Merge branch 'main' into 2021-getting-started-guides

.devcontainer.json

@@ -1,17 +0,0 @@
-// Codespaces environment for docs.github.com
-// For format details, see https://aka.ms/vscode-remote/devcontainer.json 
-{
-    "name": "docs.github.com",
-    "settings": {
-        "terminal.integrated.shell.linux": "/bin/bash",
-        "cSpell.language": ",en"
-    },
-    // Install pre-requisites and run a build to ensure we are ready to start serving docs.github.com locally (via `npm start`)
-    "postCreateCommand": "npm ci && npm run build",
-    "forwardPorts": [4000],
-    // Visual Studio Code extensions which help authoring for docs.github.com.
-    "extensions": [
-        "yzhang.markdown-all-in-one",
-        "streetsidesoftware.code-spell-checker"
-    ]
-}

.github/ISSUE_TEMPLATE/improve-existing-docs.md

@@ -1,6 +1,6 @@
 ---
-name: Improve existing docs
-about: Make a suggestion to improve our existing documentation.
+name: Improve existing content
+about: Make a suggestion to improve the content in an existing article.
 title: ''
 labels:
 - content

.github/ISSUE_TEMPLATE/improve-the-site.md

@@ -1,6 +1,6 @@
 ---
 name: Improve the docs.github.com site
-about: Make a suggestions or report a problem on the docs.github.com website.
+about: Make a suggestion or report a problem about the technical implementation of docs.github.com.
 title: ''
 labels: engineering
 assignees: ''

.github/actions-scripts/create-enterprise-issue.js

@@ -40,8 +40,6 @@ async function run () {
     process.exit(1)
   }
 
-  const repoToOpenIssue = milestone === 'release' ? 'docs-content' : 'docs-engineering'
-
   // Milestone-dependent values.
   const numberOfdaysBeforeMilestoneToOpenIssue = milestone === 'release'
     ? numberOfdaysBeforeReleaseToOpenIssue
@@ -73,7 +71,7 @@ async function run () {
   }
 
   const milestoneSteps = fs.readFileSync(path.join(process.cwd(), `.github/actions-scripts/enterprise-server-issue-templates/${milestone}-issue.md`), 'utf8')
-  const issueLabels = [`enterprise ${milestone}`]
+  const issueLabels = [`enterprise ${milestone}`, `engineering`]
   const issueTitle = `[${nextMilestoneDate}] Enterprise Server ${versionNumber} ${milestone} (technical steps)`
 
   const issueBody = `GHES ${versionNumber} ${milestone} occurs on ${nextMilestoneDate}.
@@ -87,7 +85,7 @@ async function run () {
   try {
     issue = await octokit.request('POST /repos/{owner}/{repo}/issues', {
       owner: 'github',
-      repo: repoToOpenIssue,
+      repo: 'docs-internal',
       title: issueTitle,
       body: issueBody,
       labels: issueLabels

.github/allowed-actions.js

@@ -4,17 +4,14 @@
 // can be added it this list.
 
 module.exports = [
-  "actions/cache@0781355a23dac32fd3bac414512f4b903437991a", // v2.1.3
   "actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f", // v2.3.4
   "actions/github-script@2b34a689ec86a68d8ab9478298f91d5401337b7d", // v4.0.2
   "actions/labeler@5f867a63be70efff62b767459b009290364495eb", // v2.2.0
-  "actions/setup-node@c46424eee26de4078d34105d3de3cc4992202b1e", // v2.1.4
+  "actions/setup-node@38d90ce44d5275ad62cc48384b3d8a58c500bb5f", // v2.2.0
   "actions/setup-python@dc73133d4da04e56a135ae2246682783cc7c7cb6", // v2.2.2
   "actions/stale@9d6f46564a515a9ea11e7762ab3957ee58ca50da", // v3.0.16
   "alex-page/github-project-automation-plus@fdb7991b72040d611e1123d2b75ff10eda9372c9",
   "andymckay/labeler@22d5392de2b725cea4b284df5824125054049d84",
-  "archive/github-actions-slack@d368c5a4ad757515a9344918f84c490b05777d94",
-  "ashley-taylor/regex-property-action@93a24f845cd20790924208225cc72da8b4c6d46d",
   "crowdin/github-action@fd9429dd63d6c0f8a8cb4b93ad8076990bd6e688",
   "crykn/copy_folder_to_another_repo_action@0282e8b9fef06de92ddcae9fe6cb44df6226646c",
   "cschleiden/actions-linter@0ff16d6ac5103cca6c92e6cbc922b646baaea5be",

.github/workflows/block-js-changes.yml

@@ -0,0 +1,19 @@
+name: Block JavaScript Change
+
+# **What it does**: Blocks JavaScript file changes.
+# **Why we have it**: We need to freeze JavaScript file changes in order to upgrade from CommonJS to ESM.
+# **Who does it impact**: Engineers.
+
+on:
+  pull_request_target:
+    paths:
+      - '**.js'
+
+jobs:
+  block:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Fail
+        run: |
+          echo 'JavaScript files are frozen currently. Ask in Slack for help.'
+          exit 1

.github/workflows/browser-test.yml

@@ -21,22 +21,10 @@ jobs:
         uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
 
       - name: Setup Node
-        uses: actions/setup-node@c46424eee26de4078d34105d3de3cc4992202b1e
+        uses: actions/setup-node@38d90ce44d5275ad62cc48384b3d8a58c500bb5f
         with:
           node-version: 16.x
-
-      - name: Get npm cache directory
-        id: npm-cache
-        run: |
-          echo "::set-output name=dir::$(npm config get cache)"
-
-      - name: Cache node modules
-        uses: actions/cache@0781355a23dac32fd3bac414512f4b903437991a
-        with:
-          path: ${{ steps.npm-cache.outputs.dir }}
-          key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
-          restore-keys: |
-            ${{ runner.os }}-node-
+          cache: npm
 
       - name: Install dependencies
         run: npm ci --include=optional

.github/workflows/dry-run-sync-algolia-search-indices.yml

@@ -15,16 +15,10 @@ jobs:
     steps:
       - name: checkout
         uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
-      - uses: actions/setup-node@c46424eee26de4078d34105d3de3cc4992202b1e
+      - uses: actions/setup-node@38d90ce44d5275ad62cc48384b3d8a58c500bb5f
         with:
           node-version: 16.x
-      - name: cache node modules
-        uses: actions/cache@0781355a23dac32fd3bac414512f4b903437991a
-        with:
-          path: ~/.npm
-          key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
-          restore-keys: |
-            ${{ runner.os }}-node-
+          cache: npm
       - name: Install dependencies
         run: npm ci
       - name: Run build scripts

.github/workflows/js-lint.yml

@@ -19,22 +19,10 @@ jobs:
         uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
 
       - name: Setup node
-        uses: actions/setup-node@c46424eee26de4078d34105d3de3cc4992202b1e
+        uses: actions/setup-node@38d90ce44d5275ad62cc48384b3d8a58c500bb5f
         with:
           node-version: 16.x
-
-      - name: Get npm cache directory
-        id: npm-cache
-        run: |
-          echo "::set-output name=dir::$(npm config get cache)"
-
-      - name: Cache node modules
-        uses: actions/cache@0781355a23dac32fd3bac414512f4b903437991a
-        with:
-          path: ${{ steps.npm-cache.outputs.dir }}
-          key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
-          restore-keys: |
-            ${{ runner.os }}-node-
+          cache: npm
 
       - name: Install dependencies
         run: npm ci

.github/workflows/link-check-dotcom.yml

@@ -21,9 +21,10 @@ jobs:
         uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
 
       - name: Setup node
-        uses: actions/setup-node@c46424eee26de4078d34105d3de3cc4992202b1e
+        uses: actions/setup-node@38d90ce44d5275ad62cc48384b3d8a58c500bb5f
         with:
           node-version: 16.x
+          cache: npm
 
       - name: Install
         run: npm ci

.github/workflows/link-check-ghae.yml

@@ -21,9 +21,10 @@ jobs:
         uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
 
       - name: Setup node
-        uses: actions/setup-node@c46424eee26de4078d34105d3de3cc4992202b1e
+        uses: actions/setup-node@38d90ce44d5275ad62cc48384b3d8a58c500bb5f
         with:
           node-version: 16.x
+          cache: npm
 
       - name: Install
         run: npm ci

.github/workflows/link-check-ghes.yml

@@ -21,9 +21,10 @@ jobs:
         uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
 
       - name: Setup node
-        uses: actions/setup-node@c46424eee26de4078d34105d3de3cc4992202b1e
+        uses: actions/setup-node@38d90ce44d5275ad62cc48384b3d8a58c500bb5f
         with:
           node-version: 16.x
+          cache: npm
 
       - name: Install
         run: npm ci

.github/workflows/open-enterprise-issue.yml

@@ -5,6 +5,7 @@ name: Open Enterprise release or deprecation issue
 # **Who does it impact**: Docs engineering, docs content.
 
 on:
+  workflow_dispatch:
   schedule:
     - cron: '49 14 * * *' # At 14:49 UTC daily
 
@@ -28,11 +29,11 @@ jobs:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Update enterprise dates
-        if: steps.existingIssue.outputs.deprecationIssue == 'false' ||  steps.existingIssue.outputs.releaseIssue == 'false'
+        if: steps.existingIssue.outputs.deprecationIssue == 'false' || steps.existingIssue.outputs.releaseIssue == 'false'
         run: |
           script/update-enterprise-dates.js
         env:
-          GITHUB_TOKEN: ${{ secrets.DOCUBOT_FR_PROJECT_BOARD_WORKFLOWS_REPO_ORG_READ_SCOPES }}
+          GITHUB_TOKEN: ${{ secrets.DOCS_BOT }}
 
       - name: Create an enterprise release issue
         if: steps.existingIssue.outputs.releaseIssue == 'false'

.github/workflows/pa11y.yml

@@ -17,22 +17,10 @@ jobs:
         uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
 
       - name: Setup Node
-        uses: actions/setup-node@c46424eee26de4078d34105d3de3cc4992202b1e
+        uses: actions/setup-node@38d90ce44d5275ad62cc48384b3d8a58c500bb5f
         with:
           node-version: 16.x
-
-      - name: Get npm cache directory
-        id: npm-cache
-        run: |
-          echo "::set-output name=dir::$(npm config get cache)"
-
-      - name: Cache node modules
-        uses: actions/cache@0781355a23dac32fd3bac414512f4b903437991a
-        with:
-          path: ${{ steps.npm-cache.outputs.dir }}
-          key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
-          restore-keys: |
-            ${{ runner.os }}-node-
+          cache: npm
 
       - name: Install dependencies
         run: npm ci --include=optional

.github/workflows/post-status-updates-to-slack.yml

@@ -1,28 +0,0 @@
-name: Epic Status Update
-
-# **What it does**: For our epic issue status comments, also ping us in Slack.
-# **Why we have it**: So that we can write one status update and have it show up in two places.
-# **Who does it impact**: GitHub docs staff.
-
-on:
-  issue_comment:
-    types: [created]
-jobs:
-  post-status-updates-to-slack:
-    runs-on: ubuntu-latest
-    if: contains(github.event.comment.body, '_created with') && contains(github.event.comment.body, 'typing_ `/status`')
-    steps:
-      - name: Trim HTML comments
-        id: trimmed
-        uses: ashley-taylor/regex-property-action@93a24f845cd20790924208225cc72da8b4c6d46d
-        with:
-          value: ${{github.event.comment.body}}
-          regex: '<!--(.*?)-->'
-          replacement: ''
-      - name: Send Slack notification
-        uses: archive/github-actions-slack@d368c5a4ad757515a9344918f84c490b05777d94
-        id: notify
-        with:
-          slack-channel: 'C01EEKVR0Q7'
-          slack-bot-user-oauth-access-token: ${{ secrets.SLACK_BOT_TOKEN }}
-          slack-text: \n><${{ github.event.comment.html_url}}|*${{github.event.issue.title}}*>\nstatus update posted by ${{github.event.comment.user.login}}\n\n${{ steps.trimmed.outputs.value }}

.github/workflows/site-policy-reminder.yml

@@ -0,0 +1,24 @@
+name: Site Policy Reminder
+
+# **What it does**: Automated comment reminder on a PR to change the title for public consumption before merging
+# **Why we have it**: Titles of merged PRs to Site Policies are sent to the public site-policy repo
+# **Who does it impact**: Docs team merging changes to Site Policies
+
+on:
+  pull_request:
+    types: [labeled]
+
+jobs:
+  run:
+    if: |
+      github.event.label.name == 'Site Policy' &&
+      github.repository == 'github/docs-internal'
+    runs-on: ubuntu-latest
+    steps:
+      - uses: peter-evans/create-or-update-comment@5221bf4aa615e5c6e95bb142f9673a9c791be2cd
+        env:
+          GITHUB_TOKEN: ${{ secrets.API_TOKEN_SITEPOLICY }}
+        with:
+          issue-number: ${{ github.event.pull_request.number }}
+          body: |
+            Before merging, please remember to change the title of this PR to a description of its changes that is suitable for public viewing on github/site-policy.

.github/workflows/staging-deploy-pr.yml

@@ -40,24 +40,10 @@ jobs:
 
       - if: ${{ github.event_name == 'workflow_dispatch' }}
         name: Setup node
-        uses: actions/setup-node@c46424eee26de4078d34105d3de3cc4992202b1e
+        uses: actions/setup-node@38d90ce44d5275ad62cc48384b3d8a58c500bb5f
         with:
           node-version: 16.x
-
-      - if: ${{ github.event_name == 'workflow_dispatch' }}
-        name: Get npm cache directory
-        id: npm-cache
-        run: |
-          echo "::set-output name=dir::$(npm config get cache)"
-
-      - if: ${{ github.event_name == 'workflow_dispatch' }}
-        name: Cache node modules
-        uses: actions/cache@0781355a23dac32fd3bac414512f4b903437991a
-        with:
-          path: ${{ steps.npm-cache.outputs.dir }}
-          key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
-          restore-keys: |
-            ${{ runner.os }}-node-
+          cache: npm
 
       - if: ${{ github.event_name == 'workflow_dispatch' }}
         name: Install dependencies
@@ -111,22 +97,10 @@ jobs:
           persist-credentials: 'false'
 
       - name: Setup node
-        uses: actions/setup-node@c46424eee26de4078d34105d3de3cc4992202b1e
+        uses: actions/setup-node@38d90ce44d5275ad62cc48384b3d8a58c500bb5f
         with:
           node-version: 16.x
-
-      - name: Get npm cache directory
-        id: npm-cache
-        run: |
-          echo "::set-output name=dir::$(npm config get cache)"
-
-      - name: Cache node modules
-        uses: actions/cache@0781355a23dac32fd3bac414512f4b903437991a
-        with:
-          path: ${{ steps.npm-cache.outputs.dir }}
-          key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
-          restore-keys: |
-            ${{ runner.os }}-node-
+          cache: npm
 
       - name: Install dependencies
         run: npm ci

.github/workflows/staging-undeploy-pr.yml

@@ -27,22 +27,10 @@ jobs:
           persist-credentials: 'false'
 
       - name: Setup node
-        uses: actions/setup-node@c46424eee26de4078d34105d3de3cc4992202b1e
+        uses: actions/setup-node@38d90ce44d5275ad62cc48384b3d8a58c500bb5f
         with:
           node-version: 16.x
-
-      - name: Get npm cache directory
-        id: npm-cache
-        run: |
-          echo "::set-output name=dir::$(npm config get cache)"
-
-      - name: Cache node modules
-        uses: actions/cache@0781355a23dac32fd3bac414512f4b903437991a
-        with:
-          path: ${{ steps.npm-cache.outputs.dir }}
-          key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
-          restore-keys: |
-            ${{ runner.os }}-node-
+          cache: npm
 
       - name: Install dependencies
         run: npm ci

.github/workflows/sync-algolia-search-indices.yml

@@ -18,16 +18,10 @@ jobs:
     steps:
       - name: checkout
         uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
-      - uses: actions/setup-node@c46424eee26de4078d34105d3de3cc4992202b1e
+      - uses: actions/setup-node@38d90ce44d5275ad62cc48384b3d8a58c500bb5f
         with:
           node-version: 16.x
-      - name: cache node modules
-        uses: actions/cache@0781355a23dac32fd3bac414512f4b903437991a
-        with:
-          path: ~/.npm
-          key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
-          restore-keys: |
-            ${{ runner.os }}-node-
+          cache: npm
       - name: Install dependencies
         run: npm ci
       - name: Run build scripts

.github/workflows/sync-single-english-algolia-index.yml

@@ -24,16 +24,10 @@ jobs:
     steps:
       - name: checkout
         uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
-      - uses: actions/setup-node@c46424eee26de4078d34105d3de3cc4992202b1e
+      - uses: actions/setup-node@38d90ce44d5275ad62cc48384b3d8a58c500bb5f
         with:
           node-version: 16.x
-      - name: cache node modules
-        uses: actions/cache@0781355a23dac32fd3bac414512f4b903437991a
-        with:
-          path: ~/.npm
-          key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
-          restore-keys: |
-            ${{ runner.os }}-node-
+          cache: npm
       - name: npm ci
         run: npm ci
       - name: Get version from Algolia label if present; only continue if the label is found.

.github/workflows/test-windows.yml

@@ -32,22 +32,10 @@ jobs:
           persist-credentials: 'false'
 
       - name: Setup node
-        uses: actions/setup-node@c46424eee26de4078d34105d3de3cc4992202b1e
+        uses: actions/setup-node@38d90ce44d5275ad62cc48384b3d8a58c500bb5f
         with:
           node-version: 16.x
-
-      - name: Get npm cache directory
-        id: npm-cache
-        run: |
-          echo "::set-output name=dir::$(npm config get cache)"
-
-      - name: Cache node modules
-        uses: actions/cache@0781355a23dac32fd3bac414512f4b903437991a
-        with:
-          path: ${{ steps.npm-cache.outputs.dir }}
-          key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
-          restore-keys: |
-            ${{ runner.os }}-node-
+          cache: npm
 
       - name: Install dependencies
         run: npm ci

.github/workflows/test.yml

@@ -37,22 +37,10 @@ jobs:
           persist-credentials: 'false'
 
       - name: Setup node
-        uses: actions/setup-node@c46424eee26de4078d34105d3de3cc4992202b1e
+        uses: actions/setup-node@38d90ce44d5275ad62cc48384b3d8a58c500bb5f
         with:
           node-version: 16.x
-
-      - name: Get npm cache directory
-        id: npm-cache
-        run: |
-          echo "::set-output name=dir::$(npm config get cache)"
-
-      - name: Cache node modules
-        uses: actions/cache@0781355a23dac32fd3bac414512f4b903437991a
-        with:
-          path: ${{ steps.npm-cache.outputs.dir }}
-          key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
-          restore-keys: |
-            ${{ runner.os }}-node-
+          cache: npm
 
       - name: Install dependencies
         run: npm ci

.github/workflows/triage-app-json.yml

@@ -0,0 +1,35 @@
+name: Check for app.json changes
+
+# **What it does**: If someone changes app.json, we fail the check.
+# **Why we have it**: app.json should rarely be edited, so we'll require an admin merge if the file really needs to be changed.
+# **Who does it impact**: Docs engineering and content writers.
+
+on:
+  pull_request:
+
+jobs:
+  check-app-json-changes:
+    if: github.repository == 'github/docs-internal' && github.event.pull_request.user.login != 'Octomerger'
+    runs-on: ubuntu-latest
+    steps:
+      - name: Get files changed
+        uses: dorny/paths-filter@eb75a1edc117d3756a18ef89958ee59f9500ba58
+        id: filter
+        with:
+          # Base branch used to get changed files
+          base: ${{ github.event.pull_request.base.ref }}
+
+          # Enables setting an output in the format in `${FILTER_NAME}_files
+          # with the names of the matching files formatted as JSON array
+          list-files: json
+
+          # Returns list of changed files matching each filter
+          filters: |
+            notAllowed:
+              - 'app.json'
+
+      - name: Fail if app.json was changed
+        if: ${{ steps.filter.outputs.notAllowed == 'true' }}
+        run: |
+          echo "Please admin merge if you really need to update app.json!"
+          exit 1

.github/workflows/yml-lint.yml

@@ -25,22 +25,10 @@ jobs:
         uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
 
       - name: Setup node
-        uses: actions/setup-node@c46424eee26de4078d34105d3de3cc4992202b1e
+        uses: actions/setup-node@38d90ce44d5275ad62cc48384b3d8a58c500bb5f
         with:
           node-version: 16.x
-
-      - name: Get npm cache directory
-        id: npm-cache
-        run: |
-          echo "::set-output name=dir::$(npm config get cache)"
-
-      - name: Cache node modules
-        uses: actions/cache@0781355a23dac32fd3bac414512f4b903437991a
-        with:
-          path: ${{ steps.npm-cache.outputs.dir }}
-          key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
-          restore-keys: |
-            ${{ runner.os }}-node-
+          cache: npm
 
       - name: Install dependencies
         run: npm ci

components/context/TocLandingContext.tsx

@@ -12,9 +12,11 @@ export type TocLandingContextT = {
   title: string
   introPlainText: string
   productCallout: string
+  isEarlyAccess: boolean
   tocItems: Array<TocItem>
   variant?: 'compact' | 'expanded'
   featuredLinks: Record<string, Array<FeaturedLink>>
+  renderedEarlyAccessPage: string
 }
 
 export const TocLandingContext = createContext<TocLandingContextT | null>(null)
@@ -34,11 +36,13 @@ export const getTocLandingContextFromRequest = (req: any): TocLandingContextT =>
     title: req.context.page.title,
     productCallout: req.context.page.product || '',
     introPlainText: req.context.page.introPlainText,
+    isEarlyAccess: req.context.page?.documentType === 'early-access',
     tocItems: (req.context.genericTocFlat || req.context.genericTocNested || []).map((obj: any) =>
       pick(obj, ['fullPath', 'title', 'intro'])
     ),
     variant: req.context.genericTocFlat ? 'expanded' : 'compact',
 
     featuredLinks: getFeaturedLinksFromReq(req),
+    renderedEarlyAccessPage: req.context.renderedPage,
   }
 }

components/landing/TocLanding.tsx

@@ -8,7 +8,7 @@ import { ArticleList } from 'components/landing/ArticleList'
 import { useTranslation } from 'components/hooks/useTranslation'
 
 export const TocLanding = () => {
-  const { title, introPlainText, tocItems, productCallout, variant, featuredLinks } =
+  const { title, introPlainText, tocItems, productCallout, variant, featuredLinks, isEarlyAccess, renderedEarlyAccessPage } =
     useTocLandingContext()
   const { t } = useTranslation('toc')
 
@@ -68,7 +68,14 @@ export const TocLanding = () => {
                   </div>
                 </div>
               )}
-
+              {isEarlyAccess &&
+                <div className="markdown-body">
+                  <div
+                    id="article-contents"
+                    className="article-grid-body"
+                    dangerouslySetInnerHTML={{ __html: renderedEarlyAccessPage }}
+                  />
+                </div>}
               <TableOfContents items={tocItems} variant={variant} />
             </div>
           </div>

content/actions/creating-actions/metadata-syntax-for-github-actions.md

@@ -56,7 +56,11 @@ inputs:
     required: true
 ```
 
-When you specify an input to an action in a workflow file or use a default input value, {% data variables.product.prodname_dotcom %} creates an environment variable for the input with the name `INPUT_<VARIABLE_NAME>`. The environment variable created converts input names to uppercase letters and replaces spaces with `_` characters. To access the environment variable in a Docker container action, you must pass the input using the `args` keyword in the action metadata file. For more information about the action metadata file for Docker container actions, see "[Creating a Docker container action](/articles/creating-a-docker-container-action#creating-an-action-metadata-file)."
+When you specify an input in a workflow file or use a default input value, {% data variables.product.prodname_dotcom %} creates an environment variable for the input with the name `INPUT_<VARIABLE_NAME>`. The environment variable created converts input names to uppercase letters and replaces spaces with `_` characters.
+
+If the action is written using a [composite](/actions/creating-actions/creating-a-composite-run-steps-action), then it will not automatically get `INPUT_<VARIABLE_NAME>`. If the conversion doesn't occur, you can change these inputs manually. 
+
+To access the environment variable in a Docker container action, you must pass the input using the `args` keyword in the action metadata file. For more information about the action metadata file for Docker container actions, see "[Creating a Docker container action](/articles/creating-a-docker-container-action#creating-an-action-metadata-file)."
 
 For example, if a workflow defined the `numOctocats` and `octocatEyeColor` inputs, the action code could read the values of the inputs using the `INPUT_NUMOCTOCATS` and `INPUT_OCTOCATEYECOLOR` environment variables.
 

content/actions/guides/adding-labels-to-issues.md

@@ -16,6 +16,7 @@ topics:
 {% data reusables.actions.enterprise-github-hosted-runners %}
 {% data reusables.actions.ae-beta %}
 {% data reusables.actions.ae-self-hosted-runners-notice %}
+{% data reusables.actions.actions-not-certified-by-github-note %}
 
 ## Introduction
 
@@ -30,6 +31,8 @@ In the tutorial, you will first make a workflow file that uses the [`andymckay/l
 3. Copy the following YAML contents into your workflow file.
 
     ```yaml{:copy}
+{% indented_data_reference reusables.actions.actions-not-certified-by-github-comment spaces=4 %}
+
     name: Label issues
     on:
       issues:
@@ -43,7 +46,7 @@ In the tutorial, you will first make a workflow file that uses the [`andymckay/l
           issues: write{% endif %}
         steps:
           - name: Label issues
-            uses: andymckay/labeler@1.0.2
+            uses: andymckay/labeler@5c59dabdfd4dd5bd9c6e6d255b01b9d764af4414
             with:
               add-labels: "triage"
               repo-token: {% raw %}${{ secrets.GITHUB_TOKEN }}{% endraw %}

content/actions/guides/building-and-testing-java-with-gradle.md

@@ -19,6 +19,7 @@ shortTitle: Build & test Java & Gradle
 {% data reusables.actions.enterprise-beta %}
 {% data reusables.actions.enterprise-github-hosted-runners %}
 {% data reusables.actions.ae-beta %}
+{% data reusables.actions.actions-not-certified-by-github-note %}
 
 ## Introduction
 
@@ -47,8 +48,9 @@ To get started quickly, you can choose the preconfigured Gradle template when yo
 
 You can also add this workflow manually by creating a new file in the `.github/workflows` directory of your repository.
 
-{% raw %}
 ```yaml{:copy}
+{% data reusables.actions.actions-not-certified-by-github-comment %}
+
 name: Java CI
 
 on: [push]
@@ -65,11 +67,10 @@ jobs:
           java-version: '11'
           distribution: 'adopt'
       - name: Validate Gradle wrapper
-        uses: gradle/wrapper-validation-action@v1
+        uses: gradle/wrapper-validation-action@e6e38bacfdf1a337459f332974bb2327a31aaf4b
       - name: Build with Gradle
         run: ./gradlew build
 ```
-{% endraw %}
 
 This workflow performs the following steps:
 
@@ -101,7 +102,7 @@ steps:
       java-version: '11'
       distribution: 'adopt'
   - name: Validate Gradle wrapper
-    uses: gradle/wrapper-validation-action@v1
+    uses: gradle/wrapper-validation-action@e6e38bacfdf1a337459f332974bb2327a31aaf4b
   - name: Run the Gradle package task
     run: ./gradlew -b ci.gradle package
 ```
@@ -121,7 +122,7 @@ steps:
       java-version: '11'
       distribution: 'adopt'
   - name: Validate Gradle wrapper
-    uses: gradle/wrapper-validation-action@v1
+    uses: gradle/wrapper-validation-action@e6e38bacfdf1a337459f332974bb2327a31aaf4b
   - name: Cache Gradle packages
     uses: actions/cache@v2
     with:
@@ -159,7 +160,7 @@ steps:
       java-version: '11'
       distribution: 'adopt'
   - name: Validate Gradle wrapper
-    uses: gradle/wrapper-validation-action@v1
+    uses: gradle/wrapper-validation-action@e6e38bacfdf1a337459f332974bb2327a31aaf4b
   - run: ./gradlew build
   - uses: actions/upload-artifact@v2
     with:

content/actions/guides/building-and-testing-nodejs.md

@@ -62,7 +62,7 @@ jobs:
     steps:
       - uses: actions/checkout@v2
       - name: Use Node.js ${{ matrix.node-version }}
-        uses: actions/setup-node@v1
+        uses: actions/setup-node@v2
         with:
           node-version: ${{ matrix.node-version }}
       - run: npm ci
@@ -92,7 +92,7 @@ strategy:
 steps:
 - uses: actions/checkout@v2
 - name: Use Node.js ${{ matrix.node-version }}
-  uses: actions/setup-node@v1
+  uses: actions/setup-node@v2
   with:
     node-version: ${{ matrix.node-version }}
 ```
@@ -122,7 +122,7 @@ jobs:
     steps:
       - uses: actions/checkout@v2
       - name: Use Node.js
-        uses: actions/setup-node@v1
+        uses: actions/setup-node@v2
         with:
           node-version: '12.x'
       - run: npm ci
@@ -150,7 +150,7 @@ This example installs the dependencies defined in the *package.json* file. For m
 steps:
 - uses: actions/checkout@v2
 - name: Use Node.js
-  uses: actions/setup-node@v1
+  uses: actions/setup-node@v2
   with:
     node-version: '12.x'
 - name: Install dependencies
@@ -164,7 +164,7 @@ Using `npm ci` installs the versions in the *package-lock.json* or *npm-shrinkwr
 steps:
 - uses: actions/checkout@v2
 - name: Use Node.js
-  uses: actions/setup-node@v1
+  uses: actions/setup-node@v2
   with:
     node-version: '12.x'
 - name: Install dependencies
@@ -180,7 +180,7 @@ This example installs the dependencies defined in the *package.json* file. For m
 steps:
 - uses: actions/checkout@v2
 - name: Use Node.js
-  uses: actions/setup-node@v1
+  uses: actions/setup-node@v2
   with:
     node-version: '12.x'
 - name: Install dependencies
@@ -193,7 +193,7 @@ Alternatively, you can pass `--frozen-lockfile` to install the versions in the *
 steps:
 - uses: actions/checkout@v2
 - name: Use Node.js
-  uses: actions/setup-node@v1
+  uses: actions/setup-node@v2
   with:
     node-version: '12.x'
 - name: Install dependencies
@@ -215,7 +215,7 @@ Before installing dependencies, use the `setup-node` action to create the *.npmr
 steps:
 - uses: actions/checkout@v2
 - name: Use Node.js
-  uses: actions/setup-node@v1
+  uses: actions/setup-node@v2
   with:
     always-auth: true
     node-version: '12.x'
@@ -238,29 +238,34 @@ always-auth=true
 
 ### Example caching dependencies
 
-When using {% data variables.product.prodname_dotcom %}-hosted runners, you can cache dependencies using a unique key, and restore the dependencies when you run future workflows using the `cache` action. For more information, see "<a href="/actions/guides/caching-dependencies-to-speed-up-workflows" class="dotcom-only">Caching dependencies to speed up workflows</a>" and the [`cache` action](https://github.com/marketplace/actions/cache).
+When using {% data variables.product.prodname_dotcom %}-hosted runners, you can cache and restore the dependencies using the [`setup-node` action](https://github.com/actions/setup-node).
 
-{% raw %}
+The following example caches dependencies for npm.
 ```yaml{:copy}
 steps:
 - uses: actions/checkout@v2
-- name: Use Node.js
-  uses: actions/setup-node@v1
+- uses: actions/setup-node@v2
   with:
-    node-version: '12.x'
-- name: Cache Node.js modules
-  uses: actions/cache@v2
-  with:
-    # npm cache files are stored in `~/.npm` on Linux/macOS
-    path: ~/.npm
-    key: ${{ runner.OS }}-node-${{ hashFiles('**/package-lock.json') }}
-    restore-keys: |
-      ${{ runner.OS }}-node-
-      ${{ runner.OS }}-
-- name: Install dependencies
-  run: npm ci
+    node-version: '14'
+    cache: 'npm'
+- run: npm install
+- run: npm test
 ```
-{% endraw %}
+
+The following example caches dependencies for Yarn.
+
+```yaml{:copy}
+steps:
+- uses: actions/checkout@v2
+- uses: actions/setup-node@v2
+  with:
+    node-version: '14'
+    cache: 'yarn'
+- run: yarn
+- run: yarn test
+```
+
+To cache dependencies, you must have a `package-lock.json` or `yarn.lock` file in the root of the repository. If you need more flexible customization, you can use the [`cache` action](https://github.com/marketplace/actions/cache). For more information, see "<a href="/actions/guides/caching-dependencies-to-speed-up-workflows" class="dotcom-only">Caching dependencies to speed up workflows</a>".
 
 ## Building and testing your code
 
@@ -270,7 +275,7 @@ You can use the same commands that you use locally to build and test your code.
 steps:
 - uses: actions/checkout@v2
 - name: Use Node.js
-  uses: actions/setup-node@v1
+  uses: actions/setup-node@v2
   with:
     node-version: '12.x'
 - run: npm install

content/actions/guides/building-and-testing-python.md

@@ -18,6 +18,7 @@ shortTitle: Build & test Python
 {% data reusables.actions.enterprise-beta %}
 {% data reusables.actions.enterprise-github-hosted-runners %}
 {% data reusables.actions.ae-beta %}
+{% data reusables.actions.actions-not-certified-by-github-note %}
 
 ## Introduction
 
@@ -402,12 +403,8 @@ You can configure your workflow to publish your Python package to a package regi
 
 For this example, you will need to create two [PyPI API tokens](https://pypi.org/help/#apitoken). You can use secrets to store the access tokens or credentials needed to publish your package. For more information, see "[Creating and using encrypted secrets](/github/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets)."
 
-{% raw %}
 ```yaml{:copy}
-# This workflow uses actions that are not certified by GitHub.
-# They are provided by a third-party and are governed by
-# separate terms of service, privacy policy, and support
-# documentation.
+{% data reusables.actions.actions-not-certified-by-github-comment %}
 
 name: Upload Python Package
 
@@ -434,8 +431,7 @@ jobs:
         uses: pypa/gh-action-pypi-publish@27b31702a0e7fc50959f5ad993c78deac1bdfc29
         with:
           user: __token__
-          password: ${{ secrets.PYPI_API_TOKEN }}
+          password: {% raw %}${{ secrets.PYPI_API_TOKEN }}{% endraw %}
 ```
-{% endraw %}
 
 For more information about the template workflow, see [`python-publish`](https://github.com/actions/starter-workflows/blob/main/ci/python-publish.yml).

content/actions/guides/building-and-testing-ruby.md

@@ -15,6 +15,7 @@ topics:
 {% data reusables.actions.enterprise-beta %}
 {% data reusables.actions.enterprise-github-hosted-runners %}
 {% data reusables.actions.ae-beta %}
+{% data reusables.actions.actions-not-certified-by-github-note %}
 
 ## Introduction
 
@@ -33,8 +34,9 @@ We recommend that you have a basic understanding of Ruby, YAML, workflow configu
 
 To get started quickly, add the template to the `.github/workflows` directory of your repository. The workflow shown below assumes that the default branch for your repository is `main`.
 
-{% raw %}
 ```yaml
+{% data reusables.actions.actions-not-certified-by-github-comment %}
+
 name: Ruby
 
 on:
@@ -51,7 +53,7 @@ jobs:
     steps:
       - uses: actions/checkout@v2
       - name: Set up Ruby
-        uses: ruby/setup-ruby@v1
+        uses: ruby/setup-ruby@477b21f02be01bcb8030d50f37cfec92bfa615b6
         with:
           ruby-version: 2.6
       - name: Install dependencies
@@ -59,7 +61,6 @@ jobs:
       - name: Run tests
         run: bundle exec rake
 ```
-{% endraw %}
 
 ## Specifying the Ruby version
 
@@ -73,7 +74,7 @@ The `setup-ruby` action takes a Ruby version as an input and configures that ver
 ```yaml
 steps:
 - uses: actions/checkout@v2
-- uses: ruby/setup-ruby@v1
+- uses: ruby/setup-ruby@477b21f02be01bcb8030d50f37cfec92bfa615b6
   with:
     ruby-version: 2.6 # Not needed with a .ruby-version file
 - run: bundle install
@@ -99,8 +100,9 @@ Each version of Ruby specified in the `ruby-version` array creates a job that ru
 
 The full updated workflow with a matrix strategy could look like this:
 
-{% raw %}
 ```yaml
+{% data reusables.actions.actions-not-certified-by-github-comment %}
+
 name: Ruby CI
 
 on:
@@ -120,16 +122,15 @@ jobs:
 
     steps:
       - uses: actions/checkout@v2
-      - name: Set up Ruby ${{ matrix.ruby-version }}
-        uses: ruby/setup-ruby@v1
+      - name: {% raw %}Set up Ruby ${{ matrix.ruby-version }}{% endraw %}
+        uses: ruby/setup-ruby@477b21f02be01bcb8030d50f37cfec92bfa615b6
         with:
-          ruby-version: ${{ matrix.ruby-version }}
+          ruby-version: {% raw %}${{ matrix.ruby-version }}{% endraw %}
       - name: Install dependencies
         run: bundle install
       - name: Run tests
         run: bundle exec rake
 ```
-{% endraw %}
 
 ## Installing dependencies with Bundler
 
@@ -139,7 +140,7 @@ The `setup-ruby` action will automatically install bundler for you. The version
 ```yaml
 steps:
 - uses: actions/checkout@v2
-- uses: ruby/setup-ruby@v1
+- uses: ruby/setup-ruby@477b21f02be01bcb8030d50f37cfec92bfa615b6
   with:
     ruby-version: 2.6
 - run: bundle install
@@ -155,7 +156,7 @@ To enable caching, set the following.
 {% raw %}
 ```yaml
 steps:
-- uses: ruby/setup-ruby@v1
+- uses: ruby/setup-ruby@477b21f02be01bcb8030d50f37cfec92bfa615b6
     with:
       bundler-cache: true
 ```
@@ -205,8 +206,9 @@ steps:
 
 The following example matrix tests all stable releases and head versions of MRI, JRuby and TruffleRuby on Ubuntu and macOS.
 
-{% raw %}
 ```yaml
+{% data reusables.actions.actions-not-certified-by-github-comment %}
+
 name: Matrix Testing
 
 on:
@@ -217,29 +219,29 @@ on:
 
 jobs:
   test:
-    runs-on: ${{ matrix.os }}-latest
+    runs-on: {% raw %}${{ matrix.os }}-latest{% endraw %}
     strategy:
       fail-fast: false
       matrix:
         os: [ubuntu, macos]
         ruby: [2.5, 2.6, 2.7, head, debug, jruby, jruby-head, truffleruby, truffleruby-head]
-    continue-on-error: ${{ endsWith(matrix.ruby, 'head') || matrix.ruby == 'debug' }}
+    continue-on-error: {% raw %}${{ endsWith(matrix.ruby, 'head') || matrix.ruby == 'debug' }}{% endraw %}
     steps:
       - uses: actions/checkout@v2
-      - uses: ruby/setup-ruby@v1
+      - uses: ruby/setup-ruby@477b21f02be01bcb8030d50f37cfec92bfa615b6
         with:
-          ruby-version: ${{ matrix.ruby }}
+          ruby-version: {% raw %}${{ matrix.ruby }}{% endraw %}
       - run: bundle install
       - run: bundle exec rake
 ```
-{% endraw %}
 
 ## Linting your code
 
 The following example installs `rubocop` and uses it to lint all files. For more information, see [Rubocop](https://github.com/rubocop-hq/rubocop). You can [configure Rubocop](https://docs.rubocop.org/rubocop/configuration.html) to decide on the specific linting rules.
 
-{% raw %}
 ```yaml
+{% data reusables.actions.actions-not-certified-by-github-comment %}
+
 name: Linting
 
 on: [push]
@@ -249,14 +251,13 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v2
-      - uses: ruby/setup-ruby@v1
+      - uses: ruby/setup-ruby@477b21f02be01bcb8030d50f37cfec92bfa615b6
         with:
           ruby-version: 2.6
       - run: bundle install
       - name: Rubocop
         run: rubocop
 ```
-{% endraw %}
 
 ## Publishing Gems
 
@@ -265,6 +266,7 @@ You can configure your workflow to publish your Ruby package to any package regi
 You can store any access tokens or credentials needed to publish your package using repository secrets. The following example creates and publishes a package to `GitHub Package Registry` and `RubyGems`.
 
 ```yaml
+{% data reusables.actions.actions-not-certified-by-github-comment %}
 
 name: Ruby Gem
 
@@ -288,7 +290,7 @@ jobs:
     steps:{% raw %}
       - uses: actions/checkout@v2
       - name: Set up Ruby 2.6
-        uses: ruby/setup-ruby@v1
+        uses: ruby/setup-ruby@477b21f02be01bcb8030d50f37cfec92bfa615b6
         with:
           ruby-version: 2.6
       - run: bundle install

content/actions/guides/building-and-testing-swift.md

@@ -16,6 +16,7 @@ shortTitle: Build & test Swift
 {% data reusables.actions.enterprise-beta %}
 {% data reusables.actions.enterprise-github-hosted-runners %}
 {% data reusables.actions.ae-beta %}
+{% data reusables.actions.actions-not-certified-by-github-note %}
 
 ## Introduction
 
@@ -68,31 +69,31 @@ The examples below demonstrate using the `fwal/setup-swift` action.
 
 You can configure your job to use a multiple versions of Swift in a build matrix.
 
-{% raw %}
 ```yaml{:copy}
+{% data reusables.actions.actions-not-certified-by-github-comment %}
+
 name: Swift
 
 on: [push]
 
 jobs:
   build:
-    name: Swift ${{ matrix.swift }} on ${{ matrix.os }}
+    name: {% raw %}Swift ${{ matrix.swift }} on ${{ matrix.os }}{% endraw %}
     strategy:
       matrix:
         os: [ubuntu-latest, macos-latest]
         swift: ["5.2", "5.3"]
-    runs-on: ${{ matrix.os }}
+    runs-on: {% raw %}${{ matrix.os }}{% endraw %}
     steps:
-      - uses: fwal/setup-swift@v1
+      - uses: fwal/setup-swift@d43a564349d1341cd990cfbd70d94d63b8899475
         with:
-          swift-version: ${{ matrix.swift }}
-      - uses: actions/checkout@v2
+          swift-version: {% raw %}${{ matrix.swift }}{% endraw %}
+      - uses: actions/checkout@
       - name: Build
         run: swift build
       - name: Run tests
         run: swift test
 ```
-{% endraw %}
 
 ### Using a single specific Swift version
 
@@ -101,7 +102,7 @@ You can configure your job to use a single specific version of Swift, such as `5
 {% raw %}
 ```yaml{:copy}
 steps:
-  - uses: fwal/setup-swift@v1
+  - uses: fwal/setup-swift@d43a564349d1341cd990cfbd70d94d63b8899475
     with:
       swift-version: "5.3.3"
   - name: Get swift version
@@ -117,7 +118,7 @@ You can use the same commands that you use locally to build and test your code u
 ```yaml{:copy}
 steps:
   - uses: actions/checkout@v2
-  - uses: fwal/setup-swift@v1
+  - uses: fwal/setup-swift@d43a564349d1341cd990cfbd70d94d63b8899475
     with:
       swift-version: "5.3.3"
   - name: Build

content/actions/guides/caching-dependencies-to-speed-up-workflows.md

@@ -22,7 +22,11 @@ Workflow runs often reuse the same outputs or downloaded dependencies from one r
 
 Jobs on {% data variables.product.prodname_dotcom %}-hosted runners start in a clean virtual environment and must download dependencies each time, causing increased network utilization, longer runtime, and increased cost. To help speed up the time it takes to recreate these files, {% data variables.product.prodname_dotcom %} can cache dependencies you frequently use in workflows.
 
-To cache dependencies for a job, you'll need to use {% data variables.product.prodname_dotcom %}'s `cache` action. The action retrieves a cache identified by a unique key. For more information, see [`actions/cache`](https://github.com/actions/cache). If you are caching Ruby gems, instead consider using the Ruby maintained action, which can cache bundle installs on initiation. For more information, see [`ruby/setup-ruby`](https://github.com/ruby/setup-ruby#caching-bundle-install-automatically).
+To cache dependencies for a job, you'll need to use {% data variables.product.prodname_dotcom %}'s `cache` action. The action retrieves a cache identified by a unique key. For more information, see [`actions/cache`](https://github.com/actions/cache). 
+
+If you are caching Ruby gems, instead consider using the Ruby maintained action, which can cache bundle installs on initiation. For more information, see [`ruby/setup-ruby`](https://github.com/ruby/setup-ruby#caching-bundle-install-automatically). 
+
+To cache and restore dependencies for npm or Yarn, you can use the [`actions/setup-node` action](https://github.com/actions/setup-node).
 
 {% warning %}
 

content/actions/guides/commenting-on-an-issue-when-a-label-is-added.md

@@ -17,6 +17,7 @@ shortTitle: Add label to comment on issue
 {% data reusables.actions.enterprise-github-hosted-runners %}
 {% data reusables.actions.ae-beta %}
 {% data reusables.actions.ae-self-hosted-runners-notice %}
+{% data reusables.actions.actions-not-certified-by-github-note %}
 
 ## Introduction
 
@@ -31,6 +32,8 @@ In the tutorial, you will first make a workflow file that uses the [`peter-evans
 3. Copy the following YAML contents into your workflow file.
 
     ```yaml{:copy}
+{% indented_data_reference reusables.actions.actions-not-certified-by-github-comment spaces=4 %}
+
     name: Add comment
     on:
       issues:
@@ -44,7 +47,7 @@ In the tutorial, you will first make a workflow file that uses the [`peter-evans
           issues: write{% endif %}
         steps:
           - name: Add comment
-            uses: peter-evans/create-or-update-comment@v1
+            uses: peter-evans/create-or-update-comment@a35cf36e5301d70b76f316e867e7788a55a31dae
             with:
               issue-number: {% raw %}${{ github.event.issue.number }}{% endraw %}
               body: |

content/actions/guides/deploying-to-amazon-elastic-container-service.md

@@ -17,6 +17,7 @@ shortTitle: Deploy to Amazon ECS
 {% data reusables.actions.enterprise-beta %}
 {% data reusables.actions.enterprise-github-hosted-runners %}
 {% data reusables.actions.ae-beta %}
+{% data reusables.actions.actions-not-certified-by-github-note %}
 
 ## Introduction
 
@@ -75,6 +76,8 @@ The following example workflow demonstrates how to build a container image and p
 Ensure that you provide your own values for all the variables in the `env` key of the workflow.
 
 ```yaml{:copy}
+{% data reusables.actions.actions-not-certified-by-github-comment %}
+
 name: Deploy to Amazon ECS
 
 on:
@@ -108,7 +111,7 @@ jobs:
         uses: actions/checkout@v2
 
       - name: Configure AWS credentials
-        uses: aws-actions/configure-aws-credentials@v1
+        uses: aws-actions/configure-aws-credentials@13d241b293754004c80624b5567555c4a39ffbe3
         with:
           aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
           aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
@@ -116,7 +119,7 @@ jobs:
 
       - name: Login to Amazon ECR
         id: login-ecr
-        uses: aws-actions/amazon-ecr-login@v1
+        uses: aws-actions/amazon-ecr-login@aaf69d68aa3fb14c1d5a6be9ac61fe15b48453a2
 
       - name: Build, tag, and push image to Amazon ECR
         id: build-image
@@ -133,14 +136,14 @@ jobs:
 
       - name: Fill in the new image ID in the Amazon ECS task definition
         id: task-def
-        uses: aws-actions/amazon-ecs-render-task-definition@v1
+        uses: aws-actions/amazon-ecs-render-task-definition@97587c9d45a4930bf0e3da8dd2feb2a463cf4a3a
         with:
           task-definition: ${{ env.ECS_TASK_DEFINITION }}
           container-name: ${{ env.CONTAINER_NAME }}
           image: ${{ steps.build-image.outputs.image }}
 
       - name: Deploy Amazon ECS task definition
-        uses: aws-actions/amazon-ecs-deploy-task-definition@v1
+        uses: aws-actions/amazon-ecs-deploy-task-definition@de0132cf8cdedb79975c6d42b77eb7ea193cf28e
         with:
           task-definition: ${{ steps.task-def.outputs.task-definition }}
           service: ${{ env.ECS_SERVICE }}

content/actions/guides/deploying-to-azure-app-service.md

@@ -17,6 +17,7 @@ shortTitle: Deploy to Azure App Service
 {% data reusables.actions.enterprise-beta %}
 {% data reusables.actions.enterprise-github-hosted-runners %}
 {% data reusables.actions.ae-beta %}
+{% data reusables.actions.actions-not-certified-by-github-note %}
 
 ## Introduction
 
@@ -74,8 +75,9 @@ The following example workflow demonstrates how to build, test, and deploy the N
 
 Ensure that you set `AZURE_WEBAPP_NAME` in the workflow `env` key to the name of the web app you created.
 
-{% raw %}
 ```yaml{:copy}
+{% data reusables.actions.actions-not-certified-by-github-comment %}
+
 on:
   release:
     types: [created]
@@ -92,10 +94,10 @@ jobs:
     steps:
       - uses: actions/checkout@v2
 
-      - name: Use Node.js ${{ env.NODE_VERSION }}
-        uses: actions/setup-node@v1
+      - name: Use Node.js {% raw %}${{ env.NODE_VERSION }}{% endraw %}
+        uses: actions/setup-node@v2
         with:
-          node-version: ${{ env.NODE_VERSION }}
+          node-version: {% raw %}${{ env.NODE_VERSION }}{% endraw %}
 
       - name: npm install, build, and test
         run: |
@@ -106,13 +108,12 @@ jobs:
           npm run test --if-present
 
       - name: 'Deploy to Azure WebApp'
-        uses: azure/webapps-deploy@v2
+        uses: azure/webapps-deploy@0b651ed7546ecfc75024011f76944cb9b381ef1e
         with:
-          app-name: ${{ env.AZURE_WEBAPP_NAME }}
-          publish-profile: ${{ secrets.AZURE_WEBAPP_PUBLISH_PROFILE }}
-          package: ${{ env.AZURE_WEBAPP_PACKAGE_PATH }}
+          app-name: {% raw %}${{ env.AZURE_WEBAPP_NAME }}{% endraw %}
+          publish-profile: {% raw %}${{ secrets.AZURE_WEBAPP_PUBLISH_PROFILE }}{% endraw %}
+          package: {% raw %}${{ env.AZURE_WEBAPP_PACKAGE_PATH }}{% endraw %}
 ```
-{% endraw %}
 
 ## Additional resources
 

content/actions/guides/deploying-to-google-kubernetes-engine.md

@@ -17,6 +17,7 @@ shortTitle: Deploy to Kubernetes (GKE)
 {% data reusables.actions.enterprise-beta %}
 {% data reusables.actions.enterprise-github-hosted-runners %}
 {% data reusables.actions.ae-beta %}
+{% data reusables.actions.actions-not-certified-by-github-note %}
 
 ## Introduction
 
@@ -104,8 +105,9 @@ Once you've completed the prerequisites, you can proceed with creating the workf
 
 The following example workflow demonstrates how to build a container image and push it to GCR. It then uses the Kubernetes tools (such as `kubectl` and `kustomize`) to pull the image into the cluster deployment.
 
-{% raw %}
 ```yaml{:copy}
+{% data reusables.actions.actions-not-certified-by-github-comment %}
+
 name: Build and Deploy to GKE
 
 on:
@@ -113,7 +115,7 @@ on:
     types: [created]
 
 env:
-  PROJECT_ID: ${{ secrets.GKE_PROJECT }}
+  PROJECT_ID: {% raw %}${{ secrets.GKE_PROJECT }}{% endraw %}
   GKE_CLUSTER: cluster-1    # Add your cluster name here.
   GKE_ZONE: us-central1-c   # Add your cluster zone here.
   DEPLOYMENT_NAME: gke-test # Add your deployment name here.
@@ -129,21 +131,21 @@ jobs:
       uses: actions/checkout@v2
 
     # Setup gcloud CLI
-    - uses: google-github-actions/setup-gcloud@v0.2.0
+    - uses: google-github-actions/setup-gcloud@94337306dda8180d967a56932ceb4ddcf01edae7
       with:
-        service_account_key: ${{ secrets.GKE_SA_KEY }}
-        project_id: ${{ secrets.GKE_PROJECT }}
+        service_account_key: {% raw %}${{ secrets.GKE_SA_KEY }}{% endraw %}
+        project_id: {% raw %}${{ secrets.GKE_PROJECT }}{% endraw %}
 
     # Configure docker to use the gcloud command-line tool as a credential helper
     - run: |-
         gcloud --quiet auth configure-docker
 
     # Get the GKE credentials so we can deploy to the cluster
-    - uses: google-github-actions/get-gke-credentials@v0.2.1
+    - uses: google-github-actions/get-gke-credentials@fb08709ba27618c31c09e014e1d8364b02e5042e
       with:
-        cluster_name: ${{ env.GKE_CLUSTER }}
-        location: ${{ env.GKE_ZONE }}
-        credentials: ${{ secrets.GKE_SA_KEY }}
+        cluster_name: {% raw %}${{ env.GKE_CLUSTER }}{% endraw %}
+        location: {% raw %}${{ env.GKE_ZONE }}{% endraw %}
+        credentials: {% raw %}${{ secrets.GKE_SA_KEY }}{% endraw %}
 
     # Build the Docker image
     - name: Build
@@ -173,7 +175,6 @@ jobs:
         kubectl rollout status deployment/$DEPLOYMENT_NAME
         kubectl get services -o wide
 ```
-{% endraw %}
 
 ## Additional resources
 

content/actions/guides/index.md

@@ -73,6 +73,8 @@ includeGuides:
   - /actions/guides/moving-assigned-issues-on-project-boards
   - /actions/guides/removing-a-label-when-a-card-is-added-to-a-project-board-column
   - /actions/guides/managing-github-actions-with-github-cli
+  - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/automating-dependabot-with-github-actions
+  - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/keeping-your-actions-up-to-date-with-dependabot
 children:
   - /about-continuous-integration
   - /setting-up-continuous-integration-using-workflow-templates

content/actions/guides/moving-assigned-issues-on-project-boards.md

@@ -17,6 +17,7 @@ shortTitle: Move assigned issues
 {% data reusables.actions.enterprise-github-hosted-runners %}
 {% data reusables.actions.ae-beta %}
 {% data reusables.actions.ae-self-hosted-runners-notice %}
+{% data reusables.actions.actions-not-certified-by-github-note %}
 
 ## Introduction
 
@@ -31,8 +32,9 @@ In the tutorial, you will first make a workflow file that uses the [`alex-page/g
 3. {% data reusables.actions.make-workflow-file %}
 4. Copy the following YAML contents into your workflow file.
 
-    {% raw %}
     ```yaml{:copy}
+{% indented_data_reference reusables.actions.actions-not-certified-by-github-comment spaces=4 %}
+
     name: Move assigned card
     on:
       issues:
@@ -42,13 +44,13 @@ In the tutorial, you will first make a workflow file that uses the [`alex-page/g
       move-assigned-card:
         runs-on: ubuntu-latest
         steps:
-          - uses: alex-page/github-project-automation-plus@v0.3.0
+          - uses: alex-page/github-project-automation-plus@5bcba1c1c091a222584d10913e5c060d32c44044
             with:
               project: Docs Work
               column: In Progress
-              repo-token: ${{ secrets.PERSONAL_ACCESS_TOKEN }}
+              repo-token: {% raw %}${{ secrets.PERSONAL_ACCESS_TOKEN }}{% endraw %}
     ```
-    {% endraw %}
+
 5. Customize the parameters in your workflow file:
    - Change the value for `project` to the name of your project board. If you have multiple project boards with the same name, the `alex-page/github-project-automation-plus` action will act on all projects with the specified name.
    - Change the value for `column` to the name of the column where you want issues to move when they are assigned.

content/actions/guides/publishing-docker-images.md

@@ -18,6 +18,7 @@ topics:
 {% data reusables.actions.enterprise-beta %}
 {% data reusables.actions.enterprise-github-hosted-runners %}
 {% data reusables.actions.ae-beta %}
+{% data reusables.actions.actions-not-certified-by-github-note %}
 
 ## Introduction
 
@@ -57,21 +58,24 @@ In the example workflow below, we use the Docker `login-action` and `build-push-
 To push to Docker Hub, you will need to have a Docker Hub account, and have a Docker Hub repository created. For more information, see "[Pushing a Docker container image to Docker Hub](https://docs.docker.com/docker-hub/repos/#pushing-a-docker-container-image-to-docker-hub)" in the Docker documentation.
 
 The `login-action` options required for Docker Hub are:
-
 * `username` and `password`: This is your Docker Hub username and password. We recommend storing your Docker Hub username and password as secrets so they aren't exposed in your workflow file. For more information, see "[Creating and using encrypted secrets](/actions/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets)."
 
+The `metadata-action` option required for Docker Hub is:
+* `images`: The namespace and name for the Docker image you are building/pushing to Docker Hub.
+
 The `build-push-action` options required for Docker Hub are:
 * `tags`: The tag of your new image in the format `DOCKER-HUB-NAMESPACE/DOCKER-HUB-REPOSITORY:VERSION`. You can set a single tag as shown below, or specify multiple tags in a list.
 * `push`: If set to `true`, the image will be pushed to the registry if it is built successfully.
 
 ```yaml{:copy}
-name: Publish Docker image
+{% data reusables.actions.actions-not-certified-by-github-comment %}
 
-{% data reusables.actions.actions-not-certified-by-github %}
+name: Publish Docker image
 
 on:
   release:
     types: [published]
+
 jobs:
   push_to_registry:
     name: Push Docker image to Docker Hub
@@ -79,16 +83,26 @@ jobs:
     steps:
       - name: Check out the repo
         uses: actions/checkout@v2
+      
       - name: Log in to Docker Hub
-        uses: docker/login-action@v1
+        uses: docker/login-action@f054a8b539a109f9f41c372932f1ae047eff08c9
         with:
           username: {% raw %}${{ secrets.DOCKER_USERNAME }}{% endraw %}
           password: {% raw %}${{ secrets.DOCKER_PASSWORD }}{% endraw %}
-      - name: Push to Docker Hub
-        uses: docker/build-push-action@v2
+      
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38
         with:
+          images: my-docker-hub-namespace/my-docker-hub-repository
+      
+      - name: Build and push Docker image
+        uses: docker/build-push-action@ad44023a93711e3deb337508980b4b5e9bcdc5dc
+        with:
+          context: .
           push: true
-          tags: my-docker-hub-namespace/my-docker-hub-repository:latest
+          tags: {% raw %}${{ steps.meta.outputs.tags }}{% endraw %}
+          labels: {% raw %}${{ steps.meta.outputs.labels }}{% endraw %}
 ```
 
 The above workflow checks out the {% data variables.product.prodname_dotcom %} repository, uses the `login-action` to log in to the registry, and then uses the `build-push-action` action to: build a Docker image based on your repository's `Dockerfile`; push the image to Docker Hub, and apply a tag to the image.
@@ -122,9 +136,9 @@ The above workflow if triggered by a push to the "release" branch. It checks out
 
 {% else %}
 ```yaml{:copy}
-name: Publish Docker image
+{% data reusables.actions.actions-not-certified-by-github-comment %}
 
-{% data reusables.actions.actions-not-certified-by-github %}
+name: Publish Docker image
 
 on:
   release:
@@ -139,15 +153,18 @@ jobs:
     steps:
       - name: Check out the repo
         uses: actions/checkout@v2
+      
       - name: Log in to GitHub Docker Registry
-        uses: docker/login-action@v1
+        uses: docker/login-action@f054a8b539a109f9f41c372932f1ae047eff08c9
         with:
           registry: {% ifversion ghae %}docker.YOUR-HOSTNAME.com{% else %}docker.pkg.github.com{% endif %}
           username: {% raw %}${{ github.actor }}{% endraw %}
           password: {% raw %}${{ secrets.GITHUB_TOKEN }}{% endraw %}
-      - name: Build container image
-        uses: docker/build-push-action@v2
+      
+      - name: Build and push Docker image
+        uses: docker/build-push-action@ad44023a93711e3deb337508980b4b5e9bcdc5dc
         with:
+          context: .
           push: true
           tags: |
             {% ifversion ghae %}docker.YOUR-HOSTNAME.com{% else %}docker.pkg.github.com{% endif %}{% raw %}/${{ github.repository }}/octo-image:${{ github.sha }}{% endraw %}
@@ -163,16 +180,15 @@ In a single workflow, you can publish your Docker image to multiple registries b
 
 The following example workflow uses the steps from the previous sections ("[Publishing images to Docker Hub](#publishing-images-to-docker-hub)" and "[Publishing images to {% data variables.product.prodname_registry %}](#publishing-images-to-github-packages)") to create a single workflow that pushes to both registries.
 
-
-
 ```yaml{:copy}
-name: Publish Docker image
+{% data reusables.actions.actions-not-certified-by-github-comment %}
 
-{% data reusables.actions.actions-not-certified-by-github %}
+name: Publish Docker image
 
 on:
   release:
     types: [published]
+
 jobs:
   push_to_registries:
     name: Push Docker image to multiple registries
@@ -183,38 +199,36 @@ jobs:
     steps:
       - name: Check out the repo
         uses: actions/checkout@v2
+      
       - name: Log in to Docker Hub
-        uses: docker/login-action@v1
+        uses: docker/login-action@f054a8b539a109f9f41c372932f1ae047eff08c9
         with:
           username: {% raw %}${{ secrets.DOCKER_USERNAME }}{% endraw %}
           password: {% raw %}${{ secrets.DOCKER_PASSWORD }}{% endraw %}
+      
       - name: Log in to the {% ifversion fpt %}Container{% else %}Docker{% endif %} registry
-        uses: docker/login-action@v1
+        uses: docker/login-action@f054a8b539a109f9f41c372932f1ae047eff08c9
         with:
           registry: {% ifversion fpt %}ghcr.io{% elsif ghae %}docker.YOUR-HOSTNAME.com{% else %}docker.pkg.github.com{% endif %}
           username: {% raw %}${{ github.actor }}{% endraw %}
           password: {% raw %}${{ secrets.GITHUB_TOKEN }}{% endraw %}
-      - name: Build and push to Docker Hub
-        uses: docker/build-push-action@v2
-        with:
-          push: true
-          tags: my-docker-hub-namespace/my-docker-hub-repository:{% raw %}${{ github.event.release.tag_name }}{% endraw %}{% ifversion fpt %}
+      
       - name: Extract metadata (tags, labels) for Docker
         id: meta
-        uses: docker/metadata-action@v3
+        uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38
         with:
-          images: ghcr.io/{% raw %}${{ github.repository }}{% endraw %}{% endif %}
-      - name: Build and push to {% data variables.product.prodname_registry %}
-        uses: docker/build-push-action@v2
+          images: |
+            my-docker-hub-namespace/my-docker-hub-repository
+            {% ifversion fpt %}ghcr.io/{% raw %}${{ github.repository }}{% endraw %}{% elsif ghae %}{% raw %}docker.YOUR-HOSTNAME.com/${{ github.repository }}/my-image{% endraw %}{% else %}{% raw %}docker.pkg.github.com/${{ github.repository }}/my-image{% endraw %}{% endif %}
+      
+      - name: Build and push Docker images
+        uses: docker/build-push-action@ad44023a93711e3deb337508980b4b5e9bcdc5dc
         with:
-          push: true{% ifversion fpt %}
           context: .
+          push: true
           tags: {% raw %}${{ steps.meta.outputs.tags }}{% endraw %}
-          labels: {% raw %}${{ steps.meta.outputs.labels }}{% endraw %}{% else %}
-          tags: {% ifversion ghae %}docker.YOUR-HOSTNAME.com{% else %}docker.pkg.github.com{% endif %}{% raw %}/${{ github.repository }}/my-image:${{ github.event.release.tag_name }}{% endraw %}{% endif %}
+          labels: {% raw %}${{ steps.meta.outputs.labels }}{% endraw %}
 ```
 
-The above workflow checks out the {% data variables.product.prodname_dotcom %} repository, uses the `login-action` twice to log in to both registries, and then uses the `build-push-action` action twice to build and push the Docker image to Docker Hub and the 
-{% ifversion fpt %}{% data variables.product.prodname_container_registry %}. For Docker Hub, it tags the built Docker image with the version tag for the release that triggered the workflow. For the {% data variables.product.prodname_container_registry %}, tags and labels are automatically generated by the `metadata-action` action. 
-{% else %}Docker registry. For both steps, it tags the built Docker image with the version tag for the release that triggered the workflow.
-{% endif %}
+The above workflow checks out the {% data variables.product.prodname_dotcom %} repository, uses the `login-action` twice to log in to both registries and generates tags and labels with the `metadata-action` action.
+Then the `build-push-action` action builds and pushes the Docker image to Docker Hub and the {% ifversion fpt %}{% data variables.product.prodname_container_registry %}{% else %}Docker registry{% endif %}.

content/actions/guides/publishing-java-packages-with-gradle.md

@@ -20,6 +20,7 @@ shortTitle: Java packages with Gradle
 {% data reusables.actions.enterprise-beta %}
 {% data reusables.actions.enterprise-github-hosted-runners %}
 {% data reusables.actions.ae-beta %}
+{% data reusables.actions.actions-not-certified-by-github-note %}
 
 ## Introduction
 
@@ -78,9 +79,9 @@ With this configuration, you can create a workflow that publishes your package t
 
 In the deploy step, you’ll need to set environment variables for the username and password or token that you use to authenticate to the Maven repository. For more information, see "[Creating and using encrypted secrets](/github/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets)."
 
-
-{% raw %}
 ```yaml{:copy}
+{% data reusables.actions.actions-not-certified-by-github-comment %}
+
 name: Publish package to the Maven Central Repository
 on:
   release:
@@ -96,14 +97,13 @@ jobs:
           java-version: '11'
           distribution: 'adopt'
       - name: Validate Gradle wrapper
-        uses: gradle/wrapper-validation-action@v1
+        uses: gradle/wrapper-validation-action@e6e38bacfdf1a337459f332974bb2327a31aaf4b
       - name: Publish package
         run: gradle publish
         env:
-          MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }}
-          MAVEN_PASSWORD: ${{ secrets.OSSRH_TOKEN }}
+          MAVEN_USERNAME: {% raw %}${{ secrets.OSSRH_USERNAME }}{% endraw %}
+          MAVEN_PASSWORD: {% raw %}${{ secrets.OSSRH_TOKEN }}{% endraw %}
 ```
-{% endraw %}
 
 {% data reusables.github-actions.gradle-workflow-steps %}
 1. Runs the `gradle publish` command to publish to the `OSSRH` Maven repository. The `MAVEN_USERNAME` environment variable will be set with the contents of your `OSSRH_USERNAME` secret, and the `MAVEN_PASSWORD` environment variable will be set with the contents of your `OSSRH_TOKEN` secret.
@@ -147,6 +147,8 @@ publishing {
 With this configuration, you can create a workflow that publishes your package to the Maven Central Repository by running the `gradle publish` command.
 
 ```yaml{:copy}
+{% data reusables.actions.actions-not-certified-by-github-comment %}
+
 name: Publish package to GitHub Packages
 on:
   release:
@@ -164,7 +166,7 @@ jobs:
           java-version: '11'
           distribution: 'adopt'
       - name: Validate Gradle wrapper
-        uses: gradle/wrapper-validation-action@v1
+        uses: gradle/wrapper-validation-action@e6e38bacfdf1a337459f332974bb2327a31aaf4b
       - name: Publish package
         run: gradle publish
         env:
@@ -221,6 +223,8 @@ publishing {
 With this configuration, you can create a workflow that publishes your package to both the Maven Central Repository and {% data variables.product.prodname_registry %} by running the `gradle publish` command.
 
 ```yaml{:copy}
+{% data reusables.actions.actions-not-certified-by-github-comment %}
+
 name: Publish package to the Maven Central Repository and GitHub Packages
 on:
   release:
@@ -239,7 +243,7 @@ jobs:
           java-version: '11'
           distribution: 'adopt'
       - name: Validate Gradle wrapper
-        uses: gradle/wrapper-validation-action@v1
+        uses: gradle/wrapper-validation-action@e6e38bacfdf1a337459f332974bb2327a31aaf4b
       - name: Publish to the Maven Central Repository
         run: gradle publish
         env: {% raw %}

content/actions/guides/publishing-nodejs-packages.md

@@ -219,7 +219,7 @@ jobs:
     steps:
       - uses: actions/checkout@v2
       # Setup .npmrc file to publish to npm
-      - uses: actions/setup-node@v1
+      - uses: actions/setup-node@v2
         with:
           node-version: '10.x'
           registry-url: 'https://registry.npmjs.org'
@@ -229,7 +229,7 @@ jobs:
         env:{% raw %}
           NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
       # Setup .npmrc file to publish to GitHub Packages
-      - uses: actions/setup-node@v1
+      - uses: actions/setup-node@v2
         with:
           registry-url: 'https://npm.pkg.github.com'
           # Defaults to the user or organization that owns the workflow file

content/actions/guides/removing-a-label-when-a-card-is-added-to-a-project-board-column.md

@@ -17,6 +17,7 @@ shortTitle: Remove label when adding card
 {% data reusables.actions.enterprise-github-hosted-runners %}
 {% data reusables.actions.ae-beta %}
 {% data reusables.actions.ae-self-hosted-runners-notice %}
+{% data reusables.actions.actions-not-certified-by-github-note %}
 
 ## Introduction
 
@@ -32,6 +33,8 @@ In the tutorial, you will first make a workflow file that uses the [`andymckay/l
 4. Copy the following YAML contents into your workflow file.
 
     ```yaml{:copy}
+{% indented_data_reference reusables.actions.actions-not-certified-by-github-comment spaces=4 %}
+
     name: Remove labels
     on:
       project_card:
@@ -46,7 +49,7 @@ In the tutorial, you will first make a workflow file that uses the [`andymckay/l
           pull-requests: write{% endif %}
         steps:
           - name: remove labels
-            uses: andymckay/labeler@master
+            uses: andymckay/labeler@5c59dabdfd4dd5bd9c6e6d255b01b9d764af4414
             with:
               remove-labels: "needs review"
               repo-token: {% raw %}${{ secrets.GITHUB_TOKEN }}{% endraw %}

content/actions/guides/scheduling-issue-creation.md

@@ -16,6 +16,7 @@ topics:
 {% data reusables.actions.enterprise-github-hosted-runners %}
 {% data reusables.actions.ae-beta %}
 {% data reusables.actions.ae-self-hosted-runners-notice %}
+{% data reusables.actions.actions-not-certified-by-github-note %}
 
 ## Introduction
 
@@ -30,6 +31,8 @@ In the tutorial, you will first make a workflow file that uses the [`imjohnbo/is
 3. Copy the following YAML contents into your workflow file.
 
     ```yaml{:copy}
+{% indented_data_reference reusables.actions.actions-not-certified-by-github-comment spaces=4 %}
+
     name: Weekly Team Sync
     on:
       schedule:
@@ -43,7 +46,7 @@ In the tutorial, you will first make a workflow file that uses the [`imjohnbo/is
           issues: write{% endif %}
         steps:
           - name: Create team sync issue
-            uses: imjohnbo/issue-bot@v3.0
+            uses: imjohnbo/issue-bot@3daae12aa54d38685d7ff8459fc8a2aee8cea98b
             with:
               assignees: "monalisa, doctocat, hubot"
               labels: "weekly sync, docs-team"

content/actions/hosting-your-own-runners/about-self-hosted-runners.md

@@ -131,6 +131,12 @@ If you use an IP address allow list for your {% data variables.product.prodname_
 
 You must ensure that the machine has the appropriate network access to communicate with the {% data variables.product.prodname_dotcom %} URLs listed below.
 
+{% note %}
+
+**Note:** Some of the domains listed below are configured using `CNAME` records. Some firewalls might require you to add rules recursively for all `CNAME` records. Note that the `CNAME` records might change in the future, and that only the domains listed below will remain constant.
+
+{% endnote %}
+
 ```
 github.com
 api.github.com
@@ -160,7 +166,7 @@ You can also use self-hosted runners with a proxy server. For more information,
 
 This is not an issue with {% data variables.product.prodname_dotcom %}-hosted runners because each {% data variables.product.prodname_dotcom %}-hosted runner is always a clean isolated virtual machine, and it is destroyed at the end of the job execution.
 
-Untrusted workflows running on your self-hosted runner poses significant security risks for your machine and network environment, especially if your machine persists its environment between jobs. Some of the risks include:
+Untrusted workflows running on your self-hosted runner pose significant security risks for your machine and network environment, especially if your machine persists its environment between jobs. Some of the risks include:
 
 * Malicious programs running on the machine.
 * Escaping the machine's runner sandbox.

content/actions/hosting-your-own-runners/managing-access-to-self-hosted-runners-using-groups.md

@@ -21,7 +21,7 @@ shortTitle: Manage access groups
 {% ifversion fpt %}
 {% note %}
 
-**Note:** All organizations have a single default self-hosted runner group. Creating and managing additional self-hosted runner groups is only available to enterprise accounts, and for organizations owned by an enterprise account.
+**Note:** All organizations have a single default self-hosted runner group. Only enterprise accounts and organizations owned by enterprise accounts can create and manage additional self-hosted runner groups.
 
 {% endnote %}
 {% endif %}

content/actions/learn-github-actions/introduction-to-github-actions.md

@@ -76,7 +76,9 @@ You can create an example workflow in your repository that automatically trigger
         runs-on: ubuntu-latest
         steps:
           - uses: actions/checkout@v2
-          - uses: actions/setup-node@v1
+          - uses: actions/setup-node@v2
+            with:
+              node-version: '14'
           - run: npm install -g bats
           - run: bats -v
     ```
@@ -170,11 +172,13 @@ To help you understand how YAML syntax is used to create a workflow file, this s
 <td>
 
   ```yaml
-      - uses: actions/setup-node@v1
+      - uses: actions/setup-node@v2
+        with:
+          node-version: '14'
   ```
 </td>
 <td>
-  This action installs the <code>node</code> software package on the runner, giving you access to the <code>npm</code> command.
+  This step uses the <code>actions/setup-node@v2</code> action to install the specified version of the <code>node</code> software package on the runner, which gives you access to the <code>npm</code> command.
 </td>
 </tr>
 <tr>

content/actions/learn-github-actions/managing-complex-workflows.md

@@ -80,7 +80,7 @@ jobs:
       matrix:
         node: [6, 8, 10]
     steps:
-      - uses: actions/setup-node@v1
+      - uses: actions/setup-node@v2
         with:
           node-version: ${{ matrix.node }}
 ```

content/actions/learn-github-actions/migrating-from-circleci-to-github-actions.md

@@ -19,6 +19,7 @@ shortTitle: Migrate from CircleCI
 {% data reusables.actions.enterprise-beta %}
 {% data reusables.actions.enterprise-github-hosted-runners %}
 {% data reusables.actions.ae-beta %}
+{% data reusables.actions.actions-not-certified-by-github-note %}
 
 ## Introduction
 
@@ -402,6 +403,8 @@ workflows:
 <td class="d-table-cell v-align-top">
 {% raw %}
 ```yaml
+{% endraw %}{% data reusables.actions.actions-not-certified-by-github-comment %}{% raw %}
+
 name: Containers
 
 on: [push]
@@ -435,7 +438,7 @@ jobs:
     steps:
       - uses: actions/checkout@v2
       - name: Setup Ruby
-        uses: eregon/use-ruby-action@master
+        uses: eregon/use-ruby-action@477b21f02be01bcb8030d50f37cfec92bfa615b6
         with:
           ruby-version: ${{ matrix.ruby }}
       - name: Cache dependencies

content/actions/learn-github-actions/migrating-from-jenkins-to-github-actions.md

@@ -280,8 +280,8 @@ jobs:
       matrix:
         os: [macos-latest, ubuntu-latest]
     steps:
-      - uses: actions/checkout@v1
-      - uses: actions/setup-node@v1
+      - uses: actions/checkout@v2
+      - uses: actions/setup-node@v2
         with:
           node-version: 12
       - run: npm install -g bats

content/actions/learn-github-actions/migrating-from-travis-ci-to-github-actions.md

@@ -410,7 +410,7 @@ jobs:
     steps:
       - uses: actions/checkout@v2
       - name: Use Node.js
-        uses: actions/setup-node@v1
+        uses: actions/setup-node@v2
         with:
           node-version: '12.x'
       - run: npm install

content/actions/learn-github-actions/security-hardening-for-github-actions.md

@@ -253,7 +253,7 @@ You should also consider the environment of the self-hosted runner machines:
 - What sensitive information resides on the machine configured as a self-hosted runner? For example, private SSH keys, API access tokens, among others.
 - Does the machine have network access to sensitive services? For example, Azure or AWS metadata services. The amount of sensitive information in this environment should be kept to a minimum, and you should always be mindful that any user capable of invoking workflows has access to this environment.
 
-Some customers might attempt to partially mitigate these risks by implementing systems that automatically destroy the self-hosted runner after each job execution. However, this approach might not be as effective as intended, as there is no way to guarantee that a self-hosted runner only runs one job.
+Some customers might attempt to partially mitigate these risks by implementing systems that automatically destroy the self-hosted runner after each job execution. However, this approach might not be as effective as intended, as there is no way to guarantee that a self-hosted runner only runs one job. Some jobs will use secrets as command-line arguments which can be seen by another job running on the same runner, such as `ps x -w`. This can lead to secret leakages.
 
 ## Auditing {% data variables.product.prodname_actions %} events
 

content/actions/managing-workflow-runs/adding-a-workflow-status-badge.md

@@ -17,8 +17,8 @@ shortTitle: Add a status badge
 
 You reference the workflow by the name of your workflow file.
 
-```
-https://github.com/<OWNER>/<REPOSITORY>/actions/workflows/<WORKFLOW_FILE>/badge.svg
+```markdown
+![example workflow](https://github.com/<OWNER>/<REPOSITORY>/actions/workflows/<WORKFLOW_FILE>/badge.svg)
 ```
 ## Using the workflow file name
 

content/actions/managing-workflow-runs/approving-workflow-runs-from-public-forks.md

@@ -1,15 +1,21 @@
 ---
 title: Approving workflow runs from public forks
-intro: 'When a first-time contributor submits a pull request to a public repository, a maintainer with write access must approve any workflow runs.'
+intro: 'When an outside contributor submits a pull request to a public repository, a maintainer with write access may need to approve any workflow runs.'
 product: '{% data reusables.gated-features.actions %}'
 versions:
   fpt: '*'
 shortTitle: Approve public fork runs
 ---
 
-Forks of public repositories can submit pull requests that propose changes to a repository's {% data variables.product.prodname_actions %} workflows. Although workflows from forks do not have access to sensitive data such as secrets, they can be an annoyance for maintainers if they are modified for abusive purposes. To help prevent this, workflows on pull requests are not run automatically if they are received from first-time contributors, and must be approved first.
+## About workflow runs from public forks
 
-Maintainers with write access to the repository can use the following procedure to review and run workflows on pull requests from first-time contributors. After a contributor has at least one pull request merged into a project's repository, any future pull requests from that contributor's fork will automatically run workflows.
+{% data reusables.actions.workflow-run-approve-public-fork %} However, you can configure this behavior for a [repository](/github/administering-a-repository/managing-repository-settings/disabling-or-limiting-github-actions-for-a-repository#configuring-required-approval-for-workflows-from-public-forks), [organization](/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#configuring-required-approval-for-workflows-from-public-forks), or [enterprise](/github/setting-up-and-managing-your-enterprise/setting-policies-for-organizations-in-your-enterprise-account/enforcing-github-actions-policies-in-your-enterprise-account#configuring-required-approval-for-workflows-from-public-forks).
+
+Workflow runs that have been awaiting approval for more than 30 days are automatically deleted.
+
+## Approving workflow runs on a pull request from a public fork
+
+Maintainers with write access to a repository can use the following procedure to review and run workflows on pull requests from contributors that require approval.
 
 {% data reusables.repositories.sidebar-pr %}
 {% data reusables.repositories.choose-pr-review %}

content/actions/managing-workflow-runs/disabling-and-enabling-a-workflow.md

@@ -28,11 +28,13 @@ Temporarily disabling a workflow can be useful in many scenarios. These are a fe
 
 {% endwarning %}
 
-## Disabling and enabling workflows with the {% data variables.product.prodname_dotcom %} UI
+You can also disable and enable a workflow using the REST API. For more information, see the "[Actions REST API](/rest/reference/actions#workflows)."
 
 ### Disabling a workflow
 
-You can manually disable a workflow so that it won't execute any workflow runs. A disabled workflow is not deleted, and can be re-enabled.
+{% include tool-switcher %}
+
+{% webui %}
 
 {% data reusables.repositories.navigate-to-repo %}
 {% data reusables.repositories.actions-tab %}
@@ -45,8 +47,28 @@ You can manually disable a workflow so that it won't execute any workflow runs.
 The disabled workflow is marked {% octicon "stop" aria-label="The stop icon" %} to indicate its status.
 ![actions list disabled workflow](/assets/images/help/repository/actions-find-disabled-workflow.png)
 
+{% endwebui %}
+
+{% cli %}
+
+{% data reusables.cli.download-cli %}
+
+{% data reusables.actions.actions-cli %}
+
+To disable a workflow, use the `workflow disable` subcommand. Replace `workflow` with either the name, ID, or file name of the workflow you want to disable. For example, `"Link Checker"`, `1234567`, or `"link-check-test.yml"`. If you don't specify a workflow, {% data variables.product.prodname_cli %} returns an interactive menu for you to choose a workflow.
+
+```shell
+gh workflow disable <em>workflow</em>
+```
+
+{% endcli %}
+
 ### Enabling a workflow
 
+{% include tool-switcher %}
+
+{% webui %}
+
 You can re-enable a workflow that was previously disabled.
 
 {% data reusables.repositories.navigate-to-repo %}
@@ -56,22 +78,16 @@ You can re-enable a workflow that was previously disabled.
 1. Click **Enable workflow**.
 ![actions enable workflow](/assets/images/help/repository/actions-enable-workflow.png)
 
-## Disabling and enabling workflows with {% data variables.product.prodname_cli %}
+{% endwebui %}
+
+{% cli %}
 
 {% data reusables.actions.actions-cli %}
 
-To disable a workflow, use the `workflow disable` subcommand. Replace `workflow` with either the name, ID, or file name of the workflow you want to disable. For example, `"Link Checker"`, `1234567`, or `"link-check-test.yml"`. If you don't specify a workflow, {% data variables.product.prodname_cli %} returns an interactive menu for you to choose a workflow.
-
-```shell
-gh workflow disable <em>workflow</em>
-```
-
 To enable a workflow, use the `workflow enable` subcommand. Replace `workflow` with either the name, ID, or file name of the workflow you want to enable. For example, `"Link Checker"`, `1234567`, or `"link-check-test.yml"`. If you don't specify a workflow, {% data variables.product.prodname_cli %} returns an interactive menu for you to choose a workflow.
 
 ```shell
 gh workflow enable <em>workflow</em>
 ```
 
-## Disabling and enabling workflows through the REST API
-
-You can also disable and enable a workflow using the REST API. For more information, see the "[Actions REST API](/rest/reference/actions#workflows)."
+{% endcli %}

content/actions/managing-workflow-runs/downloading-workflow-artifacts.md

@@ -13,13 +13,15 @@ shortTitle: Download workflow artifacts
 {% data reusables.actions.enterprise-github-hosted-runners %}
 {% data reusables.actions.ae-beta %}
 
-{% ifversion fpt or ghes > 2.22 or ghae %} By default, {% data variables.product.product_name %} stores build logs and artifacts for 90 days, and you can customize this retention period, depending on the type of repository. For more information, see "[Configuring the retention period for GitHub Actions artifacts and logs in your repository](/github/administering-a-repository/configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-repository)."{% endif %} 
-{% ifversion ghes = 2.22 %} {% data variables.product.product_name %} stores full build logs and artifacts for 90 days.{% endif %} 
-
-## Download artifacts with the {% data variables.product.prodname_dotcom %} UI
+{% ifversion fpt or ghes > 2.22 or ghae %} By default, {% data variables.product.product_name %} stores build logs and artifacts for 90 days, and you can customize this retention period, depending on the type of repository. For more information, see "[Configuring the retention period for GitHub Actions artifacts and logs in your repository](/github/administering-a-repository/configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-repository)."{% endif %}
+{% ifversion ghes = 2.22 %} {% data variables.product.product_name %} stores full build logs and artifacts for 90 days.{% endif %}
 
 {% data reusables.repositories.permissions-statement-read %}
 
+{% include tool-switcher %}
+
+{% webui %}
+
 {% data reusables.repositories.navigate-to-repo %}
 {% data reusables.repositories.actions-tab %}
 {% data reusables.repositories.navigate-to-workflow %}
@@ -31,7 +33,11 @@ shortTitle: Download workflow artifacts
     ![Download artifact drop-down menu](/assets/images/help/repository/artifact-drop-down.png)
     {% endif %}
 
-## Download artifacts with {% data variables.product.prodname_cli %}
+{% endwebui %}
+
+{% cli %}
+
+{% data reusables.cli.download-cli %}
 
 {% data reusables.actions.actions-cli %}
 
@@ -60,3 +66,5 @@ To download specific artifacts across all runs in a repository, use the `run dow
 ```shell
 gh run download -n <em>artifact-name-1</em> -n <em>artifact-name-2</em>
 ```
+
+{% endcli %}

content/actions/managing-workflow-runs/manually-running-a-workflow.md

@@ -15,24 +15,30 @@ shortTitle: Manually run a workflow
 
 ## Configuring a workflow to run manually
 
-To run a workflow manually, the workflow must be configured to run on the `workflow_dispatch` event. For more information about configuring the `workflow_dispatch` event, see "[Events that trigger workflows](/actions/reference/events-that-trigger-workflows#workflow_dispatch)".
-
-## Running a workflow on {% data variables.product.prodname_dotcom %} 
-
-To trigger the `workflow_dispatch` event on {% data variables.product.prodname_dotcom %}, your workflow must be in the default branch. Follow these steps to manually trigger a workflow run.
+To run a workflow manually, the workflow must be configured to run on the `workflow_dispatch` event. To trigger the `workflow_dispatch` event, your workflow must be in the default branch. For more information about configuring the `workflow_dispatch` event, see "[Events that trigger workflows](/actions/reference/events-that-trigger-workflows#workflow_dispatch)".
 
 {% data reusables.repositories.permissions-statement-write %}
 
+### Running a workflow
+
+{% include tool-switcher %}
+
+{% webui %}
+
 {% data reusables.repositories.navigate-to-repo %}
 {% data reusables.repositories.actions-tab %}
 1. In the left sidebar, click the workflow you want to run.
 ![actions select workflow](/assets/images/actions-select-workflow.png)
 1. Above the list of workflow runs, select **Run workflow**.
 ![actions workflow dispatch](/assets/images/actions-workflow-dispatch.png)
-1. Select the branch where the workflow will run and type the input parameters used by the workflow. Click **Run workflow**.
+1. Use the **Branch** dropdown to select the workflow's branch, and type the input parameters. Click **Run workflow**.
 ![actions manually run workflow](/assets/images/actions-manually-run-workflow.png)
 
-## Running a workflow using {% data variables.product.prodname_cli %}
+{% endwebui %}
+
+{% cli %}
+
+{% data reusables.cli.download-cli %}
 
 {% data reusables.actions.actions-cli %}
 
@@ -66,8 +72,10 @@ To view the progress of the workflow run, use the `run watch` subcommand and sel
 gh run watch
 ```
 
-## Running a workflow using the REST API
+{% endcli %}
 
-When using the REST API, you configure the `inputs` and `ref` as request body parameters. If the inputs are omitted, the default values defined in the workflow file are used. 
+### Running a workflow using the REST API
+
+When using the REST API, you configure the `inputs` and `ref` as request body parameters. If the inputs are omitted, the default values defined in the workflow file are used.
 
 For more information about using the REST API, see the "[Create a workflow dispatch event](/rest/reference/actions/#create-a-workflow-dispatch-event)."

content/actions/managing-workflow-runs/re-running-a-workflow.md

@@ -12,17 +12,23 @@ versions:
 {% data reusables.actions.enterprise-github-hosted-runners %}
 {% data reusables.actions.ae-beta %}
 
-## Re-run a workflow using the {% data variables.product.prodname_dotcom %} UI
-
 {% data reusables.repositories.permissions-statement-write %}
 
+{% include tool-switcher %}
+
+{% webui %}
+
 {% data reusables.repositories.navigate-to-repo %}
 {% data reusables.repositories.actions-tab %}
 {% data reusables.repositories.navigate-to-workflow %}
 {% data reusables.repositories.view-run %}
 1. In the upper-right corner of the workflow, use the **Re-run jobs** drop-down menu, and select **Re-run all jobs**.{% ifversion fpt or ghes > 3.0 or ghae %}![Re-run checks drop-down menu](/assets/images/help/repository/rerun-checks-drop-down-updated.png){% else %}![Re-run checks drop-down menu](/assets/images/help/repository/rerun-checks-drop-down.png){% endif %}
 
-## Re-run a workflow using {% data variables.product.prodname_cli %}
+{% endwebui %}
+
+{% cli %}
+
+{% data reusables.cli.download-cli %}
 
 {% data reusables.actions.actions-cli %}
 
@@ -37,3 +43,5 @@ To view the progress of the workflow run, use the `run watch` subcommand and sel
 ```shell
 gh run watch
 ```
+
+{% endcli %}

content/actions/managing-workflow-runs/viewing-workflow-run-history.md

@@ -13,16 +13,22 @@ shortTitle: View workflow run history
 {% data reusables.actions.enterprise-github-hosted-runners %}
 {% data reusables.actions.ae-beta %}
 
-## Viewing workflow run history on {% data variables.product.prodname_dotcom %} 
-
 {% data reusables.repositories.permissions-statement-read %}
 
+{% include tool-switcher %}
+
+{% webui %}
+
 {% data reusables.repositories.navigate-to-repo %}
 {% data reusables.repositories.actions-tab %}
 {% data reusables.repositories.navigate-to-workflow %}
 {% data reusables.repositories.view-run %}
 
-## Viewing workflow run history with {% data variables.product.prodname_cli %}
+{% endwebui %}
+
+{% cli %}
+
+{% data reusables.cli.download-cli %}
 
 {% data reusables.actions.actions-cli %}
 
@@ -77,3 +83,5 @@ Use the `--exit-status` flag to exit with a non-zero status if the run failed. F
 ```shell
 gh run view 0451 --exit-status && echo "run pending or passed"
 ```
+
+{% endcli %}

content/actions/reference/environment-variables.md

@@ -64,7 +64,7 @@ We strongly recommend that actions use environment variables to access the files
 | `GITHUB_REPOSITORY` | The owner and repository name. For example, `octocat/Hello-World`. |
 | `GITHUB_EVENT_NAME` | The name of the webhook event that triggered the workflow. |
 | `GITHUB_EVENT_PATH` | The path of the file with the complete webhook event payload. For example, `/github/workflow/event.json`. |
-| `GITHUB_WORKSPACE` | The {% data variables.product.prodname_dotcom %} workspace directory path. The workspace directory is a copy of your repository if your workflow uses the [actions/checkout](https://github.com/actions/checkout) action. If you don't use the `actions/checkout` action, the directory will be empty. For example, `/home/runner/work/my-repo-name/my-repo-name`. |
+| `GITHUB_WORKSPACE` | The {% data variables.product.prodname_dotcom %} workspace directory path, initially empty. For example, `/home/runner/work/my-repo-name/my-repo-name`. The [actions/checkout](https://github.com/actions/checkout) action will check out files, by default a copy of your repository, within this directory. |
 | `GITHUB_SHA` | The commit SHA that triggered the workflow. For example, `ffac537e6cbbf934b08745a378932722df287a53`. |
 | `GITHUB_REF` | The branch or tag ref that triggered the workflow. For example, `refs/heads/feature-branch-1`. If neither a branch or tag is available for the event type, the variable will not exist. |
 | `GITHUB_HEAD_REF` | Only set for pull request events. The name of the head branch.

content/actions/reference/environments.md

@@ -76,8 +76,9 @@ For more information on syntax to reference environments in workflows, see "[Wor
 
 When a workflow references an environment, the environment will appear in the repository's deployments. For more information about viewing current and previous deployments, see "[Viewing deployment history](/developers/overview/viewing-deployment-history)."
 
+{% ifversion fpt or ghae-next or ghes > 3.1 %}
 ## Using concurrency to serialize deployments in an environment
-You can use concurrency so that an environment has a maximum of one deployment in progress and one deployment pending at a time. For more information, see "[Workflow syntax for GitHub Actions](/actions/reference/workflow-syntax-for-github-actions#concurrency)."
+You can use concurrency so that an environment has a maximum of one deployment in progress and one deployment pending at a time. For more information, see "[Workflow syntax for GitHub Actions](/actions/reference/workflow-syntax-for-github-actions#concurrency)."{% endif %}
 
 ## Deleting an environment
 

content/actions/reference/events-that-trigger-workflows.md

@@ -284,6 +284,48 @@ on:
 
 {% endnote %}
 
+{% ifversion fpt %}
+### `discussion`
+
+Runs your workflow anytime the `discussion` event occurs. {% data reusables.developer-site.multiple_activity_types %} For information about the GraphQL API, see "[Discussions](/graphql/guides/using-the-graphql-api-for-discussions)."
+
+{% data reusables.github-actions.branch-requirement %}
+
+| Webhook event payload | Activity types | `GITHUB_SHA` | `GITHUB_REF` |
+| --------------------- | -------------- | ------------ | -------------|
+| [`discussion`](/webhooks/event-payloads/#discussion) | - `opened`<br/>- `edited`<br/>- `deleted`<br/>- `transferred`<br/>- `pinned`<br/>- `unpinned`<br/>- `labeled`<br/>- `unlabeled`<br/>- `locked`<br/>- `unlocked`<br/>- `category_changed`<br/> - `answered`<br/> - `unanswered` | Last commit on default branch | Default branch |
+
+{% data reusables.developer-site.limit_workflow_to_activity_types %}
+
+For example, you can run a workflow when a discussion has been `opened`, `edited`, or `answered`.
+
+```yaml
+on:
+  discussion:
+    types: [opened, edited, answered]
+```
+
+### `discussion_comment`
+
+Runs your workflow anytime the `discussion_comment` event occurs. {% data reusables.developer-site.multiple_activity_types %} For information about the GraphQL API, see "[Discussions](/graphql/guides/using-the-graphql-api-for-discussions)."
+
+{% data reusables.github-actions.branch-requirement %}
+
+| Webhook event payload | Activity types | `GITHUB_SHA` | `GITHUB_REF` |
+| --------------------- | -------------- | ------------ | -------------|
+| [`discussion_comment`](/developers/webhooks-and-events/webhook-events-and-payloads#discussion_comment) | - `created`<br/>- `edited`<br/>- `deleted`<br/> | Last commit on default branch | Default branch |
+
+{% data reusables.developer-site.limit_workflow_to_activity_types %}
+
+For example, you can run a workflow when an issue comment has been `created` or `deleted`.
+
+```yaml
+on:
+  discussion_comment:
+    types: [created, deleted]
+```
+{% endif %}
+
 ### `fork`
 
 Runs your workflow anytime when someone forks a repository, which triggers the `fork` event. For information about the REST API, see "[Create a fork](/rest/reference/repos#create-a-fork)."

content/actions/reference/workflow-syntax-for-github-actions.md

@@ -181,6 +181,25 @@ The filter determines if a workflow should run by evaluating the changed files a
 
 For more information, see "[About comparing branches in pull requests](/articles/about-comparing-branches-in-pull-requests)."
 
+## `on.workflow_dispatch.inputs`
+
+When using `workflow_dispatch` event, you can optionally specify inputs that are passed to the workflow. Workflow dispatch inputs are specified with the same format as action inputs. For more information about the format see "[Metadata syntax for GitHub Actions](/actions/creating-actions/metadata-syntax-for-github-actions#inputs)."
+
+```yaml
+on: 
+  workflow_dispatch:
+    inputs:
+      logLevel:
+        description: 'Log level'     
+        required: true
+        default: 'warning'
+      tags:
+        description: 'Test scenario tags'
+        required: false
+```
+
+The triggered workflow receives the inputs in the `github.event.inputs` context. For more information, see "[Context and expression syntax for GitHub Actions](/actions/reference/context-and-expression-syntax-for-github-actions#github-context)."
+
 ## `on.schedule`
 
 {% data reusables.repositories.actions-scheduled-workflow-example %}
@@ -247,7 +266,7 @@ defaults:
     working-directory: scripts
 ```
 
-{% ifversion fpt or ghes > 3.0 or ghae-next %}
+{% ifversion fpt or ghae-next or ghes > 3.1 %}
 ## `concurrency`
 
 {% data reusables.actions.concurrency-beta %}
@@ -440,7 +459,7 @@ environment:
 {% endif %}
 
 
-{% ifversion fpt or ghes > 3.0 or ghae-next %}
+{% ifversion fpt or ghae-next or ghes > 3.1 %}
 ## `jobs.<job_id>.concurrency`
 
 {% data reusables.actions.concurrency-beta %}
@@ -595,7 +614,7 @@ The `my backup step` only runs when the previous step of a job fails. For more i
 ```yaml
 steps:
   - name: My first step
-    uses: monacorp/action-name@main
+    uses: octo-org/action-name@main
   - name: My backup step
     if: {% raw %}${{ failure() }}{% endraw %}
     uses: actions/heroku@1.0.0
@@ -621,15 +640,15 @@ Actions are either JavaScript files or Docker containers. If the action you're u
 ### Example: Using versioned actions
 
 ```yaml
-steps:    
+steps:
   # Reference a specific commit
-  - uses: actions/setup-node@c46424eee26de4078d34105d3de3cc4992202b1e
+  - uses: actions/checkout@a81bbbf8298c0fa03ea29cdc473d45769f953675
   # Reference the major version of a release
-  - uses: actions/setup-node@v1
-  # Reference a minor version of a release
-  - uses: actions/setup-node@v1.2
+  - uses: actions/checkout@v2
+  # Reference a specific version
+  - uses: actions/checkout@v2.2.0
   # Reference a branch
-  - uses: actions/setup-node@main
+  - uses: actions/checkout@main
 ```
 
 ### Example: Using a public action
@@ -644,7 +663,7 @@ jobs:
     steps:
       - name: My first step
         # Uses the default branch of a public repository
-        uses: actions/heroku@1.0.0
+        uses: actions/heroku@main
       - name: My second step
         # Uses a specific version tag of a public repository
         uses: actions/aws@v2.0.1
@@ -780,7 +799,7 @@ Using the `working-directory` keyword, you can specify the working directory of
 
 ### Using a specific shell
 
-You can override the default shell settings in the runner's operating system using the `shell` keyword. You can use built-in `shell` keywords, or you can define a custom set of shell options.
+You can override the default shell settings in the runner's operating system using the `shell` keyword. You can use built-in `shell` keywords, or you can define a custom set of shell options. The shell command that is run internally executes a temporary file that contains the commands specifed in the `run` keyword.
 
 | Supported platform | `shell` parameter | Description | Command run internally |
 |--------------------|-------------------|-------------|------------------------|
@@ -909,7 +928,7 @@ A `string` that defines the inputs for a Docker container. {% data variables.pro
 ```yaml
 steps:
   - name: Explain why this job ran
-    uses: monacorp/action-name@main
+    uses: octo-org/action-name@main
     with:
       entrypoint: /bin/echo
       args: The ${{ github.event_name }} event triggered this step.
@@ -931,7 +950,7 @@ Overrides the Docker `ENTRYPOINT` in the `Dockerfile`, or sets it if one wasn't
 ```yaml
 steps:
   - name: Run a custom command
-    uses: monacorp/action-name@main
+    uses: octo-org/action-name@main
     with:
       entrypoint: /a/different/executable
 ```
@@ -1320,7 +1339,7 @@ You can use special characters in path, branch, and tag filters.
 
 - `*`: Matches zero or more characters, but does not match the `/` character. For example, `Octo*` matches `Octocat`.
 - `**`: Matches zero or more of any character.
-- `?`: Matches zero or one single character. For example, `Octoc?t` matches `Octocat`.
+- `?`: Matches zero or one of the preceding character.
 - `+`: Matches one or more of the preceding character.
 - `[]` Matches one character listed in the brackets or included in ranges. Ranges can only include `a-z`, `A-Z`, and `0-9`. For example, the range`[0-9a-z]` matches any digit or lowercase letter. For example, `[CB]at` matches `Cat` or `Bat` and `[1-2]00` matches `100` and `200`.
 - `!`: At the start of a pattern makes it negate previous positive patterns. It has no special meaning if not the first character.

content/admin/advanced-security/enabling-github-advanced-security-for-your-enterprise.md

@@ -27,7 +27,7 @@ When you enable {% data variables.product.prodname_GH_advanced_security %} for y
 ## Prerequisites for enabling {% data variables.product.prodname_GH_advanced_security %}
 
 1. Upgrade your license for {% data variables.product.product_name %} to include {% data variables.product.prodname_GH_advanced_security %}.{% ifversion ghes > 3.0 %} For information about licensing, see "[About licensing for {% data variables.product.prodname_GH_advanced_security %}](/admin/advanced-security/about-licensing-for-github-advanced-security)."{% endif %}
-2. Upload the new license to {% data variables.product.product_location %}. For more information, see "[Managing your GitHub Enterprise license](/admin/overview/managing-your-github-enterprise-license#uploading-a-new-license-to-github-enterprise-server)."{% ifversion ghes > 2.22 %}
+2. Upload the new license to {% data variables.product.product_location %}. For more information, see "[Managing your GitHub Enterprise license](/admin/overview/managing-your-github-enterprise-license#downloading-a-new-license-and-uploading-it-to-github-enterprise-server)."{% ifversion ghes > 2.22 %}
 3. Review the prerequisites for the features you plan to enable.
 
     - {% data variables.product.prodname_code_scanning_capc %}, see "[Configuring {% data variables.product.prodname_code_scanning %} for your appliance](/admin/advanced-security/configuring-code-scanning-for-your-appliance#prerequisites-for-code-scanning)."

content/admin/enterprise-management/updating-the-virtual-machine-and-physical-resources/increasing-storage-capacity.md

@@ -75,11 +75,10 @@ As more users join {% data variables.product.product_location %}, you may need t
   ```shell
   $ ghe-upgrade PACKAGE-NAME.pkg -s -t /dev/xvdg1
   ```
-4. As the root user, using a text editor of your choice, edit the _/etc/fstab_ file, changing the UUID for the `/` mount point to the UUID of the new root drive. You can obtain the UUID of the new root drive with the command `sudo lsblk -f`.
-5. Shut down the appliance:
+4. Shut down the appliance:
   ```shell
   $ sudo poweroff
   ```
-6. In the hypervisor, remove the old root disk and attach the new root disk at the same location as the old root disk.
-7. Start the appliance.
-8. Ensure system services are functioning correctly, then release maintenance mode. For more information, see "[Enabling and scheduling maintenance mode](/admin/guides/installation/enabling-and-scheduling-maintenance-mode)."
+5. In the hypervisor, remove the old root disk and attach the new root disk at the same location as the old root disk.
+6. Start the appliance.
+7. Ensure system services are functioning correctly, then release maintenance mode. For more information, see "[Enabling and scheduling maintenance mode](/admin/guides/installation/enabling-and-scheduling-maintenance-mode)."