Add Code security landing and guides pages (#19650)

components/context/ProductLandingContext.tsx

@@ -48,7 +48,6 @@ export type ProductLandingContextT = {
     viewAllHref?: string // If provided, adds a "View All ->" to the header
     articles: Array<FeaturedLink>
   }>
-  changelog: { label: string; prefix: string }
   changelogUrl?: string
   whatsNewChangelog?: Array<{ href: string; title: string; date: string }>
   tocItems: Array<TocItem>
@@ -85,7 +84,6 @@ export const getProductLandingContextFromRequest = (req: any): ProductLandingCon
       'beta_product',
       'intro',
       'product_video',
-      'changelog',
     ]),
     product: {
       href: productTree.href,

components/landing/CodeExampleCard.tsx

@@ -1,5 +1,6 @@
 import { RepoIcon } from '@primer/octicons-react'
 import { CodeExample } from 'components/context/ProductLandingContext'
+import { TruncateLines } from 'components/TruncateLines'
 
 type Props = {
   example: CodeExample
@@ -28,7 +29,9 @@ export const CodeExampleCard = ({ example }: Props) => {
       </div>
       <footer className="border-top p-4 color-text-secondary d-flex flex-items-center">
         <RepoIcon className="flex-shrink-0" />
-        <span className="ml-2 text-mono text-small color-text-link">{example.href}</span>
+        <TruncateLines as="span" maxLines={1} className="ml-2 text-mono text-small color-text-link line-break-anywhere">
+          {example.href}
+        </TruncateLines>
       </footer>
     </a>
   )

components/landing/FeaturedArticles.tsx

@@ -8,12 +8,8 @@ import { useTranslation } from 'components/hooks/useTranslation'
 import { TruncateLines } from 'components/TruncateLines'
 
 export const FeaturedArticles = () => {
-  const {
-    featuredArticles = [],
-    changelog,
-    whatsNewChangelog,
-    changelogUrl,
-  } = useProductLandingContext()
+  const { featuredArticles = [], whatsNewChangelog, changelogUrl } = useProductLandingContext()
+  const hasWhatsNewChangelog = whatsNewChangelog && whatsNewChangelog.length > 0
   const { t } = useTranslation('toc')
 
   return (
@@ -22,7 +18,7 @@ export const FeaturedArticles = () => {
         return (
           <div
             key={section.label + i}
-            className={cx('col-12 mb-4 mb-lg-0', changelog ? 'col-lg-4' : 'col-lg-6')}
+            className={cx('col-12 mb-4 mb-lg-0', hasWhatsNewChangelog ? 'col-lg-4' : 'col-lg-6')}
           >
             <ArticleList
               title={section.label}
@@ -33,8 +29,8 @@ export const FeaturedArticles = () => {
         )
       })}
 
-      {changelog && (
-        <div className={cx('col-12 mb-4 mb-lg-0', changelog ? 'col-lg-4' : 'col-lg-6')}>
+      {hasWhatsNewChangelog && (
+        <div className={cx('col-12 mb-4 mb-lg-0 col-lg-4')}>
           <ArticleList
             title={t('whats_new')}
             viewAllHref={changelogUrl}

components/landing/ProductLanding.tsx

@@ -68,7 +68,7 @@ export const ProductLanding = () => {
         </div>
       )}
 
-      <LandingSection sectionLink="all-docs" title={`All ${shortTitle} Docs`}>
+      <LandingSection sectionLink="all-docs" title={`All ${shortTitle} docs`}>
         <ProductArticlesList />
       </LandingSection>
     </DefaultLayout>

content/actions/index.md

@@ -24,6 +24,7 @@ featuredLinks:
 changelog:
   label: actions
   prefix: 'GitHub Actions: '
+examples_source: data/product-examples/actions/code-examples.yml
 product_video: 'https://www.youtube-nocookie.com/embed/cP0I9w2coGU'
 redirect_from:
   - /articles/automating-your-workflow-with-github-actions/
@@ -47,4 +48,3 @@ children:
   - /hosting-your-own-runners
   - /reference
 ---
-

content/code-security/guides.md

@@ -0,0 +1,78 @@
+---
+title: Guides for code security
+intro: 'Learn about the different ways that {% data variables.product.product_name %} can help you improve your code''s security.'
+allowTitleToDifferFromFilename: true
+layout: product-sublanding
+versions:
+  free-pro-team: '*'
+  enterprise-server: '>=3.0'
+  github-ae: '*'
+
+learningTracks:
+  - security_advisories
+  - dependabot_alerts
+  - dependabot_security_updates
+  - dependency_version_updates
+  - security_alerts
+  - secret_scanning
+  - code_security_actions
+  - code_security_ci
+  - code_security_integration
+
+includeGuides:
+  - /code-security/getting-started/adding-a-security-policy-to-your-repository
+  - /code-security/getting-started/github-security-features
+  - /code-security/getting-started/securing-your-organization
+  - /code-security/getting-started/securing-your-repository
+  - /code-security/secret-security/about-secret-scanning
+  - /code-security/secret-security/configuring-secret-scanning-for-your-repositories
+  - /code-security/secret-security/managing-alerts-from-secret-scanning
+  - /code-security/secure-coding/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning
+  - /code-security/secure-coding/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning
+  - /code-security/secure-coding/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-the-codeql-workflow-for-compiled-languages
+  - /code-security/secure-coding/automatically-scanning-your-code-for-vulnerabilities-and-errors/managing-code-scanning-alerts-for-your-repository
+  - /code-security/secure-coding/automatically-scanning-your-code-for-vulnerabilities-and-errors/running-codeql-code-scanning-in-a-container
+  - /code-security/secure-coding/automatically-scanning-your-code-for-vulnerabilities-and-errors/setting-up-code-scanning-for-a-repository
+  - /code-security/secure-coding/automatically-scanning-your-code-for-vulnerabilities-and-errors/triaging-code-scanning-alerts-in-pull-requests
+  - /code-security/secure-coding/automatically-scanning-your-code-for-vulnerabilities-and-errors/troubleshooting-the-codeql-workflow
+  - /code-security/secure-coding/integrating-with-code-scanning/about-integration-with-code-scanning
+  - /code-security/secure-coding/integrating-with-code-scanning/sarif-support-for-code-scanning
+  - /code-security/secure-coding/integrating-with-code-scanning/uploading-a-sarif-file-to-github
+  - /code-security/secure-coding/using-codeql-code-scanning-with-your-existing-ci-system/about-codeql-code-scanning-in-your-ci-system
+  - /code-security/secure-coding/using-codeql-code-scanning-with-your-existing-ci-system/configuring-codeql-runner-in-your-ci-system
+  - /code-security/secure-coding/using-codeql-code-scanning-with-your-existing-ci-system/running-codeql-cli-in-your-ci-system
+  - /code-security/secure-coding/using-codeql-code-scanning-with-your-existing-ci-system/running-codeql-runner-in-your-ci-system
+  - /code-security/secure-coding/using-codeql-code-scanning-with-your-existing-ci-system/troubleshooting-codeql-runner-in-your-ci-system
+  - /code-security/security-advisories/about-coordinated-disclosure-of-security-vulnerabilities
+  - /code-security/security-advisories/about-github-security-advisories
+  - /code-security/security-advisories/adding-a-collaborator-to-a-security-advisory
+  - /code-security/security-advisories/collaborating-in-a-temporary-private-fork-to-resolve-a-security-vulnerability
+  - /code-security/security-advisories/creating-a-security-advisory
+  - /code-security/security-advisories/editing-a-security-advisory
+  - /code-security/security-advisories/permission-levels-for-security-advisories
+  - /code-security/security-advisories/publishing-a-security-advisory
+  - /code-security/security-advisories/removing-a-collaborator-from-a-security-advisory
+  - /code-security/security-advisories/withdrawing-a-security-advisory
+  - /code-security/security-overview/exploring-security-alerts
+  - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/about-dependabot-version-updates
+  - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/configuration-options-for-dependency-updates
+  - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/customizing-dependency-updates
+  - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-version-updates
+  - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/keeping-your-actions-up-to-date-with-dependabot
+  - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/listing-dependencies-configured-for-version-updates
+  - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/managing-encrypted-secrets-for-dependabot
+  - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/managing-pull-requests-for-dependency-updates
+  - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/upgrading-from-dependabotcom-to-github-native-dependabot
+  - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-alerts-for-vulnerable-dependencies
+  - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-dependabot-security-updates
+  - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-managing-vulnerable-dependencies
+  - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/browsing-security-vulnerabilities-in-the-github-advisory-database
+  - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/configuring-dependabot-security-updates
+  - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/configuring-notifications-for-vulnerable-dependencies
+  - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/troubleshooting-dependabot-errors
+  - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/troubleshooting-the-detection-of-vulnerable-dependencies
+  - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/viewing-and-updating-vulnerable-dependencies-in-your-repository
+  - /code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review
+  - /code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph
+  - /code-security/supply-chain-security/understanding-your-software-supply-chain/exploring-the-dependencies-of-a-repository
+---

content/code-security/index.md

@@ -1,7 +1,52 @@
 ---
 title: Code security
 shortTitle: Code security
-intro: Learn how to keep the code stored in your repositories secure.
+intro: 'Build security into your {% data variables.product.prodname_dotcom %} workflow with features to keep secrets and vulnerabilities out of your codebase{% if currentVersion != "github-ae@latest" %}, and to maintain your software supply chain{% endif %}.'
+
+introLinks:
+  overview: /code-security/getting-started/github-security-features
+
+featuredLinks:
+  guides:
+    - /code-security/getting-started/securing-your-repository
+    - /code-security/getting-started/securing-your-organization
+    - '{% if currentVersion == "free-pro-team@latest" %}/code-security/security-advisories/creating-a-security-advisory{% endif %}'
+    - '{% if enterpriseServerVersions contains currentVersion or currentVersion == "github-ae@latest" %}/code-security/secure-coding/automatically-scanning-your-code-for-vulnerabilities-and-errors/setting-up-code-scanning-for-a-repository{% endif%}'
+
+  guideCards:
+    - '{% if currentVersion == "free-pro-team@latest" %}/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/configuring-dependabot-security-updates{% endif %}'
+    - '{% if currentVersion == "free-pro-team@latest" %}/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-version-updates{% endif %}'
+    - '{% if currentVersion == "free-pro-team@latest" %}/code-security/secure-coding/automatically-scanning-your-code-for-vulnerabilities-and-errors/setting-up-code-scanning-for-a-repository{% endif %}'
+
+    - '{% if enterpriseServerVersions contains currentVersion %}/code-security/supply-chain-security/understanding-your-software-supply-chain/exploring-the-dependencies-of-a-repository{% endif %}'
+    - '{% if enterpriseServerVersions contains currentVersion %}/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/configuring-notifications-for-vulnerable-dependencies{% endif %}'
+
+    - '{% if enterpriseServerVersions contains currentVersion or currentVersion == "github-ae@latest" %}/code-security/secret-security/configuring-secret-scanning-for-your-repositories{% endif %}'
+    - '{% if currentVersion == "github-ae@latest" %}/code-security/secure-coding/integrating-with-code-scanning/uploading-a-sarif-file-to-github{% endif %}'
+    - '{% if currentVersion == "github-ae@latest" %}/code-security/secure-coding/using-codeql-code-scanning-with-your-existing-ci-system{% endif %}'
+
+  popular:
+    - '{% if enterpriseServerVersions contains currentVersion %}/admin/release-notes{% endif %}'
+    - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-alerts-for-vulnerable-dependencies
+    - /code-security/security-advisories/about-coordinated-disclosure-of-security-vulnerabilities
+    - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/keeping-your-actions-up-to-date-with-dependabot
+    - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/configuration-options-for-dependency-updates
+    - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/managing-encrypted-secrets-for-dependabot
+    - '{% if currentVersion == "github-ae@latest" %}/code-security/secret-security/about-secret-scanning{% endif %}'
+    - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/troubleshooting-the-detection-of-vulnerable-dependencies
+    - '{% if enterpriseServerVersions contains currentVersion or currentVersion == "github-ae@latest" %}/code-security/secure-coding/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-the-codeql-workflow-for-compiled-languages{% endif %}'
+    - '{% if enterpriseServerVersions contains currentVersion or currentVersion == "github-ae@latest" %}/code-security/secure-coding/automatically-scanning-your-code-for-vulnerabilities-and-errors/troubleshooting-the-codeql-workflow{% endif %}'
+    - '{% if enterpriseServerVersions contains currentVersion or currentVersion == "github-ae@latest" %}/code-security/secure-coding/automatically-scanning-your-code-for-vulnerabilities-and-errors/running-codeql-code-scanning-in-a-container{% endif %}'
+
+changelog:
+  label: 'security-and-compliance'
+  versions:
+    free-pro-team: '*'
+
+examples_source: data/product-examples/code-security/code-examples.yml
+
+layout: product-landing
+
 versions:
   free-pro-team: '*'
   enterprise-server: '>=3.0'
@@ -17,5 +62,6 @@ children:
   - /security-advisories
   - /supply-chain-security
   - /security-overview
----
+  - /guides
 
+---

content/code-security/secure-coding/using-codeql-code-scanning-with-your-existing-ci-system/index.md

@@ -1,7 +1,7 @@
 ---
 title: Using CodeQL code scanning with your existing CI system
 shortTitle: CodeQL CI system support
-intro: 'The {% data variables.product.prodname_codeql_runner %} allows you to use your existing CI system to run {% data variables.product.prodname_codeql %} {% data variables.product.prodname_code_scanning %}.'
+intro: 'You can run {% data variables.product.prodname_codeql %} analysis in your existing CI system and upload the results to {% data variables.product.product_name %} for display as {% data variables.product.prodname_code_scanning %} alerts.'
 product: '{% data reusables.gated-features.code-scanning %}'
 redirect_from:
   - /github/finding-security-vulnerabilities-and-errors-in-your-code/using-codeql-code-scanning-with-your-existing-ci-system

content/codespaces/index.md

@@ -28,6 +28,7 @@ redirect_from:
   - /github/developing-online-with-github-codespaces
   - /github/developing-online-with-codespaces
 layout: product-landing
+examples_source: data/product-examples/codespaces/code-examples.yml
 versions:
   free-pro-team: '*'
 children:

content/discussions/index.md

@@ -24,6 +24,7 @@ featuredLinks:
     - /discussions/managing-discussions-for-your-community/managing-categories-for-discussions-in-your-repository
 changelog:
   label: discussions
+examples_source: data/product-examples/discussions/community-examples.yml
 product_video: 'https://www.youtube-nocookie.com/embed/IpBw2SJkFyk'
 layout: product-landing
 versions:
@@ -34,4 +35,3 @@ children:
   - /collaborating-with-your-community-using-discussions
   - /managing-discussions-for-your-community
 ---
-

content/sponsors/index.md

@@ -9,6 +9,7 @@ redirect_from:
   - /github/supporting-the-open-source-community-with-github-sponsors
 changelog:
   label: sponsors
+examples_source: data/product-examples/sponsors/user-examples.yml
 featuredLinks:
   guides:
     - /sponsors/sponsoring-open-source-contributors/managing-your-sponsorship

data/learning-tracks/README.md

@@ -2,6 +2,8 @@
 
 Learning tracks are a collection of articles that help you master a particular subject. Learning tracks are defined on a per-product basis. For example, see https://docs.github.com/en/actions/guides.
 
+## How it works
+
 Learning track data for a product is defined in two places:
 
 1. A simple array of learning track names is defined in the product sublanding index page frontmatter.
@@ -25,6 +27,26 @@ Learning track data for a product is defined in two places:
 
     The `featured_track` property can be a simple boolean (i.e., `featured_track: true`) or it can be a string that includes versioning statements (e.g., `featured_track: '{% if currentVersion == "free-pro-team@latest" %}true{% else %}false{% endif %}'`). If you use versioning, you'll have multiple `featured_track`s per YML file, but make sure that only one will render in each currently supported version. A test will fail if there are more or less than one featured link for each version.
 
+## Versioning
+
 Versioning for learning tracks is processed at page render time. The code lives in [`lib/learning-tracks.js`](lib/learning-tracks.js), which is called by `page.render()`. The processed learning tracks are then rendered by `layouts/product-sublanding.html`.
 
+Liquid conditionals do **not** have to be used for versioning in the YAML file for guides. Only the learning track guides that apply to the current version will be rendered automatically. If there aren't any tracks with guides that belong to the current version, the learning tracks section will not render at all.
+
+Explicit versioning within a product's learning tracks YML data is supported as well. For example:
+```
+learning_track_name:
+  title: 'Learning track title'
+  description: 'Learning track description'
+  featured_track: true
+  versions:
+    enterprise-server: '>=3.0'
+  guides:
+   - /path/to/guide1
+   - /path/to/guide2
+```
+If the `versions` property is not included, it's assumed the track is available in all versions.
+
+## Schema enforcement
+
 The schema for validating the learning track YAML lives in [`tests/helpers/schemas/learning-tracks-schema.js`](tests/helpers/schemas/learning-tracks-schema.js) and is exercised by [`tests/content/lint-files.js`](tests/content/lint-files.js).

data/learning-tracks/code-security.yml

@@ -0,0 +1,108 @@
+# Feature available only on dotcom
+security_advisories:
+  title: 'Fix and disclose a security vulnerability'
+  description: 'Using security advisories to privately fix a reported vulnerability and get a CVE.'
+  featured_track: '{% if currentVersion == "free-pro-team@latest" %}true{% else %}false{% endif %}'
+  guides:
+    - /code-security/security-advisories/about-coordinated-disclosure-of-security-vulnerabilities
+    - /code-security/security-advisories/creating-a-security-advisory
+    - /code-security/security-advisories/adding-a-collaborator-to-a-security-advisory
+    - /code-security/security-advisories/collaborating-in-a-temporary-private-fork-to-resolve-a-security-vulnerability
+    - /code-security/security-advisories/publishing-a-security-advisory
+    - /code-security/security-advisories/editing-a-security-advisory
+    - /code-security/security-advisories/withdrawing-a-security-advisory
+    - /code-security/security-advisories/removing-a-collaborator-from-a-security-advisory
+
+# Feature available on dotcom and GHES
+dependabot_alerts:
+  title: 'Get notifications for vulnerable dependencies'
+  description: 'Set up Dependabot to alert you to new vulnerabilities in your dependencies.'
+  guides:
+    - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-alerts-for-vulnerable-dependencies
+    - '{% if currentVersion != "github-ae@latest" %}/github/administering-a-repository/managing-repository-settings/managing-security-and-analysis-settings-for-your-repository{% endif %}'
+    - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/viewing-and-updating-vulnerable-dependencies-in-your-repository
+    - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/configuring-notifications-for-vulnerable-dependencies
+    - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/managing-pull-requests-for-dependency-updates
+    - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/troubleshooting-the-detection-of-vulnerable-dependencies
+    - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/troubleshooting-dependabot-errors
+
+# Feature available only on dotcom, so articles available hidden to hide the learning track in other versions
+dependabot_security_updates:
+  title: 'Get pull requests to update your vulnerable dependencies'
+  description: 'Set up Dependabot to create pull requests when new vulnerabilities are reported.'
+  guides:
+    - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-dependabot-security-updates
+    - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/configuring-dependabot-security-updates
+    - '{% if currentVersion == "free-pro-team@latest" %}/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/configuring-notifications-for-vulnerable-dependencies{% endif %}'
+    - '{% if currentVersion == "free-pro-team@latest" %}/github/administering-a-repository/managing-repository-settings/managing-security-and-analysis-settings-for-your-repository{% endif %}'
+    - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/managing-pull-requests-for-dependency-updates
+    - '{% if currentVersion == "free-pro-team@latest" %}/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/troubleshooting-the-detection-of-vulnerable-dependencies{% endif %}'
+
+# Feature available only on dotcom
+dependency_version_updates:
+  title: 'Keep your dependencies up-to-date'
+  description: 'Use Dependabot to check for new releases and create pull requests to update your dependencies.'
+  guides:
+    - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/about-dependabot-version-updates
+    - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-version-updates
+    - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/customizing-dependency-updates
+    - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/configuration-options-for-dependency-updates
+    - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/keeping-your-actions-up-to-date-with-dependabot
+    - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/listing-dependencies-configured-for-version-updates
+    - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/managing-encrypted-secrets-for-dependabot
+    - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/managing-pull-requests-for-dependency-updates
+    - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/troubleshooting-dependabot-errors
+
+# Feature available in all versions from GHES 3.0 up
+secret_scanning:
+  title: 'Scan for secrets'
+  description: 'Set up secret scanning to guard against accidental check-ins of tokens, passwords, and other secrets to your repository.'
+  guides:
+    - /code-security/secret-security/about-secret-scanning
+    - /code-security/secret-security/configuring-secret-scanning-for-your-repositories
+    - /code-security/secret-security/managing-alerts-from-secret-scanning
+
+# Security overview feature available only on dotcom currently, so other articles hidden to hide the learning path in other versions
+security_alerts:
+  title: 'Explore and manage security alerts'
+  description: 'Learn where to find and resolve security alerts.'
+  guides:
+    - /code-security/security-overview/exploring-security-alerts
+    - '{% if currentVersion == "free-pro-team@latest" %}/code-security/secret-security/managing-alerts-from-secret-scanning {% endif %}'
+    - '{% if currentVersion == "free-pro-team@latest" %}/code-security/secure-coding/automatically-scanning-your-code-for-vulnerabilities-and-errors/managing-code-scanning-alerts-for-your-repository{% endif %}'
+    - '{% if currentVersion == "free-pro-team@latest" %}/code-security/secure-coding/automatically-scanning-your-code-for-vulnerabilities-and-errors/triaging-code-scanning-alerts-in-pull-requests{% endif %}'
+    - '{% if currentVersion == "free-pro-team@latest" %}/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/viewing-and-updating-vulnerable-dependencies-in-your-repository{% endif %}'
+
+# Feature available in all versions from GHES 2.22 up
+code_security_actions:
+  title: 'Run code scanning with GitHub Actions'
+  description: 'Check your default branch and every pull request to keep vulnerabilities and errors out of your repository.'
+  featured_track: '{% if currentVersion == "github-ae@latest" or currentVersion ver_gt "enterprise-server@2.22" %}true{% else %}false{% endif %}'
+  guides:
+    - /code-security/secure-coding/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning
+    - /code-security/secure-coding/automatically-scanning-your-code-for-vulnerabilities-and-errors/setting-up-code-scanning-for-a-repository
+    - /code-security/secure-coding/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning
+    - /code-security/secure-coding/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-the-codeql-workflow-for-compiled-languages
+    - /code-security/secure-coding/automatically-scanning-your-code-for-vulnerabilities-and-errors/running-codeql-code-scanning-in-a-container
+    - /code-security/secure-coding/automatically-scanning-your-code-for-vulnerabilities-and-errors/troubleshooting-the-codeql-workflow
+
+# Feature available in all versions from GHES 2.22 up
+code_security_integration:
+  title: 'Integrate with code scanning'
+  description: 'Upload code analysis results from third-party systems to GitHub using SARIF.'
+  guides:
+    - /code-security/secure-coding/integrating-with-code-scanning/about-integration-with-code-scanning
+    - /code-security/secure-coding/integrating-with-code-scanning/uploading-a-sarif-file-to-github
+    - /code-security/secure-coding/integrating-with-code-scanning/sarif-support-for-code-scanning
+    - /rest/reference/code-scanning
+
+# Feature available in all versions from GHES 2.22 up
+code_security_ci:
+  title: 'Run CodeQL code scanning in your CI'
+  description: 'Set up CodeQL within your existing CI and upload results to GitHub code scanning.'
+  guides:
+    - /code-security/secure-coding/using-codeql-code-scanning-with-your-existing-ci-system/about-codeql-code-scanning-in-your-ci-system
+    - /code-security/secure-coding/using-codeql-code-scanning-with-your-existing-ci-system/running-codeql-cli-in-your-ci-system
+    - /code-security/secure-coding/using-codeql-code-scanning-with-your-existing-ci-system/running-codeql-runner-in-your-ci-system
+    - /code-security/secure-coding/using-codeql-code-scanning-with-your-existing-ci-system/configuring-codeql-runner-in-your-ci-system
+    - /code-security/secure-coding/using-codeql-code-scanning-with-your-existing-ci-system/troubleshooting-codeql-runner-in-your-ci-system

data/product-examples/README.md

@@ -0,0 +1,45 @@
+# Product landing examples
+
+Pages that use the `product-landing` layout may optionally include an `Examples` section. Currently, we support three types of examples:
+
+1. Code examples
+  See https://docs.github.com/en/actions#code-examples.
+
+2. Community examples
+  See https://docs.github.com/en/discussions#community-examples.
+
+3. User examples
+  See https://docs.github.com/en/sponsors#community-examples.
+
+## How it works
+
+Example data for each product is defined in `data/product-landing-examples`, in a subdirectory named for the **product** and a YML file named for the **example type** (e.g., `data/product-examples/sponsors/user-examples.yml` or `data/product-examples/actions/code-examples.yml`). We currently only support one type of example per product.
+
+### Versioning
+
+At the moment, versioning is only supported in code examples. If an example block should be available in **all** versions, you don't need to do anything special. But if an example block should only be available in some versions, you can add a `versions` prop like this:
+
+```
+- title: Dependabot version update PR
+  description: Example pull request generated by the Dependabot version updates configuration in the Super linter repository.
+  href: /github/super-linter/pull/1398
+  languages:
+  tags:
+    - Dependabot
+    - Version updates
+    - Pull requests
+  versions:
+    'free-pro-team': '*'
+  ```
+
+  where the syntax for `versions` is the same as the [frontmatter `versions` property](content/README.md) and can support semver notation.
+
+## Rendering
+
+The product example data is added to the `context` object in `middleware/contextualizers/product-examples.js`.
+
+The data is then rendered by `layouts/product-landing.html`.
+
+## Schema enforcement
+
+TODO

data/product-examples/code-security/code-examples.yml

@@ -0,0 +1,80 @@
+# Code scanning configurations
+- title: CodeQL code scanning at Microsoft
+  description: Example code scanning workflow for the CodeQL action from the Microsoft Open Source repository.
+  href: /microsoft/opensource.microsoft.com/blob/main/.github/workflows/codeql-analysis.yml
+  languages:
+    - javascript
+  tags:
+    - CodeQL
+    - Code scanning
+    - GitHub Actions
+- title: Adversarial Robustness Toolbox (ART) CodeQL code scanning
+  description: Example code scanning workflow for the CodeQL action from the Trusted AI repository.
+  href: /Trusted-AI/adversarial-robustness-toolbox/blob/main/.github/workflows/codeql-analysis.yml
+  languages:
+    - python
+  tags:
+    - CodeQL
+    - Code scanning
+    - GitHub Actions
+
+# Security policies
+- title: Microsoft security policy
+  description: Example security policy
+  href: /microsoft/microsoft.github.io/blob/master/SECURITY.MD
+  tags:
+    - Security policy
+- title: Electron security policy
+  description: Example security policy
+  href: /electron/electron/blob/master/SECURITY.md
+  tags:
+    - Security policy
+
+# Example of security advisory in a major product
+- title: Security advisory for Rails
+  description: Security advisory published by Rails for CVE-2020-15169.
+  href: /rails/rails/security/advisories/GHSA-cfjv-5498-mph5
+  tags:
+    - Security advisory
+
+# Sample scripts for enabling Dependabot alerts and security updates across a whole organization
+- title: Enable Dependabot alerts and security updates automatically
+  description: Sample scripts for enabling Dependabot alerts and security updates across an entire organization.
+  href: /github/enable-security-alerts-sample
+  tags:
+    - Dependabot
+    - Alerts
+    - Security updates
+    - Organization
+    - Scripts
+  versions:
+    'free-pro-team': '*'
+
+# Dependabot configuration only relevant to GitHub.com
+# Convert "languages" to "package-ecosystems" for Dependabot configurations
+- title: Super linter configuration
+  description: Example Dependabot version updates configuration from the Super linter repository.
+  href: /github/super-linter/blob/master/.github/dependabot.yml
+  languages:
+    - github-actions
+    - npm
+    - bundler
+    - docker
+    - pip
+  tags:
+    - Dependabot
+    - Version updates
+    - Configuration
+  versions:
+    'free-pro-team': '*'
+
+- title: Dependabot version update PR
+  description: Example pull request generated by the Dependabot version updates configuration in the Super linter repository.
+  href: /github/super-linter/pull/1398
+  languages:
+  tags:
+    - Dependabot
+    - Version updates
+    - Pull requests
+  versions:
+    'free-pro-team': '*'

includes/code-example-card.html

@@ -14,7 +14,7 @@
     </div>
     <footer class="border-top p-4 color-text-secondary d-flex flex-items-center">
       {% octicon "repo" class="flex-shrink-0" %}
-      <span class="ml-2 text-mono text-small color-text-link">{{ example.href }}</span>
+      <span class="ml-2 text-mono text-small color-text-link">{{ example.href | truncate: 43 }}</span>
     </footer>
   </a>
 </div>

layouts/product-landing.html

@@ -52,7 +52,7 @@
 
         <!-- Article links -->
         <div class="d-lg-flex gutter my-6 py-6">
-          <div class="col-12 col-lg-{% if page.changelog %}4{% else %}6{% endif %} mb-4 mb-lg-0">
+          <div class="col-12 col-lg-{% if whatsNewChangelog %}4{% else %}6{% endif %} mb-4 mb-lg-0">
             <div class="featured-links-heading mb-4 d-flex flex-items-baseline">
               <h3 class="f4 text-normal text-mono text-uppercase color-text-secondary" id="guides"><a href="#guides">{% data ui.toc.guides %}</a></h3>
               {% unless currentCategory %}
@@ -72,7 +72,7 @@
           </div>
 
           {% if featuredLinks.popular %}
-          <div class="col-12 col-lg-{% if page.changelog %}4{% else %}6{% endif %} mb-4 mb-lg-0">
+          <div class="col-12 col-lg-{% if whatsNewChangelog %}4{% else %}6{% endif %} mb-4 mb-lg-0">
             <div class="featured-links-heading mb-4 d-flex flex-items-baseline">
               <h3 class="f4 text-normal text-mono text-uppercase color-text-secondary" id="popular"><a href="#popular">{% if page.featuredLinks.popularHeading %}{{ page.featuredLinks.popularHeading }}{% else %}{% data ui.toc.popular %}{% endif %}</a></h3>
             </div>
@@ -88,7 +88,7 @@
           </div>
           {% endif %}
 
-          {% if page.changelog %}
+          {% if whatsNewChangelog %}
             <div class="col-12 col-lg-4 mb-4 mb-lg-0">
               <div class="featured-links-heading mb-4 d-flex flex-items-baseline">
                 <h3 class="f4 text-normal text-mono text-uppercase color-text-secondary" id="whats-new"><a href="#whats-new">{% data ui.toc.whats_new %}</a></h3>

lib/frontmatter.js

@@ -72,6 +72,9 @@ const schema = {
         type: 'string'
       }
     },
+    examples_source: {
+      type: 'string'
+    },
     featuredLinks: {
       type: 'object',
       properties: {

lib/process-learning-tracks.js

@@ -1,5 +1,6 @@
 const renderContent = require('./render-content')
 const getLinkData = require('./get-link-data')
+const getApplicableVersions = require('./get-applicable-versions')
 
 const renderOpts = { textOnly: true, encodeEntities: true }
 
@@ -21,6 +22,16 @@ module.exports = async function processLearningTracks (rawLearningTracks, contex
     const track = context.site.data['learning-tracks'][context.currentProduct][renderedTrackName]
     if (!track) continue
 
+    // If there is no `versions` prop in the learning track frontmatter, assume the track should display in all versions.
+    if (track.versions) {
+      const trackVersions = getApplicableVersions(track.versions)
+
+      // If the current version is not included, do not display the track.
+      if (!trackVersions.includes(context.currentVersion)) {
+        continue
+      }
+    }
+
     const learningTrack = {
       trackName: renderedTrackName,
       title: await renderContent(track.title, context, renderOpts),

middleware/contextualizers/product-examples.js

@@ -0,0 +1,22 @@
+const getApplicableVersions = require('../../lib/get-applicable-versions')
+
+module.exports = async function productExamples (req, res, next) {
+  if (!req.context.page) return next()
+  if (req.context.currentLayoutName !== 'product-landing') return next()
+
+  const productExamples = req.context.site.data['product-examples'][req.context.currentProduct]
+  if (!productExamples) return next()
+
+  req.context.productCommunityExamples = productExamples['community-examples']
+  req.context.productUserExamples = productExamples['user-examples']
+
+  // We currently only support versioning in code examples.
+  // TODO support versioning across all example types.
+  req.context.productCodeExamples = productExamples['code-examples'] && productExamples['code-examples']
+    .filter(example => {
+      // If an example block does NOT contain the versions prop, assume it's available in all versions
+      return !example.versions || getApplicableVersions(example.versions).includes(req.context.currentVersion)
+    })
+
+  return next()
+}

middleware/contextualizers/whats-new-changelog.js

@@ -1,10 +1,21 @@
 const { getRssFeed, getChangelogItems } = require('../../lib/changelog')
+const getApplicableVersions = require('../../lib/get-applicable-versions')
 
 module.exports = async function whatsNewChangelog (req, res, next) {
   if (!req.context.page) return next()
   if (!req.context.page.changelog) return next()
   const label = req.context.page.changelog.label
 
+  // If there is no `versions` prop in the changelog frontmatter, assume the changelog should display in all versions.
+  if (req.context.page.changelog.versions) {
+    const changelogVersions = getApplicableVersions(req.context.page.changelog.versions)
+
+    // If the current version is not included, do not display a changelog.
+    if (!changelogVersions.includes(req.context.currentVersion)) {
+      return next()
+    }
+  }
+
   const labelUrls = {
     education: 'https://github.blog/category/community/education',
     enterprise: 'https://github.blog/category/enterprise/'

middleware/index.js

@@ -121,6 +121,7 @@ module.exports = function (app) {
   app.use(asyncMiddleware(instrument('./contextualizers/generic-toc')))
   app.use(asyncMiddleware(instrument('./contextualizers/breadcrumbs')))
   app.use(asyncMiddleware(instrument('./contextualizers/early-access-breadcrumbs')))
+  app.use(asyncMiddleware(instrument('./contextualizers/product-examples')))
 
   app.use(asyncMiddleware(instrument('./dev-toc')))
   app.use(asyncMiddleware(instrument('./featured-links')))

middleware/learning-track.js

@@ -12,6 +12,9 @@ module.exports = async function learningTrack (req, res, next) {
   const trackName = req.query.learn
   if (!trackName) return noTrack()
 
+  const tracksPerProduct = req.context.site.data['learning-tracks'][req.context.currentProduct]
+  if (!tracksPerProduct) return noTrack()
+
   const track = req.context.site.data['learning-tracks'][req.context.currentProduct][trackName]
   if (!track) return noTrack()
 

stylesheets/utilities.scss

@@ -1,3 +1,7 @@
+.line-break-anywhere {
+  line-break: anywhere;
+}
+
 .transition-200 {
   transition: 200ms
 }

tests/linting/lint-files.js

@@ -14,6 +14,7 @@ const ghesReleaseNotesSchema = require('../helpers/schemas/ghes-release-notes-sc
 const ghaeReleaseNotesSchema = require('../helpers/schemas/ghae-release-notes-schema')
 const learningTracksSchema = require('../helpers/schemas/learning-tracks-schema')
 const renderContent = require('../../lib/render-content')
+const getApplicableVersions = require('../../lib/get-applicable-versions')
 const { execSync } = require('child_process')
 const allVersions = Object.keys(require('../../lib/all-versions'))
 const enterpriseServerVersions = allVersions.filter(v => v.startsWith('enterprise-server@'))
@@ -788,11 +789,20 @@ describe('lint learning tracks', () => {
         expect(errors.length, errorMessage).toBe(0)
       })
 
-      it('has one and only one featured track per version', async () => {
+      it('has one and only one featured track per supported version', async () => {
         const featuredTracks = {}
         const context = { enterpriseServerVersions }
 
-        await Promise.all(allVersions.map(async (version) => {
+        // Use the YAML filename to determine which product this refers to, and then peek
+        // inside the product TOC frontmatter to see which versions the product is available in.
+        const product = path.posix.basename(yamlRelPath, '.yml')
+        const productTocPath = path.posix.join('content', product, 'index.md')
+        const productContents = await readFileAsync(productTocPath, 'utf8')
+        const { data } = frontmatter(productContents)
+        const productVersions = getApplicableVersions(data.versions, productTocPath)
+
+        // For each of the product's versions, render the learning track data and look for a featured track.
+        await Promise.all(productVersions.map(async (version) => {
           const featuredTracksPerVersion = (await Promise.all(Object.values(dictionary).map(async (entry) => {
             if (!entry.featured_track) return
             context.currentVersion = version