAT_WITH_REPO_AND_WORKFLOW_SCOPE }}
-        commit-message: 'Action ran graphql scripts "update-files" and "build-changelog-from-markdown"'
-        title: GraphQL schema update
-        body: "Hello! Some GraphQL data in github/github was updated recently. This PR
-          syncs up the GraphQL data in this repo.\n\n
-          If CI passes, this PR will be auto-merged. :green_heart:\n\n
-          If CI does not pass or other problems arise, contact #docs-engineering on slack."
-        labels: automerge
-        branch: graphql-schema-update
-    - if: ${{ failure() }}
-      name: Delete remote branch (if previous steps failed)
-      uses: dawidd6/action-delete-branch@47743101a121ad657031e6704086271ca81b1911
-      with:
-        github_token: ${{ secrets.GITHUB_TOKEN }}
-        branches: graphql-schema-update
-    - if: ${{ steps.create-pull-request.outputs.pr_number }}
-      name: Approve
-      uses: juliangruber/approve-pull-request-action@c530832d4d346c597332e20e03605aa94fa150a8
-      with:
-        github-token: ${{ secrets.GITHUB_TOKEN }}
-        number: ${{ steps.create-pull-request.outputs.pr_number }}
+      - if: ${{ env.FREEZE == 'true' }}
+        run: |
+          echo 'The repo is currently frozen! Exiting this workflow.'
+          exit 1 # prevents further steps from running
+      - name: Checkout
+        uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
+      - name: Set up Ruby
+        uses: actions/setup-ruby@5f29a1cd8dfebf420691c4c9a0e832e2fae5a526
+        with:
+          ruby-version: '2.4'
+      - name: Install Ruby dependencies
+        run: |
+          gem install bundler
+          bundle install
+      - name: Install Node.js dependencies
+        run: npm ci
+      - name: Run updater scripts
+        env:
+          # need to use a token from a user with access to github/github for this step
+          GITHUB_TOKEN: ${{ secrets.ZEKE_PAT_WITH_REPO_AND_WORKFLOW_SCOPE_FOR_REPO_SYNC }}
+        # technically the changelog should only be updated once per day, but we can safely
+        # run build-changelog-from-markdown.js in its current form once per hour; when we
+        # rewrite the changelog script, we may need to run it in a separate workflow on a
+        # once-per-day schedule; see details in https://github.com/github/docs-internal/issues/12722.
+        run: |
+          script/graphql/update-files.js
+          script/graphql/build-changelog-from-markdown.js
+      - name: Create pull request
+        id: create-pull-request
+        uses: peter-evans/create-pull-request@938e6aea6f8dbdaced2064e948cb806c77fe87b8
+        with:
+          # need to use a token with repo and workflow scopes for this step
+          token: ${{ secrets.OCTOMERGER_PAT_WITH_REPO_AND_WORKFLOW_SCOPE }}
+          commit-message: 'Action ran graphql scripts "update-files" and "build-changelog-from-markdown"'
+          title: GraphQL schema update
+          body:
+            "Hello! Some GraphQL data in github/github was updated recently. This PR
+            syncs up the GraphQL data in this repo.\n\n
+            If CI passes, this PR will be auto-merged. :green_heart:\n\n
+            If CI does not pass or other problems arise, contact #docs-engineering on slack."
+          labels: automerge
+          branch: graphql-schema-update
+      - if: ${{ failure() }}
+        name: Delete remote branch (if previous steps failed)
+        uses: dawidd6/action-delete-branch@47743101a121ad657031e6704086271ca81b1911
+        with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          branches: graphql-schema-update
+      - if: ${{ steps.create-pull-request.outputs.pr_number }}
+        name: Approve
+        uses: juliangruber/approve-pull-request-action@c530832d4d346c597332e20e03605aa94fa150a8
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          number: ${{ steps.create-pull-request.outputs.pr_number }}

.github/workflows/yml-lint.yml

@@ -0,0 +1,56 @@
+name: Lint Yaml
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - main
+  pull_request:
+    branches-ignore:
+      - translations
+
+jobs:
+  see_if_should_skip:
+    runs-on: ubuntu-latest
+
+    outputs:
+      should_skip: ${{ steps.skip_check.outputs.should_skip }}
+    steps:
+      - id: skip_check
+        uses: fkirc/skip-duplicate-actions@36feb0d8d062137530c2e00bd278d138fe191289
+        with:
+          cancel_others: 'false'
+          github_token: ${{ github.token }}
+          paths: '["**/*.yml", "**/*.yaml", "package*.json", ".github/workflows/yml-lint.yml"]'
+
+  lint:
+    runs-on: ubuntu-latest
+    needs: see_if_should_skip
+    if: ${{ needs.see_if_should_skip.outputs.should_skip != 'true' }}
+    steps:
+      - name: Check out repo
+        uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
+
+      - name: Setup node
+        uses: actions/setup-node@56899e050abffc08c2b3b61f3ec6a79a9dc3223d
+        with:
+          node-version: 14.x
+
+      - name: Get npm cache directory
+        id: npm-cache
+        run: |
+          echo "::set-output name=dir::$(npm config get cache)"
+
+      - name: Cache node modules
+        uses: actions/cache@0781355a23dac32fd3bac414512f4b903437991a
+        with:
+          path: ${{ steps.npm-cache.outputs.dir }}
+          key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
+          restore-keys: |
+            ${{ runner.os }}-node-
+
+      - name: Install dependencies
+        run: npm ci
+
+      - name: Run linter
+        run: npx prettier -c "**/*.{yml,yaml}"

.prettierignore

@@ -0,0 +1 @@
+translations/

.prettierrc.json

@@ -0,0 +1,12 @@
+{
+  "overrides": [
+    {
+      "files":[
+        "**/*.{yml,yaml}"
+      ],
+      "options": {
+        "singleQuote": true
+      }
+    }
+  ]
+}

CODE_OF_CONDUCT.md

@@ -22,6 +22,7 @@ Examples of unacceptable behavior include:
 * Trolling, insulting or derogatory comments, and personal or political attacks
 * Public or private harassment
 * Publishing others' private information, such as a physical or email address, without their explicit permission
+* Contacting individual members, contributors, or leaders privately, outside designated community mechanisms, without their explicit permission
 * Other conduct which could reasonably be considered inappropriate in a professional setting
 
 ## Enforcement Responsibilities

README.md

@@ -5,6 +5,7 @@ This repository contains the documentation website code and Markdown source file
 GitHub's Docs team works on pre-production content in a private repo that regularly syncs with this public repo.
 
 In this article:
+
 - [Contributing](#contributing)
 - [READMEs](#readmes)
 - [License](#license)
@@ -34,6 +35,7 @@ If you have a solution to one of the open issues, you will need to fork the repo
 We use GitHub Discussions to talk about all sorts of topics related to documentation and this site. For example: if you'd like help troubleshooting a PR, have a great new idea, or want to share something amazing you've learned in our docs, join us in [discussions](https://github.com/github/docs/discussions).
 
 #### And that's it!
+
 That's how you can get started easily as a member of the GitHub Documentation community. :sparkles:
 
 If you want to know more, or you're making a more complex contribution, check out [Getting Started with Contributing](/CONTRIBUTING.md).

content/actions/guides/building-and-testing-java-with-gradle.md

@@ -91,7 +91,7 @@ steps:
 
 ### Caching dependencies
 
-You can cache your dependencies to speed up your workflow runs. After a successful run, your local Gradle package cache will be stored on GitHub Actions infrastructure. In future workflow runs, the cache will be restored so that dependencies don't need to be downloaded from remote package repositories. For more information, see "[Caching dependencies to speed up workflows](/actions/automating-your-workflow-with-github-actions/caching-dependencies-to-speed-up-workflows)" and the [`cache` action](https://github.com/marketplace/actions/cache).
+When using {% data variables.product.prodname_dotcom %}-hosted runners, you can cache your dependencies to speed up your workflow runs. After a successful run, your local Gradle package cache will be stored on GitHub Actions infrastructure. In future workflow runs, the cache will be restored so that dependencies don't need to be downloaded from remote package repositories. For more information, see "<a href="/actions/guides/caching-dependencies-to-speed-up-workflows" class="dotcom-only">Caching dependencies to speed up workflows</a>" and the [`cache` action](https://github.com/marketplace/actions/cache).
 
 {% raw %}
 ```yaml

content/actions/guides/building-and-testing-java-with-maven.md

@@ -91,7 +91,7 @@ steps:
 
 ### Caching dependencies
 
-You can cache your dependencies to speed up your workflow runs. After a successful run, your local Maven repository will be stored on GitHub Actions infrastructure. In future workflow runs, the cache will be restored so that dependencies don't need to be downloaded from remote Maven repositories. For more information, see "[Caching dependencies to speed up workflows](/actions/automating-your-workflow-with-github-actions/caching-dependencies-to-speed-up-workflows)" and the [`cache` action](https://github.com/marketplace/actions/cache).
+When using {% data variables.product.prodname_dotcom %}-hosted runners, you can cache your dependencies to speed up your workflow runs. After a successful run, your local Maven repository will be stored on GitHub Actions infrastructure. In future workflow runs, the cache will be restored so that dependencies don't need to be downloaded from remote Maven repositories. For more information, see "<a href="/actions/guides/caching-dependencies-to-speed-up-workflows" class="dotcom-only">Caching dependencies to speed up workflows</a>" and the [`cache` action](https://github.com/marketplace/actions/cache).
 
 {% raw %}
 ```yaml

content/actions/guides/building-and-testing-nodejs.md

@@ -129,7 +129,7 @@ If you don't specify a Node.js version, {% data variables.product.prodname_dotco
 
 {% data variables.product.prodname_dotcom %}-hosted runners have npm and Yarn dependency managers installed. You can use npm and Yarn to install dependencies in your workflow before building and testing your code. The Windows and Linux {% data variables.product.prodname_dotcom %}-hosted runners also have Grunt, Gulp, and Bower installed.
 
-You can also cache dependencies to speed up your workflow. For more information, see "[Caching dependencies to speed up your workflow](/actions/automating-your-workflow-with-github-actions/caching-dependencies-to-speed-up-workflows)."
+When using {% data variables.product.prodname_dotcom %}-hosted runners, you can also cache dependencies to speed up your workflow. For more information, see "<a href="/actions/guides/caching-dependencies-to-speed-up-workflows" class="dotcom-only">Caching dependencies to speed up workflows</a>."
 
 #### Example using npm
 
@@ -227,7 +227,7 @@ always-auth=true
 
 #### Example caching dependencies
 
-You can cache dependencies using a unique key, and restore the dependencies when you run future workflows using the `cache` action. For more information, see "[Caching dependencies to speed up workflows](/actions/automating-your-workflow-with-github-actions/caching-dependencies-to-speed-up-workflows)" and the [`cache` action](https://github.com/marketplace/actions/cache).
+When using {% data variables.product.prodname_dotcom %}-hosted runners, you can cache dependencies using a unique key, and restore the dependencies when you run future workflows using the `cache` action. For more information, see "<a href="/actions/guides/caching-dependencies-to-speed-up-workflows" class="dotcom-only">Caching dependencies to speed up workflows</a>" and the [`cache` action](https://github.com/marketplace/actions/cache).
 
 {% raw %}
 ```yaml
@@ -241,7 +241,7 @@ steps:
   uses: actions/cache@v2
   with:
     # npm cache files are stored in `~/.npm` on Linux/macOS
-    path: ~/.npm 
+    path: ~/.npm
     key: ${{ runner.OS }}-node-${{ hashFiles('**/package-lock.json') }}
     restore-keys: |
       ${{ runner.OS }}-node-

content/actions/guides/building-and-testing-powershell.md

@@ -30,7 +30,7 @@ We recommend that you have a basic understanding of PowerShell and Pester. For m
 
 ### Adding a workflow for Pester
 
-To automate your testing with PowerShell and Pester, you can add a workflow that runs every time a change is pushed to your repository. In the following example, `Test-Path` is used to check that a file called `resultsfile.log` is present. 
+To automate your testing with PowerShell and Pester, you can add a workflow that runs every time a change is pushed to your repository. In the following example, `Test-Path` is used to check that a file called `resultsfile.log` is present.
 
 This example workflow file must be added to your repository's `.github/workflows/` directory:
 
@@ -57,7 +57,7 @@ jobs:
 {% endraw %}
 
 * `shell: pwsh` - Configures the job to use PowerShell when running the `run` commands.
-* `run: Test-Path resultsfile.log` - Check whether a file called `resultsfile.log` is present in the repository's root directory. 
+* `run: Test-Path resultsfile.log` - Check whether a file called `resultsfile.log` is present in the repository's root directory.
 * `Should -Be $true` - Uses Pester to define an expected result. If the result is unexpected, then {% data variables.product.prodname_actions %} flags this as a failed test. For example:
 
   ![Failed Pester test](/assets/images/help/repository/actions-failed-pester-test.png)
@@ -83,7 +83,7 @@ The table below describes the locations for various PowerShell modules in each {
 
 ### Installing dependencies
 
-{% data variables.product.prodname_dotcom %}-hosted runners have PowerShell 7 and Pester installed. You can use `Install-Module` to install additional dependencies from the PowerShell Gallery before building and testing your code. 
+{% data variables.product.prodname_dotcom %}-hosted runners have PowerShell 7 and Pester installed. You can use `Install-Module` to install additional dependencies from the PowerShell Gallery before building and testing your code.
 
 {% note %}
 
@@ -91,7 +91,7 @@ The table below describes the locations for various PowerShell modules in each {
 
 {% endnote %}
 
-You can also cache dependencies to speed up your workflow. For more information, see "[Caching dependencies to speed up your workflow](/actions/automating-your-workflow-with-github-actions/caching-dependencies-to-speed-up-workflows)."
+When using {% data variables.product.prodname_dotcom %}-hosted runners, you can also cache dependencies to speed up your workflow. For more information, see "<a href="/actions/guides/caching-dependencies-to-speed-up-workflows" class="dotcom-only">Caching dependencies to speed up workflows</a>."
 
 For example, the following job installs the `SqlServer` and `PSScriptAnalyzer` modules:
 
@@ -119,7 +119,7 @@ jobs:
 
 #### Caching dependencies
 
-You can cache PowerShell dependencies using a unique key, which allows you to restore the dependencies for future workflows with the [`cache`](https://github.com/marketplace/actions/cache) action. For more information, see "[Caching dependencies to speed up workflows](/actions/automating-your-workflow-with-github-actions/caching-dependencies-to-speed-up-workflows)."
+When using {% data variables.product.prodname_dotcom %}-hosted runners, you can cache PowerShell dependencies using a unique key, which allows you to restore the dependencies for future workflows with the [`cache`](https://github.com/marketplace/actions/cache) action. For more information, see "<a href="/actions/guides/caching-dependencies-to-speed-up-workflows" class="dotcom-only">Caching dependencies to speed up workflows</a>."
 
 PowerShell caches its dependencies in different locations, depending on the runner's operating system. For example, the `path` location used in the following Ubuntu example will be different for a Windows operating system.
 

content/actions/guides/building-and-testing-python.md

@@ -141,9 +141,9 @@ jobs:
       uses: actions/setup-python@v2
       with:
         # Semantic version range syntax or exact version of a Python version
-        python-version: '3.x' 
+        python-version: '3.x'
         # Optional - x64 or x86 architecture, defaults to x64
-        architecture: 'x64' 
+        architecture: 'x64'
     # You can test your matrix by printing the current Python version
     - name: Display Python version
       run: python -c "import sys; print(sys.version)"
@@ -192,7 +192,7 @@ We recommend using `setup-python` to configure the version of Python used in you
 
 {% data variables.product.prodname_dotcom %}-hosted runners have the pip package manager installed. You can use pip to install dependencies from the PyPI package registry before building and testing your code. For example, the YAML below installs or upgrades the `pip` package installer and the `setuptools` and `wheel` packages.
 
-You can also cache dependencies to speed up your workflow. For more information, see "[Caching dependencies to speed up your workflow](/actions/automating-your-workflow-with-github-actions/caching-dependencies-to-speed-up-workflows)."
+When using {% data variables.product.prodname_dotcom %}-hosted runners, you can also cache dependencies to speed up your workflow. For more information, see "<a href="/actions/guides/caching-dependencies-to-speed-up-workflows" class="dotcom-only">Caching dependencies to speed up workflows</a>."
 
 {% raw %}
 ```yaml
@@ -228,7 +228,7 @@ steps:
 
 #### Caching Dependencies
 
-You can cache pip dependencies using a unique key, and restore the dependencies when you run future workflows using the [`cache`](https://github.com/marketplace/actions/cache) action. For more information, see "[Caching dependencies to speed up workflows](/actions/automating-your-workflow-with-github-actions/caching-dependencies-to-speed-up-workflows)."
+When using {% data variables.product.prodname_dotcom %}-hosted runners, you can cache pip dependencies using a unique key, and restore the dependencies when you run future workflows using the [`cache`](https://github.com/marketplace/actions/cache) action. For more information, see "<a href="/actions/guides/caching-dependencies-to-speed-up-workflows" class="dotcom-only">Caching dependencies to speed up workflows</a>."
 
 Pip caches dependencies in different locations, depending on the operating system of the runner. The path you'll need to cache may differ from the Ubuntu example below depending on the operating system you use. For more information, see [Python caching examples](https://github.com/actions/cache/blob/main/examples.md#python---pip).
 

content/actions/guides/building-and-testing-ruby.md

@@ -0,0 +1,318 @@
+---
+title: Building and testing Ruby
+intro: You can create a continuous integration (CI) workflow to build and test your Ruby project.
+product: '{% data reusables.gated-features.actions %}'
+versions:
+  free-pro-team: '*'
+  enterprise-server: '>=2.22'
+---
+
+{% data reusables.actions.enterprise-beta %}
+{% data reusables.actions.enterprise-github-hosted-runners %}
+
+### Introduction
+
+This guide shows you how to create a continuous integration (CI) workflow that builds and tests a Ruby application. If your CI tests pass, you may want to deploy your code or publish a gem.
+
+### Prerequisites
+
+We recommend that you have a basic understanding of Ruby, YAML, workflow configuration options, and how to create a workflow file. For more information, see:
+
+- [Learn {% data variables.product.prodname_actions %}](/actions/learn-github-actions)
+- [Ruby in 20 minutes](https://www.ruby-lang.org/en/documentation/quickstart/)
+
+### Starting with the Ruby workflow template
+
+{% data variables.product.prodname_dotcom %} provides a Ruby workflow template that will work for most Ruby projects. For more information, see the [Ruby workflow template](https://github.com/actions/starter-workflows/blob/master/ci/ruby.yml).
+
+To get started quickly, add the template to the `.github/workflows` directory of your repository.
+
+{% raw %}
+```yaml
+name: Ruby
+
+on:
+  push:
+    branches: [ $default-branch ]
+  pull_request:
+    branches: [ $default-branch ]
+
+jobs:
+  test:
+
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v2
+    - name: Set up Ruby
+    # To automatically get bug fixes and new Ruby versions for ruby/setup-ruby,
+    # change this to (see https://github.com/ruby/setup-ruby#versioning):
+    # uses: ruby/setup-ruby@v1
+      uses: ruby/setup-ruby@ec106b438a1ff6ff109590de34ddc62c540232e0
+      with:
+        ruby-version: 2.6
+    - name: Install dependencies
+      run: bundle install
+    - name: Run tests
+      run: bundle exec rake
+```
+{% endraw %}
+
+### Specifying the Ruby version
+
+The easiest way to specify a Ruby version is by using the `ruby/setup-ruby` action provided by the Ruby organization on GitHub. The action adds any supported Ruby version to `PATH` for each job run in a workflow. For more information see, the [`ruby/setup-ruby`](https://github.com/ruby/setup-ruby).
+
+Using either Ruby's `ruby/setup-ruby` action or GitHub's `actions/setup-ruby` action is the recommended way of using Ruby with GitHub Actions because it ensures consistent behavior across different runners and different versions of Ruby.
+
+The `setup-ruby` action takes a Ruby version as an input and configures that version on the runner.
+
+{% raw %}
+```yaml
+steps:
+- uses: actions/checkout@v2
+- uses: ruby/setup-ruby@v1
+  with:
+    ruby-version: 2.6 # Not needed with a .ruby-version file
+- run: bundle install
+- run: bundle exec rake
+```
+{% endraw %}
+
+Alternatively, you can check a `.ruby-version` file  into the root of your repository and `setup-ruby` will use the version defined in that file.
+
+### Testing with multiple versions of Ruby
+
+You can add a matrix strategy to run your workflow with more than one version of Ruby. For example, you can test your code against the latest patch releases of versions 2.7, 2.6, and 2.5. The 'x' is a wildcard character that matches the latest patch release available for a version. 
+
+{% raw %}
+```yaml
+strategy:
+  matrix:
+    ruby-version: [2.7.x, 2.6.x, 2.5.x]
+```
+{% endraw %}
+
+Each version of Ruby specified in the `ruby-version` array creates a job that runs the same steps. The {% raw %}`${{ matrix.ruby-version }}`{% endraw %} context is used to access the current job's version. For more information about matrix strategies and contexts, see "Workflow syntax for GitHub Actions" and "Context and expression syntax for GitHub Actions."
+
+The full updated workflow with a matrix strategy could look like this:
+
+{% raw %}
+```yaml
+name: Ruby CI
+
+on:
+  push:
+    branches: [ $default-branch ]
+  pull_request:
+    branches: [ $default-branch ]
+
+jobs:
+  test:
+
+    runs-on: ubuntu-latest
+
+    strategy:
+      matrix:
+        ruby-version: [2.7.x, 2.6.x, 2.5.x]
+
+    steps:
+    - uses: actions/checkout@v2
+    - name: Set up Ruby ${{ matrix.ruby-version }}
+    # To automatically get bug fixes and new Ruby versions for ruby/setup-ruby,
+    # change this to (see https://github.com/ruby/setup-ruby#versioning):
+    # uses: ruby/setup-ruby@v1
+      uses: ruby/setup-ruby@ec106b438a1ff6ff109590de34ddc62c540232e0
+      with:
+        ruby-version: ${{ matrix.ruby-version }}
+    - name: Install dependencies
+      run: bundle install
+    - name: Run tests
+      run: bundle exec rake
+```
+{% endraw %}
+
+### Installing dependencies with Bundler
+
+The `setup-ruby` action will automatically install bundler for you. The version is determined by your `gemfile.lock` file. If no version is present in your lockfile, then the latest compatible version will be installed.
+
+{% raw %}
+```yaml
+steps:
+- uses: actions/checkout@v2
+- uses: ruby/setup-ruby@v1
+  with:
+    ruby-version: 2.6
+- run: bundle install
+```
+{% endraw %}
+
+#### Caching dependencies
+
+If you are using {% data variables.product.prodname_dotcom %}-hosted runners, the `setup-ruby` actions provides a method to automatically handle the caching of your gems between runs.
+
+To enable caching, set the following.
+
+{% raw %}
+```yaml
+steps:
+- uses: ruby/setup-ruby@v1
+    with:
+      bundler-cache: true
+```
+{% endraw %}
+
+This will configure bundler to install your gems to `vendor/cache`. For each successful run of your workflow, this folder will be cached by Actions and re-downloaded for subsequent workflow runs. A hash of your gemfile.lock and the Ruby version are used as the cache key. If you install any new gems, or change a version, the cache will be invalidated and bundler will do a fresh install.
+
+**Caching without setup-ruby**
+
+For greater control over caching, if you are using {% data variables.product.prodname_dotcom %}-hosted runners, you can use the `actions/cache` Action directly. For more information, see "<a href="/actions/guides/caching-dependencies-to-speed-up-workflows" class="dotcom-only">Caching dependencies to speed up workflows</a>."
+
+{% raw %}
+```yaml
+steps:
+- uses: actions/cache@v2
+  with:
+    path: vendor/bundle
+    key: ${{ runner.os }}-gems-${{ hashFiles('**/Gemfile.lock') }}
+    restore-keys: |
+      ${{ runner.os }}-gems-
+- name: Bundle install
+  run: |
+    bundle config path vendor/bundle
+    bundle install --jobs 4 --retry 3
+```
+{% endraw %}
+
+If you're using a matrix build, you will want to include the matrix variables in your cache key. For example, if you have a matrix strategy for different ruby versions (`matrix.ruby-version`) and different operating systems (`matrix.os`), your workflow steps might look like this:
+
+{% raw %}
+```yaml
+steps:
+- uses: actions/cache@v2
+  with:
+    path: vendor/bundle
+    key: bundle-use-ruby-${{ matrix.os }}-${{ matrix.ruby-version }}-${{ hashFiles('**/Gemfile.lock') }}
+    restore-keys: |
+      bundle-use-ruby-${{ matrix.os }}-${{ matrix.ruby-version }}-
+- name: Bundle install
+  run: |
+    bundle config path vendor/bundle
+    bundle install --jobs 4 --retry 3
+```
+{% endraw %}
+
+### Matrix testing your code
+
+The following example matrix tests all stable releases and head versions of MRI, JRuby and TruffleRuby on Ubuntu and macOS.
+
+{% raw %}
+```yaml
+name: Matrix Testing
+
+on:
+  push:
+    branches: [ $default-branch ]
+  pull_request:
+    branches: [ $default-branch ]
+
+jobs:
+  test:
+    runs-on: ${{ matrix.os }}-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [ubuntu, macos]
+        ruby: [2.5, 2.6, 2.7, head, debug, jruby, jruby-head, truffleruby, truffleruby-head]
+    continue-on-error: ${{ endsWith(matrix.ruby, 'head') || matrix.ruby == 'debug' }}
+    steps:
+    - uses: actions/checkout@v2
+    - uses: ruby/setup-ruby@v1
+      with:
+        ruby-version: ${{ matrix.ruby }}
+    - run: bundle install
+    - run: bundle exec rake
+```
+{% endraw %}
+
+### Linting your code
+
+The following example installs `rubocop` and uses it to lint all files. For more information, see [Rubocop](https://github.com/rubocop-hq/rubocop). You can [configure Rubocop](https://docs.rubocop.org/rubocop/configuration.html) to decide on the specific linting rules.
+
+{% raw %}
+```yaml
+name: Linting
+
+on: [push]
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v2
+    - uses: ruby/setup-ruby@v1
+      with:
+        ruby-version: 2.6
+    - run: bundle install
+    - name: Rubocop
+      run: rubocop
+```
+{% endraw %}
+
+### Publishing Gems
+
+You can configure your workflow to publish your Ruby package to any package registry you'd like when your CI tests pass.
+
+You can store any access tokens or credentials needed to publish your package using repository secrets. The following example creates and publishes a package to `GitHub Package Registry` and `RubyGems`.
+
+{% raw %}
+```yaml
+
+name: Ruby Gem
+
+on:
+  # Manually publish
+  workflow_dispatch:
+  # Alternatively, publish whenever changes are merged to the default branch.
+  push:
+    branches: [ $default-branch ]
+  pull_request:
+    branches: [ $default-branch ]
+
+jobs:
+  build:
+    name: Build + Publish
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v2
+    - name: Set up Ruby 2.6
+      uses: ruby/setup-ruby@v1
+      with:
+        ruby-version: 2.6
+    - run: bundle install
+
+    - name: Publish to GPR
+      run: |
+        mkdir -p $HOME/.gem
+        touch $HOME/.gem/credentials
+        chmod 0600 $HOME/.gem/credentials
+        printf -- "---\n:github: ${GEM_HOST_API_KEY}\n" > $HOME/.gem/credentials
+        gem build *.gemspec
+        gem push --KEY github --host https://rubygems.pkg.github.com/${OWNER} *.gem
+      env:
+        GEM_HOST_API_KEY: "Bearer ${{secrets.GITHUB_TOKEN}}"
+        OWNER: ${{ github.repository_owner }}
+
+    - name: Publish to RubyGems
+      run: |
+        mkdir -p $HOME/.gem
+        touch $HOME/.gem/credentials
+        chmod 0600 $HOME/.gem/credentials
+        printf -- "---\n:rubygems_api_key: ${GEM_HOST_API_KEY}\n" > $HOME/.gem/credentials
+        gem build *.gemspec
+        gem push *.gem
+      env:
+        GEM_HOST_API_KEY: "${{secrets.RUBYGEMS_AUTH_TOKEN}}"
+```
+{% endraw %}
+

content/actions/guides/index.md

@@ -31,6 +31,7 @@ You can use {% data variables.product.prodname_actions %} to create custom conti
 {% link_in_list /building-and-testing-nodejs %}
 {% link_in_list /building-and-testing-powershell %}
 {% link_in_list /building-and-testing-python %}
+{% link_in_list /building-and-testing-ruby %}
 {% link_in_list /building-and-testing-java-with-maven %}
 {% link_in_list /building-and-testing-java-with-gradle %}
 {% link_in_list /building-and-testing-java-with-ant %}

content/actions/hosting-your-own-runners/managing-access-to-self-hosted-runners-using-groups.md

@@ -33,7 +33,7 @@ All organizations have a single default self-hosted runner group. Organizations
 
 Self-hosted runners are automatically assigned to the default group when created, and can only be members of one group at a time. You can move a runner from the default group to any group you create.
 
-When creating a group, you must choose a policy that defines which repositories have access to the runner group. You can configure a runner group to be accessible to a specific list of repositories, all private repositories, or all repositories in the organization.
+When creating a group, you must choose a policy that defines which repositories have access to the runner group.
 
 {% data reusables.organizations.navigate-to-org %}
 {% data reusables.organizations.org_settings %}
@@ -41,9 +41,19 @@ When creating a group, you must choose a policy that defines which repositories
 1. In the **Self-hosted runners** section, click **Add new**, and then **New group**.
 
     ![Add runner group](/assets/images/help/settings/actions-org-add-runner-group.png)
-1. Enter a name for your runner group, and select an access policy from the **Repository access** dropdown list.
+1. Enter a name for your runner group, and assign a policy for repository access.
 
-    ![Add runner group options](/assets/images/help/settings/actions-org-add-runner-group-options.png)
+   {% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.22" %} You can configure a runner group to be accessible to a specific list of repositories, or to all repositories in the organization. By default, public repositories can't access runners in a runner group, but you can use the **Allow public repositories** option to override this.{% else if currentVersion == "enterprise-server@2.22"%}You can configure a runner group to be accessible to a specific list of repositories, all private repositories, or all repositories in the organization.{% endif %}
+
+   {% warning %}
+
+   **Warning**
+   {% indented_data_reference site.data.reusables.github-actions.self-hosted-runner-security spaces=3 %}
+   For more information, see "[About self-hosted runners](/actions/hosting-your-own-runners/about-self-hosted-runners#self-hosted-runner-security-with-public-repositories)."
+
+   {% endwarning %}
+
+   ![Add runner group options](/assets/images/help/settings/actions-org-add-runner-group-options.png)
 1. Click **Save group** to create the group and apply the policy.
 
 ### Creating a self-hosted runner group for an enterprise
@@ -52,7 +62,7 @@ Enterprises can add their self-hosted runners to groups for access management. E
 
 Self-hosted runners are automatically assigned to the default group when created, and can only be members of one group at a time. You can assign the runner to a specific group during the registration process, or you can later move the runner from the default group to a custom group.
 
-When creating a group, you must choose a policy that grants access to all organizations in the enterprise or choose specific organizations.
+When creating a group, you must choose a policy that defines which organizations have access to the runner group.
 
 {% data reusables.enterprise-accounts.access-enterprise %}
 {% data reusables.enterprise-accounts.policies-tab %}
@@ -61,7 +71,17 @@ When creating a group, you must choose a policy that grants access to all organi
 1. Click **Add new**, and then **New group**.
 
     ![Add runner group](/assets/images/help/settings/actions-enterprise-account-add-runner-group.png)
-1. Enter a name for your runner group, and select an access policy from the **Organization access** dropdown list.
+1. Enter a name for your runner group, and assign a policy for organization access.
+
+   {% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.22" %} You can configure a runner group to be accessible to a specific list of organizations, or all organizations in the enterprise. By default, public repositories can't access runners in a runner group, but you can use the **Allow public repositories** option to override this.{% else if currentVersion == "enterprise-server@2.22"%}You can configure a runner group to be accessible to all organizations in the enterprise or choose specific organizations.{% endif %}
+
+   {% warning %}
+
+   **Warning**
+   {% indented_data_reference site.data.reusables.github-actions.self-hosted-runner-security spaces=3 %}
+   For more information, see "[About self-hosted runners](/actions/hosting-your-own-runners/about-self-hosted-runners#self-hosted-runner-security-with-public-repositories)."
+
+   {% endwarning %}
 
     ![Add runner group options](/assets/images/help/settings/actions-enterprise-account-add-runner-group-options.png)
 1. Click **Save group** to create the group and apply the policy.

content/actions/index.md

@@ -66,7 +66,7 @@ versions:
   <h2 class="mb-2 font-mktg h1">Code examples</h2>
 
   <div class="pr-lg-3 mb-5 mt-3">
-    <input class="js-code-example-filter input-lg py-2 px-3 col-12 col-lg-8 form-control" placeholder="Search code examples" type="text" autocomplete="off" />
+    <input class="js-code-example-filter input-lg py-2 px-3 col-12 col-lg-8 form-control" placeholder="Search code examples" type="search" autocomplete="off" aria-label="Search code examples"/>
   </div>
 
   <div class="d-flex flex-wrap gutter">
@@ -79,7 +79,7 @@ versions:
     <div class="mb-3">{% octicon "search" width="24" %}</div>
     <h3 class="text-normal">Sorry, there is no result for <strong class="js-code-example-filter-value"></strong></h3>
     <p class="my-3 f4">It looks like we don't have an example that fits your filter.<br>Try another filter or add your code example</p>
-    <a href="https://github.com/github/docs/blob/HEAD/data/variables/action_code_examples.yml">Learn how to add a code example {% octicon "arrow-right" %}</a>
+    <a href="https://github.com/github/docs/blob/main/data/variables/action_code_examples.yml">Learn how to add a code example {% octicon "arrow-right" %}</a>
   </div>
 </div>
 {% endif %}

content/actions/learn-github-actions/managing-complex-workflows.md

@@ -12,11 +12,11 @@ versions:
 
 ### Overview
 
-This article describes some of the advanced features of {% data variables.product.prodname_actions %} that help you work create more complex workflows. 
+This article describes some of the advanced features of {% data variables.product.prodname_actions %} that help you work create more complex workflows.
 
 ### Storing secrets
 
-If your workflows use sensitive data, such as passwords or certificates, you can save these in {% data variables.product.prodname_dotcom %} as _secrets_ and then use them in your workflows as environment variables. This means that you will be able to create and share workflows without having to embed sensitive values directly in the YAML workflow. 
+If your workflows use sensitive data, such as passwords or certificates, you can save these in {% data variables.product.prodname_dotcom %} as _secrets_ and then use them in your workflows as environment variables. This means that you will be able to create and share workflows without having to embed sensitive values directly in the YAML workflow.
 
 This example action demonstrates how to reference an existing secret as an environment variable, and send it as a parameter to an example command.
 
@@ -57,7 +57,7 @@ jobs:
     needs: build
     runs-on: ubuntu-latest
     steps:
-      - run: ./test_server.sh 
+      - run: ./test_server.sh
 ```
 
 For more information, see [`jobs.<job_id>.needs`](/actions/reference/workflow-syntax-for-github-actions#jobsjob_idneeds).
@@ -85,7 +85,7 @@ For more information, see [`jobs.<job_id>.strategy.matrix`](/actions/reference/w
 
 ### Caching dependencies
 
-{% data variables.product.prodname_dotcom %}-hosted runners are started as fresh environments for each job, so if your jobs regularly reuse dependencies, you can consider caching these files to help improve performance. Once the cache is created, it is available to all workflows in the same repository. 
+{% data variables.product.prodname_dotcom %}-hosted runners are started as fresh environments for each job, so if your jobs regularly reuse dependencies, you can consider caching these files to help improve performance. Once the cache is created, it is available to all workflows in the same repository.
 
 This example demonstrates how to cache the ` ~/.npm` directory:
 
@@ -106,7 +106,7 @@ jobs:
 ```
 {% endraw %}
 
-For more information, see "[Caching dependencies to speed up workflows](/actions/configuring-and-managing-workflows/caching-dependencies-to-speed-up-workflows)."
+For more information, see "<a href="/actions/guides/caching-dependencies-to-speed-up-workflows" class="dotcom-only">Caching dependencies to speed up workflows</a>."
 
 ### Using databases and service containers
 
@@ -136,7 +136,7 @@ For more information, see "[Using databases and service containers](/actions/con
 
 ### Using labels to route workflows
 
-This feature helps you assign jobs to a specific self-hosted runner. If you want to be sure that a particular type of runner will process your job, you can use labels to control where jobs are executed. You can assign labels to a self-hosted runner, and then refer to these labels in your YAML workflow, ensuring that the job is routed in a predictable way. 
+This feature helps you assign jobs to a specific self-hosted runner. If you want to be sure that a particular type of runner will process your job, you can use labels to control where jobs are executed. You can assign labels to a self-hosted runner, and then refer to these labels in your YAML workflow, ensuring that the job is routed in a predictable way.
 
 This example shows how a workflow can use labels to specify the required runner:
 

content/actions/learn-github-actions/migrating-from-circleci-to-github-actions.md

@@ -101,7 +101,7 @@ GitHub Actions
 </tr>
 </table>
 
-For more information, see "[Caching dependencies to speed up workflows](/actions/configuring-and-managing-workflows/caching-dependencies-to-speed-up-workflows)."
+{% data variables.product.prodname_actions %} caching is only applicable to {% data variables.product.prodname_dotcom %}-hosted runners. For more information, see "<a href="/actions/guides/caching-dependencies-to-speed-up-workflows" class="dotcom-only">Caching dependencies to speed up workflows</a>."
 
 {% data variables.product.prodname_actions %} does not have an equivalent of CircleCI’s Docker Layer Caching (or DLC).
 

content/actions/learn-github-actions/migrating-from-gitlab-cicd-to-github-actions.md

@@ -262,7 +262,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - run: echo "This job will be run first, in parallel with build_a"
-  
+
   test_ab:
     runs-on: ubuntu-latest
     needs: [build_a,build_b]
@@ -346,7 +346,7 @@ jobs:
 </tr>
 </table>
 
-For more information, see "[Caching dependencies to speed up workflows](/actions/guides/caching-dependencies-to-speed-up-workflows)."
+{% data variables.product.prodname_actions %} caching is only applicable to {% data variables.product.prodname_dotcom %}-hosted runners. For more information, see "<a href="/actions/guides/caching-dependencies-to-speed-up-workflows" class="dotcom-only">Caching dependencies to speed up workflows</a>."
 
 ### Artifacts
 
@@ -367,7 +367,7 @@ GitLab CI/CD
 <td class="d-table-cell v-align-top">
 {% raw %}
 ```yaml
-script: 
+script:
 artifacts:
   paths:
   - math-homework.txt
@@ -414,7 +414,7 @@ GitLab CI/CD
 container-job:
   variables:
     POSTGRES_PASSWORD: postgres
-    # The hostname used to communicate with the 
+    # The hostname used to communicate with the
     # PostgreSQL service container
     POSTGRES_HOST: postgres
     # The default PostgreSQL port
@@ -423,10 +423,10 @@ container-job:
   services:
     - postgres
   script:
-  # Performs a clean installation of all dependencies 
+  # Performs a clean installation of all dependencies
   # in the `package.json` file
    - npm ci
-   # Runs a script that creates a PostgreSQL client, 
+   # Runs a script that creates a PostgreSQL client,
    # populates the client with data, and retrieves data
    - node client.js
   tags:
@@ -452,7 +452,7 @@ jobs:
       - name: Check out repository code
         uses: actions/checkout@v2
 
-      # Performs a clean installation of all dependencies 
+      # Performs a clean installation of all dependencies
       # in the `package.json` file
       - name: Install dependencies
         run: npm ci
@@ -462,7 +462,7 @@ jobs:
         # populates the client with data, and retrieves data
         run: node client.js
         env:
-          # The hostname used to communicate with the 
+          # The hostname used to communicate with the
           # PostgreSQL service container
           POSTGRES_HOST: postgres
           # The default PostgreSQL port

content/actions/learn-github-actions/migrating-from-travis-ci-to-github-actions.md

@@ -164,6 +164,12 @@ git:
 </tr>
 </table>
 
+#### Using environment variables in a matrix
+
+Travis CI and {% data variables.product.prodname_actions %} can both add custom environment variables to a test matrix, which allows you to refer to the variable in a later step.
+
+In {% data variables.product.prodname_actions %}, you can use the `include` key to add custom environment variables to a matrix. {% data reusables.github-actions.matrix-variable-example %}
+
 ### Key features in {% data variables.product.prodname_actions %}
 
 When migrating from Travis CI, consider the following key features in {% data variables.product.prodname_actions %}:
@@ -178,7 +184,7 @@ When migrating from Travis CI, consider the following key features in {% data va
 
 #### Hosting your own runners
 
-If your jobs require specific hardware or software, {% data variables.product.prodname_actions %} allows you to host your own runners and send your jobs to them for processing. {% data variables.product.prodname_actions %} also lets you use policies to control how these runners are accessed, granting access at the organization or repository level. For more information, see ["Hosting your own runners](/actions/hosting-your-own-runners)." 
+If your jobs require specific hardware or software, {% data variables.product.prodname_actions %} allows you to host your own runners and send your jobs to them for processing. {% data variables.product.prodname_actions %} also lets you use policies to control how these runners are accessed, granting access at the organization or repository level. For more information, see ["Hosting your own runners](/actions/hosting-your-own-runners)."
 
 #### Concurrent jobs and execution time
 
@@ -207,7 +213,7 @@ For example:
           shell: bash
 ```
 
-### Error handling in {% data variables.product.prodname_actions %} 
+### Error handling in {% data variables.product.prodname_actions %}
 
 When migrating to {% data variables.product.prodname_actions %}, there are different approaches to error handling that you might need to be aware of.
 
@@ -282,7 +288,7 @@ jobs:
 
 ### Caching dependencies
 
-Travis CI and {% data variables.product.prodname_actions %} let you manually cache dependencies for later reuse. This example demonstrates the cache syntax for each system. 
+Travis CI and {% data variables.product.prodname_actions %} let you manually cache dependencies for later reuse. This example demonstrates the cache syntax for each system.
 
 <table>
 <tr>
@@ -317,7 +323,7 @@ cache: npm
 </tr>
 </table>
 
-For more information, see "[Caching dependencies to speed up workflows](/actions/guides/caching-dependencies-to-speed-up-workflows)."
+{% data variables.product.prodname_actions %} caching is only applicable to {% data variables.product.prodname_dotcom %}-hosted runners.  For more information, see "<a href="/actions/guides/caching-dependencies-to-speed-up-workflows" class="dotcom-only">Caching dependencies to speed up workflows</a>."
 
 ### Examples of common tasks
 

content/actions/reference/events-that-trigger-workflows.md

@@ -572,6 +572,8 @@ on:
 
 {% data reusables.developer-site.pull_request_forked_repos_link %}
 
+{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.22" %}
+
 #### `pull_request_target`
 
 This event is similar to `pull_request`, except that it runs in the context of the base repository of the pull request, rather than in the merge commit. This means that you can more safely make your secrets available to the workflows triggered by the pull request, because only workflows defined in the commit on the base repository are run. For example, this event allows you to create workflows that label and comment on pull requests, based on the contents of the event payload. 
@@ -589,6 +591,8 @@ on: pull_request_target
     types: [assigned, opened, synchronize, reopened]
 ```
 
+{% endif %}
+
 #### `push`
 
 {% note %}
@@ -689,6 +693,8 @@ on:
     types: [started]
 ```
 
+{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.22" %}
+
 #### `workflow_run`
 
 {% data reusables.webhooks.workflow_run_desc %}
@@ -711,6 +717,8 @@ on:
       - requested
 ```
 
+{% endif %}
+
 ### Triggering new workflows using a personal access token
 
 {% data reusables.github-actions.actions-do-not-trigger-workflows %} For more information, see "[Authenticating with the GITHUB_TOKEN](/actions/configuring-and-managing-workflows/authenticating-with-the-github_token)."

content/actions/reference/usage-limits-billing-and-administration.md

@@ -76,6 +76,7 @@ For more information, see:
 - "[Disabling or limiting {% data variables.product.prodname_actions %} for your organization](/github/setting-up-and-managing-organizations-and-teams/disabling-or-limiting-github-actions-for-your-organization)"{% if currentVersion == "free-pro-team@latest" %}
 - "[Enforcing {% data variables.product.prodname_actions %} policies in your enterprise account](/github/setting-up-and-managing-your-enterprise/enforcing-github-actions-policies-in-your-enterprise-account)" for {% data variables.product.prodname_ghe_cloud %}{% endif %}
 
+{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.22" %}
 ### Disabling and enabling workflows
 
 You can enable and disable individual workflows in your repository on {% data variables.product.prodname_dotcom %}.
@@ -83,3 +84,4 @@ You can enable and disable individual workflows in your repository on {% data va
 {% data reusables.actions.scheduled-workflows-disabled %}
 
 For more information, see "[Disabling and enabling a workflow](/actions/managing-workflow-runs/disabling-and-enabling-a-workflow)."
+{% endif %}

content/actions/reference/workflow-syntax-for-github-actions.md

@@ -876,6 +876,12 @@ strategy:
 
 {% endnote %}
 
+##### Using environment variables in a matrix
+
+You can add custom environment variables for each test combination by using the `include` key. You can then refer to the custom environment variables in a later step.
+
+{% data reusables.github-actions.matrix-variable-example %}
+
 ### **`jobs.<job_id>.strategy.fail-fast`**
 
 When set to `true`, {% data variables.product.prodname_dotcom %} cancels all in-progress jobs if any `matrix` job fails. Default: `true`

content/admin/configuration/command-line-utilities.md

@@ -82,7 +82,7 @@ Allows you to find the uuid of your node in `cluster.conf`.
 Allows you to exempt a list of users from API rate limits. For more information, see "[Resources in the REST API](/rest/overview/resources-in-the-rest-api#rate-limiting)."
 
 ``` shell
-$ ghe-config app.github.rate_limiting_exempt_users "<em>hubot</em> <em>github-actions</em>"
+$ ghe-config app.github.rate-limiting-exempt-users "<em>hubot</em> <em>github-actions</em>"
 # Exempts the users hubot and github-actions from rate limits
 ```
 {% endif %}

content/admin/enterprise-management/configuring-collectd.md

@@ -10,7 +10,7 @@ versions:
 ---
 ### Set up an external `collectd` server
 
-If you haven't already set up an external `collectd` server, you will need to do so before enabling `collectd` forwarding on {% data variables.product.product_location %}. Your `collectd` server must by running `collectd` version 5.x or higher.
+If you haven't already set up an external `collectd` server, you will need to do so before enabling `collectd` forwarding on {% data variables.product.product_location %}. Your `collectd` server must be running `collectd` version 5.x or higher.
 
 1. Log into your `collectd` server.
 2. Create or edit the `collectd` configuration file to load the network plugin and populate the server and port directives with the proper values. On most distributions, this is located at `/etc/collectd/collectd.conf`

content/admin/enterprise-management/configuring-high-availability-replication-for-a-cluster.md

@@ -57,32 +57,36 @@ Before you define a secondary datacenter for your passive nodes, ensure that you
       mysql-master = <em>HOSTNAME</em>
       redis-master = <em>HOSTNAME</em>
       <strong>primary-datacenter = default</strong>
-  ```
+    ```
 
     - Optionally, change the name of the primary datacenter to something more descriptive or accurate by editing the value of `primary-datacenter`.
 
 4. {% data reusables.enterprise_clustering.configuration-file-heading %} Under each node's heading, add a new key-value pair to assign the node to a datacenter. Use the same value as `primary-datacenter` from step 3 above. For example, if you want to use the default name (`default`), add the following key-value pair to the section for each node.
 
-      datacenter = default
+    ```
+    datacenter = default
+    ```
 
     When you're done, the section for each node in the cluster configuration file should look like the following example. {% data reusables.enterprise_clustering.key-value-pair-order-irrelevant %}
 
-  ```shell
-  [cluster "<em>HOSTNAME</em>"]
-    <strong>datacenter = default</strong>
-    hostname = <em>HOSTNAME</em>
-    ipv4 = <em>IP ADDRESS</em>
+    ```shell
+    [cluster "<em>HOSTNAME</em>"]
+      <strong>datacenter = default</strong>
+      hostname = <em>HOSTNAME</em>
+      ipv4 = <em>IP ADDRESS</em>
+      ...
     ...
-  ...
-  ```
+    ```
 
-  {% note %}
+    {% note %}
 
-  **Note**: If you changed the name of the primary datacenter in step 3, find the `consul-datacenter` key-value pair in the section for each node and change the value to the renamed primary datacenter. For example, if you named the primary datacenter `primary`, use the following key-value pair for each node.
+    **Note**: If you changed the name of the primary datacenter in step 3, find the `consul-datacenter` key-value pair in the section for each node and change the value to the renamed primary datacenter. For example, if you named the primary datacenter `primary`, use the following key-value pair for each node.
 
-      consul-datacenter = primary
+    ```
+    consul-datacenter = primary
+    ```
 
-  {% endnote %}
+    {% endnote %}
 
 {% data reusables.enterprise_clustering.apply-configuration %}
 
@@ -103,31 +107,37 @@ For an example configuration, see "[Example configuration](#example-configuratio
 
 1. For each node in your cluster, provision a matching virtual machine with identical specifications, running the same version of  {% data variables.product.prodname_ghe_server %}. Note the IPv4 address and hostname for each new cluster node. For more information, see "[Prerequisites](#prerequisites)."
 
-  {% note %}
+    {% note %}
 
-  **Note**: If you're reconfiguring high availability after a failover, you can use the old nodes from the primary datacenter instead.
+    **Note**: If you're reconfiguring high availability after a failover, you can use the old nodes from the primary datacenter instead.
 
-  {% endnote %}
+    {% endnote %}
 
 {% data reusables.enterprise_clustering.ssh-to-a-node %}
 
 3. Back up your existing cluster configuration.
 
-        cp /data/user/common/cluster.conf ~/$(date +%Y-%m-%d)-cluster.conf.backup
+    ```
+    cp /data/user/common/cluster.conf ~/$(date +%Y-%m-%d)-cluster.conf.backup
+    ```
 
 4. Create a copy of your existing cluster configuration file in a temporary location, like _/home/admin/cluster-passive.conf_. Delete unique key-value pairs for IP addresses (`ipv*`), UUIDs (`uuid`), and public keys for WireGuard (`wireguard-pubkey`).
 
-        grep -Ev "(?:|ipv|uuid|vpn|wireguard\-pubkey)" /data/user/common/cluster.conf > ~/cluster-passive.conf
+    ```
+    grep -Ev "(?:|ipv|uuid|vpn|wireguard\-pubkey)" /data/user/common/cluster.conf > ~/cluster-passive.conf
+    ```
 
 5. Remove the `[cluster]` section from the temporary cluster configuration file that you copied in the previous step.
 
-        git config -f ~/cluster-passive.conf --remove-section cluster
+    ```
+    git config -f ~/cluster-passive.conf --remove-section cluster
+    ```
 
 6. Decide on a name for the secondary datacenter where you provisioned your passive nodes, then update the temporary cluster configuration file with the new datacenter name. Replace `SECONDARY` with the name you choose.
 
     ```shell
-  sed -i 's/datacenter = default/datacenter = <em>SECONDARY</em>/g' ~/cluster-passive.conf
-  ```
+    sed -i 's/datacenter = default/datacenter = <em>SECONDARY</em>/g' ~/cluster-passive.conf
+    ```
 
 7. Decide on a pattern for the passive nodes' hostnames.
 
@@ -140,7 +150,7 @@ For an example configuration, see "[Example configuration](#example-configuratio
 8. Open the temporary cluster configuration file from step 3 in a text editor. For example, you can use Vim.
 
     ```shell
-        sudo vim ~/cluster-passive.conf
+    sudo vim ~/cluster-passive.conf
     ```
 
 9. In each section within the temporary cluster configuration file, update the node's configuration. {% data reusables.enterprise_clustering.configuration-file-heading %}
@@ -150,37 +160,37 @@ For an example configuration, see "[Example configuration](#example-configuratio
     - Add a new key-value pair, `replica = enabled`.
 
     ```shell
-  [cluster "<em>NEW PASSIVE NODE HOSTNAME</em>"]
+    [cluster "<em>NEW PASSIVE NODE HOSTNAME</em>"]
+      ...
+      hostname = <em>NEW PASSIVE NODE HOSTNAME</em>
+      ipv4 = <em>NEW PASSIVE NODE IPV4 ADDRESS</em>
+      <strong>replica = enabled</strong>
+      ...
     ...
-    hostname = <em>NEW PASSIVE NODE HOSTNAME</em>
-    ipv4 = <em>NEW PASSIVE NODE IPV4 ADDRESS</em>
-    <strong>replica = enabled</strong>
-    ...
-  ...
     ```
 
 10. Append the contents of the temporary cluster configuration file that you created in step 4 to the active configuration file.
 
     ```shell
-  cat ~/cluster-passive.conf >> /data/user/common/cluster.conf
-  ```
+    cat ~/cluster-passive.conf >> /data/user/common/cluster.conf
+    ```
 
 11. Designate the primary MySQL and Redis nodes in the secondary datacenter. Replace `REPLICA MYSQL PRIMARY HOSTNAME` and `REPLICA REDIS PRIMARY HOSTNAME` with the hostnames of the passives node that you provisioned to match your existing MySQL and Redis primaries.
 
     ```shell
-  git config -f /data/user/common/cluster.conf cluster.mysql-master-replica <em>REPLICA MYSQL PRIMARY HOSTNAME</em>
-  git config -f /data/user/common/cluster.conf cluster.redis-master-replica <em>REPLICA REDIS PRIMARY HOSTNAME</em>
-  ```
+    git config -f /data/user/common/cluster.conf cluster.mysql-master-replica <em>REPLICA MYSQL PRIMARY HOSTNAME</em>
+    git config -f /data/user/common/cluster.conf cluster.redis-master-replica <em>REPLICA REDIS PRIMARY HOSTNAME</em>
+    ```
 
 12. Enable MySQL to fail over automatically when you fail over to the passive replica nodes.
 
     ```shell
-  git config -f /data/user/common/cluster.conf cluster.mysql-auto-failover true
+    git config -f /data/user/common/cluster.conf cluster.mysql-auto-failover true
     ```
 
-  {% warning %}
+    {% warning %}
 
-  **Warning**: Review your cluster configuration file before proceeding.
+    **Warning**: Review your cluster configuration file before proceeding.
 
     - In the top-level `[cluster]` section, ensure that the values for `mysql-master-replica` and `redis-master-replica` are the correct hostnames for the passive nodes in the secondary datacenter that will serve as the MySQL and Redis primaries after a failover.
     - In each section for an active node named <code>[cluster "<em>ACTIVE NODE HOSTNAME</em>"]</code>, double-check the following key-value pairs.
@@ -194,9 +204,9 @@ For an example configuration, see "[Example configuration](#example-configuratio
       - `replica` should be configured as `enabled`.
     - Take the opportunity to remove sections for offline nodes that are no longer in use.
 
-  To review an example configuration, see "[Example configuration](#example-configuration)."
+    To review an example configuration, see "[Example configuration](#example-configuration)."
 
-  {% endwarning %}
+    {% endwarning %}
 
 13. Initialize the new cluster configuration. {% data reusables.enterprise.use-a-multiplexer %}
 
@@ -207,7 +217,7 @@ For an example configuration, see "[Example configuration](#example-configuratio
 14. After the initialization finishes, {% data variables.product.prodname_ghe_server %} displays the following message.
 
     ```shell
-        Finished cluster initialization
+    Finished cluster initialization
     ```
 
 {% data reusables.enterprise_clustering.apply-configuration %}
@@ -294,19 +304,27 @@ You can monitor the progress on any node in the cluster, using command-line tool
 
 - Monitor replication of databases:
 
-      /usr/local/share/enterprise/ghe-cluster-status-mysql
+  ```
+  /usr/local/share/enterprise/ghe-cluster-status-mysql
+  ```
 
 - Monitor replication of repository and Gist data:
 
-      ghe-spokes status
+  ```
+  ghe-spokes status
+  ```
 
 - Monitor replication of attachment and LFS data:
 
-      ghe-storage replication-status
+  ```
+  ghe-storage replication-status
+  ```
 
 - Monitor replication of Pages data:
 
-      ghe-dpages replication-status
+  ```
+  ghe-dpages replication-status
+  ```
 
 You can use `ghe-cluster-status` to review the overall health of your cluster. For more information, see  "[Command-line utilities](/enterprise/admin/configuration/command-line-utilities#ghe-cluster-status)."
 

content/admin/enterprise-management/increasing-storage-capacity.md

@@ -20,6 +20,8 @@ As more users join {% data variables.product.product_location %}, you may need t
 
 {% endnote %}
 
+#### Minimum requirements
+
 {% data reusables.enterprise_installation.hardware-rec-table %}
 
 ### Increasing the data partition size

content/admin/installation/installing-github-enterprise-server-on-google-cloud-platform.md

@@ -27,7 +27,7 @@ Before launching {% data variables.product.product_location %} on Google Cloud P
 {% data variables.product.prodname_ghe_server %} is supported on the following Google Compute Engine (GCE) machine types. For more information, see [the Google Cloud Platform machine types article](https://cloud.google.com/compute/docs/machine-types).
 
 | High-memory   |
-  ------------- |
+| ------------- |
 | n1-highmem-4  |
 | n1-highmem-8  |
 | n1-highmem-16 |
@@ -54,7 +54,7 @@ Based on your user license count, we recommend these machine types.
 1. Using the [gcloud compute](https://cloud.google.com/compute/docs/gcloud-compute/) command-line tool, list the public {% data variables.product.prodname_ghe_server %} images:
    ```shell
    $ gcloud compute images list --project github-enterprise-public --no-standard-images
-  ```
+   ```
 
 2. Take note of the image name for the latest GCE image of  {% data variables.product.prodname_ghe_server %}.
 
@@ -63,18 +63,18 @@ Based on your user license count, we recommend these machine types.
 GCE virtual machines are created as a member of a network, which has a firewall. For the network associated with the {% data variables.product.prodname_ghe_server %} VM, you'll need to configure the firewall to allow the required ports listed in the table below. For more information about firewall rules on Google Cloud Platform, see the Google guide "[Firewall Rules Overview](https://cloud.google.com/vpc/docs/firewalls)."
 
 1. Using the gcloud compute command-line tool, create the network. For more information, see "[gcloud compute networks create](https://cloud.google.com/sdk/gcloud/reference/compute/networks/create)" in the Google documentation.
-  ```shell
-  $ gcloud compute networks create <em>NETWORK-NAME</em> --subnet-mode auto
-  ```
+   ```shell
+   $ gcloud compute networks create <em>NETWORK-NAME</em> --subnet-mode auto
+   ```
 2. Create a firewall rule for each of the ports in the table below. For more information, see "[gcloud compute firewall-rules](https://cloud.google.com/sdk/gcloud/reference/compute/firewall-rules/)" in the Google documentation.
-  ```shell
-  $ gcloud compute firewall-rules create <em>RULE-NAME</em> \
-  --network <em>NETWORK-NAME</em> \
-  --allow tcp:22,tcp:25,tcp:80,tcp:122,udp:161,tcp:443,udp:1194,tcp:8080,tcp:8443,tcp:9418,icmp
-  ```
-  This table identifies the required ports and what each port is used for.
+   ```shell
+   $ gcloud compute firewall-rules create <em>RULE-NAME</em> \
+   --network <em>NETWORK-NAME</em> \
+   --allow tcp:22,tcp:25,tcp:80,tcp:122,udp:161,tcp:443,udp:1194,tcp:8080,tcp:8443,tcp:9418,icmp
+   ```
+   This table identifies the required ports and what each port is used for.
 
-  {% data reusables.enterprise_installation.necessary_ports %}
+   {% data reusables.enterprise_installation.necessary_ports %}
 
 ### Allocating a static IP and assigning it to the VM
 
@@ -87,21 +87,21 @@ In production High Availability configurations, both primary and replica applian
 To create the {% data variables.product.prodname_ghe_server %} instance, you'll need to create a GCE instance with your {% data variables.product.prodname_ghe_server %} image and attach an additional storage volume for your instance data. For more information, see "[Hardware considerations](#hardware-considerations)."
 
 1. Using the gcloud compute command-line tool, create a data disk to use as an attached storage volume for your instance data, and configure the size based on your user license count. For more information, see "[gcloud compute disks create](https://cloud.google.com/sdk/gcloud/reference/compute/disks/create)" in the Google documentation.
-  ```shell
-  $ gcloud compute disks create <em>DATA-DISK-NAME</em> --size <em>DATA-DISK-SIZE</em> --type <em>DATA-DISK-TYPE</em> --zone <em>ZONE</em>
-  ```
+   ```shell
+   $ gcloud compute disks create <em>DATA-DISK-NAME</em> --size <em>DATA-DISK-SIZE</em> --type <em>DATA-DISK-TYPE</em> --zone <em>ZONE</em>
+   ```
 
 2. Then create an instance using the name of the {% data variables.product.prodname_ghe_server %} image you selected, and attach the data disk. For more information, see "[gcloud compute instances create](https://cloud.google.com/sdk/gcloud/reference/compute/instances/create)" in the Google documentation.
-  ```shell
-  $ gcloud compute instances create <em>INSTANCE-NAME</em> \
-  --machine-type n1-standard-8 \
-  --image <em>GITHUB-ENTERPRISE-IMAGE-NAME</em> \
-  --disk name=<em>DATA-DISK-NAME</em> \
-  --metadata serial-port-enable=1 \
-  --zone <em>ZONE</em> \
-  --network <em>NETWORK-NAME</em> \
-  --image-project github-enterprise-public
-  ```
+   ```shell
+   $ gcloud compute instances create <em>INSTANCE-NAME</em> \
+   --machine-type n1-standard-8 \
+   --image <em>GITHUB-ENTERPRISE-IMAGE-NAME</em> \
+   --disk name=<em>DATA-DISK-NAME</em> \
+   --metadata serial-port-enable=1 \
+   --zone <em>ZONE</em> \
+   --network <em>NETWORK-NAME</em> \
+   --image-project github-enterprise-public
+   ```
 
 ### Configuring the instance
 

content/admin/overview/about-enterprise-accounts.md

@@ -1,26 +1,31 @@
 ---
 title: About enterprise accounts
-intro: 'With {% data variables.product.prodname_ghe_server %}, you can create an enterprise account to give administrators a single point of visibility and management for their billing and license usage.'
+intro: 'With {% data variables.product.product_name %}, you can use an enterprise account to give administrators a single point of visibility and management{% if enterpriseServerVersions contains currentVersion %} for billing and license usage{% endif %}.'
 redirect_from:
   - /enterprise/admin/installation/about-enterprise-accounts
   - /enterprise/admin/overview/about-enterprise-accounts
 versions:
-  enterprise-server: '*'
+  enterprise-server: '>=2.20'
+  github-ae: '*'
 ---
 
-### About enterprise accounts on {% data variables.product.prodname_ghe_server %}
+### About enterprise accounts on {% data variables.product.product_name %}
 
-An enterprise account allows you to manage multiple {% data variables.product.prodname_dotcom %} organizations and {% data variables.product.prodname_ghe_server %} instances. Your enterprise account must have a handle, like an organization or personal account on {% data variables.product.prodname_dotcom %}. Enterprise administrators can manage settings and preferences, like:
+An enterprise account allows you to manage multiple organizations{% if enterpriseServerVersions contains currentVersion %} and {% data variables.product.prodname_ghe_server %} instances{% else %} on {% data variables.product.product_name %}{% endif %}. Your enterprise account must have a handle, like an organization or personal account on {% data variables.product.prodname_dotcom %}. Enterprise administrators can manage settings and preferences, like:
 
-- Member access and management (organization members, outside collaborators)
-- Billing and usage ({% data variables.product.prodname_ghe_server %} instances, user licenses, {% data variables.large_files.product_name_short %} packs)
-- Security (single sign-on, two factor authentication)
-- Requests and support bundle sharing with {% data variables.contact.enterprise_support %}
+- Member access and management (organization members, outside collaborators){% if enterpriseServerVersions contains currentVersion %}
+- Billing and usage ({% data variables.product.prodname_ghe_server %} instances, user licenses, {% data variables.large_files.product_name_short %} packs){% endif %}
+- Security{% if enterpriseServerVersions contains currentVersion %}(single sign-on, two factor authentication)
+- Requests {% if enterpriseServerVersions contains currentVersion %}and support bundle sharing {% endif %}with {% data variables.contact.enterprise_support %}{% endif %}
 
-{% data reusables.enterprise-accounts.enterprise-accounts-billing %}
+{% if enterpriseServerVersions contains currentVersion %}{% data reusables.enterprise-accounts.enterprise-accounts-billing %} For more information about managing your {% data variables.product.prodname_ghe_cloud %} subscription, see "[Viewing the subscription and usage for your enterprise account](/articles/viewing-the-subscription-and-usage-for-your-enterprise-account)." {% endif %}For more information about managing your {% data variables.product.product_name %} billing settings, see "[Managing billing for your enterprise](/admin/overview/managing-billing-for-your-enterprise)."
+
+{% if enterpriseServerVersions contains currentVersion %}
 
 For more information about the differences between {% data variables.product.prodname_ghe_cloud %} and {% data variables.product.prodname_ghe_server %}, see "[{% data variables.product.prodname_dotcom %}'s products](/articles/githubs-products)." To upgrade to {% data variables.product.prodname_enterprise %} or to get started with an enterprise account, contact {% data variables.contact.contact_enterprise_sales %}.
 
 ### Managing {% data variables.product.prodname_ghe_server %} licenses linked to your enterprise account
 
 {% data reusables.enterprise-accounts.admin-managing-licenses %}
+
+{% endif %}

content/admin/packages/configuring-third-party-storage-for-packages.md

@@ -13,7 +13,7 @@ versions:
 
 {% data variables.product.prodname_registry %} on {% data variables.product.prodname_ghe_server %} uses external blob storage to store your packages. The amount of storage required depends on your usage of {% data variables.product.prodname_registry %}.
 
-At this time, {% data variables.product.prodname_registry %} supports blob storage with Amazon Web Services (AWS) S3. MinIO is also supported, but configuration is not currently implemented in the {% data variables.product.product_name %} interface. You can use MinIO for storage by following the instructions for AWS S3, entering the analogous information for your MinIO configuration.
+At this time, {% data variables.product.prodname_registry %} supports blob storage with Amazon Web Services (AWS) S3. MinIO is also supported, but configuration is not currently implemented in the {% data variables.product.product_name %} interface. You can use MinIO for storage by following the instructions for AWS S3, entering the analogous information for your MinIO configuration. Before configuring third-party storage for {% data variables.product.prodname_registry %} on {% data variables.product.prodname_dotcom %}, you must set up a bucket with your third-party storage provider. For more information on installing and running a MinIO bucket to use with {% data variables.product.prodname_registry %}, see the "[Quickstart for configuring MinIO storage](/admin/packages/quickstart-for-configuring-minio-storage)."
 
 For the best experience, we recommend using a dedicated bucket for {% data variables.product.prodname_registry %}, separate from the bucket you use for {% data variables.product.prodname_actions %} storage.
 
@@ -21,7 +21,10 @@ For the best experience, we recommend using a dedicated bucket for {% data varia
 
 {% warning %}
 
-**Warning:** Make sure to configure the bucket you'll want to use in the future. We do not recommend changing your storage after you start using {% data variables.product.prodname_registry %}.
+**Warnings:**
+- It's critical you set the restrictive access policies you want for your storage bucket because {% data variables.product.company_short %} does not apply specific object permissions or additional access control lists (ACLs) to your storage bucket configuration. For example, if you make your bucket public, data in the bucket will be accessible on the public internet. For more information, see [Setting bucket and object access permissions](https://docs.aws.amazon.com/AmazonS3/latest/user-guide/set-permissions.html) in the AWS Documentation.
+- We recommend using a dedicated bucket for {% data variables.product.prodname_registry %}, separate from the bucket you use for {% data variables.product.prodname_actions %} storage.
+- Make sure to configure the bucket you'll want to use in the future. We do not recommend changing your storage after you start using {% data variables.product.prodname_registry %}.
 
 {% endwarning %}
 

content/admin/packages/index.md

@@ -1,6 +1,5 @@
 ---
 title: Managing GitHub Packages for your enterprise
-shortTitle: GitHub Packages
 intro: 'You can enable {% data variables.product.prodname_registry %} for your enterprise and manage {% data variables.product.prodname_registry %} settings and allowed packaged types.'
 redirect_from:
   - /enterprise/admin/packages
@@ -11,5 +10,6 @@ versions:
 {% data reusables.package_registry.packages-ghes-release-stage %}
 
 {% link_with_intro /enabling-github-packages-for-your-enterprise %}
+{% link_with_intro /quickstart-for-configuring-minio-storage %}
 {% link_with_intro /configuring-packages-support-for-your-enterprise %}
 {% link_with_intro /configuring-third-party-storage-for-packages %}

content/admin/packages/quickstart-for-configuring-minio-storage.md

@@ -0,0 +1,133 @@
+---
+title: Quickstart for configuring MinIO storage
+intro: 'Set up MinIO as a storage provider for using {% data variables.product.prodname_registry %} on your enterprise.'
+versions:
+  enterprise-server: '>=2.22'
+---
+
+{% data reusables.package_registry.packages-ghes-release-stage %}
+
+Before you can enable and configure {% data variables.product.prodname_registry %} on {% data variables.product.product_location_enterprise %}, you need to prepare your third-party storage solution.
+
+MinIO offers object storage with support for the S3 API and {% data variables.product.prodname_registry %} on your enterprise.
+
+This quickstart shows you how to set up MinIO using Docker for use with {% data variables.product.prodname_registry %} but you have other options for managing MinIO besides Docker. For more information about MinIO, see the official [MinIO docs](https://docs.min.io/).
+
+### 1. Choose a MinIO mode for your needs 
+
+| MinIO mode | Optimized for | Storage infrastructure required | 
+|----|----|----|
+| Standalone MinIO (on a single host) | Fast setup |  N/A | 
+| MinIO as a NAS gateway |  NAS (Network-attached storage)| NAS devices |
+| Clustered MinIO (also called Distributed MinIO)|  Data security | Storage servers running in a cluster |
+
+For more information about your options, see the official [MinIO docs](https://docs.min.io/).
+
+### 2. Install, run, and sign in to MinIO
+
+1. Set up your preferred environment variables for MinIO.
+
+    These examples use `MINIO_DIR`:
+    ```shell
+    $ export MINIO_DIR=$(pwd)/minio
+    $ mkdir -p $MINIO_DIR
+    ```
+
+2. Install MinIO.
+
+    ```shell
+    $ docker pull minio/minio
+    ```
+    For more information, see the official "[MinIO Quickstart Guide](https://docs.min.io/docs/minio-quickstart-guide)."
+
+3. Sign in to MinIO using your MinIO access key and secret.
+
+    {% linux %}
+    ```shell
+    $ export MINIO_ACCESS_KEY=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1)
+    # this one is actually a secret, so careful
+    $ export MINIO_SECRET_KEY=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1)
+    ```
+    {% endlinux %}
+
+    {% mac %}
+    ```shell
+    $ export MINIO_ACCESS_KEY=$(cat /dev/urandom | LC_CTYPE=C tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1)
+    # this one is actually a secret, so careful
+    $ export MINIO_SECRET_KEY=$(cat /dev/urandom | LC_CTYPE=C tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1)
+    ```
+    {% endmac %}
+
+    You can access your MinIO keys using the environment variables: 
+
+    ```shell
+    $ echo $MINIO_ACCESS_KEY
+    $ echo $MINIO_SECRET_KEY
+    ```
+
+4. Run MinIO in your chosen mode.
+
+   * Run MinIO using Docker on a single host:
+
+     ```shell
+     $ docker run -p 9000:9000 \
+             -v $MINIO_DIR:/data \
+             -e "MINIO_ACCESS_KEY=$MINIO_ACCESS_KEY" \
+             -e "MINIO_SECRET_KEY=$MINIO_SECRET_KEY" \
+             minio/minio server /data
+     ```
+
+     For more information, see "[MinIO Docker Quickstart guide](https://docs.min.io/docs/minio-docker-quickstart-guide.html)."
+ 
+   * Run MinIO using Docker as a NAS gateway:
+ 
+     This setup is useful for deployments where there is already a NAS you want to use as the backup storage for {% data variables.product.prodname_registry %}.
+
+     ```shell
+     $ docker run -p 9000:9000 \
+             -v $MINIO_DIR:/data \
+             -e "MINIO_ACCESS_KEY=$MINIO_ACCESS_KEY" \
+             -e "MINIO_SECRET_KEY=$MINIO_SECRET_KEY" \
+             minio/minio gateway nas /data
+     ```
+
+     For more information, see "[MinIO Gateway for NAS](https://docs.min.io/docs/minio-gateway-for-nas.html)."
+ 
+   * Run MinIO using Docker as a cluster. This MinIO deployment uses several hosts and MinIO's erasure coding for the strongest data protection. To run MinIO in a cluster mode, see the "[Distributed MinIO Quickstart Guide](https://docs.min.io/docs/distributed-minio-quickstart-guide.html).
+
+### 3. Create your MinIO bucket for {% data variables.product.prodname_registry %}
+
+1. Install the MinIO client.  
+
+    ```shell
+    $ docker pull minio/mc
+    ```
+
+2. Create a bucket with a host URL that {% data variables.product.prodname_ghe_server %} can access.
+
+   * Local deployments example:
+
+     ```shell
+     $ export MC_HOST_minio="http://${MINIO_ACCESS_KEY}:${MINIO_SECRET_KEY} @localhost:9000"
+     $ docker run minio/mc <em>BUCKET-NAME</em>
+     ```
+
+     This example can be used for MinIO standalone or MinIO as a NAS gateway.
+
+   * Clustered deployments example:
+
+     ```shell
+     $ export MC_HOST_minio="http://${MINIO_ACCESS_KEY}:${MINIO_SECRET_KEY} @minioclustername.example.com:9000"
+     $ docker run minio/mc mb packages
+     ```
+
+
+### Next steps
+
+To finish configuring storage for {% data variables.product.prodname_registry %}, you'll need to copy the MinIO storage URL:
+
+  ```
+  echo "http://${MINIO_ACCESS_KEY}:${MINIO_SECRET_KEY}@minioclustername.example.com:9000"
+  ```
+
+For the next steps, see "[Configuring third-party storage for packages](/admin/packages/configuring-third-party-storage-for-packages)."

content/admin/policies/creating-a-pre-receive-hook-environment.md

@@ -21,10 +21,10 @@ You can use a Linux container management tool to build a pre-receive hook enviro
 {% data reusables.linux.ensure-docker %}
 2. Create the file `Dockerfile.alpine-3.3` that contains this information:
 
-    ```
-    FROM gliderlabs/alpine:3.3
-    RUN apk add --no-cache git bash
-    ```
+   ```
+   FROM gliderlabs/alpine:3.3
+   RUN apk add --no-cache git bash
+   ```
 3. From the working directory that contains `Dockerfile.alpine-3.3`, build an image:
 
    ```shell
@@ -36,37 +36,37 @@ You can use a Linux container management tool to build a pre-receive hook enviro
    >  ---> Using cache
    >  ---> 0250ab3be9c5
    > Successfully built 0250ab3be9c5
-  ```
+   ```
 4. Create a container:
 
    ```shell
    $ docker create --name pre-receive.alpine-3.3 pre-receive.alpine-3.3 /bin/true
-  ```
+   ```
 5. Export the Docker container to a `gzip` compressed `tar` file:
 
    ```shell
    $ docker export pre-receive.alpine-3.3 | gzip > alpine-3.3.tar.gz
-  ```
+   ```
 
-  This file `alpine-3.3.tar.gz` is ready to be uploaded to the {% data variables.product.prodname_ghe_server %} appliance.
+   This file `alpine-3.3.tar.gz` is ready to be uploaded to the {% data variables.product.prodname_ghe_server %} appliance.
 
 ### Creating a pre-receive hook environment using chroot
 
 1. Create a Linux `chroot` environment.
 2. Create a `gzip` compressed `tar` file of the `chroot` directory.
-  ```shell
-  $ cd /path/to/chroot
-  $ tar -czf /path/to/pre-receive-environment.tar.gz .
+   ```shell
+   $ cd /path/to/chroot
+   $ tar -czf /path/to/pre-receive-environment.tar.gz .
    ```
 
-  {% note %}
+   {% note %}
 
-    **Notes:**
-    - Do not include leading directory paths of files within the tar archive, such as `/path/to/chroot`.
-    - `/bin/sh` must exist and be executable, as the entry point into the chroot environment.
-    - Unlike traditional chroots, the `dev` directory is not required by the chroot environment for pre-receive hooks.
+   **Notes:**
+   - Do not include leading directory paths of files within the tar archive, such as `/path/to/chroot`.
+   - `/bin/sh` must exist and be executable, as the entry point into the chroot environment.
+   - Unlike traditional chroots, the `dev` directory is not required by the chroot environment for pre-receive hooks.
 
-  {% endnote %}
+   {% endnote %}
 
 For more information about creating a chroot environment see "[Chroot](https://wiki.debian.org/chroot)" from the *Debian Wiki*, "[BasicChroot](https://help.ubuntu.com/community/BasicChroot)" from the *Ubuntu Community Help Wiki*, or "[Installing Alpine Linux in a chroot](http://wiki.alpinelinux.org/wiki/Installing_Alpine_Linux_in_a_chroot)" from the *Alpine Linux Wiki*.
 
@@ -94,4 +94,4 @@ For more information about creating a chroot environment see "[Chroot](https://w
    ```shell
    admin@ghe-host:~$ ghe-hook-env-create AlpineTestEnv /home/admin/alpine-3.3.tar.gz
    > Pre-receive hook environment 'AlpineTestEnv' (2) has been created.
-  ```
+   ```

content/admin/policies/creating-a-pre-receive-hook-script.md

@@ -71,19 +71,19 @@ We recommend consolidating hooks to a single repository. If the consolidated hoo
 
    ```shell
    $ sudo chmod +x <em>SCRIPT_FILE.sh</em>
-  ```
-  For Windows users, ensure the scripts have execute permissions:
+   ```
+   For Windows users, ensure the scripts have execute permissions:
 
-  ```shell
-  git update-index --chmod=+x <em>SCRIPT_FILE.sh</em>
-  ```
+   ```shell
+   git update-index --chmod=+x <em>SCRIPT_FILE.sh</em>
+   ```
 
 2. Commit and push to your designated pre-receive hooks repository on the {% data variables.product.prodname_ghe_server %} instance.
 
    ```shell
    $ git commit -m "<em>YOUR COMMIT MESSAGE</em>"
    $ git push
-  ```
+   ```
 
 3. [Create the pre-receive hook](/enterprise/{{ currentVersion }}/admin/guides/developer-workflow/managing-pre-receive-hooks-on-the-github-enterprise-server-appliance/#creating-pre-receive-hooks) on the {% data variables.product.prodname_ghe_server %} instance.
 
@@ -94,40 +94,40 @@ You can test a pre-receive hook script locally before you create or update it on
 
 2. Create a file called `Dockerfile.dev` containing:
 
-    ```
-    FROM gliderlabs/alpine:3.3
-    RUN \
-      apk add --no-cache git openssh bash && \
-      ssh-keygen -A && \
-      sed -i "s/#AuthorizedKeysFile/AuthorizedKeysFile/g" /etc/ssh/sshd_config && \
-      adduser git -D -G root -h /home/git -s /bin/bash && \
-      passwd -d git && \
-      su git -c "mkdir /home/git/.ssh && \
-      ssh-keygen -t ed25519 -f /home/git/.ssh/id_ed25519 -P '' && \
-      mv /home/git/.ssh/id_ed25519.pub /home/git/.ssh/authorized_keys && \
-      mkdir /home/git/test.git && \
-      git --bare init /home/git/test.git"
+   ```
+   FROM gliderlabs/alpine:3.3
+   RUN \
+     apk add --no-cache git openssh bash && \
+     ssh-keygen -A && \
+     sed -i "s/#AuthorizedKeysFile/AuthorizedKeysFile/g" /etc/ssh/sshd_config && \
+     adduser git -D -G root -h /home/git -s /bin/bash && \
+     passwd -d git && \
+     su git -c "mkdir /home/git/.ssh && \
+     ssh-keygen -t ed25519 -f /home/git/.ssh/id_ed25519 -P '' && \
+     mv /home/git/.ssh/id_ed25519.pub /home/git/.ssh/authorized_keys && \
+     mkdir /home/git/test.git && \
+     git --bare init /home/git/test.git"
 
-    VOLUME ["/home/git/.ssh", "/home/git/test.git/hooks"]
-    WORKDIR /home/git
+   VOLUME ["/home/git/.ssh", "/home/git/test.git/hooks"]
+   WORKDIR /home/git
 
-    CMD ["/usr/sbin/sshd", "-D"]
-    ```
+   CMD ["/usr/sbin/sshd", "-D"]
+   ```
 
 3. Create a test pre-receive script called `always_reject.sh`. This example script will reject all pushes, which is useful for locking a repository:
 
-    ```
-    #!/usr/bin/env bash
+   ```
+   #!/usr/bin/env bash
 
-    echo "error: rejecting all pushes"
-    exit 1
-    ```
+   echo "error: rejecting all pushes"
+   exit 1
+   ```
 
 4. Ensure the `always_reject.sh` scripts has execute permissions:
 
    ```shell
    $ chmod +x always_reject.sh
-  ```
+   ```
 
 5. From the directory containing `Dockerfile.dev`, build an image:
 
@@ -150,32 +150,32 @@ You can test a pre-receive hook script locally before you create or update it on
    ....truncated output....
    > Initialized empty Git repository in /home/git/test.git/
    > Successfully built dd8610c24f82
-  ```
+   ```
 
 6. Run a data container that contains a generated SSH key:
 
    ```shell
    $ docker run --name data pre-receive.dev /bin/true
-  ```
+   ```
 
 7. Copy the test pre-receive hook `always_reject.sh` into the data container:
 
    ```shell
    $ docker cp always_reject.sh data:/home/git/test.git/hooks/pre-receive
-  ```
+   ```
 
 8. Run an application container that runs `sshd` and executes the hook. Take note of the container id that is returned:
 
    ```shell
    $ docker run -d -p 52311:22 --volumes-from data pre-receive.dev
    > 7f888bc700b8d23405dbcaf039e6c71d486793cad7d8ae4dd184f4a47000bc58
-  ```
+   ```
 
 9. Copy the generated SSH key from the data container to the local machine:
 
    ```shell
    $ docker cp data:/home/git/.ssh/id_ed25519 .
-  ```
+   ```
 
 10. Modify the remote of a test repository and push to the `test.git` repo within the Docker container. This example uses `git@github.com:octocat/Hello-World.git` but you can use any repo you want. This example assumes your local machine (127.0.0.1) is binding port 52311, but you can use a different IP address if docker is running on a remote machine.
 
@@ -194,9 +194,9 @@ You can test a pre-receive hook script locally before you create or update it on
    > To git@192.168.99.100:test.git
    >  ! [remote rejected] main -> main (pre-receive hook declined)
    > error: failed to push some refs to 'git@192.168.99.100:test.git'
-  ```
+   ```
 
-  Notice that the push was rejected after executing the pre-receive hook and echoing the output from the script.
+   Notice that the push was rejected after executing the pre-receive hook and echoing the output from the script.
 
 ### Further reading
  - "[Customizing Git - An Example Git-Enforced Policy](https://git-scm.com/book/en/v2/Customizing-Git-An-Example-Git-Enforced-Policy)" from the *Pro Git website*

content/admin/policies/enforcing-repository-management-policies-in-your-enterprise.md

@@ -34,7 +34,7 @@ versions:
 
 Each time someone creates a new repository on your enterprise, that person must choose a visibility for the repository. When you configure a default visibility setting for the enterprise, you choose which visibility is selected by default. For more information on repository visibility, see "[About repository visibility](/github/creating-cloning-and-archiving-repositories/about-repository-visibility)."
 
-If a site administrator disallows members from creating certain types of repositories, members will not be able to create that type of repository even if the visibility setting defaults to that type. For more information, see "[Setting a policy for repository creation](#setting-a-policy-for-repository-creation)."
+If an enterprise owner disallows members from creating certain types of repositories, members will not be able to create that type of repository even if the visibility setting defaults to that type. For more information, see "[Setting a policy for repository creation](#setting-a-policy-for-repository-creation)."
 
 {% data reusables.enterprise-accounts.access-enterprise %}
 {% if currentVersion ver_gt "enterprise-server@2.21" or currentVersion == "github-ae@latest" %}
@@ -50,9 +50,9 @@ If a site administrator disallows members from creating certain types of reposit
 
 ### Setting a policy for changing a repository's visibility
 
-When you prevent members from changing repository visibility, only site administrators have the ability to make public repositories private or make private repositories public.
+When you prevent members from changing repository visibility, only enterprise owners can change the visibility of a repository.
 
-If a site administrator has restricted repository creation to organization owners only, then members will not be able to change repository visibility. If a site administrator has restricted member repository creation to private repositories only, then members will only be able to change repositories from public to private. For more information, see "[Setting a policy for repository creation](#setting-a-policy-for-repository-creation)."
+If an enterprise owner has restricted repository creation to organization owners only, then members will not be able to change repository visibility. If an enterprise owner has restricted member repository creation to private repositories only, then members will only be able to change the visibility of a repository to private. For more information, see "[Setting a policy for repository creation](#setting-a-policy-for-repository-creation)."
 
 {% data reusables.enterprise-accounts.access-enterprise %}
 {% data reusables.enterprise-accounts.policies-tab %}
@@ -77,6 +77,16 @@ If a site administrator has restricted repository creation to organization owner
   ![Drop-down menu with repository creation policies](/assets/images/enterprise/site-admin-settings/repository-creation-drop-down.png)
 {% endif %}
 
+### Enforcing a policy on forking private or internal repositories
+
+Across all organizations owned by your enterprise, you can allow people with access to a private or internal repository to fork the repository, never allow forking of private or internal repositories, or allow owners to administer the setting on the organization level.
+
+{% data reusables.enterprise-accounts.access-enterprise %}
+{% data reusables.enterprise-accounts.policies-tab %}
+3. On the **Repository policies** tab, under "Repository forking", review the information about changing the setting. {% data reusables.enterprise-accounts.view-current-policy-config-orgs %}
+4. Under "Repository forking", use the drop-down menu and choose a policy.
+  ![Drop-down menu with repository forking policy options](/assets/images/help/business-accounts/repository-forking-policy-drop-down.png)
+
 ### Setting a policy for repository deletion and transfer
 
 {% data reusables.enterprise-accounts.access-enterprise %}
@@ -175,6 +185,8 @@ You can override the default inherited settings by configuring the settings for
 6. Optionally, select **Enforce on all repositories** to override repository-specific settings. Note that this will **not** override an enterprise-wide policy.
    ![Block force pushes](/assets/images/enterprise/site-admin-settings/user/user-block-all-force-pushes.png)
 
+{% if enterpriseServerVersions contains currentVersion %}
+
 ### Configuring anonymous Git read access
 
 {% data reusables.enterprise_user_management.disclaimer-for-git-read-access %}
@@ -203,7 +215,6 @@ If necessary, you can prevent repository administrators from changing anonymous
 3. Optionally, to prevent repository admins from changing anonymous Git read access settings in all repositories on your enterprise, select **Prevent repository admins from changing anonymous Git read access**.
 ![Select checkbox to prevent repository admins from changing anonymous Git read access settings for all repositories on your enterprise](/assets/images/enterprise/site-admin-settings/globally-lock-repos-from-changing-anonymous-git-read-access.png)
 
-{% if enterpriseServerVersions contains currentVersion %}
 #### Setting anonymous Git read access for a specific repository
 
 {% data reusables.enterprise_site_admin_settings.access-settings %}
@@ -217,6 +228,7 @@ If necessary, you can prevent repository administrators from changing anonymous
 ![Confirm anonymous Git read access setting in pop-up window](/assets/images/enterprise/site-admin-settings/confirm-anonymous-git-read-access-for-specific-repo-as-site-admin.png)
 8. Optionally, to prevent repository admins from changing this setting for this repository, select **Prevent repository admins from changing anonymous Git read access**.
 ![Select checkbox to prevent repository admins from changing anonymous Git read access for this repository](/assets/images/enterprise/site-admin-settings/lock_anonymous_git_access_for_specific_repo.png)
+
 {% endif %}
 
 {% if currentVersion ver_gt "enterprise-server@2.22" or currentVersion == "github-ae@latest" %}

content/admin/release-notes.md

@@ -0,0 +1,7 @@
+---
+title: Release notes
+intro: The release notes for {{ allVersions[currentVersion].versionTitle }}.
+layout: release-notes
+versions:
+  enterprise-server: '*'
+---

content/admin/user-management/audited-actions.md

@@ -45,9 +45,9 @@ Name                              | Description
 Name                                            | Description
 -----------------------------------------------:| -------------------------------------------
 `business.update_member_repository_creation_permission` | A site admin restricts repository creation in organizations in the enterprise. For more information, see "[Enforcing repository management policies in your enterprise](/admin/policies/enforcing-repository-management-policies-in-your-enterprise#setting-a-policy-for-repository-creation)."
-`business.clear_members_can_create_repos` | A site admin clears a restriction on repository creation in organizations in the enterprise. For more information, see "[Enforcing repository management policies in your enterprise](/admin/policies/enforcing-repository-management-policies-in-your-enterprise#setting-a-policy-for-repository-creation)."
+`business.clear_members_can_create_repos` | A site admin clears a restriction on repository creation in organizations in the enterprise. For more information, see "[Enforcing repository management policies in your enterprise](/admin/policies/enforcing-repository-management-policies-in-your-enterprise#setting-a-policy-for-repository-creation)."{% if enterpriseServerVersions contains currentVersion %}
 `enterprise.config.lock_anonymous_git_access`   | A site admin locks anonymous Git read access to prevent repository admins from changing existing anonymous Git read access settings for repositories in the enterprise. For more information, see "[Enforcing repository management policies in your enterprise](/admin/policies/enforcing-repository-management-policies-in-your-enterprise#configuring-anonymous-git-read-access)."
-`enterprise.config.unlock_anonymous_git_access` | A site admin unlocks anonymous Git read access to allow repository admins to change existing anonymous Git read access settings for repositories in the enterprise. For more information, see "[Enforcing repository management policies in your enterprise](/admin/policies/enforcing-repository-management-policies-in-your-enterprise#configuring-anonymous-git-read-access)."
+`enterprise.config.unlock_anonymous_git_access` | A site admin unlocks anonymous Git read access to allow repository admins to change existing anonymous Git read access settings for repositories in the enterprise. For more information, see "[Enforcing repository management policies in your enterprise](/admin/policies/enforcing-repository-management-policies-in-your-enterprise#configuring-anonymous-git-read-access)."{% endif %}
 
 #### Issues and pull requests
 
@@ -85,7 +85,7 @@ Name                       | Description
 
 Name                  | Description
 ---------------------:| -------------------------------------------------------
-`repo.access`         | A private repository was made public, or a public repository was made private.
+`repo.access`         | The visibility of a repository changed to private{% if enterpriseServerVersions contains currentVersion %}, public,{% endif %} or internal.
 `repo.archive`        | A repository was archived. For more information, see "[Archiving a {% data variables.product.prodname_dotcom %} repository](/github/creating-cloning-and-archiving-repositories/archiving-a-github-repository)."
 `repo.add_member`     | A collaborator was added to a repository.
 `repo.config`         | A site admin blocked force pushes. For more information, see [Blocking force pushes to a repository](/enterprise/{{ currentVersion }}/admin/guides/developer-workflow/blocking-force-pushes-to-a-repository/) to a repository.
@@ -95,11 +95,11 @@ Name                  | Description
 `repo.rename`         | A repository was renamed.
 `repo.transfer`       | A user accepted a request to receive a transferred repository.
 `repo.transfer_start` | A user sent a request to transfer a repository to another user or organization.
-`repo.unarchive`        | A repository was unarchived. For more information, see "[Archiving a {% data variables.product.prodname_dotcom %} repository](/github/creating-cloning-and-archiving-repositories/archiving-a-github-repository)."
-`repo.config.disable_anonymous_git_access`| Anonymous Git read access is disabled for a public repository. For more information, see "[Enabling anonymous Git read access for a repository](/enterprise/{{ currentVersion }}/user/articles/enabling-anonymous-git-read-access-for-a-repository)."
-`repo.config.enable_anonymous_git_access` | Anonymous Git read access is enabled for a public repository. For more information, see "[Enabling anonymous Git read access for a repository](/enterprise/{{ currentVersion }}/user/articles/enabling-anonymous-git-read-access-for-a-repository)."
+`repo.unarchive`        | A repository was unarchived. For more information, see "[Archiving a {% data variables.product.prodname_dotcom %} repository](/github/creating-cloning-and-archiving-repositories/archiving-a-github-repository)."{% if enterpriseServerVersions contains currentVersion %}
+`repo.config.disable_anonymous_git_access`| Anonymous Git read access is disabled for a repository. For more information, see "[Enabling anonymous Git read access for a repository](/enterprise/{{ currentVersion }}/user/articles/enabling-anonymous-git-read-access-for-a-repository)."
+`repo.config.enable_anonymous_git_access` | Anonymous Git read access is enabled for a repository. For more information, see "[Enabling anonymous Git read access for a repository](/enterprise/{{ currentVersion }}/user/articles/enabling-anonymous-git-read-access-for-a-repository)."
 `repo.config.lock_anonymous_git_access` | A repository's anonymous Git read access setting is locked, preventing repository administrators from changing (enabling or disabling) this setting. For more information, see "[Preventing users from changing anonymous Git read access](/enterprise/{{ currentVersion }}/admin/guides/user-management/preventing-users-from-changing-anonymous-git-read-access)."
-`repo.config.unlock_anonymous_git_access` | A repository's anonymous Git read access setting is unlocked, allowing repository administrators to change (enable or disable) this setting. For more information, see "[Preventing users from changing anonymous Git read access](/enterprise/{{ currentVersion }}/admin/guides/user-management/preventing-users-from-changing-anonymous-git-read-access)."
+`repo.config.unlock_anonymous_git_access` | A repository's anonymous Git read access setting is unlocked, allowing repository administrators to change (enable or disable) this setting. For more information, see "[Preventing users from changing anonymous Git read access](/enterprise/{{ currentVersion }}/admin/guides/user-management/preventing-users-from-changing-anonymous-git-read-access)."{% endif %}
 
 #### Site admin tools
 

content/admin/user-management/managing-organizations-in-your-enterprise.md

@@ -5,10 +5,9 @@ redirect_from:
   - /enterprise/admin/categories/admin-bootcamp/
   - /enterprise/admin/user-management/organizations-and-teams
   - /enterprise/admin/user-management/managing-organizations-in-your-enterprise
-intro: 'Organizations are great for creating distinct groups of users within your company, such as divisions or groups working on similar projects. Public repositories that belong to an organization are accessible to users in other organizations, while private repositories are inaccessible to anyone but members of the organization.'
+intro: 'Organizations are great for creating distinct groups of users within your company, such as divisions or groups working on similar projects. {% if currentVersion == "github-ae@latest" %}Internal{% else %}Public and internal{% endif %} repositories that belong to an organization are accessible to users in other organizations, while private repositories are inaccessible to anyone but members of the organization that are granted access.'
 mapTopic: true
 versions:
   enterprise-server: '*'
   github-ae: '*'
 ---
-

content/desktop/contributing-and-collaborating-using-github-desktop/committing-and-reviewing-changes-to-your-project.md

@@ -35,17 +35,25 @@ As you make changes to files in your text editor and save them locally, you will
 
 #### Creating a partial commit
 
-If one file contains multiple changes, but you only want *some* of those changes to be included in a commit, you can create a partial commit. The rest of your changes will remain intact, so that you can make additional modifications and commits. This allows you to make separate, meaningful commits, such as keeping line break changes in a commit separate from code or prose changes.
+If one file contains multiple changes, but you only want some of those changes to be included in a commit, you can create a partial commit. The rest of your changes will remain intact, so that you can make additional modifications and commits. This allows you to make separate, meaningful commits, such as keeping line break changes in a commit separate from code or prose changes.
 
-When you review the diff of the file, the lines that will be included in the commit are highlighted in blue. To exclude the change, click the changed line so the blue disappears.
+{% note %}
 
-![Unselected lines in a file](/assets/images/help/desktop/partial-commit.png)
+**Note:** Split diff displays are currently in beta and subject to change.
 
-#### Discarding changes
+{% endnote %}
 
-You can discard all the uncommitted changes in one file, a range of files, or discard all changes in all files since the last commit.
+1. To choose how your changes are displayed, in the top-right corner of the changed file, use {% octicon "gear" aria-label="The Gear icon" %} to select **Unified** or **Split**.
+  ![Gear icon with unified and split diffs](/assets/images/help/desktop/gear-diff-select.png)
+2. To exclude changed lines from your commit, click one or more changed lines so the blue disappears. The lines that are still highlighted in blue will be included in the commit.
+  ![Unselected lines in a file](/assets/images/help/desktop/partial-commit.png)
 
-{% mac %}
+### 3. Discarding changes
+If you have uncommitted changes that you don't want to keep, you can discard the changes. This will remove the changes from the files on your computer. You can discard all uncommitted changes in one or more files, or you can discard specific lines you added.
+
+Discarded changes are saved in a dated file in the Trash. You can recover discarded changes until the Trash is emptied.
+
+#### Discarding changes in one or more files
 
 {% data reusables.desktop.select-discard-files %}
 {% data reusables.desktop.click-discard-files %}
@@ -53,30 +61,25 @@ You can discard all the uncommitted changes in one file, a range of files, or di
 {% data reusables.desktop.confirm-discard-files %}
   ![Discard Changes button in the confirmation dialog](/assets/images/help/desktop/discard-changes-confirm-mac.png)
 
-{% tip %}
+#### Discarding changes in one or more lines
+You can discard one or more changed lines that are uncommitted.
 
-**Tip:** The changes you discarded are saved in a dated file in the Trash and you can recover them until the Trash is emptied.
+{% note %}
 
-{% endtip %}
+**Note:** Discarding single lines is disabled in a group of changes that adds and removes lines.
 
-{% endmac %}
+{% endnote %}
 
-{% windows %}
+To discard one added line, in the list of changed lines, right click on the line you want to discard and select **Discard added line**.
 
-{% data reusables.desktop.select-discard-files %}{% data reusables.desktop.click-discard-files %}
-  ![Discard Changes option in context menu](/assets/images/help/desktop/discard-changes-win.png)
-{% data reusables.desktop.confirm-discard-files %}
-  ![Discard Changes button in the confirmation dialog](/assets/images/help/desktop/discard-changes-confirm-win.png)
+  ![Discard single line in the confirmation dialog](/assets/images/help/desktop/discard-single-line.png)
 
-{% tip %}
+To discard a group of changed lines, right click the vertical bar to the right of the line numbers for the lines you want to discard, then select **Discard added lines**.
 
-**Tip:** The changes you discarded are saved in a file in the Recycle Bin and you can recover them until it is emptied.
+  ![Discard a group of added lines in the confirmation dialog](/assets/images/help/desktop/discard-multiple-lines.png)
 
-{% endtip %}
 
-{% endwindows %}
-
-### 3. Write a commit message and push your changes
+### 4. Write a commit message and push your changes
 
 Once you're satisfied with the changes you've chosen to include in your commit, write your commit message and push your changes. If you've collaborated on a commit, you can also attribute a commit to more than one author.
 

content/developers/apps/authorizing-oauth-apps.md

@@ -115,11 +115,13 @@ curl -H "Authorization: token OAUTH-TOKEN" {% data variables.product.api_url_pre
 {% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.21" or currentVersion == "github-ae@latest" %}
 ### Device flow
 
+{% if currentVersion ver_lt "enterprise-server@3.1" %}
 {% note %}
 
-**Note:** The device flow is in public beta and subject to change.{% if currentVersion == "free-pro-team@latest" %} To enable this beta feature, see "[Activating beta features for apps](/developers/apps/activating-beta-features-for-apps)."{% endif %}
+**Note:** The device flow is in public beta and subject to change.
 
 {% endnote %}
+{% endif %}
 
 The device flow allows you to authorize users for a headless app, such as a CLI tool or Git credential manager.