зеркало из https://github.com/github/docs.git
Merge branch 'main' into openapi-update-4c3c34d090578794b4ce8a45185511e872332f09bb45c9ed520b8415a28fbf16
This commit is contained in:
Sarah Edwards
GitHub
Коммит
65b5c707fb
Двоичные данные
assets/images/help/organizations/security-and-analysis-disable-or-enable-all-ghas-dotcom.png
Normal file
Двоичные данные
assets/images/help/organizations/security-and-analysis-disable-or-enable-all-ghas-dotcom.png
Normal file
Двоичный файл не отображается.
|
После Ширина: | Высота: | Размер: 100 KiB |
Двоичный файл не отображается.
|
До Ширина: | Высота: | Размер: 49 KiB |
Двоичные данные
assets/images/help/organizations/security-and-analysis-enable-or-disable-feature-checkbox-dotcom.png
Normal file
Двоичные данные
assets/images/help/organizations/security-and-analysis-enable-or-disable-feature-checkbox-dotcom.png
Normal file
Двоичный файл не отображается.
|
После Ширина: | Высота: | Размер: 223 KiB |
Двоичный файл не отображается.
|
До Ширина: | Высота: | Размер: 76 KiB |
Двоичные данные
assets/images/help/organizations/security-and-analysis-highlight-ghas.png
Normal file
Двоичные данные
assets/images/help/organizations/security-and-analysis-highlight-ghas.png
Normal file
Двоичный файл не отображается.
|
После Ширина: | Высота: | Размер: 214 KiB |
Двоичные данные
assets/images/help/repository/dependency-graph-enable-button.png
Двоичные данные
assets/images/help/repository/dependency-graph-enable-button.png
Двоичный файл не отображается.
|
До Ширина: | Высота: | Размер: 97 KiB После Ширина: | Высота: | Размер: 55 KiB |
Двоичный файл не отображается.
|
После Ширина: | Высота: | Размер: 48 KiB |
Двоичный файл не отображается.
|
После Ширина: | Высота: | Размер: 115 KiB |
Двоичный файл не отображается.
|
После Ширина: | Высота: | Размер: 63 KiB |
Двоичные данные
assets/images/help/repository/repo-change-confirm.png
Двоичные данные
assets/images/help/repository/repo-change-confirm.png
Двоичный файл не отображается.
|
До Ширина: | Высота: | Размер: 25 KiB После Ширина: | Высота: | Размер: 32 KiB |
Двоичные данные
assets/images/help/repository/repo-change-select.png
Двоичные данные
assets/images/help/repository/repo-change-select.png
Двоичный файл не отображается.
|
До Ширина: | Высота: | Размер: 77 KiB После Ширина: | Высота: | Размер: 129 KiB |
Двоичные данные
assets/images/help/repository/security-and-analysis-disable-or-enable-dotcom-private.png
Normal file
Двоичные данные
assets/images/help/repository/security-and-analysis-disable-or-enable-dotcom-private.png
Normal file
Двоичный файл не отображается.
|
После Ширина: | Высота: | Размер: 159 KiB |
Двоичные данные
assets/images/help/repository/security-and-analysis-disable-or-enable-dotcom-public.png
Normal file
Двоичные данные
assets/images/help/repository/security-and-analysis-disable-or-enable-dotcom-public.png
Normal file
Двоичный файл не отображается.
|
После Ширина: | Высота: | Размер: 126 KiB |
|
|
@ -87,9 +87,28 @@ always-auth=true
|
|||
|
||||
Each time you create a new release, you can trigger a workflow to publish your package. The workflow in the example below runs anytime the `release` event with type `created` occurs. The workflow publishes the package to {% data variables.product.prodname_registry %} if CI tests pass.
|
||||
|
||||
By default, {% data variables.product.prodname_registry %} publishes a package in the {% data variables.product.prodname_dotcom %} repository you specify in the `name` field of the *package.json* file. For example, you would publish a package named `@my-org/test` to the `my-org/test` {% data variables.product.prodname_dotcom %} repository. For more information, see [`npm-scope`](https://docs.npmjs.com/misc/scope) in the npm documentation.
|
||||
#### Configuring the destination repository
|
||||
|
||||
To perform authenticated operations against the {% data variables.product.prodname_registry %} registry in your workflow, you can use the `GITHUB_TOKEN`. The `GITHUB_TOKEN` exists in your repository by default and has read and write permissions for packages in the repository where the workflow runs. For more information, see "[Creating and using encrypted secrets](/actions/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets)."
|
||||
If you don't provide the `repository` key in your *package.json* file, then {% data variables.product.prodname_registry %} publishes a package in the {% data variables.product.prodname_dotcom %} repository you specify in the `name` field of the *package.json* file. For example, a package named `@my-org/test` is published to the `my-org/test` {% data variables.product.prodname_dotcom %} repository.
|
||||
|
||||
However, if you do provide the `repository` key, then the repository in that key is used as the destination npm registry for {% data variables.product.prodname_registry %}. For example, publishing the below *package.json* results in a package named `my-amazing-package` published to the `octocat/my-other-repo` {% data variables.product.prodname_dotcom %} repository.
|
||||
|
||||
```json
|
||||
{
|
||||
"name": "@octocat/my-amazing-package",
|
||||
"repository": {
|
||||
"type": "git",
|
||||
"url": "https://github.com/octocat/my-other-repo.git"
|
||||
},
|
||||
```
|
||||
|
||||
#### Authenticating to the destination repository
|
||||
|
||||
To authenticate to the {% data variables.product.prodname_registry %} registry in your workflow, you can use the `GITHUB_TOKEN` from your repository. It is created automatically and has _read_ and _write_ permissions for packages in the repository where the workflow runs. For more information, see "[Authentication in a workflow](/actions/reference/authentication-in-a-workflow)."
|
||||
|
||||
If you want to publish your package to a different repository, you must use a personal access token (PAT) that has permission to write to packages in the destination repository. For more information, see "[Creating a personal access token](/github/authenticating-to-github/creating-a-personal-access-token)" and "[Encrypted secrets](http://localhost:4000/en/free-pro-team@latest/actions/reference/encrypted-secrets)."
|
||||
|
||||
#### Example workflow
|
||||
|
||||
This example stores the `GITHUB_TOKEN` secret in the `NODE_AUTH_TOKEN` environment variable. When the `setup-node` action creates an *.npmrc* file, it references the token from the `NODE_AUTH_TOKEN` environment variable.
|
||||
|
||||
|
|
|
|||
|
|
@ -46,7 +46,7 @@ A mapping is created between the `NameID` and the {% data variables.product.prod
|
|||
|
||||
### SAML metadata
|
||||
|
||||
Your {% data variables.product.prodname_ghe_server %} instances's service provider metadata is available at `http(s)://[hostname]/saml/metadata`.
|
||||
Your {% data variables.product.prodname_ghe_server %} instance's service provider metadata is available at `http(s)://[hostname]/saml/metadata`.
|
||||
|
||||
To configure your identity provider manually, the Assertion Consumer Service (ACS) URL is `http(s)://[hostname]/saml/consume`. It uses the `urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST` binding.
|
||||
|
||||
|
|
|
|||
|
|
@ -74,8 +74,8 @@ Exchange this `code` for an access token:
|
|||
|
||||
Name | Type | Description
|
||||
-----|------|--------------
|
||||
`client_id` | `string` | **Required.** The client ID you received from {% data variables.product.product_name %} for your {% data variables.product.prodname_github_app %}.
|
||||
`client_secret` | `string` | **Required.** The client secret you received from {% data variables.product.product_name %} for your {% data variables.product.prodname_github_app %}.
|
||||
`client_id` | `string` | **Required.** The client ID you received from {% data variables.product.product_name %} for your {% data variables.product.prodname_oauth_app %}.
|
||||
`client_secret` | `string` | **Required.** The client secret you received from {% data variables.product.product_name %} for your {% data variables.product.prodname_oauth_app %}.
|
||||
`code` | `string` | **Required.** The code you received as a response to Step 1.
|
||||
`redirect_uri` | `string` | The URL in your application where users are sent after authorization.
|
||||
`state` | `string` | The unguessable random string you provided in Step 1.
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
---
|
||||
title: Viewing transactions for your listing
|
||||
intro: 'The {% data variables.product.prodname_marketplace %} transactions page allows you to download and view all transactions for your {% data variables.product.prodname_marketplace %} listing. You can view transations for the past day (24 hours), week, month, or for the entire duration of time that your {% data variables.product.prodname_github_app %} has been listed.'
|
||||
intro: 'The {% data variables.product.prodname_marketplace %} transactions page allows you to download and view all transactions for your {% data variables.product.prodname_marketplace %} listing. You can view transactions for the past day (24 hours), week, month, or for the entire duration of time that your {% data variables.product.prodname_github_app %} has been listed.'
|
||||
redirect_from:
|
||||
- /marketplace/github-marketplace-transactions
|
||||
versions:
|
||||
|
|
|
|||
|
|
@ -116,6 +116,6 @@ You can archive a classroom that you no longer use on {% data variables.product.
|
|||
|
||||
1. **Read the warnings**.
|
||||
1. To verify that you're deleting the correct classroom, type the name of the classroom you want to delete.
|
||||
|
||||
|
||||
1. Click **Delete classroom**.
|
||||
|
||||
|
|
|
|||
|
|
@ -1,8 +1,10 @@
|
|||
---
|
||||
title: Configuring secret scanning for private repositories
|
||||
title: Configuring secret scanning for your repositories
|
||||
intro: 'You can configure how {% data variables.product.product_name %} scans your private repositories for secrets.'
|
||||
product: '{% data reusables.gated-features.secret-scanning %}'
|
||||
permissions: 'People with admin permissions to a private repository can enable {% data variables.product.prodname_secret_scanning %} for the repository.'
|
||||
redirect_from:
|
||||
- /github/administering-a-repository/configuring-secret-scanning-for-private-repositories
|
||||
product: '{% data reusables.gated-features.secret-scanning %}'
|
||||
versions:
|
||||
free-pro-team: '*'
|
||||
---
|
||||
|
|
@ -14,8 +16,19 @@ versions:
|
|||
{% data reusables.repositories.navigate-to-repo %}
|
||||
{% data reusables.repositories.sidebar-settings %}
|
||||
{% data reusables.repositories.navigate-to-security-and-analysis %}
|
||||
4. To the right of "Secret scanning", click **Enable**.
|
||||
|
||||
|
||||
{% if currentVersion == "free-pro-team@latest" %}
|
||||
4. If "{% data variables.product.prodname_secret_scanning_caps %}" is not shown on the page, you need to enable {% data variables.product.prodname_GH_advanced_security %} first. To the right of "{% data variables.product.prodname_GH_advanced_security %}", click **Enable**.
|
||||
|
||||
5. Click **Enable {% data variables.product.prodname_GH_advanced_security %} for this repository** to confirm the action.
|
||||
|
||||
6. When you enable {% data variables.product.prodname_GH_advanced_security %} this may automatically enable {% data variables.product.prodname_secret_scanning %} for the repository (this is controlled by the organization configuration). If "{% data variables.product.prodname_secret_scanning_caps %}" is shown with an **Enable** button, you still need to enable {% data variables.product.prodname_secret_scanning %} by clicking **Enable**. If you see a **Disable** button, {% data variables.product.prodname_secret_scanning %} is already enabled.
|
||||
{% endif %}
|
||||
|
||||
{% if enterpriseServerVersions contains currentVersion and currentVersion ver_gt "enterprise-server@2.22" %}
|
||||
4. To the right of "{% data variables.product.prodname_secret_scanning_caps %}", click **Enable**.
|
||||
|
||||
{% endif %}
|
||||
|
||||
### Excluding alerts from {% data variables.product.prodname_secret_scanning %} in private repositories
|
||||
|
||||
|
|
@ -66,7 +66,7 @@ versions:
|
|||
{% topic_link_in_list /securing-your-repository %}
|
||||
{% link_in_list /about-securing-your-repository %}
|
||||
{% link_in_list /about-secret-scanning %}
|
||||
{% link_in_list /configuring-secret-scanning-for-private-repositories %}
|
||||
{% link_in_list /configuring-secret-scanning-for-your-repositories %}
|
||||
{% link_in_list /managing-alerts-from-secret-scanning %}
|
||||
{% link_in_list /managing-security-and-analysis-settings-for-your-repository %}
|
||||
{% topic_link_in_list /keeping-your-dependencies-updated-automatically %}
|
||||
|
|
|
|||
|
|
@ -11,17 +11,33 @@ versions:
|
|||
free-pro-team: '*'
|
||||
---
|
||||
|
||||
### Enabling or disabling security and analysis features
|
||||
{% if currentVersion == "free-pro-team@latest" %}
|
||||
### Enabling or disabling security and analysis features for public repositories
|
||||
|
||||
{% data reusables.security.some-security-and-analysis-features-are-enabled-by-default %}
|
||||
You can manage a subset of security and analysis features for public repositories. Other features are permanently enabled, including dependency graph and secret scanning.
|
||||
|
||||
{% data reusables.repositories.navigate-to-repo %}
|
||||
{% data reusables.repositories.sidebar-settings %}
|
||||
{% data reusables.repositories.navigate-to-security-and-analysis %}
|
||||
4. Under "Configure security and analysis features", to the right of the feature, click **Disable** or **Enable**.
|
||||
|
||||
{% endif %}
|
||||
|
||||
### Enabling or disabling security and analysis features{% if currentVersion == "free-pro-team@latest" %} for private repositories{% endif %}
|
||||
|
||||
You can manage the security and analysis features for your {% if currentVersion == "free-pro-team@latest" %}private or internal {% endif %}repository. If your organization or enterprise has a license for {% data variables.product.prodname_GH_advanced_security %} then extra options are available. {% data reusables.advanced-security.more-info-ghas %}
|
||||
|
||||
{% data reusables.security.security-and-analysis-features-enable-read-only %}
|
||||
|
||||
{% data reusables.repositories.navigate-to-repo %}
|
||||
{% data reusables.repositories.sidebar-settings %}
|
||||
{% data reusables.repositories.navigate-to-security-and-analysis %}
|
||||
4. Under "Configure security and analysis features", to the right of the feature, click **Disable** or **Enable**.
|
||||
|
||||
4. Under "Configure security and analysis features", to the right of the feature, click **Disable** or **Enable**. {% if currentVersion == "free-pro-team@latest" %}If "{% data variables.product.prodname_secret_scanning_caps %}" is not displayed, you may need to enable {% data variables.product.prodname_GH_advanced_security %} first.
|
||||
|
||||
{% endif %}
|
||||
{% if enterpriseServerVersions contains currentVersion and currentVersion ver_gt "enterprise-server@2.22" %}
|
||||
|
||||
{% endif %}
|
||||
|
||||
### Granting access to security alerts
|
||||
|
||||
|
|
|
|||
|
|
@ -24,7 +24,8 @@ We recommend reviewing the following caveats before you change the visibility of
|
|||
* If you change a repository's visibility from internal to private, {% data variables.product.prodname_dotcom %} will remove forks that belong to any user without access to the newly private repository. {% if currentVersion == "free-pro-team@latest" or enterpriseServerVersions contains currentVersion %}The visibility of any forks will also change to private.{% elsif currentVersion == "github-ae@latest" %}If the internal repository has any forks, the visibility of the forks is already private.{% endif %} For more information, see "[What happens to forks when a repository is deleted or changes visibility?](/articles/what-happens-to-forks-when-a-repository-is-deleted-or-changes-visibility)"{% if currentVersion == "free-pro-team@latest" %}
|
||||
* If you're using {% data variables.product.prodname_free_user %} for user accounts or organizations, some features won't be available in the repository after you change the visibility to private. {% data reusables.gated-features.more-info %}{% endif %}
|
||||
* Any published {% data variables.product.prodname_pages %} site will be automatically unpublished.{% if currentVersion == "free-pro-team@latest" %} If you added a custom domain to the {% data variables.product.prodname_pages %} site, you should remove or update your DNS records before making the repository private, to avoid the risk of a domain takeover. For more information, see "[Managing a custom domain for your {% data variables.product.prodname_pages %} site](/articles/managing-a-custom-domain-for-your-github-pages-site)."{% endif %}{% if currentVersion == "free-pro-team@latest" %}
|
||||
* {% data variables.product.prodname_dotcom %} will no longer include the repository in the {% data variables.product.prodname_archive %}. For more information, see "[About archiving content and data on {% data variables.product.prodname_dotcom %}](/github/creating-cloning-and-archiving-repositories/about-archiving-content-and-data-on-github#about-the-github-archive-program)."{% endif %}{% if enterpriseServerVersions contains currentVersion %}
|
||||
* {% data variables.product.prodname_dotcom %} will no longer include the repository in the {% data variables.product.prodname_archive %}. For more information, see "[About archiving content and data on {% data variables.product.prodname_dotcom %}](/github/creating-cloning-and-archiving-repositories/about-archiving-content-and-data-on-github#about-the-github-archive-program)."{% endif %}{% if currentVersion == "free-pro-team@latest" or enterpriseServerVersions contains currentVersion and currentVersion ver_gt "enterprise-server@2.22" %}
|
||||
* {% data variables.product.prodname_GH_advanced_security %} features, such as {% data variables.product.prodname_code_scanning %}, will stop working unless the repository is owned by an organization that has a license for {% data variables.product.prodname_advanced_security %}. {% data reusables.advanced-security.more-info-ghas %}{% endif %}{% if enterpriseServerVersions contains currentVersion %}
|
||||
* Anonymous Git read access is no longer available. For more information, see "[Enabling anonymous Git read access for a repository](/enterprise/{{ currentVersion }}/user/articles/enabling-anonymous-git-read-access-for-a-repository)."{% endif %}
|
||||
|
||||
{% if currentVersion == "free-pro-team@latest" or currentVersion == "github-ae@latest" or currentVersion ver_gt "enterprise-server@2.19" %}
|
||||
|
|
@ -46,7 +47,10 @@ We recommend reviewing the following caveats before you change the visibility of
|
|||
#### Making a repository public
|
||||
|
||||
* {% data variables.product.product_name %} will detach private forks and turn them into a standalone private repository. For more information, see "[What happens to forks when a repository is deleted or changes visibility?](/articles/what-happens-to-forks-when-a-repository-is-deleted-or-changes-visibility#changing-a-private-repository-to-a-public-repository)"{% if currentVersion == "free-pro-team@latest" %}
|
||||
* If you're converting your private repository to a public repository as part of a move toward creating an open source project, see the [Open Source Guides](http://opensource.guide) for helpful tips and guidelines. You can also take a free course on managing an open source project with [{% data variables.product.prodname_learning %}]({% data variables.product.prodname_learning_link %}). Once your repository is public, you can also view your repository's community profile to see whether your project meets best practices for supporting contributors. For more information, see "[Viewing your community profile](/articles/viewing-your-community-profile)."{% endif %}
|
||||
* If you're converting your private repository to a public repository as part of a move toward creating an open source project, see the [Open Source Guides](http://opensource.guide) for helpful tips and guidelines. You can also take a free course on managing an open source project with [{% data variables.product.prodname_learning %}]({% data variables.product.prodname_learning_link %}). Once your repository is public, you can also view your repository's community profile to see whether your project meets best practices for supporting contributors. For more information, see "[Viewing your community profile](/articles/viewing-your-community-profile)."
|
||||
* The repository will automatically gain access to {% data variables.product.prodname_GH_advanced_security %} features.
|
||||
|
||||
For information about improving repository security, see "[About securing your repository](/github/administering-a-repository/about-securing-your-repository)."{% endif %}
|
||||
|
||||
{% endif %}
|
||||
|
||||
|
|
@ -59,7 +63,7 @@ We recommend reviewing the following caveats before you change the visibility of
|
|||
3. Under "Danger Zone", to the right of to "Change repository visibility", click **Change visibility**.
|
||||
|
||||
4. Select a visibility.
|
||||
|
||||
|
||||
5. To verify that you're changing the correct repository's visibility, type the name of the repository you want to change the visibility of.
|
||||
6. Click **I understand, change repository visibility**.
|
||||
|
||||
|
|
|
|||
|
|
@ -47,7 +47,7 @@ If the code of conduct you want to use isn't available in the provided templates
|
|||
|
||||
- To make your code of conduct visible in the repository's root directory, type *CODE_OF_CONDUCT* in the file name field.
|
||||
- To make your code of conduct visible in the repository's `docs` directory, type *docs/CODE_OF_CONDUCT*.
|
||||
- To make your code of conduct visible in the respository's `.github` directory, type *.github/CODE_OF_CONDUCT*.
|
||||
- To make your code of conduct visible in the repository's `.github` directory, type *.github/CODE_OF_CONDUCT*.
|
||||
4. In the new file, add your custom code of conduct.
|
||||
{% data reusables.files.write_commit_message %}
|
||||
{% data reusables.files.choose_commit_branch %}
|
||||
|
|
|
|||
|
|
@ -12,6 +12,7 @@ versions:
|
|||
|
||||
{% data reusables.code-scanning.beta-codeql-runner %}
|
||||
{% data reusables.code-scanning.beta %}
|
||||
{% data reusables.code-scanning.not-available %}
|
||||
|
||||
### The `init` command takes too long
|
||||
|
||||
|
|
|
|||
|
|
@ -11,6 +11,7 @@ versions:
|
|||
---
|
||||
|
||||
{% data reusables.code-scanning.beta %}
|
||||
{% data reusables.code-scanning.not-available %}
|
||||
|
||||
### Automatic build for a compiled language fails
|
||||
|
||||
|
|
|
|||
|
|
@ -27,6 +27,8 @@ You can upload the results using {% data variables.product.prodname_actions %}{%
|
|||
- The {% data variables.product.prodname_codeql_runner %}, to run {% data variables.product.prodname_code_scanning %} in your CI system, by default the runner automatically uploads results to {% data variables.product.prodname_dotcom %} on completion. If you block the automatic upload, when you are ready to upload results you can use the `upload` command (for more information, see "[Running {% data variables.product.prodname_code_scanning %} in your CI system](/github/finding-security-vulnerabilities-and-errors-in-your-code/running-codeql-code-scanning-in-your-ci-system)").
|
||||
- A tool that generates results as an artifact outside of your repository, you can use the {% data variables.product.prodname_code_scanning %} API to upload the file (for more information, see "[Upload a SARIF file](/rest/reference/code-scanning#upload-a-sarif-file)").
|
||||
|
||||
{% data reusables.code-scanning.not-available %}
|
||||
|
||||
### Uploading a {% data variables.product.prodname_code_scanning %} analysis with {% data variables.product.prodname_actions %}
|
||||
|
||||
To use {% data variables.product.prodname_actions %} to upload a third-party SARIF file to a repository, you'll need a workflow. For more information, see "[Learn {% data variables.product.prodname_actions %}](/actions/getting-started-with-github-actions/about-github-actions)" and "[Learn {% data variables.product.prodname_actions %}](/actions/learn-github-actions)."
|
||||
|
|
|
|||
|
|
@ -0,0 +1,46 @@
|
|||
---
|
||||
title: About GitHub Advanced Security
|
||||
intro: '{% data variables.product.prodname_dotcom %} makes extra security features available to customers under an {% data variables.product.prodname_advanced_security %} license. These features are also enabled for public repositories on {% data variables.product.prodname_dotcom_the_website %}.'
|
||||
versions:
|
||||
free-pro-team: '*'
|
||||
enterprise-server: '>=3.0'
|
||||
---
|
||||
|
||||
### About {% data variables.product.prodname_GH_advanced_security %}
|
||||
|
||||
{% data variables.product.prodname_dotcom %} has many features that help you improve and maintain the quality of your code. Some of these are included in all plans, for example: dependency graph and {% data variables.product.prodname_dependabot_alerts %}. Other security features require a license for {% data variables.product.prodname_GH_advanced_security %} to run on repositories apart from public repositories on {% data variables.product.prodname_dotcom_the_website %}. (That is, private and internal repositories on {% data variables.product.prodname_dotcom_the_website %}, and all repositories on {% data variables.product.prodname_ghe_server %}.)
|
||||
|
||||
For an overview of all security features, see "[About securing your repository](/github/administering-a-repository/about-securing-your-repository#setting-up-your-repository-securely)."
|
||||
|
||||
### About {% data variables.product.prodname_advanced_security %} features
|
||||
|
||||
A {% data variables.product.prodname_GH_advanced_security %} license provides the following additional features:
|
||||
|
||||
- **{% data variables.product.prodname_code_scanning_capc %}** - Search for potential security vulnerabilities and coding errors in your code. For more information, see "[About {% data variables.product.prodname_code_scanning %}](/github/finding-security-vulnerabilities-and-errors-in-your-code/about-code-scanning)."
|
||||
|
||||
- **{% data variables.product.prodname_secret_scanning_caps %}** - Detect secrets, for example keys and tokens, that have been checked into the repository. For more information, see "[About {% data variables.product.prodname_secret_scanning %}](/github/administering-a-repository/about-secret-scanning)."
|
||||
|
||||
{% if currentVersion == "free-pro-team@latest" %}
|
||||
- **Dependency review** - Show the full impact of changes to dependencies and see details of any vulnerable versions before you merge a pull request. For more information, see "[Reviewing dependency changes in a pull request](/github/collaborating-with-issues-and-pull-requests/reviewing-dependency-changes-in-a-pull-request)."
|
||||
{% endif %}
|
||||
|
||||
For information about {% data variables.product.prodname_advanced_security %} features that are in development, see "[{% data variables.product.prodname_dotcom %} public roadmap](https://github.com/github/roadmap)."
|
||||
|
||||
{% if currentVersion ver_gt "enterprise-server@2.22" %}
|
||||
### Enabling {% data variables.product.prodname_advanced_security %} features on {% data variables.product.prodname_ghe_server %}
|
||||
|
||||
The site administrator must enable {% data variables.product.prodname_advanced_security %} for {% data variables.product.product_location %} before you can use these features. For more information, see "[Configuring Advanced Security features](/admin/configuration/configuring-advanced-security-features)."
|
||||
|
||||
Once your system is set up, you can enable and disable these features at the organization or repository level. For more information, see "[Managing security and analysis settings for your organization](/github/setting-up-and-managing-organizations-and-teams/managing-security-and-analysis-settings-for-your-organization)" and "[Managing security and analysis settings for your repository](/github/administering-a-repository/managing-security-and-analysis-settings-for-your-repository)."
|
||||
|
||||
For information about purchasing a license for {% data variables.product.prodname_GH_advanced_security %}, contact {% data variables.contact.contact_enterprise_sales %}.
|
||||
{% endif %}
|
||||
|
||||
### Enabling {% data variables.product.prodname_advanced_security %} features on {% data variables.product.prodname_dotcom_the_website %}
|
||||
|
||||
For public repositories on {% data variables.product.prodname_dotcom_the_website %}, these features are permanently on and are only disabled if you change the visibility of the project so that the code is no longer public.
|
||||
|
||||
For all other repositories, once you have a license, you can enable and disable these features at the organization or repository level. {% if currentVersion == "free-pro-team@latest" %}For more information, see "[Managing security and analysis settings for your organization](/github/setting-up-and-managing-organizations-and-teams/managing-security-and-analysis-settings-for-your-organization)" and "[Managing security and analysis settings for your repository](/github/administering-a-repository/managing-security-and-analysis-settings-for-your-repository)."
|
||||
|
||||
For information about purchasing a license for {% data variables.product.prodname_GH_advanced_security %}, contact {% data variables.contact.contact_enterprise_sales %}.
|
||||
{% endif %}
|
||||
|
|
@ -97,7 +97,7 @@ For more information about hosting your own instance of [{% data variables.produ
|
|||
|
||||
- {% data variables.contact.github_support %} {% data variables.product.premium_plus_support_plan %}
|
||||
- {% data variables.product.prodname_insights %}
|
||||
- {% data variables.product.prodname_advanced_security %}{% if currentVersion == "free-pro-team@latest" %}. For more information, see "[About {% data variables.product.prodname_code_scanning %}](/github/finding-security-vulnerabilities-and-errors-in-your-code/about-code-scanning)" and "[About {% data variables.product.prodname_secret_scanning %}](/github/administering-a-repository/about-secret-scanning) (beta)."{% endif %}{% if enterpriseServerVersions contains currentVersion and currentVersion ver_gt "enterprise-server@2.21" %}. For more information, see "[About {% data variables.product.prodname_code_scanning %}](/github/finding-security-vulnerabilities-and-errors-in-your-code/about-code-scanning) (beta)."{% endif %}
|
||||
- {% data variables.product.prodname_GH_advanced_security %}{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.22" %}. For more information, see "[About {% data variables.product.prodname_GH_advanced_security %}](/github/getting-started-with-github/about-github-advanced-security)."{% endif %}{% if enterpriseServerVersions contains currentVersion and currentVersion == "enterprise-server@2.22" %}. For more information, see "[About {% data variables.product.prodname_code_scanning %}](/github/finding-security-vulnerabilities-and-errors-in-your-code/about-code-scanning)" (beta).{% endif %}
|
||||
- [{% data variables.product.prodname_learning %} for organizations](https://lab.github.com/organizations)
|
||||
|
||||
For more information about signing up for {% data variables.product.prodname_ghe_one %}, contact [{% data variables.product.product_name %}'s Sales team](https://enterprise.github.com/contact).
|
||||
|
|
|
|||
|
|
@ -28,6 +28,7 @@ versions:
|
|||
{% link_in_list /be-social %}
|
||||
{% topic_link_in_list /learning-about-github %}
|
||||
{% link_in_list /githubs-products %}
|
||||
{% link_in_list /about-github-advanced-security %}
|
||||
{% link_in_list /exploring-early-access-releases-with-feature-preview %}
|
||||
{% link_in_list /types-of-github-accounts %}
|
||||
{% link_in_list /faq-about-changes-to-githubs-plans %}
|
||||
|
|
|
|||
|
|
@ -17,7 +17,7 @@ You can link to a particular row by clicking the row number, or select multiple
|
|||
|
||||
### Searching data
|
||||
|
||||
If you want to find a certain value in your dataset, you can start typing in the search bar directly above the file. The rows will filter automagically:
|
||||
If you want to find a certain value in your dataset, you can start typing in the search bar directly above the file. The rows will filter automatically:
|
||||
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -19,4 +19,4 @@ For each pending collaborator, you can cancel all invitations to join organizati
|
|||
6. To the right of the person you want to cancel invitations for, click **Cancel invitations**.
|
||||
|
||||
7. Click **Cancel invitations for pending collaborators**.
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -8,7 +8,8 @@ versions:
|
|||
|
||||
### About management of security and analysis settings
|
||||
|
||||
{% data variables.product.prodname_dotcom %} can help secure the repositories in your organization. You can manage the security and analysis features for all existing or new repositories that members create in your organization.
|
||||
{% data variables.product.prodname_dotcom %} can help secure the repositories in your organization. You can manage the security and analysis features for all existing or new repositories that members create in your organization. {% if currentVersion == "free-pro-team@latest" %}If you have a license for {% data variables.product.prodname_GH_advanced_security %} then you can also manage access to these features. {% data reusables.advanced-security.more-info-ghas %}{% endif %}
|
||||
|
||||
{% data reusables.security.some-security-and-analysis-features-are-enabled-by-default %}
|
||||
{% data reusables.security.security-and-analysis-features-enable-read-only %}
|
||||
|
||||
|
|
@ -19,26 +20,58 @@ versions:
|
|||
{% data reusables.organizations.org_settings %}
|
||||
{% data reusables.organizations.security-and-analysis %}
|
||||
|
||||
The page that's displayed allows you to enable or disable security and analysis features for the repositories in your organization.
|
||||
The page that's displayed allows you to enable or disable all security and analysis features for the repositories in your organization. {% if currentVersion == "free-pro-team@latest" %}If your organization, or the enterprise that owns it, has a license for {% data variables.product.prodname_GH_advanced_security %}, the page will also contain options to enable and disable {% data variables.product.prodname_advanced_security %} features.
|
||||
|
||||
|
||||
{% endif %}
|
||||
|
||||
### Enabling or disabling a feature for all existing repositories
|
||||
|
||||
You can enable or disable features for all repositories. {% if currentVersion == "free-pro-team@latest" %}The impact of your changes on repositories in your organization is determined by their visibility:
|
||||
|
||||
- **Dependency graph** - Your changes affect only private repositories because the feature is always enabled for public repositories.
|
||||
- **{% data variables.product.prodname_dependabot_alerts %}** - Your changes affect all repositories.
|
||||
- **{% data variables.product.prodname_dependabot_security_updates %}** - Your changes affect all repositories.
|
||||
- **{% data variables.product.prodname_GH_advanced_security %}** - Your changes affect only private repositories because {% data variables.product.prodname_GH_advanced_security %} and the related features are always enabled for public repositories.
|
||||
- **{% data variables.product.prodname_secret_scanning_caps %}** - Your changes affect only private repositories where {% data variables.product.prodname_GH_advanced_security %} is also enabled. {% data variables.product.prodname_secret_scanning_caps %} is always enabled for public repositories.{% endif %}
|
||||
|
||||
{% data reusables.advanced-security.note-org-enable-uses-seats %}
|
||||
|
||||
1. Go to the security and analysis settings for your organization. For more information, see "[Displaying the security and analysis settings](#displaying-the-security-and-analysis-settings)."
|
||||
1. Under "Configure security and analysis features", to the right of the feature, click **Disable all** or **Enable all**.
|
||||
|
||||
1. Optionally, enable the feature by default for new repositories in your organization.
|
||||
|
||||
{% if currentVersion == "free-pro-team@latest" %}
|
||||
|
||||
{% endif %}
|
||||
{% if enterpriseServerVersions contains currentVersion and currentVersion ver_gt "enterprise-server@2.22" %}
|
||||
|
||||
{% endif %}
|
||||
2. Optionally, enable the feature by default for new repositories in your organization.
|
||||
{% if currentVersion == "free-pro-team@latest" %}
|
||||
|
||||
{% endif %}
|
||||
{% if enterpriseServerVersions contains currentVersion and currentVersion ver_gt "enterprise-server@2.22" %}
|
||||
|
||||
{% endif %}
|
||||
1. Click **Disable FEATURE** or **Enable FEATURE** to disable or enable the feature for all the repositories in your organization.
|
||||
|
||||
|
||||
### Enabling or disabling a feature for all new repositories when they are added
|
||||
### Enabling or disabling a feature automatically when new repositories are added
|
||||
|
||||
1. Go to the security and analysis settings for your organization. For more information, see "[Displaying the security and analysis settings](#displaying-the-security-and-analysis-settings)."
|
||||
1. Under "Configure security and analysis features", to the right of the feature, enable or disable the feature by default for new repositories in your organization.
|
||||
|
||||
1. Under "Configure security and analysis features", to the right of the feature, enable or disable the feature by default for new repositories{% if currentVersion == "free-pro-team@latest" %}, or all new private repositories,{% endif %} in your organization.
|
||||
{% if currentVersion == "free-pro-team@latest" %}
|
||||
|
||||
{% endif %}
|
||||
{% if enterpriseServerVersions contains currentVersion and currentVersion ver_gt "enterprise-server@2.22" %}
|
||||
|
||||
{% endif %}
|
||||
|
||||
{% data reusables.advanced-security.note-org-enable-uses-seats %}
|
||||
|
||||
### Allowing Dependabot to access private repositories
|
||||
|
||||
{% data reusables.dependabot.beta-note %}
|
||||
|
||||
{% data variables.product.prodname_dependabot %} can check for outdated dependency references in a project and automatically generate a pull request to update them. To do this, {% data variables.product.prodname_dependabot %} must have access to all of the targeted dependency files. Typically, version updates will fail if one or more dependencies are inaccessible.
|
||||
|
||||
By default, {% data variables.product.prodname_dependabot %} can't update dependencies that are located in private repositories. However, if a dependency is in a private {% data variables.product.prodname_dotcom %} repository within the same organization as the project that uses that dependency, you can allow {% data variables.product.prodname_dependabot %} to update the version successfully by giving it access to the host repository. For more information, including details of limitations to private dependency support, see "[About Dependabot version updates](/github/administering-a-repository/about-dependabot-version-updates)."
|
||||
|
|
|
|||
|
|
@ -107,7 +107,8 @@ In addition to managing organization-level settings, organization owners have ad
|
|||
| [Dismiss {% data variables.product.prodname_dependabot_alerts %}](/github/managing-security-vulnerabilities/viewing-and-updating-vulnerable-dependencies-in-your-repository) | | | | | **X** |
|
||||
| [Designate additional people or teams to receive {% data variables.product.prodname_dependabot_alerts %}](/github/administering-a-repository/managing-security-and-analysis-settings-for-your-repository) for vulnerable dependencies | | | | | **X** |
|
||||
| [Manage data use settings for your private repository](/github/understanding-how-github-uses-and-protects-your-data/managing-data-use-settings-for-your-private-repository) | | | | | **X** |
|
||||
| Create [security advisories](/github/managing-security-vulnerabilities/about-github-security-advisories) | | | | | **X** | {% endif %}{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.21" %}
|
||||
| Create [security advisories](/github/managing-security-vulnerabilities/about-github-security-advisories) | | | | | **X** |
|
||||
| Manage access to {% data variables.product.prodname_GH_advanced_security %} features (see "[Managing security and analysis settings for your organization](/github/setting-up-and-managing-organizations-and-teams/managing-security-and-analysis-settings-for-your-organization)") | | | | | **X** |{% endif %}{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.21" %}
|
||||
| [View {% data variables.product.prodname_code_scanning %} alerts on pull requests](/github/finding-security-vulnerabilities-and-errors-in-your-code/triaging-code-scanning-alerts-in-pull-requests) | **X** | **X** | **X** | **X** | **X** |
|
||||
| [List, dismiss, and delete {% data variables.product.prodname_code_scanning %} alerts](/github/finding-security-vulnerabilities-and-errors-in-your-code/managing-code-scanning-alerts-for-your-repository) | | | **X** | **X** | **X** |{% endif %}
|
||||
| [Manage the forking policy for a repository](/github/administering-a-repository/managing-the-forking-policy-for-your-repository) | | | | | **X** |
|
||||
|
|
@ -115,8 +116,7 @@ In addition to managing organization-level settings, organization owners have ad
|
|||
| [Delete or transfer repositories out of the organization](/articles/setting-permissions-for-deleting-or-transferring-repositories) | | | | | **X** |
|
||||
| [Archive repositories](/articles/about-archiving-repositories) | | | | | **X** |{% if currentVersion == "free-pro-team@latest" %}
|
||||
| Display a sponsor button (see "[Displaying a sponsor button in your repository](/articles/displaying-a-sponsor-button-in-your-repository)") | | | | | **X** |{% endif %}
|
||||
| Create autolink references to external resources, like JIRA or Zendesk (see "[Configuring autolinks to reference external resources](/articles/configuring-autolinks-to-reference-external-resources)") | | | | | **X** |{% if currentVersion == "free-pro-team@latest" %}
|
||||
| Create [security advisories](/github/managing-security-vulnerabilities/about-github-security-advisories) | | | | | **X** | {% endif %}{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.21" %}
|
||||
| Create autolink references to external resources, like JIRA or Zendesk (see "[Configuring autolinks to reference external resources](/articles/configuring-autolinks-to-reference-external-resources)") | | | | | **X** |{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.21" %}
|
||||
| [View {% data variables.product.prodname_code_scanning %} alerts on pull requests](/github/finding-security-vulnerabilities-and-errors-in-your-code/triaging-code-scanning-alerts-in-pull-requests) | **X** | **X** | **X** | **X** | **X** |
|
||||
| [List, dismiss, and delete {% data variables.product.prodname_code_scanning %} alerts](/github/finding-security-vulnerabilities-and-errors-in-your-code/managing-code-scanning-alerts-for-your-repository) | | | **X** | **X** | **X** |{% endif %}{% if currentVersion == "free-pro-team@latest" %}
|
||||
| [Enable {% data variables.product.prodname_discussions %}](/github/administering-a-repository/enabling-or-disabling-github-discussions-for-a-repository) in a repository | | | | **X** | **X** |
|
||||
|
|
|
|||
|
|
@ -324,6 +324,8 @@ For more information, see "[Restricting publication of {% data variables.product
|
|||
|
||||
| Action | Description
|
||||
|------------------|-------------------{% if currentVersion == "free-pro-team@latest"%}
|
||||
| `advanced_security_disabled` | Triggered when an organization admin disables {% data variables.product.prodname_GH_advanced_security %} for all existing private and internal repositories. For more information, see "[Managing security and analysis settings for your organization](/github/setting-up-and-managing-organizations-and-teams/managing-security-and-analysis-settings-for-your-organization)."
|
||||
| `advanced_security_enabled` | Triggered when an organization admin enables {% data variables.product.prodname_GH_advanced_security %} for all existing private and internal repositories.
|
||||
| `audit_log_export` | Triggered when an organization admin [creates an export of the organization audit log](#exporting-the-audit-log). If the export included a query, the log will list the query used and the number of audit log entries matching that query.
|
||||
| `block_user` | Triggered when an organization owner [blocks a user from accessing the organization's repositories](/articles/blocking-a-user-from-your-organization).
|
||||
| `cancel_invitation` | Triggered when an organization invitation has been revoked. {% endif %}{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.21" %}
|
||||
|
|
@ -451,7 +453,9 @@ For more information, see "[Restricting publication of {% data variables.product
|
|||
|------------------|-------------------
|
||||
| `access` | Triggered when a user [changes the visibility](/github/administering-a-repository/setting-repository-visibility) of a repository in the organization.
|
||||
| `add_member` | Triggered when a user accepts an [invitation to have collaboration access to a repository](/articles/inviting-collaborators-to-a-personal-repository).
|
||||
| `add_topic` | Triggered when a repository admin [adds a topic](/articles/classifying-your-repository-with-topics) to a repository.
|
||||
| `add_topic` | Triggered when a repository admin [adds a topic](/articles/classifying-your-repository-with-topics) to a repository.{% if currentVersion == "free-pro-team@latest" %}
|
||||
| `advanced_security_disabled` | Triggered when a repository owner disables {% data variables.product.prodname_GH_advanced_security %}. For more information, see "[Managing security and analysis settings for your repository](/github/administering-a-repository/managing-security-and-analysis-settings-for-your-repository)."
|
||||
| `advanced_security_enabled` | Triggered when a repository owner enables {% data variables.product.prodname_GH_advanced_security %}.{% endif %}
|
||||
| `archived` | Triggered when a repository admin [archives a repository](/articles/about-archiving-repositories).{% if enterpriseServerVersions contains currentVersion %}
|
||||
| `config.disable_anonymous_git_access` | Triggered when [anonymous Git read access is disabled](/enterprise/{{ currentVersion }}/user/articles/enabling-anonymous-git-read-access-for-a-repository) in a public repository.
|
||||
| `config.enable_anonymous_git_access` | Triggered when [anonymous Git read access is enabled](/enterprise/{{ currentVersion }}/user/articles/enabling-anonymous-git-read-access-for-a-repository) in a public repository.
|
||||
|
|
|
|||
|
|
@ -17,7 +17,7 @@ For definitions of each Service feature (“**Service Feature**”) and to revie
|
|||
|
||||
| **Service Feature** | **Uptime Calculation** | **Definitions** | **Service Credits Calculation** |
|
||||
|---|---|---|---|
|
||||
| **Issues**,<br>**Pull Requests**,<br>**Git Operations**,<br>**API Requests**,<br>**Webhooks**,<br>**Pages** | (total minutes in a calendar quarter - Downtime) / total minutes in a calendar quarter | “**Downtime**” is a period of time where either (a) the error rate exceeds five percent (5%) in a given minute for any Service Feature or (b) the Service was unavailable as determined by a combination of GitHub's internal and external monitoring systems. | A Service Credits claim may be based on either (not both) of the following calculations: <ul><li>10% of the amount Customer paid for a Service Feature in a calendar quarter where the Uptime for that Service Feature was less than or equal to 99.9%, but greater than 99.0%. <BR><BR>OR <BR><BR></li><li>25% of the amount Customer paid for a Service Feature in a calendar quarter where the Uptime of that Service Feature was less than 99.0%.</li></ul> | |
|
||||
| **Issues**,<br>**Pull Requests**,<br>**Git Operations**,<br>**API Requests (for Service Features only)**,<br>**Webhooks**,<br>**Pages** | (total minutes in a calendar quarter - Downtime) / total minutes in a calendar quarter | “**Downtime**” is a period of time where either (a) the error rate exceeds five percent (5%) in a given minute for any Service Feature or (b) the Service was unavailable as determined by a combination of GitHub's internal and external monitoring systems. | A Service Credits claim may be based on either (not both) of the following calculations: <ul><li>10% of the amount Customer paid for a Service Feature in a calendar quarter where the Uptime for that Service Feature was less than or equal to 99.9%, but greater than 99.0%. <BR><BR>OR <BR><BR></li><li>25% of the amount Customer paid for a Service Feature in a calendar quarter where the Uptime of that Service Feature was less than 99.0%.</li></ul> | |
|
||||
| **Actions** | (Total Triggered Executions – Unavailable Executions) / (Total Triggered Executions) x 100 | “**Total Triggered Executions**” is the total number of all Actions executions triggered by Customer in a calendar quarter. <br><br> “**Unavailable Executions**” is the total number of executions within Total Triggered Executions which failed to run in a calendar quarter. An execution failed to run when the Actions history log did not capture any output five (5) minutes after the trigger was successfully fired. | Same as above |
|
||||
| **Packages** | Transfers Uptime = same as Actions <br> <br> Storage Uptime = 100% - Average Error Rate* <br> <br> *The Uptime Calculation excludes public usage and storage transactions that do not count toward either Total Storage Transactions or Failed Storage Transactions (including pre-authentication failures; authentication failures; attempted transactions for storage accounts over their prescribed quotas). | “**Error Rate**” is the total number of Failed Storage Transactions divided by the Total Storage Transactions during a set time interval (currently set at one hour). If the Total Storage Transactions in a given one-hour interval is zero, the error rate for that interval is 0%. <br><br> “**Average Error Rate**” is the sum of Error Rates for each hour in a calendar quarter divided by the total number of hours in a calendar quarter. | Same as above |
|
||||
|
||||
|
|
|
|||
|
|
@ -10,7 +10,7 @@ versions:
|
|||
free-pro-team: '*'
|
||||
---
|
||||
|
||||
Effective date: **December 30, 2020**
|
||||
Effective date: **January 6, 2021**
|
||||
|
||||
GitHub provides a great deal of transparency regarding how we use your data, how we collect your data, and with whom we share your data. To that end, we provide this page, which details [our subprocessors](#github-subprocessors), and how we use [cookies](#cookies-on-github).
|
||||
|
||||
|
|
@ -25,12 +25,9 @@ When we share your information with third party subprocessors, such as our vendo
|
|||
| Braintree (PayPal) | Subscription credit card payment processor | United States | United States |
|
||||
| Clearbit | Marketing data enrichment service | United States | United States |
|
||||
| Discourse | Community forum software provider | United States | United States |
|
||||
| DiscoverOrg | Marketing data enrichment service | United States | United States |
|
||||
| Eloqua | Marketing campaign automation | United States | United States |
|
||||
| Google Apps | Internal company infrastructure | United States | United States |
|
||||
| Google Analytics | Analytics and performance | United States | United States |
|
||||
| LinkedIn Navigator | Data enrichment service | United States | United States |
|
||||
| Magic Robot | Campaign reporting (Salesforce Add-on) | United States | United States |
|
||||
| MailChimp | Customer ticketing mail services provider | United States | United States |
|
||||
| Mailgun | Transactional mail services provider | United States | United States |
|
||||
| Microsoft | Microsoft Services | United States | United States |
|
||||
|
|
|
|||
|
|
@ -22,7 +22,7 @@ When you enable data use for your private repository, you'll be able to access t
|
|||
{% data reusables.repositories.sidebar-settings %}
|
||||
{% data reusables.repositories.navigate-to-security-and-analysis %}
|
||||
4. Under "Configure security and analysis features", to the right of the feature, click **Disable** or **Enable**.
|
||||
|
||||
|
||||
|
||||
### Further reading
|
||||
|
||||
|
|
|
|||
|
|
@ -215,7 +215,7 @@ You can add emoji to your writing by typing `:EMOJICODE:`.
|
|||
|
||||
Typing `:` will bring up a list of suggested emoji. The list will filter as you type, so once you find the emoji you're looking for, press **Tab** or **Enter** to complete the highlighted result.
|
||||
|
||||
For a full list of available emoji and codes, check out [emoji-cheat-sheet.com](http://emoji-cheat-sheet.com).
|
||||
For a full list of available emoji and codes, check out [the Emoji-Cheat-Sheet](https://github.com/ikatyang/emoji-cheat-sheet/blob/master/README.md).
|
||||
|
||||
### Paragraphs
|
||||
|
||||
|
|
|
|||
|
|
@ -112,6 +112,7 @@ Library name | Repository
|
|||
|
||||
Library name | Repository
|
||||
|---|---|
|
||||
**gidgethub**|[brettcannon/gidgethub](https://github.com/brettcannon/gidgethub)
|
||||
**ghapi**|[fastai/ghapi](https://github.com/fastai/ghapi)
|
||||
**PyGithub**|[PyGithub/PyGithub](https://github.com/PyGithub/PyGithub)
|
||||
**libsaas**|[duckboard/libsaas](https://github.com/ducksboard/libsaas)
|
||||
|
|
|
|||
|
|
@ -0,0 +1,3 @@
|
|||
{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.22" %}
|
||||
For more information, see "[About {% data variables.product.prodname_GH_advanced_security %}](/github/getting-started-with-github/about-github-advanced-security)."
|
||||
{% endif %}
|
||||
|
|
@ -0,0 +1,7 @@
|
|||
{% if currentVersion == "free-pro-team@latest" %}
|
||||
{% note %}
|
||||
|
||||
**Note:** If you enable {% data variables.product.prodname_GH_advanced_security %}, committers to these repositories will use seats on your {% data variables.product.prodname_GH_advanced_security %} license.
|
||||
|
||||
{% endnote %}
|
||||
{% endif %}
|
||||
|
|
@ -4,7 +4,7 @@
|
|||
**Note:** The {% data variables.product.prodname_codeql_runner %} uses the {% data variables.product.prodname_codeql %} CLI to analyze code and therefore has the same license conditions. It's free to use on public repositories that are maintained on {% data variables.product.prodname_dotcom_the_website %}, and available to use on private repositories that are owned by customers with an {% data variables.product.prodname_advanced_security %} license. For information, see "[{% data variables.product.product_name %} {% data variables.product.prodname_codeql %} Terms and Conditions](https://securitylab.github.com/tools/codeql/license)" and "[{% data variables.product.prodname_codeql %} CLI](https://help.semmle.com/codeql/codeql-cli.html)."
|
||||
|
||||
{% else %}
|
||||
**Note:** The {% data variables.product.prodname_codeql_runner %} is available to customers with an {% data variables.product.prodname_advanced_security %} license.
|
||||
**Note:** The {% data variables.product.prodname_codeql_runner %} is available to customers with an {% data variables.product.prodname_advanced_security %} license. {% if currentVersion ver_gt "enterprise-server@2.22" %}For more information, see "[About GitHub Advanced Security](/github/getting-started-with-github/about-github-advanced-security)."{% endif %}
|
||||
{% endif %}
|
||||
|
||||
{% endnote %}
|
||||
|
|
|
|||
|
|
@ -0,0 +1,7 @@
|
|||
{% if currentVersion == "free-pro-team@latest" %}
|
||||
{% note %}
|
||||
|
||||
**Note:** For private and internal repositories, {% data variables.product.prodname_code_scanning %} is available when {% data variables.product.prodname_GH_advanced_security %} features are enabled for the repository. If you see the error `Advanced Security must be enabled for this repository to use code scanning.` check that {% data variables.product.prodname_GH_advanced_security %} is enabled. For more information, see "[Managing security and analysis settings for your repository](/github/administering-a-repository/managing-security-and-analysis-settings-for-your-repository)."
|
||||
|
||||
{% endnote %}
|
||||
{% endif %}
|
||||
|
|
@ -1,3 +1,3 @@
|
|||
When running security or version updates, {% data variables.product.prodname_dependabot %} some ecosystems must be able to resolve all dependencies from their source to verify that updates have been successful. If your manifest or lock files contain any private dependencies, {% data variables.product.prodname_dependabot %} must be able to access the location at which those dependencies are hosted. Organization owners can grant {% data variables.product.prodname_dependabot %} access to private repositories containing dependencies for a project within the same organization. For more information, see "[Managing security and analysis settings for your organization](/github/setting-up-and-managing-organizations-and-teams/managing-security-and-analysis-settings-for-your-organization#allowing-dependabot-to-access-private-repositories)."
|
||||
When running security or version updates, some ecosystems must be able to resolve all dependencies from their source to verify that updates have been successful. If your manifest or lock files contain any private dependencies, {% data variables.product.prodname_dependabot %} must be able to access the location at which those dependencies are hosted. Organization owners can grant {% data variables.product.prodname_dependabot %} access to private repositories containing dependencies for a project within the same organization. For more information, see "[Managing security and analysis settings for your organization](/github/setting-up-and-managing-organizations-and-teams/managing-security-and-analysis-settings-for-your-organization#allowing-dependabot-to-access-private-repositories)."
|
||||
|
||||
Currently, {% data variables.product.prodname_dependabot %} version updates doesn't support manifest or lock files that contain any dependencies hosted in private registries, or in private {% data variables.product.prodname_dotcom %} repositories that belong to a different organization than the dependent project.
|
||||
|
|
|
|||
|
|
@ -1 +1 @@
|
|||
{% data variables.product.prodname_code_scanning_capc %} is available {% if currentVersion == "free-pro-team@latest" %}in public repositories, and in private repositories owned by organizations with {% else %}if you have {% endif %}an {% data variables.product.prodname_advanced_security %} license. {% data reusables.gated-features.more-info %}
|
||||
{% if currentVersion == "free-pro-team@latest" %}{% data variables.product.prodname_code_scanning_capc %} is available for all public repositories and for private repositories owned by organizations where {% data variables.product.prodname_GH_advanced_security %} is enabled.{% else %}{% data variables.product.prodname_code_scanning_capc %} is available if you have a license for {% data variables.product.prodname_GH_advanced_security %}.{% endif %} {% data reusables.advanced-security.more-info-ghas %}
|
||||
|
|
|
|||
|
|
@ -1 +1 @@
|
|||
{% data variables.product.prodname_secret_scanning_caps %} is available in public repositories, and in private repositories owned by organizations with an {% data variables.product.prodname_advanced_security %} license. {% data reusables.gated-features.more-info %}
|
||||
{% data variables.product.prodname_secret_scanning_caps %} is available {% if currentVersion == "free-pro-team@latest" %}in public repositories, and in private repositories owned by organizations with {% else %}if you have {% endif %}an {% data variables.product.prodname_advanced_security %} license. {% data reusables.advanced-security.more-info-ghas %}
|
||||
|
|
|
|||
|
|
@ -110,6 +110,7 @@ prodname_sponsors: 'GitHub Sponsors'
|
|||
prodname_matching_fund: 'GitHub Sponsors Matching Fund'
|
||||
|
||||
# GitHub Advanced Security
|
||||
prodname_GH_advanced_security: 'GitHub Advanced Security'
|
||||
prodname_advanced_security: 'Advanced Security'
|
||||
|
||||
# Codespaces
|
||||
|
|
|
|||
|
|
@ -0,0 +1,123 @@
|
|||
const Redis = require('ioredis')
|
||||
const InMemoryRedis = require('ioredis-mock')
|
||||
|
||||
const { CI, NODE_ENV, REDIS_URL, REDIS_MAX_DB } = process.env
|
||||
|
||||
// Do not use real a Redis client for CI, tests, or if the REDIS_URL is not provided
|
||||
const useRealRedis = !CI && NODE_ENV !== 'test' && !!REDIS_URL
|
||||
|
||||
// By default, every Redis instance supports database numbers 0 - 15
|
||||
const redisMaxDb = REDIS_MAX_DB || 15
|
||||
|
||||
// Enable better stack traces in non-production environments
|
||||
const redisOptions = {
|
||||
showFriendlyErrorStack: NODE_ENV !== 'production'
|
||||
}
|
||||
|
||||
class RedisAccessor {
|
||||
constructor ({ databaseNumber = 0, prefix = null, allowSetFailures = false } = {}) {
|
||||
if (!Number.isInteger(databaseNumber) || databaseNumber < 0 || databaseNumber > redisMaxDb) {
|
||||
throw new TypeError(
|
||||
`Redis database number must be an integer between 0 and ${redisMaxDb} but was: ${JSON.stringify(databaseNumber)}`
|
||||
)
|
||||
}
|
||||
|
||||
const redisUrl = `${REDIS_URL}/${databaseNumber}`
|
||||
const redisClient = useRealRedis ? new Redis(redisUrl, redisOptions) : new InMemoryRedis()
|
||||
this._client = redisClient
|
||||
|
||||
this._prefix = prefix ? prefix.replace(/:+$/, '') + ':' : ''
|
||||
|
||||
// Allow for graceful failures if a Redis SET operation fails?
|
||||
this._allowSetFailures = allowSetFailures === true
|
||||
}
|
||||
|
||||
/** @private */
|
||||
prefix (key) {
|
||||
if (typeof key !== 'string' || !key) {
|
||||
throw new TypeError(`Key must be a non-empty string but was: ${JSON.stringify(key)}`)
|
||||
}
|
||||
|
||||
return this._prefix + key
|
||||
}
|
||||
|
||||
static translateSetArguments (options = {}) {
|
||||
const setArgs = []
|
||||
|
||||
const defaults = {
|
||||
newOnly: false,
|
||||
existingOnly: false,
|
||||
expireIn: null, // No expiration
|
||||
rollingExpiration: true
|
||||
}
|
||||
const opts = { ...defaults, ...options }
|
||||
|
||||
if (opts.newOnly === true) {
|
||||
if (opts.existingOnly === true) {
|
||||
throw new TypeError('Misconfiguration: entry cannot be both new and existing')
|
||||
}
|
||||
setArgs.push('NX')
|
||||
} else if (opts.existingOnly === true) {
|
||||
setArgs.push('XX')
|
||||
}
|
||||
|
||||
if (Number.isFinite(opts.expireIn)) {
|
||||
const ttl = Math.round(opts.expireIn)
|
||||
if (ttl < 1) {
|
||||
throw new TypeError('Misconfiguration: cannot set a TTL of less than 1 millisecond')
|
||||
}
|
||||
setArgs.push('PX')
|
||||
setArgs.push(ttl)
|
||||
}
|
||||
// otherwise there is no expiration
|
||||
|
||||
if (opts.rollingExpiration === false) {
|
||||
if (opts.newOnly === true) {
|
||||
throw new TypeError('Misconfiguration: cannot keep an existing TTL on a new entry')
|
||||
}
|
||||
setArgs.push('KEEPTTL')
|
||||
}
|
||||
|
||||
return setArgs
|
||||
}
|
||||
|
||||
async set (key, value, options = {}) {
|
||||
const fullKey = this.prefix(key)
|
||||
|
||||
if (typeof value !== 'string' || !value) {
|
||||
throw new TypeError(`Value must be a non-empty string but was: ${JSON.stringify(value)}`)
|
||||
}
|
||||
|
||||
// Handle optional arguments
|
||||
const setArgs = this.constructor.translateSetArguments(options)
|
||||
|
||||
try {
|
||||
const result = await this._client.set(fullKey, value, ...setArgs)
|
||||
return result === 'OK'
|
||||
} catch (err) {
|
||||
const errorText = `Failed to set value in Redis.
|
||||
Key: ${fullKey}
|
||||
Error: ${err.message}`
|
||||
|
||||
if (this._allowSetFailures === true) {
|
||||
// Allow for graceful failure
|
||||
console.error(errorText)
|
||||
return false
|
||||
}
|
||||
|
||||
throw new Error(errorText)
|
||||
}
|
||||
}
|
||||
|
||||
async get (key) {
|
||||
const value = await this._client.get(this.prefix(key))
|
||||
return value
|
||||
}
|
||||
|
||||
async exists (key) {
|
||||
const result = await this._client.exists(this.prefix(key))
|
||||
return result === 1
|
||||
}
|
||||
}
|
||||
|
||||
module.exports = RedisAccessor
|
||||
|
|
@ -1,8 +1,11 @@
|
|||
const rateLimit = require('express-rate-limit')
|
||||
const RedisStore = require('rate-limit-redis')
|
||||
const Redis = require('ioredis')
|
||||
|
||||
const isProduction = process.env.NODE_ENV === 'production'
|
||||
const REDIS_URL = process.env.REDIS_URL
|
||||
const { REDIS_URL } = process.env
|
||||
const rateLimitDatabaseNumber = 0
|
||||
const redisUrl = `${REDIS_URL}/${rateLimitDatabaseNumber}`
|
||||
|
||||
module.exports = rateLimit({
|
||||
// 1 minute (or practically unlimited outside of production)
|
||||
|
|
@ -13,5 +16,5 @@ module.exports = rateLimit({
|
|||
// Or anything with a status code less than 400
|
||||
skipSuccessfulRequests: true,
|
||||
// When available, use Redis
|
||||
store: REDIS_URL && new RedisStore({ redisURL: REDIS_URL })
|
||||
store: REDIS_URL && new RedisStore({ client: new Redis(redisUrl) })
|
||||
})
|
||||
|
|
|
|||
|
|
@ -5,21 +5,32 @@ const layouts = require('../lib/layouts')
|
|||
const getMiniTocItems = require('../lib/get-mini-toc-items')
|
||||
const Page = require('../lib/page')
|
||||
const statsd = require('../lib/statsd')
|
||||
const RedisAccessor = require('../lib/redis-accessor')
|
||||
|
||||
// We've got lots of memory, let's use it
|
||||
// We can eventually throw this into redis
|
||||
const pageCache = {}
|
||||
const { HEROKU_RELEASE_VERSION } = process.env
|
||||
const pageCacheDatabaseNumber = 1
|
||||
const pageCacheExpiration = 24 * 60 * 60 * 1000 // 24 hours
|
||||
|
||||
const pageCache = new RedisAccessor({
|
||||
databaseNumber: pageCacheDatabaseNumber,
|
||||
prefix: (HEROKU_RELEASE_VERSION ? HEROKU_RELEASE_VERSION + ':' : '') + 'rp',
|
||||
// Allow for graceful failures if a Redis SET operation fails
|
||||
allowSetFailures: true
|
||||
})
|
||||
|
||||
module.exports = async function renderPage (req, res, next) {
|
||||
const page = req.context.page
|
||||
const originalUrl = req.originalUrl
|
||||
|
||||
// Serve from the cache if possible (skip during tests)
|
||||
if (!process.env.CI && process.env.NODE_ENV !== 'test') {
|
||||
if (req.method === 'GET' && pageCache[originalUrl]) {
|
||||
const isCacheable = !process.env.CI && process.env.NODE_ENV !== 'test' && req.method === 'GET'
|
||||
|
||||
if (isCacheable) {
|
||||
const cachedHtml = await pageCache.get(originalUrl)
|
||||
if (cachedHtml) {
|
||||
console.log(`Serving from cached version of ${originalUrl}`)
|
||||
statsd.increment('page.sent_from_cache')
|
||||
return res.send(pageCache[originalUrl])
|
||||
return res.send(cachedHtml)
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -88,13 +99,11 @@ module.exports = async function renderPage (req, res, next) {
|
|||
|
||||
const output = await liquid.parseAndRender(layout, context)
|
||||
|
||||
// Save output to cache for the next time around
|
||||
if (!process.env.CI) {
|
||||
if (req.method === 'GET') {
|
||||
pageCache[originalUrl] = output
|
||||
}
|
||||
}
|
||||
// First, send the response so the user isn't waiting
|
||||
res.send(output)
|
||||
|
||||
// send response
|
||||
return res.send(output)
|
||||
// Finally, save output to cache for the next time around
|
||||
if (isCacheable) {
|
||||
await pageCache.set(originalUrl, output, { expireIn: pageCacheExpiration })
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -5447,6 +5447,11 @@
|
|||
"resolved": "https://registry.npmjs.org/array-flatten/-/array-flatten-1.1.1.tgz",
|
||||
"integrity": "sha1-ml9pkFGx5wczKPKgCJaLZOopVdI="
|
||||
},
|
||||
"array-from": {
|
||||
"version": "2.1.1",
|
||||
"resolved": "https://registry.npmjs.org/array-from/-/array-from-2.1.1.tgz",
|
||||
"integrity": "sha1-z+nYwmYoudxa7MYqn12PHzUsEZU="
|
||||
},
|
||||
"array-includes": {
|
||||
"version": "3.1.1",
|
||||
"resolved": "https://registry.npmjs.org/array-includes/-/array-includes-3.1.1.tgz",
|
||||
|
|
@ -7595,6 +7600,11 @@
|
|||
"mimic-response": "^1.0.0"
|
||||
}
|
||||
},
|
||||
"cluster-key-slot": {
|
||||
"version": "1.1.0",
|
||||
"resolved": "https://registry.npmjs.org/cluster-key-slot/-/cluster-key-slot-1.1.0.tgz",
|
||||
"integrity": "sha512-2Nii8p3RwAPiFwsnZvukotvow2rIHM+yQ6ZcBXGHdniadkYGZYiGmkHJIbZPIV9nfv7m/U1IPMVVcAhoWFeklw=="
|
||||
},
|
||||
"co": {
|
||||
"version": "4.6.0",
|
||||
"resolved": "https://registry.npmjs.org/co/-/co-4.6.0.tgz",
|
||||
|
|
@ -9506,6 +9516,19 @@
|
|||
"es6-symbol": "^3.1.1"
|
||||
}
|
||||
},
|
||||
"es6-map": {
|
||||
"version": "0.1.5",
|
||||
"resolved": "https://registry.npmjs.org/es6-map/-/es6-map-0.1.5.tgz",
|
||||
"integrity": "sha1-kTbgUD3MBqMBaQ8LsU/042TpSfA=",
|
||||
"requires": {
|
||||
"d": "1",
|
||||
"es5-ext": "~0.10.14",
|
||||
"es6-iterator": "~2.0.1",
|
||||
"es6-set": "~0.1.5",
|
||||
"es6-symbol": "~3.1.1",
|
||||
"event-emitter": "~0.3.5"
|
||||
}
|
||||
},
|
||||
"es6-promise": {
|
||||
"version": "4.2.8",
|
||||
"resolved": "https://registry.npmjs.org/es6-promise/-/es6-promise-4.2.8.tgz",
|
||||
|
|
@ -9520,6 +9543,29 @@
|
|||
"es6-promise": "^4.0.3"
|
||||
}
|
||||
},
|
||||
"es6-set": {
|
||||
"version": "0.1.5",
|
||||
"resolved": "https://registry.npmjs.org/es6-set/-/es6-set-0.1.5.tgz",
|
||||
"integrity": "sha1-0rPsXU2ADO2BjbU40ol02wpzzLE=",
|
||||
"requires": {
|
||||
"d": "1",
|
||||
"es5-ext": "~0.10.14",
|
||||
"es6-iterator": "~2.0.1",
|
||||
"es6-symbol": "3.1.1",
|
||||
"event-emitter": "~0.3.5"
|
||||
},
|
||||
"dependencies": {
|
||||
"es6-symbol": {
|
||||
"version": "3.1.1",
|
||||
"resolved": "https://registry.npmjs.org/es6-symbol/-/es6-symbol-3.1.1.tgz",
|
||||
"integrity": "sha1-vwDvT9q2uhtG7Le2KbTH7VcVzHc=",
|
||||
"requires": {
|
||||
"d": "1",
|
||||
"es5-ext": "~0.10.14"
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"es6-symbol": {
|
||||
"version": "3.1.3",
|
||||
"resolved": "https://registry.npmjs.org/es6-symbol/-/es6-symbol-3.1.3.tgz",
|
||||
|
|
@ -10138,6 +10184,15 @@
|
|||
"resolved": "https://registry.npmjs.org/etag/-/etag-1.8.1.tgz",
|
||||
"integrity": "sha1-Qa4u62XvpiJorr/qg6x9eSmbCIc="
|
||||
},
|
||||
"event-emitter": {
|
||||
"version": "0.3.5",
|
||||
"resolved": "https://registry.npmjs.org/event-emitter/-/event-emitter-0.3.5.tgz",
|
||||
"integrity": "sha1-34xp7vFkeSPHFXuc6DhAYQsCzDk=",
|
||||
"requires": {
|
||||
"d": "1",
|
||||
"es5-ext": "~0.10.14"
|
||||
}
|
||||
},
|
||||
"event-stream": {
|
||||
"version": "3.3.4",
|
||||
"resolved": "https://registry.npmjs.org/event-stream/-/event-stream-3.3.4.tgz",
|
||||
|
|
@ -10791,6 +10846,28 @@
|
|||
"resolved": "https://registry.npmjs.org/feature-policy/-/feature-policy-0.3.0.tgz",
|
||||
"integrity": "sha512-ZtijOTFN7TzCujt1fnNhfWPFPSHeZkesff9AXZj+UEjYBynWNUIYpC87Ve4wHzyexQsImicLu7WsC2LHq7/xrQ=="
|
||||
},
|
||||
"fengari": {
|
||||
"version": "0.1.4",
|
||||
"resolved": "https://registry.npmjs.org/fengari/-/fengari-0.1.4.tgz",
|
||||
"integrity": "sha512-6ujqUuiIYmcgkGz8MGAdERU57EIluGGPSUgGPTsco657EHa+srq0S3/YUl/r9kx1+D+d4rGfYObd+m8K22gB1g==",
|
||||
"requires": {
|
||||
"readline-sync": "^1.4.9",
|
||||
"sprintf-js": "^1.1.1",
|
||||
"tmp": "^0.0.33"
|
||||
},
|
||||
"dependencies": {
|
||||
"sprintf-js": {
|
||||
"version": "1.1.2",
|
||||
"resolved": "https://registry.npmjs.org/sprintf-js/-/sprintf-js-1.1.2.tgz",
|
||||
"integrity": "sha512-VE0SOVEHCk7Qc8ulkWw3ntAzXuqf7S2lvwQaDLRnUeIEaKNQJzV6BwmLKhOqT61aGhfUMrXeaBk+oDGCzvhcug=="
|
||||
}
|
||||
}
|
||||
},
|
||||
"fengari-interop": {
|
||||
"version": "0.1.2",
|
||||
"resolved": "https://registry.npmjs.org/fengari-interop/-/fengari-interop-0.1.2.tgz",
|
||||
"integrity": "sha512-8iTvaByZVoi+lQJhHH9vC+c/Yaok9CwOqNQZN6JrVpjmWwW4dDkeblBXhnHC+BoI6eF4Cy5NKW3z6ICEjvgywQ=="
|
||||
},
|
||||
"figgy-pudding": {
|
||||
"version": "3.5.2",
|
||||
"resolved": "https://registry.npmjs.org/figgy-pudding/-/figgy-pudding-3.5.2.tgz",
|
||||
|
|
@ -13055,6 +13132,60 @@
|
|||
"loose-envify": "^1.0.0"
|
||||
}
|
||||
},
|
||||
"ioredis": {
|
||||
"version": "4.19.4",
|
||||
"resolved": "https://registry.npmjs.org/ioredis/-/ioredis-4.19.4.tgz",
|
||||
"integrity": "sha512-3haQWw9dpEjcfVcRktXlayVNrrqvvc2io7Q/uiV2UsYw8/HC2YwwJr78Wql7zu5bzwci0x9bZYA69U7KkevAvw==",
|
||||
"requires": {
|
||||
"cluster-key-slot": "^1.1.0",
|
||||
"debug": "^4.1.1",
|
||||
"denque": "^1.1.0",
|
||||
"lodash.defaults": "^4.2.0",
|
||||
"lodash.flatten": "^4.4.0",
|
||||
"p-map": "^2.1.0",
|
||||
"redis-commands": "1.6.0",
|
||||
"redis-errors": "^1.2.0",
|
||||
"redis-parser": "^3.0.0",
|
||||
"standard-as-callback": "^2.0.1"
|
||||
},
|
||||
"dependencies": {
|
||||
"debug": {
|
||||
"version": "4.3.1",
|
||||
"resolved": "https://registry.npmjs.org/debug/-/debug-4.3.1.tgz",
|
||||
"integrity": "sha512-doEwdvm4PCeK4K3RQN2ZC2BYUBaxwLARCqZmMjtF8a51J2Rb0xpVloFRnCODwqjpwnAoao4pelN8l3RJdv3gRQ==",
|
||||
"requires": {
|
||||
"ms": "2.1.2"
|
||||
}
|
||||
},
|
||||
"ms": {
|
||||
"version": "2.1.2",
|
||||
"resolved": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz",
|
||||
"integrity": "sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w=="
|
||||
}
|
||||
}
|
||||
},
|
||||
"ioredis-mock": {
|
||||
"version": "5.2.0",
|
||||
"resolved": "https://registry.npmjs.org/ioredis-mock/-/ioredis-mock-5.2.0.tgz",
|
||||
"integrity": "sha512-BGB0ANqW/a+W89mToXUTSL/wqr+WXGeGElLme7Do2X9hM3tQuZYswNw1VdfstdbbFiK4t/qzou+OXZWPi8CieA==",
|
||||
"requires": {
|
||||
"array-from": "^2.1.1",
|
||||
"es6-map": "^0.1.5",
|
||||
"es6-set": "^0.1.5",
|
||||
"fengari": "^0.1.4",
|
||||
"fengari-interop": "^0.1.2",
|
||||
"lodash": "^4.17.20",
|
||||
"minimatch": "^3.0.4",
|
||||
"standard-as-callback": "^2.0.1"
|
||||
},
|
||||
"dependencies": {
|
||||
"lodash": {
|
||||
"version": "4.17.20",
|
||||
"resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.20.tgz",
|
||||
"integrity": "sha512-PlhdFcillOINfeV7Ni6oF1TAEayyZBoZ8bcshTHqOYJYlrqzRK5hagpagky5o4HfCzzd1TRkXPMFq6cKk9rGmA=="
|
||||
}
|
||||
}
|
||||
},
|
||||
"ip-regex": {
|
||||
"version": "2.1.0",
|
||||
"resolved": "https://registry.npmjs.org/ip-regex/-/ip-regex-2.1.0.tgz",
|
||||
|
|
@ -17558,8 +17689,7 @@
|
|||
"lodash.defaults": {
|
||||
"version": "4.2.0",
|
||||
"resolved": "https://registry.npmjs.org/lodash.defaults/-/lodash.defaults-4.2.0.tgz",
|
||||
"integrity": "sha1-0JF4cW/+pN3p5ft7N/bwgCJ0WAw=",
|
||||
"dev": true
|
||||
"integrity": "sha1-0JF4cW/+pN3p5ft7N/bwgCJ0WAw="
|
||||
},
|
||||
"lodash.filter": {
|
||||
"version": "4.6.0",
|
||||
|
|
@ -17570,8 +17700,7 @@
|
|||
"lodash.flatten": {
|
||||
"version": "4.4.0",
|
||||
"resolved": "https://registry.npmjs.org/lodash.flatten/-/lodash.flatten-4.4.0.tgz",
|
||||
"integrity": "sha1-8xwiIlqWMtK7+OSt2+8kCqdlph8=",
|
||||
"dev": true
|
||||
"integrity": "sha1-8xwiIlqWMtK7+OSt2+8kCqdlph8="
|
||||
},
|
||||
"lodash.foreach": {
|
||||
"version": "4.5.0",
|
||||
|
|
@ -18872,6 +19001,11 @@
|
|||
"windows-release": "^3.1.0"
|
||||
}
|
||||
},
|
||||
"os-tmpdir": {
|
||||
"version": "1.0.2",
|
||||
"resolved": "https://registry.npmjs.org/os-tmpdir/-/os-tmpdir-1.0.2.tgz",
|
||||
"integrity": "sha1-u+Z0BseaqFxc/sdm/lc0VV36EnQ="
|
||||
},
|
||||
"p-cancelable": {
|
||||
"version": "1.1.0",
|
||||
"resolved": "https://registry.npmjs.org/p-cancelable/-/p-cancelable-1.1.0.tgz",
|
||||
|
|
@ -18916,8 +19050,7 @@
|
|||
"p-map": {
|
||||
"version": "2.1.0",
|
||||
"resolved": "https://registry.npmjs.org/p-map/-/p-map-2.1.0.tgz",
|
||||
"integrity": "sha512-y3b8Kpd8OAN444hxfBbFfj1FY/RjtTd8tzYwhUqNYXx0fXx2iX4maP4Qr6qhIKbQXI02wTLAda4fYUbDagTUFw==",
|
||||
"dev": true
|
||||
"integrity": "sha512-y3b8Kpd8OAN444hxfBbFfj1FY/RjtTd8tzYwhUqNYXx0fXx2iX4maP4Qr6qhIKbQXI02wTLAda4fYUbDagTUFw=="
|
||||
},
|
||||
"p-queue": {
|
||||
"version": "6.2.1",
|
||||
|
|
@ -21520,6 +21653,11 @@
|
|||
"integrity": "sha512-GrdeshiRmS1YLMYgzF16olf2jJ/IzxXY9lhKOskuVziubpTYcYqyOwYeJKzQkwy7uN0fYSsbsC4RQaXf9LCrYA==",
|
||||
"dev": true
|
||||
},
|
||||
"standard-as-callback": {
|
||||
"version": "2.0.1",
|
||||
"resolved": "https://registry.npmjs.org/standard-as-callback/-/standard-as-callback-2.0.1.tgz",
|
||||
"integrity": "sha512-NQOxSeB8gOI5WjSaxjBgog2QFw55FV8TkS6Y07BiB3VJ8xNTvUYm0wl0s8ObgQ5NhdpnNfigMIKjgPESzgr4tg=="
|
||||
},
|
||||
"start-server-and-test": {
|
||||
"version": "1.11.3",
|
||||
"resolved": "https://registry.npmjs.org/start-server-and-test/-/start-server-and-test-1.11.3.tgz",
|
||||
|
|
@ -22453,6 +22591,14 @@
|
|||
"upper-case": "^1.0.3"
|
||||
}
|
||||
},
|
||||
"tmp": {
|
||||
"version": "0.0.33",
|
||||
"resolved": "https://registry.npmjs.org/tmp/-/tmp-0.0.33.tgz",
|
||||
"integrity": "sha512-jRCJlojKnZ3addtTOjdIqoRuPEKBvNXcGYqzO6zWZX8KfKEpnGY5jfggJQ3EjKuu8D4bJRr0y+cYJFmYbImXGw==",
|
||||
"requires": {
|
||||
"os-tmpdir": "~1.0.2"
|
||||
}
|
||||
},
|
||||
"tmpl": {
|
||||
"version": "1.0.4",
|
||||
"resolved": "https://registry.npmjs.org/tmpl/-/tmpl-1.0.4.tgz",
|
||||
|
|
|
|||
|
|
@ -58,6 +58,8 @@
|
|||
"hubdown": "^2.6.0",
|
||||
"imurmurhash": "^0.1.4",
|
||||
"instantsearch.js": "^4.8.2",
|
||||
"ioredis": "^4.19.4",
|
||||
"ioredis-mock": "^5.2.0",
|
||||
"is-url": "^1.2.4",
|
||||
"js-cookie": "^2.2.1",
|
||||
"js-yaml": "^3.14.0",
|
||||
|
|
|
|||
|
|
@ -0,0 +1,345 @@
|
|||
const InMemoryRedis = require('ioredis-mock')
|
||||
const RedisAccessor = require('../../lib/redis-accessor')
|
||||
|
||||
describe('RedisAccessor', () => {
|
||||
test('is a constructor', async () => {
|
||||
expect(typeof RedisAccessor).toBe('function')
|
||||
|
||||
const instance = new RedisAccessor()
|
||||
expect(instance).toBeInstanceOf(RedisAccessor)
|
||||
})
|
||||
|
||||
test('has expected instance properties', async () => {
|
||||
const instance = new RedisAccessor()
|
||||
expect(Object.keys(instance).sort()).toEqual(['_allowSetFailures', '_client', '_prefix'])
|
||||
})
|
||||
|
||||
test('has expected static methods', async () => {
|
||||
expect(typeof RedisAccessor.translateSetArguments).toBe('function')
|
||||
})
|
||||
|
||||
describe('#_allowSetFailures property', () => {
|
||||
test('defaults to false', async () => {
|
||||
const instance = new RedisAccessor()
|
||||
expect(instance._allowSetFailures).toBe(false)
|
||||
})
|
||||
|
||||
test('is expected value', async () => {
|
||||
const instance = new RedisAccessor({ allowSetFailures: true })
|
||||
expect(instance._allowSetFailures).toBe(true)
|
||||
})
|
||||
})
|
||||
|
||||
describe('#_client property', () => {
|
||||
test('is expected Redis client', async () => {
|
||||
const instance = new RedisAccessor()
|
||||
expect(instance._client).toBeInstanceOf(InMemoryRedis)
|
||||
})
|
||||
})
|
||||
|
||||
describe('#_prefix property', () => {
|
||||
test('defaults to empty string', async () => {
|
||||
const instance = new RedisAccessor()
|
||||
expect(instance._prefix).toBe('')
|
||||
})
|
||||
|
||||
test('is expected value', async () => {
|
||||
const instance = new RedisAccessor({ prefix: 'myPrefix' })
|
||||
expect(instance._prefix).toBe('myPrefix:')
|
||||
})
|
||||
|
||||
test('removes a trailing colon', async () => {
|
||||
const instance = new RedisAccessor({ prefix: 'myPrefix:' })
|
||||
expect(instance._prefix).toBe('myPrefix:')
|
||||
})
|
||||
|
||||
test('removes multiple trailing colons', async () => {
|
||||
const instance = new RedisAccessor({ prefix: 'myPrefix::' })
|
||||
expect(instance._prefix).toBe('myPrefix:')
|
||||
})
|
||||
})
|
||||
|
||||
describe('constructor', () => {
|
||||
test('throws if databaseNumber is provided but is not a number', async () => {
|
||||
expect(() => new RedisAccessor({ databaseNumber: 'dbName' })).toThrowError(
|
||||
new TypeError('Redis database number must be an integer between 0 and 15 but was: "dbName"')
|
||||
)
|
||||
})
|
||||
|
||||
test('throws if databaseNumber is provided but is not an integer', async () => {
|
||||
expect(() => new RedisAccessor({ databaseNumber: 1.5 })).toThrowError(
|
||||
new TypeError('Redis database number must be an integer between 0 and 15 but was: 1.5')
|
||||
)
|
||||
})
|
||||
|
||||
test('throws if databaseNumber is provided but is less than 0', async () => {
|
||||
expect(() => new RedisAccessor({ databaseNumber: -1 })).toThrowError(
|
||||
new TypeError('Redis database number must be an integer between 0 and 15 but was: -1')
|
||||
)
|
||||
})
|
||||
|
||||
test('throws if databaseNumber is provided but is greater than max allowed', async () => {
|
||||
expect(() => new RedisAccessor({ databaseNumber: 16 })).toThrowError(
|
||||
new TypeError('Redis database number must be an integer between 0 and 15 but was: 16')
|
||||
)
|
||||
})
|
||||
})
|
||||
|
||||
describe('#prefix method', () => {
|
||||
test('returns prefixed key', async () => {
|
||||
const prefix = 'myPrefix'
|
||||
const instance = new RedisAccessor({ prefix })
|
||||
expect(instance.prefix('myKey')).toBe('myPrefix:myKey')
|
||||
})
|
||||
|
||||
test('returns original key if no prefix is configured', async () => {
|
||||
const instance = new RedisAccessor()
|
||||
expect(instance.prefix('myKey')).toBe('myKey')
|
||||
})
|
||||
|
||||
test('throws if no key is provided', async () => {
|
||||
const instance = new RedisAccessor()
|
||||
expect(() => instance.prefix()).toThrow(
|
||||
new TypeError('Key must be a non-empty string but was: undefined')
|
||||
)
|
||||
})
|
||||
})
|
||||
|
||||
describe('.translateSetArguments method', () => {
|
||||
test('defaults to an empty list of arguments if no options are given', async () => {
|
||||
expect(RedisAccessor.translateSetArguments()).toEqual([])
|
||||
})
|
||||
|
||||
test('adds argument "NX" if option `newOnly` is set to true', async () => {
|
||||
expect(RedisAccessor.translateSetArguments({ newOnly: true })).toEqual(['NX'])
|
||||
})
|
||||
|
||||
test('adds argument "XX" if option `existingOnly` is set to true', async () => {
|
||||
expect(RedisAccessor.translateSetArguments({ existingOnly: true })).toEqual(['XX'])
|
||||
})
|
||||
|
||||
test('adds argument "PX n" if option `expireIn` is provided with a positive finite integer', async () => {
|
||||
expect(RedisAccessor.translateSetArguments({ expireIn: 20 })).toEqual(['PX', 20])
|
||||
})
|
||||
|
||||
test('adds argument "PX n" with rounded integer if option `expireIn` is provided with a positive finite non-integer', async () => {
|
||||
expect(RedisAccessor.translateSetArguments({ expireIn: 20.5 })).toEqual(['PX', 21])
|
||||
expect(RedisAccessor.translateSetArguments({ expireIn: 29.1 })).toEqual(['PX', 29])
|
||||
})
|
||||
|
||||
test('adds argument "KEEPTTL" if option `rollingExpiration` is set to false', async () => {
|
||||
expect(RedisAccessor.translateSetArguments({ rollingExpiration: false })).toEqual(['KEEPTTL'])
|
||||
})
|
||||
|
||||
test('adds expected arguments if multiple options are configured', async () => {
|
||||
expect(
|
||||
RedisAccessor.translateSetArguments({
|
||||
newOnly: true,
|
||||
expireIn: 20
|
||||
})
|
||||
).toEqual(['NX', 'PX', 20])
|
||||
|
||||
expect(
|
||||
RedisAccessor.translateSetArguments({
|
||||
existingOnly: true,
|
||||
expireIn: 20
|
||||
})
|
||||
).toEqual(['XX', 'PX', 20])
|
||||
|
||||
expect(
|
||||
RedisAccessor.translateSetArguments({
|
||||
existingOnly: true,
|
||||
expireIn: 20,
|
||||
rollingExpiration: false
|
||||
})
|
||||
).toEqual(['XX', 'PX', 20, 'KEEPTTL'])
|
||||
|
||||
expect(
|
||||
RedisAccessor.translateSetArguments({
|
||||
existingOnly: true,
|
||||
rollingExpiration: false
|
||||
})
|
||||
).toEqual(['XX', 'KEEPTTL'])
|
||||
})
|
||||
|
||||
test('throws a misconfiguration error if options `newOnly` and `existingOnly` are both set to true', async () => {
|
||||
expect(
|
||||
() => RedisAccessor.translateSetArguments({ newOnly: true, existingOnly: true })
|
||||
).toThrowError(
|
||||
new TypeError('Misconfiguration: entry cannot be both new and existing')
|
||||
)
|
||||
})
|
||||
|
||||
test('throws a misconfiguration error if option `expireIn` is set to a finite number that rounds to less than 1', async () => {
|
||||
const misconfigurationError = new TypeError('Misconfiguration: cannot set a TTL of less than 1 millisecond')
|
||||
|
||||
expect(
|
||||
() => RedisAccessor.translateSetArguments({ expireIn: 0 })
|
||||
).toThrowError(misconfigurationError)
|
||||
|
||||
expect(
|
||||
() => RedisAccessor.translateSetArguments({ expireIn: -1 })
|
||||
).toThrowError(misconfigurationError)
|
||||
|
||||
expect(
|
||||
() => RedisAccessor.translateSetArguments({ expireIn: 0.4 })
|
||||
).toThrowError(misconfigurationError)
|
||||
})
|
||||
|
||||
test('throws a misconfiguration error if option `rollingExpiration` is set to false but `newOnly` is set to true', async () => {
|
||||
expect(
|
||||
() => RedisAccessor.translateSetArguments({ newOnly: true, rollingExpiration: false })
|
||||
).toThrowError(
|
||||
new TypeError('Misconfiguration: cannot keep an existing TTL on a new entry')
|
||||
)
|
||||
})
|
||||
})
|
||||
|
||||
describe('#set method', () => {
|
||||
test('resolves to true if value was successfully set', async () => {
|
||||
const instance = new RedisAccessor()
|
||||
expect(await instance.set('myKey', 'myValue')).toBe(true)
|
||||
})
|
||||
|
||||
test('resolves to false if value was not set', async () => {
|
||||
const instance = new RedisAccessor()
|
||||
instance._client.set = jest.fn(async () => 'NOT_OK')
|
||||
|
||||
expect(await instance.set('myKey', 'myValue')).toBe(false)
|
||||
})
|
||||
|
||||
test('sends expected key/value to Redis with #_client.set', async () => {
|
||||
const instance = new RedisAccessor()
|
||||
const setSpy = jest.spyOn(instance._client, 'set')
|
||||
|
||||
await instance.set('myKey', 'myValue')
|
||||
expect(setSpy).toBeCalledWith('myKey', 'myValue')
|
||||
})
|
||||
|
||||
test('resolves to false if Redis replies with an error and `allowSetFailures` option is set to true', async () => {
|
||||
// Temporarily override `console.error`
|
||||
const consoleErrorSpy = jest.spyOn(console, 'error').mockImplementation()
|
||||
|
||||
const instance = new RedisAccessor({ prefix: 'myPrefix', allowSetFailures: true })
|
||||
instance._client.set = jest.fn(async () => { throw new Error('Redis ReplyError') })
|
||||
|
||||
const result = await instance.set('myKey', 'myValue')
|
||||
|
||||
expect(result).toBe(false)
|
||||
expect(consoleErrorSpy).toBeCalledWith(
|
||||
`Failed to set value in Redis.
|
||||
Key: myPrefix:myKey
|
||||
Error: Redis ReplyError`
|
||||
)
|
||||
|
||||
// Restore `console.error`
|
||||
consoleErrorSpy.mockRestore()
|
||||
})
|
||||
|
||||
test('rejects if Redis replies with an error and `allowSetFailures` option is not set to true', async () => {
|
||||
// Temporarily override `console.error`
|
||||
const consoleErrorSpy = jest.spyOn(console, 'error').mockImplementation()
|
||||
|
||||
const instance = new RedisAccessor({ prefix: 'myPrefix' })
|
||||
instance._client.set = jest.fn(async () => { throw new Error('Redis ReplyError') })
|
||||
|
||||
await expect(instance.set('myKey', 'myValue')).rejects.toThrowError(
|
||||
new Error(`Failed to set value in Redis.
|
||||
Key: myPrefix:myKey
|
||||
Error: Redis ReplyError`
|
||||
)
|
||||
)
|
||||
|
||||
expect(consoleErrorSpy).not.toBeCalled()
|
||||
|
||||
// Restore `console.error`
|
||||
consoleErrorSpy.mockRestore()
|
||||
})
|
||||
|
||||
test('rejects if value is an empty string', async () => {
|
||||
const instance = new RedisAccessor()
|
||||
|
||||
await expect(instance.set('myKey', '')).rejects.toThrow(
|
||||
new TypeError('Value must be a non-empty string but was: ""')
|
||||
)
|
||||
})
|
||||
|
||||
test('rejects if value is a non-string value', async () => {
|
||||
const instance = new RedisAccessor()
|
||||
|
||||
await expect(instance.set('myKey', true)).rejects.toThrow(
|
||||
new TypeError('Value must be a non-empty string but was: true')
|
||||
)
|
||||
})
|
||||
|
||||
test('invokes .translateSetArguments before sending values to Redis', async () => {
|
||||
const argSpy = jest.spyOn(RedisAccessor, 'translateSetArguments')
|
||||
const instance = new RedisAccessor()
|
||||
const setSpy = jest.spyOn(instance._client, 'set')
|
||||
|
||||
await instance.set('myKey', 'myValue', { expireIn: 20 })
|
||||
expect(argSpy).toBeCalled()
|
||||
expect(setSpy).toBeCalledWith('myKey', 'myValue', 'PX', 20)
|
||||
|
||||
argSpy.mockRestore()
|
||||
})
|
||||
})
|
||||
|
||||
describe('#get method', () => {
|
||||
test('resolves to expected value if matching entry exists in Redis', async () => {
|
||||
const instance = new RedisAccessor()
|
||||
|
||||
await instance.set('myKey', 'myValue')
|
||||
|
||||
const result = await instance.get('myKey')
|
||||
expect(result).toBe('myValue')
|
||||
})
|
||||
|
||||
test('resolves to null if no matching entry exists in Redis', async () => {
|
||||
const instance = new RedisAccessor()
|
||||
|
||||
const result = await instance.get('fakeKey')
|
||||
expect(result).toBe(null)
|
||||
})
|
||||
|
||||
test('retrieves matching entry from Redis with #_client.get', async () => {
|
||||
const instance = new RedisAccessor()
|
||||
const getSpy = jest.spyOn(instance._client, 'get')
|
||||
|
||||
await instance.set('myKey', 'myValue')
|
||||
await instance.get('myKey')
|
||||
|
||||
expect(getSpy).toBeCalledWith('myKey')
|
||||
expect(getSpy).toHaveReturnedWith(Promise.resolve('myValue'))
|
||||
})
|
||||
})
|
||||
|
||||
describe('#exists method', () => {
|
||||
test('resolves to true if matching entry exists in Redis', async () => {
|
||||
const instance = new RedisAccessor()
|
||||
|
||||
await instance.set('myKey', 'myValue')
|
||||
|
||||
const result = await instance.exists('myKey')
|
||||
expect(result).toBe(true)
|
||||
})
|
||||
|
||||
test('resolves to false if no matching entry exists in Redis', async () => {
|
||||
const instance = new RedisAccessor()
|
||||
|
||||
const result = await instance.exists('fakeKey')
|
||||
expect(result).toBe(false)
|
||||
})
|
||||
|
||||
test('checks for matching entry from Redis with #_client.exists', async () => {
|
||||
const instance = new RedisAccessor()
|
||||
const existsSpy = jest.spyOn(instance._client, 'exists')
|
||||
|
||||
await instance.set('myKey', 'myValue')
|
||||
await instance.exists('myKey')
|
||||
|
||||
expect(existsSpy).toBeCalledWith('myKey')
|
||||
expect(existsSpy).toHaveReturnedWith(Promise.resolve(true))
|
||||
})
|
||||
})
|
||||
})
|
||||
|
|
@ -56,26 +56,26 @@ Before you begin, you'll create a {% data variables.product.product_name %} repo
|
|||
{% raw %}
|
||||
**action.yml**
|
||||
```yaml
|
||||
Name: 'Hello World'
|
||||
Beschreibung: 'Greet someone'
|
||||
name: 'Hello World'
|
||||
description: 'Greet someone'
|
||||
inputs:
|
||||
who-to-greet: 'id of input
|
||||
who-to-greet: # id of input
|
||||
description: 'Who to greet'
|
||||
required: true
|
||||
default: 'World'
|
||||
outputs:
|
||||
zuzufällige Zahl:
|
||||
Beschreibung: "Zufallszahl"
|
||||
Wert:{{ steps.random-number-generator.outputs.random-id }}
|
||||
läuft:
|
||||
mit: "composite"
|
||||
Schritten:
|
||||
- laufen:{{ inputs.who-to-greet }}echo
|
||||
random-number:
|
||||
description: "Random number"
|
||||
value: ${{ steps.random-number-generator.outputs.random-id }}
|
||||
runs:
|
||||
using: "composite"
|
||||
steps:
|
||||
- run: echo Hello ${{ inputs.who-to-greet }}.
|
||||
shell: bash
|
||||
- id: random-number-generator
|
||||
run: echo "::set-output name=random-id::'(echo $RANDOM)"
|
||||
run: echo "::set-output name=random-id::$(echo $RANDOM)"
|
||||
shell: bash
|
||||
- run: '{{ github.action_path }}/goodbye.sh
|
||||
- run: ${{ github.action_path }}/goodbye.sh
|
||||
shell: bash
|
||||
```
|
||||
{% endraw %}
|
||||
|
|
@ -109,20 +109,20 @@ Copy the workflow code into a `.github/workflows/main.yml` file in another repos
|
|||
{% raw %}
|
||||
**.github/workflows/main.yml**
|
||||
```yaml
|
||||
zu: [push]
|
||||
on: [push]
|
||||
|
||||
Jobs:
|
||||
jobs:
|
||||
hello_world_job:
|
||||
läuft auf: ubuntu-latest
|
||||
Name: Ein Job, um Hallo zu sagen
|
||||
Schritte:
|
||||
- verwendet: aktionen/checkout@v2
|
||||
runs-on: ubuntu-latest
|
||||
name: A job to say hello
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
- id: foo
|
||||
verwendet: actions/hello-world-composite-run-steps-action@v1
|
||||
mit:
|
||||
uses: actions/hello-world-composite-run-steps-action@v1
|
||||
with:
|
||||
who-to-greet: 'Mona the Octocat'
|
||||
- run: echo random-{{ steps.foo.outputs.random-number }}
|
||||
number
|
||||
- run: echo random-number ${{ steps.foo.outputs.random-number }}
|
||||
shell: bash
|
||||
```
|
||||
{% endraw %}
|
||||
|
||||
|
|
|
|||
|
|
@ -117,6 +117,7 @@ läuft:
|
|||
{% endraw %}
|
||||
|
||||
#### `outputs.<output_id>.value`
|
||||
|
||||
**Erforderliche** Der Wert, dem der Ausgabeparameter zugeordnet wird. Sie können dies auf eine `Zeichenfolge` oder einen Ausdruck mit Kontext festlegen. Sie können z. B. die `Schritte` Kontext verwenden, um den `Wert` einer Ausgabe auf den Ausgabewert eines Schritts festzulegen.
|
||||
|
||||
For more information on how to use context and expression syntax, see "[Context and expression syntax for {% data variables.product.prodname_actions %}](/actions/reference/context-and-expression-syntax-for-github-actions)".
|
||||
|
|
@ -204,9 +205,11 @@ In diesem Beispiel läuft `cleanup.js` nur auf Linux-basierten Runnern:
|
|||
|
||||
**Erforderliche** Die Ausführungsschritte, die Sie in dieser Aktion ausführen möchten.
|
||||
|
||||
##### `runs.steps.run`
|
||||
##### `runs.steps[*].run`
|
||||
|
||||
**Erforderliche** Der Befehl, den Sie ausführen möchten. Dies kann inline oder ein Skript in Ihrem Aktions-Repository sein:
|
||||
|
||||
{% raw %}
|
||||
```yaml
|
||||
läuft:
|
||||
mit: "composite"
|
||||
|
|
@ -214,8 +217,9 @@ läuft:
|
|||
- ausführen:{{ github.action_path }}/test/script.sh
|
||||
Shell: bash
|
||||
```
|
||||
{% endraw %}
|
||||
|
||||
Alternativ können Sie `$GITHUB_ACTION_PATH`verwenden:
|
||||
Alternatively, you can use `$GITHUB_ACTION_PATH`:
|
||||
|
||||
```yaml
|
||||
läuft:
|
||||
|
|
@ -225,27 +229,27 @@ läuft:
|
|||
Shell: bash
|
||||
```
|
||||
|
||||
Weitere Informationen finden Sie unter "[`github context`](/actions/reference/context-and-expression-syntax-for-github-actions#github-context)".
|
||||
For more information, see "[`github context`](/actions/reference/context-and-expression-syntax-for-github-actions#github-context)".
|
||||
|
||||
##### `runs.steps.shell`
|
||||
##### `runs.steps[*].shell`
|
||||
|
||||
**Erforderliche** Die Shell, in der Sie den Befehl ausführen möchten. Sie können eine der hier aufgeführten Shells [](/actions/reference/workflow-syntax-for-github-actions#using-a-specific-shell)verwenden.
|
||||
**Required** The shell where you want to run the command. You can use any of the shells listed [here](/actions/reference/workflow-syntax-for-github-actions#using-a-specific-shell).
|
||||
|
||||
##### `runs.steps.name`
|
||||
##### `runs.steps[*].name`
|
||||
|
||||
**Optionaler** Der Name des zusammengesetzten Ausführungsschritts.
|
||||
**Optional** The name of the composite run step.
|
||||
|
||||
##### `runs.steps.id`
|
||||
##### `runs.steps[*].id`
|
||||
|
||||
**Optionaler** Ein eindeutiger Bezeichner für den Schritt. Anhand der `id` können Sie in Kontexten auf den Schritt verweisen. Weitere Informationen findest Du unter "[Kontext- und Ausdrucks-Syntax für {% data variables.product.prodname_actions %}](/actions/reference/context-and-expression-syntax-for-github-actions)".
|
||||
**Optional** A unique identifier for the step. Anhand der `id` können Sie in Kontexten auf den Schritt verweisen. Weitere Informationen findest Du unter "[Kontext- und Ausdrucks-Syntax für {% data variables.product.prodname_actions %}](/actions/reference/context-and-expression-syntax-for-github-actions)".
|
||||
|
||||
##### `runs.steps.env`
|
||||
##### `runs.steps[*].env`
|
||||
|
||||
**Optionale** Legt eine `Zuordnung` von Umgebungsvariablen nur für diesen Schritt fest. If you want to modify the environment variable stored in the workflow, use {% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.22" %}`echo "{name}={value}" >> $GITHUB_ENV`{% else %}`echo "::set-env name={name}::{value}"`{% endif %} in a composite run step.
|
||||
**Optional** Sets a `map` of environment variables for only that step. If you want to modify the environment variable stored in the workflow, use {% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.22" %}`echo "{name}={value}" >> $GITHUB_ENV`{% else %}`echo "::set-env name={name}::{value}"`{% endif %} in a composite run step.
|
||||
|
||||
##### `runs.steps.working-directory`
|
||||
##### `runs.steps[*].working-directory`
|
||||
|
||||
**Optionale** Gibt das Arbeitsverzeichnis an, in dem der Befehl ausgeführt wird.
|
||||
**Optional** Specifies the working directory where the command is run.
|
||||
|
||||
### `runs` for Docker actions
|
||||
|
||||
|
|
|
|||
|
|
@ -25,7 +25,7 @@ Zum Erstellen und Testen des Codes ist ein Server erforderlich. Sie können Aktu
|
|||
|
||||
### Informationen zur kontinuierlichen Integration mit {% data variables.product.prodname_actions %}
|
||||
|
||||
CI mit {% data variables.product.prodname_actions %} bietet Workflows, die den Code in Ihrem Repository erstellen und Ihre Tests ausführen können. Workflows können auf {% data variables.product.prodname_dotcom %}gehosteten virtuellen Maschinen oder auf Computern ausgeführt werden, die Sie selbst hosten. Weitere Informationen finden Sie unter "[Virtuelle Umgebungen für {% data variables.product.prodname_dotcom %}gehostete Läufer](/actions/automating-your-workflow-with-github-actions/virtual-environments-for-github-hosted-runners)" und "[über selbst gehostete Läufer](/actions/automating-your-workflow-with-github-actions/about-self-hosted-runners)".
|
||||
CI mit {% data variables.product.prodname_actions %} bietet Workflows, die den Code in Ihrem Repository erstellen und Ihre Tests ausführen können. Workflows können auf {% data variables.product.prodname_dotcom %}gehosteten virtuellen Maschinen oder auf Computern ausgeführt werden, die Sie selbst hosten. For more information, see "[Virtual environments for {% data variables.product.prodname_dotcom %}-hosted runners](/actions/automating-your-workflow-with-github-actions/virtual-environments-for-github-hosted-runners)" and "[About self-hosted runners](/actions/automating-your-workflow-with-github-actions/about-self-hosted-runners)."
|
||||
|
||||
Sie können Ihren CI-Workflow so konfigurieren, dass er ausgeführt wird, wenn ein {% data variables.product.product_name %} Ereignis auftritt (z. B. wenn neuer Code an Ihr Repository übertragen wird), nach einem festgelegten Zeitplan oder wenn ein externes Ereignis mithilfe des Repository-Dispatch-Webhooks auftritt.
|
||||
|
||||
|
|
|
|||
|
|
@ -193,9 +193,9 @@ steps:
|
|||
|
||||
{% data reusables.github-actions.setup-node-intro %}
|
||||
|
||||
Um Dich bei Deiner privaten Registry zu authentifizieren, musst Du in Deinen Repository-Einstellungen Dein npm-Authentifizierungs-Token als Geheimnis ablegen. Erstelle z.B. ein Geheimnis namens `NPM_TOKEN`. Weitere Informationen findest Du unter „[Verschlüsselte Geheimnisse erstellen und verwenden](/actions/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets)“.
|
||||
To authenticate to your private registry, you'll need to store your npm authentication token as a secret. For example, create a repository secret called `NPM_TOKEN`. Weitere Informationen findest Du unter „[Verschlüsselte Geheimnisse erstellen und verwenden](/actions/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets)“.
|
||||
|
||||
Im folgenden Beispiel enthält das Geheimnis `NPM_TOKEN` den npm-Authentifizierungs-Token. Die Aktion `setup-node` konfiguriert die Datei *.npmrc*, um den npm-Authentifizierung-Token aus der Umgebungsvariablen `NODE_AUTH_TOKEN` zu lesen. Wenn Du die Aktion `setup-node` verwendest, um eine Datei *.npmrc* zu erstellen, musst Du die Umgebungsvariable `NPM_AUTH_TOKEN` auf das Geheimnis setzen, das Deinen npm-Authentifizierungs-Token enthält.
|
||||
Im folgenden Beispiel enthält das Geheimnis `NPM_TOKEN` den npm-Authentifizierungs-Token. Die Aktion `setup-node` konfiguriert die Datei *.npmrc*, um den npm-Authentifizierung-Token aus der Umgebungsvariablen `NODE_AUTH_TOKEN` zu lesen. When using the `setup-node` action to create an *.npmrc* file, you must set the `NODE_AUTH_TOKEN` environment variable with the secret that contains your npm authentication token.
|
||||
|
||||
Bevor Du Abhängigkeiten installierst, verwende die Aktion `setup-node`, um die Datei *.npmrc* zu erstellen. Die Aktion hat zwei Eingabeparameter. Der Parameter `node-version` legt die Version von Node.js fest und der Parameter `registry-url` bestimmt die Standard-Registry. Wenn Deine Paket-Registry Geltungsbereiche verwendet, musst Du den Parameter `scope` verwenden. Weitere Informationen findest Du unter [`npm-scope`](https://docs.npmjs.com/misc/scope).
|
||||
|
||||
|
|
|
|||
|
|
@ -214,7 +214,7 @@ The `always()` function configures the job to continue processing even if there
|
|||
|
||||
### Publishing to PowerShell Gallery
|
||||
|
||||
You can configure your workflow to publish your PowerShell module to the PowerShell Gallery when your CI tests pass. You can use repository secrets to store any tokens or credentials needed to publish your package. Weitere Informationen findest Du unter "[Verschlüsselte Geheimnisse erstellen und verwenden](/github/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets)".
|
||||
You can configure your workflow to publish your PowerShell module to the PowerShell Gallery when your CI tests pass. You can use secrets to store any tokens or credentials needed to publish your package. Weitere Informationen findest Du unter "[Verschlüsselte Geheimnisse erstellen und verwenden](/github/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets)".
|
||||
|
||||
The following example creates a package and uses `Publish-Module` to publish it to the PowerShell Gallery:
|
||||
|
||||
|
|
|
|||
|
|
@ -391,7 +391,7 @@ jobs:
|
|||
|
||||
You can configure your workflow to publish your Python package to any package registry you'd like when your CI tests pass.
|
||||
|
||||
You can store any access tokens or credentials needed to publish your package using repository secrets. The following example creates and publishes a package to PyPI using `twine` and `dist`. Weitere Informationen findest Du unter "[Verschlüsselte Geheimnisse erstellen und verwenden](/github/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets)".
|
||||
You can store any access tokens or credentials needed to publish your package using secrets. The following example creates and publishes a package to PyPI using `twine` and `dist`. Weitere Informationen findest Du unter "[Verschlüsselte Geheimnisse erstellen und verwenden](/github/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets)".
|
||||
|
||||
{% raw %}
|
||||
```yaml
|
||||
|
|
|
|||
|
|
@ -0,0 +1,148 @@
|
|||
---
|
||||
title: Deploying to Amazon Elastic Container Service
|
||||
intro: You can deploy to Amazon Elastic Container Service (ECS) as part of your continuous deployment (CD) workflows.
|
||||
product: '{% data reusables.gated-features.actions %}'
|
||||
versions:
|
||||
free-pro-team: '*'
|
||||
enterprise-server: '>=2.22'
|
||||
---
|
||||
|
||||
{% data reusables.actions.enterprise-beta %}
|
||||
{% data reusables.actions.enterprise-github-hosted-runners %}
|
||||
|
||||
### Einführung
|
||||
|
||||
This guide explains how to use {% data variables.product.prodname_actions %} to build a containerized application, push it to [Amazon Elastic Container Registry (ECR)](https://aws.amazon.com/ecr/), and deploy it to [Amazon Elastic Container Service (ECS)](https://aws.amazon.com/ecs/).
|
||||
|
||||
On every new release in your {% data variables.product.company_short %} repository, the {% data variables.product.prodname_actions %} workflow builds and pushes a new container image to Amazon ECR, and then deploys a new task definition to Amazon ECS.
|
||||
|
||||
### Vorrausetzungen
|
||||
|
||||
Before creating your {% data variables.product.prodname_actions %} workflow, you will first need to complete the following setup steps for Amazon ECR and ECS:
|
||||
|
||||
1. Create an Amazon ECR repository to store your images.
|
||||
|
||||
For example, using [the AWS CLI](https://aws.amazon.com/cli/):
|
||||
|
||||
{% raw %}```bash{:copy}
|
||||
aws ecr create-repository \ --repository-name MY_ECR_REPOSITORY \ --region MY_AWS_REGION
|
||||
```{% endraw %}
|
||||
|
||||
Ensure that you use the same Amazon ECR repository name (represented here by `MY_ECR_REPOSITORY`) for the `ECR_REPOSITORY` variable in the workflow below.
|
||||
|
||||
Ensure that you use the same AWS region value for the `AWS_REGION` (represented here by `MY_AWS_REGION`) variable in the workflow below.
|
||||
|
||||
2. Create an Amazon ECS task definition, cluster, and service.
|
||||
|
||||
For details, follow the [Getting started wizard on the Amazon ECS console](https://us-east-2.console.aws.amazon.com/ecs/home?region=us-east-2#/firstRun), or the [Getting started guide](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/getting-started-fargate.html) in the Amazon ECS documentation.
|
||||
|
||||
Ensure that you note the names you set for the Amazon ECS service and cluster, and use them for the `ECS_SERVICE` and `ECS_CLUSTER` variables in the workflow below.
|
||||
|
||||
3. Store your Amazon ECS task definition as a JSON file in your {% data variables.product.company_short %} repository.
|
||||
|
||||
The format of the file should be the same as the output generated by:
|
||||
|
||||
{% raw %}```bash{:copy}
|
||||
aws ecs register-task-definition --generate-cli-skeleton
|
||||
```{% endraw %}
|
||||
|
||||
Ensure that you set the `ECS_TASK_DEFINITION` variable in the workflow below as the path to the JSON file.
|
||||
|
||||
Ensure that you set the `CONTAINER_NAME` variable in the workflow below as the container name in the `containerDefinitions` section of the task definition.
|
||||
|
||||
4. Create {% data variables.product.prodname_actions %} secrets named `AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY` to store the values for your Amazon IAM access key.
|
||||
|
||||
For more information on creating secrets for {% data variables.product.prodname_actions %}, see "[Encrypted secrets](/actions/reference/encrypted-secrets#creating-encrypted-secrets-for-a-repository)."
|
||||
|
||||
See the documentation for each action used below for the recommended IAM policies for the IAM user, and methods for handling the access key credentials.
|
||||
|
||||
### Creating the workflow
|
||||
|
||||
Once you've completed the prerequisites, you can proceed with creating the workflow.
|
||||
|
||||
The following example workflow demonstrates how to build a container image and push it to Amazon ECR. It then updates the task definition with the new image ID, and deploys the task definition to Amazon ECS.
|
||||
|
||||
Ensure that you provide your own values for all the variables in the `env` key of the workflow.
|
||||
|
||||
{% raw %}
|
||||
```yaml{:copy}
|
||||
name: Deploy to Amazon ECS
|
||||
|
||||
on:
|
||||
release:
|
||||
types: [ created ]
|
||||
|
||||
env:
|
||||
AWS_REGION: MY_AWS_REGION # set this to your preferred AWS region, e.g. us-west-1
|
||||
ECR_REPOSITORY: MY_ECR_REPOSITORY # set this to your Amazon ECR repository name
|
||||
ECS_SERVICE: MY_ECS_SERVICE # set this to your Amazon ECS service name
|
||||
ECS_CLUSTER: MY_ECS_CLUSTER # set this to your Amazon ECS cluster name
|
||||
ECS_TASK_DEFINITION: MY_ECS_TASK_DEFINITION # set this to the path to your Amazon ECS task definition
|
||||
# file, e.g. .aws/task-definition.json
|
||||
CONTAINER_NAME: MY_CONTAINER_NAME # set this to the name of the container in the
|
||||
# containerDefinitions section of your task definition
|
||||
|
||||
defaults:
|
||||
run:
|
||||
shell: bash
|
||||
|
||||
jobs:
|
||||
deploy:
|
||||
name: Deploy
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v2
|
||||
|
||||
- name: Configure AWS credentials
|
||||
uses: aws-actions/configure-aws-credentials@v1
|
||||
with:
|
||||
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
|
||||
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
|
||||
aws-region: $AWS_REGION
|
||||
|
||||
- name: Login to Amazon ECR
|
||||
id: login-ecr
|
||||
uses: aws-actions/amazon-ecr-login@v1
|
||||
|
||||
- name: Build, tag, and push image to Amazon ECR
|
||||
id: build-image
|
||||
env:
|
||||
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
|
||||
IMAGE_TAG: ${{ github.sha }}
|
||||
run: |
|
||||
# Build a docker container and
|
||||
# push it to ECR so that it can
|
||||
# be deployed to ECS.
|
||||
docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG .
|
||||
docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
|
||||
echo "image=$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG" >> $GITHUB_ENV
|
||||
|
||||
- name: Fill in the new image ID in the Amazon ECS task definition
|
||||
id: task-def
|
||||
uses: aws-actions/amazon-ecs-render-task-definition@v1
|
||||
with:
|
||||
task-definition: $ECS_TASK_DEFINITION
|
||||
container-name: $CONTAINER_NAME
|
||||
image: ${{ steps.build-image.outputs.image }}
|
||||
|
||||
- name: Deploy Amazon ECS task definition
|
||||
uses: aws-actions/amazon-ecs-deploy-task-definition@v1
|
||||
with:
|
||||
task-definition: ${{ steps.task-def.outputs.task-definition }}
|
||||
service: $ECS_SERVICE
|
||||
cluster: $ECS_CLUSTER
|
||||
wait-for-service-stability: true
|
||||
```
|
||||
{% endraw %}
|
||||
|
||||
### Additional resources
|
||||
|
||||
For more information on the services used in these examples, see the following documentation:
|
||||
|
||||
* "[Security best practices in IAM](https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html)" in the Amazon AWS documentation.
|
||||
* Official AWS "[Configure AWS Credentials](https://github.com/aws-actions/configure-aws-credentials)" action.
|
||||
* Official AWS [Amazon ECR "Login"](https://github.com/aws-actions/amazon-ecr-login) action.
|
||||
* Official AWS [Amazon ECS "Render Task Definition"](https://github.com/aws-actions/amazon-ecs-render-task-definition) action.
|
||||
* Official AWS [Amazon ECS "Deploy Task Definition"](https://github.com/aws-actions/amazon-ecs-deploy-task-definition) action.
|
||||
|
|
@ -0,0 +1,115 @@
|
|||
---
|
||||
title: Deploying to Azure App Service
|
||||
intro: You can deploy to Azure App Service as part of your continuous deployment (CD) workflows.
|
||||
product: '{% data reusables.gated-features.actions %}'
|
||||
versions:
|
||||
free-pro-team: '*'
|
||||
enterprise-server: '>=2.22'
|
||||
---
|
||||
|
||||
{% data reusables.actions.enterprise-beta %}
|
||||
{% data reusables.actions.enterprise-github-hosted-runners %}
|
||||
|
||||
### Einführung
|
||||
|
||||
This guide explains how to use {% data variables.product.prodname_actions %} to build, test, and deploy an application to [Azure App Service](https://azure.microsoft.com/en-us/services/app-service/).
|
||||
|
||||
Azure App Service can run web apps in several languages, but this guide demonstrates deploying an existing Node.js project.
|
||||
|
||||
### Vorrausetzungen
|
||||
|
||||
Before creating your {% data variables.product.prodname_actions %} workflow, you will first need to complete the following setup steps:
|
||||
|
||||
1. Create an Azure App Service plan.
|
||||
|
||||
For example, you can use the Azure CLI to create a new App Service plan:
|
||||
|
||||
```bash{:copy}
|
||||
az appservice plan create \
|
||||
--resource-group MY_RESOURCE_GROUP \
|
||||
--name MY_APP_SERVICE_PLAN \
|
||||
--is-linux
|
||||
```
|
||||
|
||||
In the command above, replace `MY_RESOURCE_GROUP` with your pre-existing Azure Resource Group, and `MY_APP_SERVICE_PLAN` with a new name for the App Service plan.
|
||||
|
||||
See the Azure documentation for more information on using the [Azure CLI](https://docs.microsoft.com/en-us/cli/azure/):
|
||||
|
||||
* For authentication, see "[Sign in with Azure CLI](https://docs.microsoft.com/en-us/cli/azure/authenticate-azure-cli)".
|
||||
* If you need to create a new resource group, see "[az group](https://docs.microsoft.com/en-us/cli/azure/group?view=azure-cli-latest#az_group_create)."
|
||||
|
||||
2. Create a web app.
|
||||
|
||||
For example, you can use the Azure CLI to create an Azure App Service web app with a node runtime:
|
||||
|
||||
```bash{:copy}
|
||||
az webapp create \
|
||||
--name MY_WEBAPP_NAME \
|
||||
--plan MY_APP_SERVICE_PLAN \
|
||||
--resource-group MY_RESOURCE_GROUP \
|
||||
--runtime "node|10.14"
|
||||
```
|
||||
|
||||
In the command above, replace the parameters with your own values, where `MY_WEBAPP_NAME` is a new name for the web app.
|
||||
|
||||
3. Configure an Azure publish profile and create an `AZURE_WEBAPP_PUBLISH_PROFILE` secret.
|
||||
|
||||
Generate your Azure deployment credentials using a publish profile. For more information, see "[Generate deployment credentials](https://docs.microsoft.com/en-us/azure/app-service/deploy-github-actions?tabs=applevel#generate-deployment-credentials)" in the Azure documentation.
|
||||
|
||||
In your {% data variables.product.prodname_dotcom %} repository, create a secret named `AZURE_WEBAPP_PUBLISH_PROFILE` that contains the contents of the publish profile. For more information on creating secrets, see "[Encrypted secrets](/actions/reference/encrypted-secrets#creating-encrypted-secrets-for-a-repository)."
|
||||
|
||||
### Creating the workflow
|
||||
|
||||
Once you've completed the prerequisites, you can proceed with creating the workflow.
|
||||
|
||||
The following example workflow demonstrates how to build, test, and deploy the Node.js project to Azure App Service.
|
||||
|
||||
Ensure that you set `AZURE_WEBAPP_NAME` in the workflow `env` key to the name of the web app you created.
|
||||
|
||||
{% raw %}
|
||||
```yaml{:copy}
|
||||
on:
|
||||
release:
|
||||
types: [created]
|
||||
|
||||
env:
|
||||
AZURE_WEBAPP_NAME: MY_WEBAPP_NAME # set this to your application's name
|
||||
AZURE_WEBAPP_PACKAGE_PATH: '.' # set this to the path to your web app project, defaults to the repository root
|
||||
NODE_VERSION: '10.x' # set this to the node version to use
|
||||
|
||||
jobs:
|
||||
build-and-deploy:
|
||||
name: Build and Deploy
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
|
||||
- name: Use Node.js ${{ env.NODE_VERSION }}
|
||||
uses: actions/setup-node@v1
|
||||
with:
|
||||
node-version: ${{ env.NODE_VERSION }}
|
||||
|
||||
- name: npm install, build, and test
|
||||
run: |
|
||||
# Build and test the project, then
|
||||
# deploy to Azure Web App.
|
||||
npm install
|
||||
npm run build --if-present
|
||||
npm run test --if-present
|
||||
|
||||
- name: 'Deploy to Azure WebApp'
|
||||
uses: azure/webapps-deploy@v2
|
||||
with:
|
||||
app-name: ${{ env.AZURE_WEBAPP_NAME }}
|
||||
publish-profile: ${{ secrets.AZURE_WEBAPP_PUBLISH_PROFILE }}
|
||||
package: ${{ env.AZURE_WEBAPP_PACKAGE_PATH }}
|
||||
```
|
||||
{% endraw %}
|
||||
|
||||
### Additional resources
|
||||
|
||||
The following resources may also be useful:
|
||||
|
||||
* For the original starter workflow, see [`azure.yml`](https://github.com/actions/starter-workflows/blob/master/ci/azure.yml) in the {% data variables.product.prodname_actions %} `starter-workflows` repository.
|
||||
* The action used to deploy the web app is the official Azure [`Azure/webapps-deploy`](https://github.com/Azure/webapps-deploy) action.
|
||||
* The "[Create a Node.js web app in Azure](https://docs.microsoft.com/en-us/azure/app-service/quickstart-nodejs)" quickstart in the Azure web app documentation demonstrates using VS Code with the [Azure App Service extension](https://marketplace.visualstudio.com/items?itemName=ms-azuretools.vscode-azureappservice).
|
||||
|
|
@ -0,0 +1,177 @@
|
|||
---
|
||||
title: Deploying to Google Kubernetes Engine
|
||||
intro: You can deploy to Google Kubernetes Engine as part of your continuous deployment (CD) workflows.
|
||||
product: '{% data reusables.gated-features.actions %}'
|
||||
versions:
|
||||
free-pro-team: '*'
|
||||
enterprise-server: '>=2.22'
|
||||
---
|
||||
|
||||
{% data reusables.actions.enterprise-beta %}
|
||||
{% data reusables.actions.enterprise-github-hosted-runners %}
|
||||
|
||||
### Einführung
|
||||
|
||||
This guide explains how to use {% data variables.product.prodname_actions %} to build a containerized application, push it to Google Container Registry (GCR), and deploy it to Google Kubernetes Engine (GKE).
|
||||
|
||||
GKE is a managed Kubernetes cluster service from Google Cloud that can host your containerized workloads in the cloud or in your own datacenter. For more information, see [Google Kubernetes Engine](https://cloud.google.com/kubernetes-engine).
|
||||
|
||||
### Vorrausetzungen
|
||||
|
||||
Before you proceed with creating the workflow, you will need to complete the following steps for your Kubernetes project. This guide assumes the root of your project already has a `Dockerfile` and a Kubernetes Deployment configuration file. For an example, see [google-github-actions](https://github.com/google-github-actions/setup-gcloud/tree/master/example-workflows/gke).
|
||||
|
||||
#### Creating a GKE cluster
|
||||
|
||||
To create the GKE cluster, you will first need to authenticate using the `gcloud` CLI. For more information on this step, see the following articles:
|
||||
- [`gcloud auth login`](https://cloud.google.com/sdk/gcloud/reference/auth/login)
|
||||
- [`gcloud` CLI](https://cloud.google.com/sdk/gcloud/reference)
|
||||
- [`gcloud` CLI and Cloud SDK](https://cloud.google.com/sdk/gcloud#the_gcloud_cli_and_cloud_sdk)
|
||||
|
||||
Ein Beispiel:
|
||||
|
||||
{% raw %}
|
||||
```bash{:copy}
|
||||
$ gcloud container clusters create $GKE_CLUSTER \
|
||||
--project=$GKE_PROJECT \
|
||||
--zone=$GKE_ZONE
|
||||
```
|
||||
{% endraw %}
|
||||
|
||||
#### Enabling the APIs
|
||||
|
||||
Enable the Kubernetes Engine and Container Registry APIs. Ein Beispiel:
|
||||
|
||||
{% raw %}
|
||||
```bash{:copy}
|
||||
$ gcloud services enable \
|
||||
containerregistry.googleapis.com \
|
||||
container.googleapis.com
|
||||
```
|
||||
{% endraw %}
|
||||
|
||||
#### Configuring a service account and storing its credentials
|
||||
|
||||
This procedure demonstrates how to create the service account for your GKE integration. It explains how to create the account, add roles to it, retrieve its keys, and store them as a base64-encoded [encrypted repository secret](/actions/reference/encrypted-secrets) named `GKE_SA_KEY`.
|
||||
|
||||
1. Create a new service account:
|
||||
{% raw %}
|
||||
```
|
||||
$ gcloud iam service-accounts create $SA_NAME
|
||||
```
|
||||
{% endraw %}
|
||||
1. Retrieve the email address of the service account you just created:
|
||||
{% raw %}
|
||||
```
|
||||
$ gcloud iam service-accounts list
|
||||
```
|
||||
{% endraw %}
|
||||
1. Add roles to the service account. Note: Apply more restrictive roles to suit your requirements.
|
||||
{% raw %}
|
||||
```
|
||||
$ gcloud projects add-iam-policy-binding $GKE_PROJECT \
|
||||
--member=serviceAccount:$SA_EMAIL \
|
||||
--role=roles/container.admin \
|
||||
--role=roles/storage.admin
|
||||
```
|
||||
{% endraw %}
|
||||
1. Download the JSON keyfile for the service account:
|
||||
{% raw %}
|
||||
```
|
||||
$ gcloud iam service-accounts keys create key.json --iam-account=$SA_EMAIL
|
||||
```
|
||||
{% endraw %}
|
||||
1. Store the project ID as a secret named `GKE_PROJECT`:
|
||||
{% raw %}
|
||||
```
|
||||
$ export GKE_SA_KEY=$(cat key.json | base64)
|
||||
```
|
||||
{% endraw %}
|
||||
|
||||
#### (Optional) Configuring kustomize
|
||||
Kustomize is an optional tool used for managing YAML specs. After creating a _kustomization_ file, the workflow below can be used to dynamically set fields of the image and pipe in the result to `kubectl`. For more information, see [kustomize usage](https://github.com/kubernetes-sigs/kustomize#usage).
|
||||
|
||||
### Creating the workflow
|
||||
|
||||
Once you've completed the prerequisites, you can proceed with creating the workflow.
|
||||
|
||||
The following example workflow demonstrates how to build a container image and push it to GCR. It then uses the Kubernetes tools (such as `kubectl` and `kustomize`) to pull the image into the cluster deployment.
|
||||
|
||||
{% raw %}
|
||||
```yaml{:copy}
|
||||
name: Build and Deploy to GKE
|
||||
|
||||
on:
|
||||
release:
|
||||
types: [created]
|
||||
|
||||
env:
|
||||
PROJECT_ID: ${{ secrets.GKE_PROJECT }}
|
||||
GKE_CLUSTER: cluster-1 # Add your cluster name here.
|
||||
GKE_ZONE: us-central1-c # Add your cluster zone here.
|
||||
DEPLOYMENT_NAME: gke-test # Add your deployment name here.
|
||||
IMAGE: static-site
|
||||
|
||||
jobs:
|
||||
setup-build-publish-deploy:
|
||||
name: Setup, Build, Publish, and Deploy
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v2
|
||||
|
||||
# Setup gcloud CLI
|
||||
- uses: google-github-actions/setup-gcloud@v0.2.0
|
||||
with:
|
||||
service_account_key: ${{ secrets.GKE_SA_KEY }}
|
||||
project_id: ${{ secrets.GKE_PROJECT }}
|
||||
|
||||
# Configure docker to use the gcloud command-line tool as a credential helper
|
||||
- run: |-
|
||||
gcloud --quiet auth configure-docker
|
||||
|
||||
# Get the GKE credentials so we can deploy to the cluster
|
||||
- uses: google-github-actions/get-gke-credentials@v0.2.1
|
||||
with:
|
||||
cluster_name: ${{ env.GKE_CLUSTER }}
|
||||
location: ${{ env.GKE_ZONE }}
|
||||
credentials: ${{ secrets.GKE_SA_KEY }}
|
||||
|
||||
# Build the Docker image
|
||||
- name: Build
|
||||
run: |-
|
||||
docker build \
|
||||
--tag "gcr.io/$PROJECT_ID/$IMAGE:$GITHUB_SHA" \
|
||||
--build-arg GITHUB_SHA="$GITHUB_SHA" \
|
||||
--build-arg GITHUB_REF="$GITHUB_REF" \
|
||||
.
|
||||
|
||||
# Push the Docker image to Google Container Registry
|
||||
- name: Publish
|
||||
run: |-
|
||||
docker push "gcr.io/$PROJECT_ID/$IMAGE:$GITHUB_SHA"
|
||||
|
||||
# Set up kustomize
|
||||
- name: Set up Kustomize
|
||||
run: |-
|
||||
curl -sfLo kustomize https://github.com/kubernetes-sigs/kustomize/releases/download/v3.1.0/kustomize_3.1.0_linux_amd64
|
||||
chmod u+x ./kustomize
|
||||
|
||||
# Deploy the Docker image to the GKE cluster
|
||||
- name: Deploy
|
||||
run: |-
|
||||
./kustomize edit set image gcr.io/PROJECT_ID/IMAGE:TAG=gcr.io/$PROJECT_ID/$IMAGE:$GITHUB_SHA
|
||||
./kustomize build . | kubectl apply -f -
|
||||
kubectl rollout status deployment/$DEPLOYMENT_NAME
|
||||
kubectl get services -o wide
|
||||
```
|
||||
{% endraw %}
|
||||
|
||||
### Additional resources
|
||||
|
||||
For more information on the tools used in these examples, see the following documentation:
|
||||
|
||||
* For the full starter workflow, see the ["Build and Deploy to GKE" workflow](https://github.com/actions/starter-workflows/blob/master/ci/google.yml).
|
||||
* For more starter workflows and accompanying code, see Google's [{% data variables.product.prodname_actions %} example workflows](https://github.com/google-github-actions/setup-gcloud/tree/master/example-workflows/).
|
||||
* The Kubernetes YAML customization engine: [Kustomize](https://kustomize.io/).
|
||||
* "[Deploying a containerized web application](https://cloud.google.com/kubernetes-engine/docs/tutorials/hello-app)" in the Google Kubernetes Engine documentation.
|
||||
|
|
@ -36,6 +36,14 @@ You can use {% data variables.product.prodname_actions %} to create custom conti
|
|||
{% link_in_list /building-and-testing-java-with-gradle %}
|
||||
{% link_in_list /building-and-testing-java-with-ant %}
|
||||
|
||||
### Creating custom continuous deployment workflows
|
||||
|
||||
You can use {% data variables.product.prodname_actions %} to create custom continuous deployment (CD) workflows that deploy projects to a number of cloud partner ecosystems.
|
||||
|
||||
{% link_in_list /deploying-to-amazon-elastic-container-service %}
|
||||
{% link_in_list /deploying-to-azure-app-service %}
|
||||
{% link_in_list /deploying-to-google-kubernetes-engine %}
|
||||
|
||||
### Publishing software packages
|
||||
|
||||
You can automate publishing software packages as part your continuous delivery (CD) workflow. Packages can be published to any package host and to {% data reusables.gated-features.packages %}.
|
||||
|
|
|
|||
|
|
@ -46,11 +46,11 @@ In dieser Anleitung wir werden die Docker-Aktion `build-push-action` verwenden,
|
|||
|
||||
Im folgenden Beispiel-Workflow verwenden wir die Docker-Aktion `build-push-action`, um das Docker-Image zu bauen und, wenn der Build erfolgreich ist, das gebaute Image auf „Docker Hub“ zu übertragen.
|
||||
|
||||
Um zum „Docker Hub“ zu pushen, benötigst Du ein Benutzerkonto auf „Docker Hub“ und musst ein „Docker Hub“-Repository erstellt haben. Weitere Informationen findest Du unter „[Images auf ‚Docker Hub‘ freigeben](https://docs.docker.com/get-started/part3/)“ in der Docker-Dokumentation.
|
||||
Um zum „Docker Hub“ zu pushen, benötigst Du ein Benutzerkonto auf „Docker Hub“ und musst ein „Docker Hub“-Repository erstellt haben. For more information, see "[Pushing a Docker container image to Docker Hub](https://docs.docker.com/docker-hub/repos/#pushing-a-docker-container-image-to-docker-hub)" in the Docker documentation.
|
||||
|
||||
„Docker Hub“ benötigt für `build-push-action` die folgenden Optionen:
|
||||
|
||||
* `username` und `password`: Dies ist Dein Benutzername und Passwort auf „Docker Hub“. We recommend storing your Docker Hub username and password as encrypted secrets in your {% data variables.product.prodname_dotcom %} repository so they aren't exposed in your workflow file. Weitere Informationen findest Du unter „[Verschlüsselte Geheimnisse erstellen und verwenden](/actions/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets)“.
|
||||
* `username` und `password`: Dies ist Dein Benutzername und Passwort auf „Docker Hub“. We recommend storing your Docker Hub username and password as secrets so they aren't exposed in your workflow file. Weitere Informationen findest Du unter „[Verschlüsselte Geheimnisse erstellen und verwenden](/actions/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets)“.
|
||||
* `repository`: Dein „Docker Hub“-Repository im Format `DOCKER-HUB-NAMESPACE/DOCKER-HUB-REPOSITORY`.
|
||||
|
||||
{% raw %}
|
||||
|
|
|
|||
|
|
@ -44,7 +44,7 @@ Wenn Du Schritte in Deinen Workflow einfügst, um die `publishConfig`-Felder in
|
|||
|
||||
Jedes Mal, wenn Du ein neues Release erstellst, kannst Du einen Workflow anstoßen, um Dein Paket zu veröffentlichen. Der Workflow im folgenden Beispiel wird von dem Ereignis `release` vom Typ `created` angestoßen. Der Workflow veröffentlicht das Paket im npm-Registry sofern es die CI-Tests besteht.
|
||||
|
||||
Um in Deinem Workflow authentifizierte Operationen gegenüber der npm-Registry durchzuführen, musst Du Dein npm-Authentifizierungstoken als Geheimnis in Deinen Repository-Einstellungen ablegen. Erstelle z.B. ein Geheimnis namens `NPM_TOKEN`. Weitere Informationen findest Du unter „[Verschlüsselte Geheimnisse erstellen und verwenden](/actions/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets)“.
|
||||
To perform authenticated operations against the npm registry in your workflow, you'll need to store your npm authentication token as a secret. For example, create a repository secret called `NPM_TOKEN`. Weitere Informationen findest Du unter „[Verschlüsselte Geheimnisse erstellen und verwenden](/actions/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets)“.
|
||||
|
||||
Standardmäßig verwendet npm das Feld `name` der Datei *package.json*, um die npm-Registry zu ermitteln. Wenn Du in einem globalen Namespace veröffentlichst, brauchst Du nur den Paketnamen anzugeben. Zum Beispiel würdest Du ein Paket namens `npm-hello-world-test` auf `https://www.npmjs.com/package/npm-hello-world-test` veröffentlichen.
|
||||
|
||||
|
|
|
|||
|
|
@ -6,6 +6,7 @@ redirect_from:
|
|||
versions:
|
||||
free-pro-team: '*'
|
||||
enterprise-server: '>=2.22'
|
||||
defaultPlatform: linux
|
||||
---
|
||||
|
||||
{% data reusables.actions.enterprise-beta %}
|
||||
|
|
|
|||
|
|
@ -8,6 +8,7 @@ redirect_from:
|
|||
versions:
|
||||
free-pro-team: '*'
|
||||
enterprise-server: '>=2.22'
|
||||
defaultPlatform: linux
|
||||
---
|
||||
|
||||
{% data reusables.actions.enterprise-beta %}
|
||||
|
|
|
|||
|
|
@ -25,6 +25,10 @@ featuredLinks:
|
|||
- /actions/reference/workflow-commands-for-github-actions
|
||||
- /actions/reference/environment-variables
|
||||
changelog:
|
||||
-
|
||||
title: Workflow visualization
|
||||
date: '2020-12-08'
|
||||
href: https://github.blog/changelog/2020-12-08-github-actions-workflow-visualization/
|
||||
-
|
||||
title: Removing set-env and add-path commands on November 16
|
||||
date: '2020-11-09'
|
||||
|
|
@ -33,14 +37,6 @@ changelog:
|
|||
title: Ubuntu-latest workflows will use Ubuntu-20.04
|
||||
date: '2020-10-29'
|
||||
href: https://github.blog/changelog/2020-10-29-github-actions-ubuntu-latest-workflows-will-use-ubuntu-20-04
|
||||
-
|
||||
title: MacOS Big Sur Preview
|
||||
date: '2020-10-29'
|
||||
href: https://github.blog/changelog/2020-10-29-github-actions-macos-big-sur-preview
|
||||
-
|
||||
title: Self-Hosted Runner Group Access Changes
|
||||
date: '2020-10-16'
|
||||
href: https://github.blog/changelog/2020-10-16-github-actions-self-hosted-runner-group-access-changes/
|
||||
product_video: https://www.youtube-nocookie.com/embed/cP0I9w2coGU
|
||||
redirect_from:
|
||||
- /articles/automating-your-workflow-with-github-actions/
|
||||
|
|
|
|||
|
|
@ -76,7 +76,7 @@ Schritte:
|
|||
|
||||
#### Using branches
|
||||
|
||||
Referring to a specific branch means that the action will always use include the latest updates on the target branch, but can create problems if those updates include breaking changes. This example targets a branch named `@main`:
|
||||
Referring to a specific branch means that the action will always use the latest updates on the target branch, but can create problems if those updates include breaking changes. This example targets a branch named `@main`:
|
||||
|
||||
```yaml
|
||||
steps:
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
---
|
||||
title: Managing complex workflows
|
||||
shortTitle: Managing complex workflows
|
||||
intro: 'This guide shows you how to use the advanced features of {% data variables.product.prodname_actions %}, with secret management, dependent jobs, caching, build matrices, and labels.'
|
||||
intro: 'This guide shows you how to use the advanced features of {% data variables.product.prodname_actions %}, with secret management, dependent jobs, caching, build matrices,{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@3.0" %} environments,{% endif %} and labels.'
|
||||
versions:
|
||||
free-pro-team: '*'
|
||||
enterprise-server: '>=2.22'
|
||||
|
|
@ -148,6 +148,12 @@ jobs:
|
|||
|
||||
For more information, see ["Using labels with self-hosted runners](/actions/hosting-your-own-runners/using-labels-with-self-hosted-runners)."
|
||||
|
||||
{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@3.0" %}
|
||||
### Using environments
|
||||
|
||||
You can configure environments with protection rules and secrets. Each job in a workflow can reference a single environment. Any protection rules configured for the environment must pass before a job referencing the environment is sent to a runner. For more information, see "[Environments](/actions/reference/environments)."
|
||||
{% endif %}
|
||||
|
||||
### Nächste Schritte:
|
||||
|
||||
To continue learning about {% data variables.product.prodname_actions %}, see "[Sharing workflows with your organization](/actions/learn-github-actions/sharing-workflows-with-your-organization)."
|
||||
|
|
|
|||
|
|
@ -57,7 +57,7 @@ Jenkins verwendet Anweisungen um _Deklarative Pipelines_ zu verwalten. Diese Anw
|
|||
|
||||
| Anweisungen in Jenkins | {% data variables.product.prodname_actions %}
|
||||
| ------------------------------------------------------------------------------------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
|
||||
| [`environment`](https://jenkins.io/doc/book/pipeline/syntax/#environment) | [`jobs.<job_id>.env`](/actions/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions#env) <br> [`jobs.<job_id>.steps.env`](/actions/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions#jobsjob_idstepsenv) |
|
||||
| [`environment`](https://jenkins.io/doc/book/pipeline/syntax/#environment) | [`jobs.<job_id>.env`](/actions/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions#env) <br> [`jobs.<job_id>.steps[*].env`](/actions/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions#jobsjob_idstepsenv) |
|
||||
| [`options`](https://jenkins.io/doc/book/pipeline/syntax/#parameters) | [`jobs.<job_id>.strategy`](/actions/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions#jobsjob_idstrategy) <br> [`jobs.<job_id>.strategy.fail-fast`](/actions/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions#jobsjob_idstrategyfail-fast) <br> [`jobs.<job_id>.timeout-minutes`](/actions/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions#jobsjob_idtimeout-minutes) |
|
||||
| [`parameters`](https://jenkins.io/doc/book/pipeline/syntax/#parameters) | [`inputs`](/actions/creating-actions/metadata-syntax-for-github-actions#inputs) <br> [`outputs`](/actions/creating-actions/metadata-syntax-for-github-actions#outputs) |
|
||||
| [`triggers`](https://jenkins.io/doc/book/pipeline/syntax/#triggers) | [`on`](/actions/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions#on) <br> [`on.<event_name>.types`](/actions/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions#onevent_nametypes) <br> [<code>on.<push\|pull_request>.<branches\|tags></code>](/actions/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions#onpushpull_requestbranchestags) <br> [<code>on.<push\|pull_request>.paths</code>](/actions/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions#onpushpull_requestpaths) |
|
||||
|
|
|
|||
|
|
@ -175,7 +175,7 @@ When migrating from Travis CI, consider the following key features in {% data va
|
|||
|
||||
#### Storing secrets
|
||||
|
||||
{% data variables.product.prodname_actions %} allows you to store secrets and reference them in your jobs. {% data variables.product.prodname_actions %} also includes policies that allow you to limit access to secrets at the repository and organization level. For more information, see "[Encrypted secrets](/actions/reference/encrypted-secrets)."
|
||||
{% data variables.product.prodname_actions %} allows you to store secrets and reference them in your jobs. {% data variables.product.prodname_actions %} organizations can limit which repositories can access organization secrets. {% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@3.0" %}Environment protection rules can require manual approval for a workflow to access environment secrets. {% endif %}For more information, see "[Encrypted secrets](/actions/reference/encrypted-secrets)."
|
||||
|
||||
#### Sharing files between jobs and workflows
|
||||
|
||||
|
|
|
|||
|
|
@ -19,7 +19,7 @@ This guide explains how to configure security hardening for certain {% data vari
|
|||
|
||||
### Using secrets
|
||||
|
||||
Sensitive values should never be stored as plaintext in workflow files, but rather as secrets. [Secrets](/actions/configuring-and-managing-workflows/creating-and-storing-encrypted-secrets) can be configured at the organization or repository level, and allow you to store sensitive information in {% data variables.product.product_name %}.
|
||||
Sensitive values should never be stored as plaintext in workflow files, but rather as secrets. [Secrets](/actions/configuring-and-managing-workflows/creating-and-storing-encrypted-secrets) can be configured at the organization{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@3.0" %}, repository, or environment{% else %} or repository{% endif %} level, and allow you to store sensitive information in {% data variables.product.product_name %}.
|
||||
|
||||
Secrets use [Libsodium sealed boxes](https://libsodium.gitbook.io/doc/public-key_cryptography/sealed_boxes), so that they are encrypted before reaching {% data variables.product.product_name %}. This occurs when the secret is submitted [using the UI](/actions/configuring-and-managing-workflows/creating-and-storing-encrypted-secrets#creating-encrypted-secrets-for-a-repository) or through the [REST API](/rest/reference/actions#secrets). This client-side encryption helps the minimize risks related to accidental logging (for example, exception logs and request logs, among others) within {% data variables.product.product_name %}'s infrastructure. Once the secret is uploaded, {% data variables.product.product_name %} is then able to decrypt it so that it can be injected into the workflow runtime.
|
||||
|
||||
|
|
@ -38,6 +38,10 @@ To help prevent accidental disclosure, {% data variables.product.product_name %}
|
|||
- **Audit and rotate registered secrets**
|
||||
- Periodically review the registered secrets to confirm they are still required. Remove those that are no longer needed.
|
||||
- Rotate secrets periodically to reduce the window of time during which a compromised secret is valid.
|
||||
{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@3.0" %}
|
||||
- **Consider requiring review for access to secrets**
|
||||
- You can use required reviewers to protect environment secrets. A workflow job cannot access environment secrets until approval is granted by a reviewer. For more information about storing secrets in environments or requiring reviews for environments, see "[Encrypted secrets](/actions/reference/encrypted-secrets)" and "[Environments](/actions/reference/environments)."
|
||||
{% endif %}
|
||||
|
||||
### Using third-party actions
|
||||
|
||||
|
|
@ -66,13 +70,13 @@ This means that a compromise of a single action within a workflow can be very si
|
|||
|
||||
### Considering cross-repository access
|
||||
|
||||
{% data variables.product.product_name %} is intentionally scoped for a single repository at a time. The `GITHUB_TOKEN` used in the workflow environment grants the same level of access as a write-access user, because any write-access user can access this token by creating or modifying workflow files. Users have specific permissions for each repository, so having the `GITHUB_TOKEN` for one repository grant access to another would impact the {% data variables.product.prodname_dotcom %} permission model if not implemented carefully. Similarly, caution must be taken when adding {% data variables.product.prodname_dotcom %} authentication tokens to the workflow environment, because this can also affect the {% data variables.product.prodname_dotcom %} permission model by inadvertently granting broad access to collaborators.
|
||||
{% data variables.product.product_name %} is intentionally scoped for a single repository at a time. The `GITHUB_TOKEN` grants the same level of access as a write-access user, because any write-access user can access this token by creating or modifying workflow files. Users have specific permissions for each repository, so having the `GITHUB_TOKEN` for one repository grant access to another would impact the {% data variables.product.prodname_dotcom %} permission model if not implemented carefully. Similarly, caution must be taken when adding {% data variables.product.prodname_dotcom %} authentication tokens to a workflow, because this can also affect the {% data variables.product.prodname_dotcom %} permission model by inadvertently granting broad access to collaborators.
|
||||
|
||||
We have [a plan on the {% data variables.product.prodname_dotcom %} roadmap](https://github.com/github/roadmap/issues/74) to support a flow that allows cross-repository access within {% data variables.product.product_name %}, but this is not yet a supported feature. Currently, the only way to perform privileged cross-repository interactions is to place a {% data variables.product.prodname_dotcom %} authentication token or SSH key as a secret within the workflow environment. Because many authentication token types do not allow for granular access to specific resources, there is significant risk in using the wrong token type, as it can grant much broader access than intended.
|
||||
We have [a plan on the {% data variables.product.prodname_dotcom %} roadmap](https://github.com/github/roadmap/issues/74) to support a flow that allows cross-repository access within {% data variables.product.product_name %}, but this is not yet a supported feature. Currently, the only way to perform privileged cross-repository interactions is to place a {% data variables.product.prodname_dotcom %} authentication token or SSH key as a secret within the workflow. Because many authentication token types do not allow for granular access to specific resources, there is significant risk in using the wrong token type, as it can grant much broader access than intended.
|
||||
|
||||
This list describes the recommended approaches for accessing repository data within a workflow, in descending order of preference:
|
||||
|
||||
1. **The `GITHUB_TOKEN` in the workflow environment**
|
||||
1. **The `GITHUB_TOKEN`**
|
||||
- This token is intentionally scoped to the single repository that invoked the workflow, and has the same level of access as a write-access user on the repository. The token is created before each job begins and expires when the job is finished. Weitere Informationen findest Du unter „[Authentifizierung mit dem GITHUB_TOKEN](/actions/configuring-and-managing-workflows/authenticating-with-the-github_token)."
|
||||
- The `GITHUB_TOKEN` should be used whenever possible.
|
||||
2. **Repository deploy key**
|
||||
|
|
|
|||
|
|
@ -13,6 +13,9 @@ versions:
|
|||
Diese zusätzlichen Protokolle werden aktiviert, indem Geheimnisse im Repository, die den Workflow enthalten, gesetzt werden, sodass die gleichen Berechtigungsanforderungen gelten:
|
||||
|
||||
- {% data reusables.github-actions.permissions-statement-secrets-repository %}
|
||||
{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@3.0" %}
|
||||
- {% data reusables.github-actions.permissions-statement-secrets-environment %}
|
||||
{% endif %}
|
||||
- {% data reusables.github-actions.permissions-statement-secrets-organization %}
|
||||
- {% data reusables.github-actions.permissions-statement-secrets-api %}
|
||||
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
---
|
||||
title: Managing workflow runs
|
||||
shortTitle: Managing workflow runs
|
||||
intro: 'Sie können den Status und die Ergebnisse der einzelnen Schritte in Ihrem Workflow anzeigen, einen ausstehenden Workflow abbrechen, fakturierbare Auftragsausführungsminuten anzeigen, einen fehlgeschlagenen Workflow debuggen und erneut ausführen, Protokolle suchen und herunterladen und Artefakte herunterladen.'
|
||||
intro: 'You can view the status and results of each step in your workflow, cancel a pending workflow, {% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@3.0" %}review deployments, {% endif %}view billable job execution minutes, debug and re-run a failed workflow, search and download logs, and download artifacts.'
|
||||
redirect_from:
|
||||
- /actions/configuring-and-managing-workflows/managing-a-workflow-run
|
||||
- /articles/viewing-your-repository-s-workflows
|
||||
|
|
@ -24,6 +24,7 @@ versions:
|
|||
{% link_in_list /manually-running-a-workflow %}
|
||||
{% link_in_list /re-running-a-workflow %}
|
||||
{% link_in_list /canceling-a-workflow %}
|
||||
{% link_in_list /reviewing-deployments %}
|
||||
{% link_in_list /disabling-and-enabling-a-workflow %}
|
||||
{% link_in_list /deleting-a-workflow-run %}
|
||||
{% link_in_list /viewing-job-execution-time %}
|
||||
|
|
|
|||
|
|
@ -0,0 +1,25 @@
|
|||
---
|
||||
title: Reviewing deployments
|
||||
intro: You can approve or reject jobs awaiting review.
|
||||
product: '{% data reusables.gated-features.environments %}'
|
||||
versions:
|
||||
free-pro-team: '*'
|
||||
enterprise-server: '>=3.1'
|
||||
---
|
||||
|
||||
{% data reusables.actions.environments-beta %}
|
||||
|
||||
### About required reviews in workflows
|
||||
|
||||
Jobs that reference an environment configured with required reviewers will wait for an approval before starting. While a job is awaiting approval, it has a status of "Waiting". If a job is not approved within 30 days, the workflow run will be automatically canceled.
|
||||
|
||||
For more information about environments and required approvals, see "[Environments](/actions/reference/environments)."
|
||||
|
||||
### Approving or rejecting a job
|
||||
|
||||
1. Navigate to the workflow run that requires review. For more information about navigating to a workflow run, see "[Viewing workflow run history](/actions/managing-workflow-runs/viewing-workflow-run-history)."
|
||||
2. Click **Review deployments**. 
|
||||
3. Select the job environment(s) to approve or reject. Optionally, leave a comment. 
|
||||
4. Approve or reject:
|
||||
- To approve the job, click **Approve and deploy**. Once a job is approved (and any other environment protection rules have passed), the job will proceed. At this point, the job can access any secrets stored in the environment.
|
||||
- To reject the job, click **Reject**. If a job is rejected, the workflow will fail.
|
||||
|
|
@ -14,11 +14,9 @@ versions:
|
|||
{% data reusables.actions.enterprise-beta %}
|
||||
{% data reusables.actions.enterprise-github-hosted-runners %}
|
||||
|
||||
Jeder mit `write`(schreiben)-Zugriff auf ein Repository kann Geheimnisse erstellen, lesen und verwenden.
|
||||
|
||||
### Informationen zum `GITHUB_TOKEN`-Geheimnis
|
||||
|
||||
{% data variables.product.prodname_dotcom %} erstellt automatisch ein `GITHUB_TOKEN`-Geheimnis für den Workflow. Du kannst den `GITHUB_TOKEN` verwenden, um Dich in einem Workflow zu authentifizieren.
|
||||
{% data variables.product.prodname_dotcom %} erstellt automatisch ein `GITHUB_TOKEN`-Geheimnis für Deinen Workflow. Du kannst den `GITHUB_TOKEN` verwenden, um Dich in einem Workflow zu authentifizieren.
|
||||
|
||||
Wenn Du {% data variables.product.prodname_actions %} aktivierst, installiert {% data variables.product.prodname_dotcom %} eine {% data variables.product.prodname_github_app %} in Deinem Repository. Das `GITHUB_TOKEN`-Geheimnis ist ein {% data variables.product.prodname_github_app %}-Token für Installations-Zugriff. Du kannst das Installationszugriffs-Token verwenden, um Dich im Namen der auf Deinem Repository installierten {% data variables.product.prodname_github_app %} zu authentifizieren. Die Berechtigungen des Tokens sind auf das Repository beschränkt, in dem sich der Workflow befindet. Weitere Informationen findest Du unter "[Berechtigungen für das `GITHUB_TOKEN`](#permissions-for-the-github_token)."
|
||||
|
||||
|
|
@ -28,7 +26,7 @@ Das Token ist auch im `github.token`-Kontext verfügbar. Weitere Informationen f
|
|||
|
||||
### Das `GITHUB_TOKEN` in einem Workflow verwenden
|
||||
|
||||
Um das `GITHUB_TOKEN`-Geheimnis zu verwenden, musst Du es in Deiner Workflow-Datei referenzieren. Hierbei musst Du das Token ggf. als Eingabe für eine Aktion übergeben, für die dieses Token erforderlich ist, oder authentifizierte Aufrufe der {% data variables.product.prodname_dotcom %}-API ausführen.
|
||||
Um das `GITHUB_TOKEN`-Geheimnis zu verwenden, musst Du es in Deiner Workflow-Datei referenzieren. Hierbei müssen Sie das Token ggf. als Eingabe für eine Aktion übergeben, für die dieses Token erforderlich ist, oder authentifizierte {% data variables.product.prodname_dotcom %}-API-Aufrufe ausführen.
|
||||
|
||||
{% data reusables.github-actions.actions-do-not-trigger-workflows %}
|
||||
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
---
|
||||
title: Encrypted secrets
|
||||
intro: Verschlüsselte Geheimnisse ermöglichen es Ihnen, vertrauliche Informationen in Ihrem Repository oder Ihrer Organisation zu speichern.
|
||||
intro: Encrypted secrets allow you to store sensitive information in your organization{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@3.0" %}, repository, or repository environments{% else %} or repository{% endif %}.
|
||||
product: '{% data reusables.gated-features.actions %}'
|
||||
redirect_from:
|
||||
- /github/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets
|
||||
|
|
@ -12,14 +12,19 @@ versions:
|
|||
---
|
||||
|
||||
{% data reusables.actions.enterprise-beta %}
|
||||
{% data reusables.actions.environments-beta %}
|
||||
{% data reusables.actions.enterprise-github-hosted-runners %}
|
||||
|
||||
### Informationen zu verschlüsselten Geheimnissen
|
||||
|
||||
Geheimnisse sind verschlüsselte Umgebungsvariablen, die Sie in einem Repository oder einer Organisation erstellen. The secrets you create are available to use in {% data variables.product.prodname_actions %} workflows. {% data variables.product.prodname_dotcom %} verwendet eine [versiegelte Libsodium-Box](https://libsodium.gitbook.io/doc/public-key_cryptography/sealed_boxes) um sicherzustellen, dass Geheimnisse verschlüsselt werden, bevor sie {% data variables.product.prodname_dotcom %} erreichen, und verschlüsselt bleiben, bis Du sie in einem Workflow verwendest.
|
||||
Secrets are encrypted environment variables that you create in an organization{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@3.0" %}, repository, or repository environment{% else %} or repository{% endif %}. The secrets that you create are available to use in {% data variables.product.prodname_actions %} workflows. {% data variables.product.prodname_dotcom %} uses a [libsodium sealed box](https://libsodium.gitbook.io/doc/public-key_cryptography/sealed_boxes) to help ensure that secrets are encrypted before they reach {% data variables.product.prodname_dotcom %} and remain encrypted until you use them in a workflow.
|
||||
|
||||
{% data reusables.github-actions.secrets-org-level-overview %}
|
||||
|
||||
{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@3.0" %}
|
||||
For secrets stored at the environment level, you can enable required reviewers to control access to the secrets. A workflow job cannot access environment secrets until approval is granted by required approvers.
|
||||
{% endif %}
|
||||
|
||||
#### Benennen Ihrer Geheimnisse
|
||||
|
||||
Die folgenden Regeln gelten für geheime Namen:
|
||||
|
|
@ -27,13 +32,16 @@ Die folgenden Regeln gelten für geheime Namen:
|
|||
* Geheime Namen dürfen nur alphanumerische Zeichen (`[a-z]`, `[A-Z]`, `[0-9]`) oder Unterstriche (`_`) enthalten. Leerzeichen sind nicht zulässig.
|
||||
* Geheime Namen dürfen nicht mit dem `GITHUB_` -Präfix beginnen.
|
||||
* Geheime Namen dürfen nicht mit einer Zahl beginnen.
|
||||
* Geheime Namen müssen auf der Ebene eindeutig sein, auf der sie erstellt werden. Beispielsweise muss ein geheimer Schlüssel, der auf Organisationsebene erstellt wird, einen eindeutigen Namen auf dieser Ebene haben, und ein geheimer Schlüssel, der auf Repository-Ebene erstellt wird, muss einen eindeutigen Namen in diesem Repository haben. Wenn ein Geheimschlüssel auf Organisationsebene denselben Namen wie ein Geheimschlüssel auf Repository-Ebene hat, hat der geheime Schlüssel auf Repository-Ebene Vorrang.
|
||||
* Secret names are not case-sensitive.
|
||||
* Geheime Namen müssen auf der Ebene eindeutig sein, auf der sie erstellt werden. For example, {% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@3.0" %}a secret created at the environment level must have a unique name in that environment, {% endif %}a secret created at the repository level must have a unique name in that repository, and a secret created at the organization level must have a unique name at that level.
|
||||
|
||||
If a secret with the same name exists at multiple levels, the secret at the lower level takes precedence. For example, if an organization-level secret has the same name as a repository-level secret, then the repository-level secret takes precedence.{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@3.0" %} Similarly, if an organization, repository, and environment all have a secret with the same name, the environment-level secret takes precedence.{% endif %}
|
||||
|
||||
To help ensure that {% data variables.product.prodname_dotcom %} redacts your secret in logs, avoid using structured data as the values of secrets. Vermeide beispielsweise Geheimnisse zu erstellen, die JSON oder codierte Git-Blobs enthalten.
|
||||
|
||||
#### Zugriff auf Ihre Geheimnisse
|
||||
|
||||
Um ein Geheimnis für eine Aktion verfügbar zu machen, legen Sie das Geheimnis als Eingabe oder Umgebungsvariable in der Workflow-Datei fest. In der README-Datei der Aktion erfahren Sie, welche Eingaben und Umgebungsvariablen die Aktion erwartet. Weitere Informationen finden Sie unter „[Workflow-Syntax für {% data variables.product.prodname_actions %}](/articles/workflow-syntax-for-github-actions/#jobsjob_idstepsenv)“.
|
||||
Um ein Geheimnis für eine Aktion verfügbar zu machen, legen Sie das Geheimnis als Eingabe oder Umgebungsvariable in der Workflow-Datei fest. In der README-Datei der Aktion erfahren Sie, welche Eingaben und Umgebungsvariablen die Aktion erwartet. Weitere Informationen findest Du unter „[Workflow-Syntax für {% data variables.product.prodname_actions %}](/articles/workflow-syntax-for-github-actions/#jobsjob_idstepsenv)“.
|
||||
|
||||
Du kannst verschlüsselte Geheimnisse in einer Workflow-Datei verwenden und lesen, wenn Du auf die Datei Bearbeitungs-Zugriff hast. Weitere Informationen findest Du unter „[Zugriffsberechtigungen auf {% data variables.product.prodname_dotcom %}](/github/getting-started-with-github/access-permissions-on-github)“.
|
||||
|
||||
|
|
@ -43,6 +51,10 @@ Du kannst verschlüsselte Geheimnisse in einer Workflow-Datei verwenden und lese
|
|||
|
||||
{% endwarning %}
|
||||
|
||||
{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@3.0" %}
|
||||
Organization and repository secrets are read when a workflow run is queued, and environment secrets are read when a job referencing the environment starts.
|
||||
{% endif %}
|
||||
|
||||
Sie können Geheimnisse auch mit der REST-API verwalten. For more information, see "[Secrets](/rest/reference/actions#secrets)."
|
||||
|
||||
#### Einschränken von Anmeldeinformationsberechtigungen
|
||||
|
|
@ -56,12 +68,27 @@ Beim Generieren von Anmeldeinformationen wird empfohlen, möglichst geringe Bere
|
|||
{% data reusables.repositories.navigate-to-repo %}
|
||||
{% data reusables.repositories.sidebar-settings %}
|
||||
{% data reusables.github-actions.sidebar-secret %}
|
||||
1. Klicken Sie auf **Add a new secret** (Neues Geheimnis hinzufügen).
|
||||
1. Click **New repository secret**.
|
||||
1. Geben Sie einen Namen für Ihr Geheimnis in das Eingabefeld **Name** ein.
|
||||
1. Geben Sie den Wert für Ihr Geheimnis ein.
|
||||
1. Klicken Sie auf **Add secret** (Geheimnis hinzufügen).
|
||||
|
||||
Wenn Ihr Repository auf Geheimnisse der übergeordneten Organisation zugreifen kann, werden diese Geheimnisse auch auf dieser Seite aufgeführt.
|
||||
If your repository {% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@3.0" %}has environment secrets or {% endif %}can access secrets from the parent organization, then those secrets are also listed on this page.
|
||||
|
||||
{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@3.0" %}
|
||||
### Creating encrypted secrets for an environment
|
||||
|
||||
{% data reusables.github-actions.permissions-statement-secrets-environment %}
|
||||
|
||||
{% data reusables.repositories.navigate-to-repo %}
|
||||
{% data reusables.repositories.sidebar-settings %}
|
||||
{% data reusables.github-actions.sidebar-environment %}
|
||||
1. Click on the environment that you want to add a secret to.
|
||||
1. Under **Environment secrets**, click **Add secret**.
|
||||
1. Geben Sie einen Namen für Ihr Geheimnis in das Eingabefeld **Name** ein.
|
||||
1. Geben Sie den Wert für Ihr Geheimnis ein.
|
||||
1. Klicken Sie auf **Add secret** (Geheimnis hinzufügen).
|
||||
{% endif %}
|
||||
|
||||
### Erstellen verschlüsselter Geheimnisse für eine Organisation
|
||||
|
||||
|
|
@ -72,7 +99,7 @@ Beim Erstellen eines geheimen Schlüssels in einer Organisation können Sie eine
|
|||
{% data reusables.organizations.navigate-to-org %}
|
||||
{% data reusables.organizations.org_settings %}
|
||||
{% data reusables.github-actions.sidebar-secret %}
|
||||
1. Klicken Sie auf **Neue geheime**.
|
||||
1. Click **New organization secret**.
|
||||
1. Geben Sie einen Namen für Ihr Geheimnis in das Eingabefeld **Name** ein.
|
||||
1. Geben Sie den **Value** für Ihr Geheimnis ein.
|
||||
1. Wählen Sie im **Repository-Zugriff** Dropdownliste eine Zugriffsrichtlinie aus.
|
||||
|
|
@ -90,7 +117,7 @@ Sie können überprüfen, welche Zugriffsrichtlinien auf einen geheimen Schlüss
|
|||
|
||||
### Verschlüsselte Geheimnisse in einem Workflow verwenden
|
||||
|
||||
Mit Ausnahme von `GITHUB_TOKEN` werden Geheimnisse nicht an den Runner übergeben, wenn ein Workflow von einem geforkten Repository aus ausgelöst wird.
|
||||
{% data reusables.actions.forked-secrets %}
|
||||
|
||||
Um eine Aktion mit einem Geheimnis als Eingabe- oder Umgebungsvariable zu versehen, kannst Du den `secrets` Kontext verwenden, um auf Geheimnisse zuzugreifen, die Du in Deinem Repository erstellt hast. Weitere Informationen findest Du unter "[Kontext und Ausdrucks-Syntax für {% data variables.product.prodname_actions %}](/actions/reference/context-and-expression-syntax-for-github-actions)" und "[Workflow-Syntax für {% data variables.product.prodname_actions %}](/github/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions)."
|
||||
|
||||
|
|
@ -150,13 +177,13 @@ steps:
|
|||
|
||||
### Einschränkungen für Geheimnisse
|
||||
|
||||
Dein Workflow kann bis zu 100 Geheimnisse haben. Die Namen von Geheimnis-Umgebungsvariablen müssen Repository-weit eindeutig sein.
|
||||
You can store up to 1,000 secrets per organization{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@3.0" %}, 100 secrets per repository, and 100 secrets per environment{% else %} and 100 secrets per repository{% endif %}. A workflow may use up to 100 organization secrets and 100 repository secrets.{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@3.0" %} Additionally, a job referencing an environment may use up to 100 environment secrets.{% endif %}
|
||||
|
||||
Geheimnisse sind auf 64 KB beschränkt. Um Geheimnisse zu verwenden, die größer als 64 KB sind, können Sie verschlüsselte Geheimnisse in Ihrem Repository speichern und die Passphrase zur Entschlüsselung als Geheimnis auf {% data variables.product.prodname_dotcom %} speichern. Sie können beispielsweise `gpg` verwenden, um Ihre Anmeldeinformationen lokal zu verschlüsseln, bevor Sie die Datei in Ihrem Repository auf {% data variables.product.prodname_dotcom %} einchecken. Weitere Informationen finden Sie auf der „[gpg-Manpage](https://www.gnupg.org/gph/de/manual/r1023.html)“.
|
||||
Geheimnisse sind auf 64 KB beschränkt. Um Geheimnisse zu verwenden, die größer als 64 KB sind, kannst Du verschlüsselte Geheimnisse in Deinem Repository speichern und die Passphrase zur Entschlüsselung als Geheimnis auf {% data variables.product.prodname_dotcom %} speichern. Du kannst beispielsweise `gpg` verwenden, um Deine Anmeldeinformationen lokal zu verschlüsseln, bevor Du die Datei in Ihrem Repository auf {% data variables.product.prodname_dotcom %} eincheckst. Weitere Informationen finden Sie auf der „[gpg-Manpage](https://www.gnupg.org/gph/de/manual/r1023.html)“.
|
||||
|
||||
{% warning %}
|
||||
|
||||
**Warnung**: Achte darauf, dass Deine Geheimnisse nicht gedruckt werden, wenn Deine Aktion ausgeführt wird. Wenn Sie diesen Workaround verwenden, redigiert {% data variables.product.prodname_dotcom %} keine Geheimnisse, die in Protokollen gedruckt werden.
|
||||
**Warnung**: Achte darauf, dass Deine Geheimnisse nicht gedruckt werden, wenn Deine Aktion ausgeführt wird. Wenn Du diesen Workaround verwendest, redigiert {% data variables.product.prodname_dotcom %} keine Geheimnisse, die in Protokollen gedruckt werden.
|
||||
|
||||
{% endwarning %}
|
||||
|
||||
|
|
|
|||
|
|
@ -18,7 +18,7 @@ versions:
|
|||
|
||||
{% data variables.product.prodname_dotcom %} setzt Standard-Umgebungsvariablen, die für jeden Schritt in einem Workflow-Lauf verfügbar sind. Bei Umgebungsvariablen wird die Groß-/Kleinschreibung berücksichtigt. Befehle, die in Aktionen oder „Steps“ (Schritten) ausgeführt werden, können Umgebungsvariablen erstellen, lesen und ändern.
|
||||
|
||||
Um benutzerdefinierte Umgebungsvariablen festzulegen, musst Du die Variablen in der Workflow-Datei angeben. Du kannst Umgebungsvariablen für einen „Step“ (Schritt), Job, oder ganzen Workflow festlegen, indem Du die Schlüsselworte [`jobs.<job_id>.steps.env`](/github/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions#jobsjob_idstepsenv), [`jobs.<job_id>.env`](/github/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions#jobsjob_idenv) oder [`env`](/github/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions#env) verwendest. Weitere Informationen finden Sie unter „[Workflow-Syntax für {% data variables.product.prodname_dotcom %}](/articles/workflow-syntax-for-github-actions/#jobsjob_idstepsenv)“.
|
||||
Um benutzerdefinierte Umgebungsvariablen festzulegen, musst Du die Variablen in der Workflow-Datei angeben. You can define environment variables for a step, job, or entire workflow using the [`jobs.<job_id>.steps[*].env`](/github/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions#jobsjob_idstepsenv), [`jobs.<job_id>.env`](/github/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions#jobsjob_idenv), and [`env`](/github/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions#env) keywords. Weitere Informationen finden Sie unter „[Workflow-Syntax für {% data variables.product.prodname_dotcom %}](/articles/workflow-syntax-for-github-actions/#jobsjob_idstepsenv)“.
|
||||
|
||||
```yaml
|
||||
steps:
|
||||
|
|
@ -51,8 +51,8 @@ Es wird dringend empfohlen, dass Aktionen Umgebungsvariablen verwenden, um auf d
|
|||
| `GITHUB_WORKSPACE` | Pfad zum Verzeichnis der Arbeitsoberfläche von {% data variables.product.prodname_dotcom %}. The workspace directory is a copy of your repository if your workflow uses the [actions/checkout](https://github.com/actions/checkout) action. Wenn Du die Aktion `actions/checkout` nicht verwendest, ist das Verzeichnis leer. Beispiel: `/home/runner/work/my-repo-name/my-repo-name`. |
|
||||
| `GITHUB_SHA` | Commit-SHA, die den Workflow ausgelöst hat. Beispiel: `ffac537e6cbbf934b08745a378932722df287a53`. |
|
||||
| `GITHUB_REF` | Branch- oder Tag-Ref, das den Workflow ausgelöst hat. Beispiel: `refs/heads/feature-branch-1`. Wenn für den Ereignistyp weder ein Branch noch ein Tag vorliegt, ist die Variable nicht vorhanden. |
|
||||
| `GITHUB_HEAD_REF` | Nur für geforkte Repositorys festgelegt. Der Branch des Head-Repositorys. |
|
||||
| `GITHUB_BASE_REF` | Nur für geforkte Repositorys festgelegt. Der Branch des Basis-Repositorys. |
|
||||
| `GITHUB_HEAD_REF` | Only set for pull request events. The name of the head branch. |
|
||||
| `GITHUB_BASE_REF` | Only set for pull request events. The name of the base branch. |
|
||||
| `GITHUB_SERVER_URL` | Returns the URL of the {% data variables.product.product_name %} server. For example: `https://github.com`. |
|
||||
| `GITHUB_API_URL` | Gibt die API-URL zurück. For example: `https://api.github.com`. |
|
||||
| `GITHUB_GRAPHQL_URL` | Gibt die GraphQL-API-URL zurück. For example: `https://api.github.com/graphql`. |
|
||||
|
|
|
|||
|
|
@ -0,0 +1,69 @@
|
|||
---
|
||||
title: Environments
|
||||
intro: You can configure environments with protection rules and secrets. A workflow job can reference an environment to use the environment's protection rules and secrets.
|
||||
product: '{% data reusables.gated-features.environments %}'
|
||||
versions:
|
||||
free-pro-team: '*'
|
||||
enterprise-server: '>=3.1'
|
||||
---
|
||||
|
||||
{% data reusables.actions.environments-beta %}
|
||||
|
||||
### About environments
|
||||
|
||||
You can configure environments with protection rules and secrets. When a workflow job references an environment, the job won't start until all of the environment's protection rules pass. A job also cannot access secrets that are defined in an environment until all the environment protection rules pass.
|
||||
|
||||
{% if currentVersion == "free-pro-team@latest" %}
|
||||
Environment protection rules and environment secrets are only available on public repositories. If you convert a repository from public to private, any configured protection rules or environment secrets will be ignored, and you will not be able to configure any environments. If you convert your repository back to public, you will have access to any previously configured protection rules and environment secrets.
|
||||
{% endif %}
|
||||
|
||||
#### Environment protection rules
|
||||
|
||||
Environment protection rules require specific conditions to pass before a job referencing the environment can proceed. You can use environment protection rules to require a manual approval or to delay a job.
|
||||
|
||||
##### Required reviewers
|
||||
|
||||
Use required reviewers to require a specific person or team to approve workflow jobs that reference the environment. You can list up to six users or teams as reviewers. The reviewers must have at least read access to the repository. Only one of the required reviewers needs to approve the job for it to proceed.
|
||||
|
||||
For more information on reviewing jobs that reference an environment with required reviewers, see "[Reviewing deployments](/actions/managing-workflow-runs/reviewing-deployments)."
|
||||
|
||||
##### Wait timer
|
||||
|
||||
Use a wait timer to delay a job for a specific amount of time after the job is initially triggered. The time (in minutes) must be an integer between 0 and 43,200 (30 days).
|
||||
|
||||
#### Environment secrets
|
||||
|
||||
Secrets stored in an environment are only available to workflow jobs that reference the environment. If the environment requires approval, a job cannot access environment secrets until one of the required reviewers approves it. For more information about secrets, see "[Encrypted secrets](/actions/reference/encrypted-secrets)."
|
||||
|
||||
### Creating an environment
|
||||
|
||||
{% data reusables.github-actions.permissions-statement-environment %}
|
||||
|
||||
{% data reusables.repositories.navigate-to-repo %}
|
||||
{% data reusables.repositories.sidebar-settings %}
|
||||
{% data reusables.github-actions.sidebar-environment %}
|
||||
1. Click **New environment**.
|
||||
1. Enter a name for the environment, then click **Configure environment**. Environment names are not case sensitive. An environment name may not exceed 255 characters and must be unique within the repository.
|
||||
1. Configure any environment protection rules or environment secrets.
|
||||
|
||||
Running a workflow that references an environment that does not exist will create an environment with the referenced name. The newly created environment will not have any protection rules or secrets configured. Anyone that can edit workflows in the repository can create environments via a workflow file, but only repository admins can configure the environment.
|
||||
|
||||
### Referencing an environment
|
||||
|
||||
Each job in a workflow can reference a single environment. Any protection rules configured for the environment must pass before a job referencing the environment is sent to a runner. When the job is sent to the runner, the job can access the environment's secrets.
|
||||
|
||||
For more information on syntax to reference environments in workflows, see "[Workflow syntax for GitHub Actions](/actions/reference/workflow-syntax-for-github-actions#jobsjob_idenvironment)." For more information on reviewing jobs that reference an environment with required reviewers, see "[Reviewing deployments](/actions/managing-workflow-runs/reviewing-deployments)."
|
||||
|
||||
When a workflow references an environment, the environment will appear in the repository's deployments. For more information about viewing current and previous deployments, see "[Viewing deployment history](/developers/overview/viewing-deployment-history)."
|
||||
|
||||
### Deleting an environment
|
||||
|
||||
{% data reusables.github-actions.permissions-statement-environment %}
|
||||
|
||||
Deleting an environment will delete all secrets and protection rules associated with the environment. Any jobs currently waiting because of protection rules from the deleted environment will automatically fail.
|
||||
|
||||
{% data reusables.repositories.navigate-to-repo %}
|
||||
{% data reusables.repositories.sidebar-settings %}
|
||||
{% data reusables.github-actions.sidebar-environment %}
|
||||
1. Next the the environment that you want to delete, click {% octicon "trashcan" aria-label="The trashcan icon" %}.
|
||||
2. Click **I understand, delete this environment**.
|
||||
|
|
@ -309,9 +309,9 @@ Führt den Workflow aus, wenn das Ereignis `issue_comment` eintritt. {% data reu
|
|||
|
||||
{% data reusables.github-actions.branch-requirement %}
|
||||
|
||||
| Nutzlast des Webhook-Ereignisses | Aktivitätstypen | `GITHUB_SHA` | `GITHUB_REF` |
|
||||
| --------------------------------------------------------- | ----------------------------------------------------------------- | --------------------------------- | --------------- |
|
||||
| [`issue_comment`](/rest/reference/activity#issue_comment) | - `created`<br/>- `edited`<br/>- `deleted`<br/> | Letzter Commit im Standard-Branch | Standard-Branch |
|
||||
| Nutzlast des Webhook-Ereignisses | Aktivitätstypen | `GITHUB_SHA` | `GITHUB_REF` |
|
||||
| -------------------------------------------------------------------------------------------- | ----------------------------------------------------------------- | --------------------------------- | --------------- |
|
||||
| [`issue_comment`](/developers/webhooks-and-events/webhook-events-and-payloads#issue_comment) | - `created`<br/>- `edited`<br/>- `deleted`<br/> | Letzter Commit im Standard-Branch | Standard-Branch |
|
||||
|
||||
{% data reusables.developer-site.limit_workflow_to_activity_types %}
|
||||
|
||||
|
|
@ -534,7 +534,7 @@ on:
|
|||
|
||||
#### `pull_request_review`
|
||||
|
||||
Führt Deinen Workflow aus, wenn das Ereignis `pull_request_review` eintritt. {% data reusables.developer-site.multiple_activity_types %} For information about the REST API, see "[Pull request reviews](/rest/reference/pulls#reviews)."
|
||||
Führt den Workflow aus, wenn das Ereignis `pull_request_review` eintritt. {% data reusables.developer-site.multiple_activity_types %} For information about the REST API, see "[Pull request reviews](/rest/reference/pulls#reviews)."
|
||||
|
||||
| Nutzlast des Webhook-Ereignisses | Aktivitätstypen | `GITHUB_SHA` | `GITHUB_REF` |
|
||||
| ---------------------------------------------------------------------- | ---------------------------------------------------------- | ------------------------------------------- | ------------------------------------------- |
|
||||
|
|
@ -576,7 +576,13 @@ on:
|
|||
|
||||
#### `pull_request_target`
|
||||
|
||||
This event is similar to `pull_request`, except that it runs in the context of the base repository of the pull request, rather than in the merge commit. This means that you can more safely make your secrets available to the workflows triggered by the pull request, because only workflows defined in the commit on the base repository are run. For example, this event allows you to create workflows that label and comment on pull requests, based on the contents of the event payload.
|
||||
This event runs in the context of the base of the pull request, rather than in the merge commit as the `pull_request` event does. This prevents executing unsafe workflow code from the head of the pull request that could alter your repository or steal any secrets you use in your workflow. This event allows you to do things like create workflows that label and comment on pull requests based on the contents of the event payload.
|
||||
|
||||
{% warning %}
|
||||
|
||||
**Warning:** The `pull_request_target` event is granted a read/write repository token and can access secrets, even when it is triggered from a fork. Although the workflow runs in the context of the base of the pull request, you should make sure that you do not check out, build, or run untrusted code from the pull request with this event. Additionally, any caches share the same scope as the base branch, and to help prevent cache poisoning, you should not save the cache if there is a possibility that the cache contents were altered.
|
||||
|
||||
{% endwarning %}
|
||||
|
||||
| Nutzlast des Webhook-Ereignisses | Aktivitätstypen | `GITHUB_SHA` | `GITHUB_REF` |
|
||||
| -------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------- | -------------- |
|
||||
|
|
@ -725,4 +731,4 @@ on:
|
|||
|
||||
{% data reusables.github-actions.actions-do-not-trigger-workflows %} weitere Informationen findest Du unter „[Authentifizierung mit dem GITHUB_TOKEN](/actions/configuring-and-managing-workflows/authenticating-with-the-github_token)“.
|
||||
|
||||
Wenn Du einen Workflow aus einem Workflow-Lauf auslösen möchtest, kannst Du das Ereignis mithilfe eines persönlichen Zugangs-Tokens auslösen. Du musst einen persönlichen Zugangs-Token erstellen und ihn als Geheimnis speichern. Um Dein Nutzungskosten für {% data variables.product.prodname_actions %} zu minimieren, pass auf, dass Du keine rekursiven oder unbeabsichtigten Workflow-Läufe erzeugst. Weitere Informationen findest Du unter „[Verschlüsselte Geheimnisse erstellen und speichern](/actions/configuring-and-managing-workflows/creating-and-storing-encrypted-secrets)“.
|
||||
Wenn Du einen Workflow aus einem Workflow-Lauf auslösen möchtest, kannst Du das Ereignis mithilfe eines persönlichen Zugangs-Tokens auslösen. Du musst einen persönlichen Zugangs-Token erstellen und ihn als Geheimnis speichern. Um Dein Nutzungskosten für {% data variables.product.prodname_actions %} zu minimieren, pass auf, dass Du keine rekursiven oder unbeabsichtigten Workflow-Läufe erzeugst. For more information on storing a personal access token as a secret, see "[Creating and storing encrypted secrets](/actions/configuring-and-managing-workflows/creating-and-storing-encrypted-secrets)."
|
||||
|
|
|
|||
|
|
@ -27,11 +27,19 @@ You can configure workflows to run when specific GitHub events occur, at a sched
|
|||
|
||||
### Authentication and secrets
|
||||
|
||||
{% data variables.product.prodname_dotcom %} stellt ein Token zur Verfügung, mit dem Du Dich im Namen von {% data variables.product.prodname_actions %} authentifizieren kannst. You can also store sensitive information as a secret in your organization or repository. {% data variables.product.prodname_dotcom %} encrypts all secrets.
|
||||
{% data variables.product.prodname_dotcom %} stellt ein Token zur Verfügung, mit dem Du Dich im Namen von {% data variables.product.prodname_actions %} authentifizieren kannst. You can also store sensitive information as a secret in your organization{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@3.0" %}, repository, or environments{% else %} or repository{% endif %}. {% data variables.product.prodname_dotcom %} encrypts all secrets.
|
||||
|
||||
{% link_in_list /authentication-in-a-workflow %}
|
||||
{% link_in_list /encrypted-secrets %}
|
||||
|
||||
{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@3.0" %}
|
||||
### Environments
|
||||
|
||||
Workflow jobs can reference environments that have protection rules or environment-specific secrets.
|
||||
|
||||
{% link_in_list /environments %}
|
||||
{% endif %}
|
||||
|
||||
### {% data variables.product.prodname_dotcom %}-gehostete Runner
|
||||
|
||||
GitHub offers hosted virtual machines to run workflows. The virtual machine contains an environment with tools, packages, and environment variables for GitHub Actions to use.
|
||||
|
|
|
|||
|
|
@ -305,11 +305,13 @@ steps:
|
|||
|
||||
`echo "{path}" >> $GITHUB_PATH`
|
||||
|
||||
Fügt für alle nachfolgenden Aktionen im aktuellen Auftrag vor der Systemvariablen `PATH` ein Verzeichnis hinzu. Die gerade ausgeführte Aktion kann nicht auf die neue Pfadvariable zugreifen.
|
||||
Prepends a directory to the system `PATH` variable and makes it available to all subsequent actions in the current job; the currently running action cannot access the updated path variable. To see the currently defined paths for your job, you can use `echo "$PATH"` in a step or an action.
|
||||
|
||||
#### Beispiel
|
||||
|
||||
This example demonstrates how to add the user `$HOME/.local/bin` directory to `PATH`:
|
||||
|
||||
``` bash
|
||||
echo "/path/to/dir" >> $GITHUB_PATH
|
||||
echo "$HOME/.local/bin" >> $GITHUB_PATH
|
||||
```
|
||||
{% endif %}
|
||||
|
|
|
|||
|
|
@ -187,7 +187,7 @@ Weitere Informationen zur Cron-Syntax findest Du unter „[Ereignisse, die Workf
|
|||
|
||||
### `env`
|
||||
|
||||
Eine `map` mit Umgebungsvariablen, die für alle Jobs und Schritte im Workflow verfügbar sind. Darüber hinaus kannst Du auch Umgebungsvariablen festlegen, die ausschließlich für einen Job oder Schritt bereitstehen. Weitere Informationen findest Du unter [`jobs.<job_id>.env`](#jobsjob_idenv) und [`jobs.<job_id>.steps.env`](#jobsjob_idstepsenv).
|
||||
Eine `map` mit Umgebungsvariablen, die für alle Jobs und Schritte im Workflow verfügbar sind. Darüber hinaus kannst Du auch Umgebungsvariablen festlegen, die ausschließlich für einen Job oder Schritt bereitstehen. For more information, see [`jobs.<job_id>.env`](#jobsjob_idenv) and [`jobs.<job_id>.steps[*].env`](#jobsjob_idstepsenv).
|
||||
|
||||
{% data reusables.repositories.actions-env-var-note %}
|
||||
|
||||
|
|
@ -223,7 +223,7 @@ defaults:
|
|||
|
||||
Ein Workflow-Lauf besteht aus mindestens einem Auftrag. Die Aufträge werden standardmäßig parallel ausgeführt. Sollen Aufträge sequenziell ausgeführt werden, können Sie mit dem Stichwort `jobs.<job_id>.needs` eine Abhängigkeit von anderen Aufträgen definieren.
|
||||
|
||||
Jeder Job läuft in einer Umgebung, die mit `runs-on` angegeben wird.
|
||||
Each job runs in a runner environment specified by `runs-on`.
|
||||
|
||||
Innerhalb der Nutzungsbeschränkungen des Workflows kannst Du unbegrenzt viele Jobs ausführen. For more information, see "[Usage limits and billing](/actions/reference/usage-limits-billing-and-administration)" for {% data variables.product.prodname_dotcom %}-hosted runners and "[About self-hosted runners](/actions/hosting-your-own-runners/about-self-hosted-runners/#usage-limits)" for self-hosted runner usage limits.
|
||||
|
||||
|
|
@ -320,6 +320,39 @@ runs-on: [self-hosted, linux]
|
|||
|
||||
Weitere Informationen findest Du unter „[Informationen zu selbst-gehosteten Runnern](/github/automating-your-workflow-with-github-actions/about-self-hosted-runners)“ und „[Selbst-gehostete Runner in einem Workflow verwenden](/github/automating-your-workflow-with-github-actions/using-self-hosted-runners-in-a-workflow)“.
|
||||
|
||||
{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@3.0" %}
|
||||
### `jobs.<job_id>.environment`
|
||||
|
||||
The environment that the job references. All environment protection rules must pass before a job referencing the environment is sent to a runner. For more information, see "[Environments](/actions/reference/environments)."
|
||||
|
||||
You can provide the environment as only the environment `name`, or as an environment object with the `name` and `url`. The URL maps to `environment_url` in the deployments API. For more information about the deployments API, see "[Deployments](/rest/reference/repos#deployments)."
|
||||
|
||||
##### Example using a single environment name
|
||||
|
||||
```yaml
|
||||
environment: staging_environment
|
||||
```
|
||||
|
||||
##### Example using environment name and URL
|
||||
|
||||
```yaml
|
||||
environment:
|
||||
name: production_environment
|
||||
url: https://github.com
|
||||
```
|
||||
|
||||
The URL can be an expression and can use any context except for the `secrets` context. For more information about expressions, see "[Context and expression syntax for {% data variables.product.prodname_actions %}](/actions/reference/context-and-expression-syntax-for-github-actions)."
|
||||
|
||||
#### Beispiel
|
||||
{% raw %}
|
||||
```yaml
|
||||
environment:
|
||||
name: production_environment
|
||||
url: ${{ steps.step_name.outputs.url_output }}
|
||||
```
|
||||
{% endraw %}
|
||||
{% endif %}
|
||||
|
||||
### `jobs.<job_id>.outputs`
|
||||
|
||||
Eine `map` der Ausgaben eines Jobs. Ausgaben eines Jobs stehen allen nachgelagerten Jobs zur Verfügung, die von diesem Job abhängen. Weitere Informationen zur Definition von Abhängigkeiten zwischen Jobs findest Du unter [`Jobs.<job_id>.needs`](#jobsjob_idneeds).
|
||||
|
|
@ -354,7 +387,7 @@ jobs:
|
|||
|
||||
### `jobs.<job_id>.env`
|
||||
|
||||
Eine `map` mit Umgebungsvariablen, die für alle Schritte im Auftrag verfügbar sind. Darüber hinaus können Sie Umgebungsvariablen für den gesamten Workflow oder für einen einzelnen Schritt festlegen. Weitere Informationen finden Sie unter [`env`](#env) und [`jobs.<job_id>.steps.env`](#jobsjob_idstepsenv).
|
||||
Eine `map` mit Umgebungsvariablen, die für alle Schritte im Auftrag verfügbar sind. Darüber hinaus können Sie Umgebungsvariablen für den gesamten Workflow oder für einen einzelnen Schritt festlegen. For more information, see [`env`](#env) and [`jobs.<job_id>.steps[*].env`](#jobsjob_idstepsenv).
|
||||
|
||||
{% data reusables.repositories.actions-env-var-note %}
|
||||
|
||||
|
|
@ -429,11 +462,11 @@ jobs:
|
|||
```
|
||||
{% endraw %}
|
||||
|
||||
### `jobs.<job_id>.steps.id`
|
||||
### `jobs.<job_id>.steps[*].id`
|
||||
|
||||
Eindeutige Kennung für den Schritt. Anhand der `id` können Sie in Kontexten auf den Schritt verweisen. Weitere Informationen findest Du unter „[Kontext- und Ausdrucks-Syntax für {% data variables.product.prodname_actions %}](/actions/reference/context-and-expression-syntax-for-github-actions)“.
|
||||
|
||||
### `jobs.<job_id>.steps.if`
|
||||
### `jobs.<job_id>.steps[*].if`
|
||||
|
||||
Mit der Bedingung `if` gibst Du an, dass ein Schritt nur dann ausgeführt werden soll, wenn eine bestimmte Bedingung erfüllt ist. Du kannst eine Bedingung mit jedem unterstützten Kontext und Ausdruck erstellen.
|
||||
|
||||
|
|
@ -463,11 +496,11 @@ steps:
|
|||
uses: actions/heroku@1.0.0
|
||||
```
|
||||
|
||||
### `jobs.<job_id>.steps.name`
|
||||
### `jobs.<job_id>.steps[*].name`
|
||||
|
||||
Name Deines Schritts, der auf {% data variables.product.prodname_dotcom %} angezeigt wird.
|
||||
|
||||
### `jobs.<job_id>.steps.uses`
|
||||
### `jobs.<job_id>.steps[*].uses`
|
||||
|
||||
Wählt eine Aktion aus, die als Teil eines Schritts im Auftrag ausgeführt wird. Eine Aktion ist eine wiederverwendbare Code-Einheit. Sie können eine Aktion verwenden, die im selben Repository wie der Workflow, in einem öffentlichen Repository oder in einem [veröffentlichten Docker-Container-Image](https://hub.docker.com/) definiert ist.
|
||||
|
||||
|
|
@ -570,7 +603,7 @@ jobs:
|
|||
uses: docker://gcr.io/cloud-builders/gradle
|
||||
```
|
||||
|
||||
### `jobs.<job_id>.steps.run`
|
||||
### `jobs.<job_id>.steps[*].run`
|
||||
|
||||
Führt Befehlszeilen-Programme über die Betriebssystem-Shell aus. Wenn Du keinen `name` angibst, wird standardmäßig der im Befehl `run` angegebene Text als Name für den Schritt übernommen.
|
||||
|
||||
|
|
@ -675,7 +708,7 @@ Für integrierte Shell-Schlüsselwörter gelten die folgenden Standards, die dur
|
|||
- Wenn Du das Fail-Fast-Verhalten uneingeschränkt nutzen möchtest, hast Du anscheinend keine andere Wahl, als Dein Skript so zu schreiben, dass jeder Fehlercode geprüft und eine entsprechende Reaktion eingeleitet wird. Dieses Verhalten kann nicht standardmäßig bereitgestellt werden; Du musst es explizit in Dein Skript schreiben.
|
||||
- `cmd.exe` will exit with the error level of the last program it executed, and it will return the error code to the runner. Dieses Verhalten ist intern mit dem vorherigen Standardverhalten von `sh` und `pwsh` konsistent und ist der Standard für `cmd.exe`, weshalb dieses Verhalten unverändert bleibt.
|
||||
|
||||
### `jobs.<job_id>.steps.with`
|
||||
### `jobs.<job_id>.steps[*].with`
|
||||
|
||||
Eine `map` der Eingabeparameter, die in der Aktion definiert sind. Jeder Eingabeparameter ist ein Schlüssel-Wert-Paar. Eingabeparameter werden als Umgebungsvariablen festgelegt. Die Variable erhält das Präfix `INPUT_` und wird in Großbuchstaben umgewandelt.
|
||||
|
||||
|
|
@ -695,7 +728,7 @@ jobs:
|
|||
last_name: Octocat
|
||||
```
|
||||
|
||||
### `jobs.<job_id>.steps.with.args`
|
||||
### `jobs.<job_id>.steps[*].with.args`
|
||||
|
||||
Ein `string`, der die Eingaben für einen Docker-Container definiert. Beim Start des Containers übergibt {% data variables.product.prodname_dotcom %} die `args`-Anweisung an den `ENTRYPOINT` des Containers. Ein `array of strings` wird von diesem Parameter nicht unterstützt.
|
||||
|
||||
|
|
@ -718,7 +751,7 @@ Die `args`-Anweisungen werden anstelle der `CMD`-Anweisung in einem `Dockerfile`
|
|||
1. Verwenden Sie Standardwerte, die die Verwendung der Aktion ohne Angabe von `args` erlauben.
|
||||
1. Wenn die Aktion einen Schalter `--help` oder Ähnliches anbietet, verwende diesen als Standard, um eine selbstständige Dokumentation der Aktion herbeizuführen.
|
||||
|
||||
### `jobs.<job_id>.steps.with.entrypoint`
|
||||
### `jobs.<job_id>.steps[*].with.entrypoint`
|
||||
|
||||
Überschreibt den Docker-`ENTRYPOINT` im `Dockerfile` oder legt ihn fest, sofern er noch nicht angegeben wurde. Im Gegensatz zur Docker `ENTRYPOINT`-Anweisung, die eine Shell- und eine ausführbare Form aufweist, akzeptiert das Stichwort `entrypoint` nur einen einzigen Schritt, der die entsprechende ausführbare Datei definiert.
|
||||
|
||||
|
|
@ -734,7 +767,7 @@ steps:
|
|||
|
||||
The `entrypoint` keyword is meant to be used with Docker container actions, but you can also use it with JavaScript actions that don't define any inputs.
|
||||
|
||||
### `jobs.<job_id>.steps.env`
|
||||
### `jobs.<job_id>.steps[*].env`
|
||||
|
||||
Legt Umgebungsvariablen für Schritte fest, die in der Runner-Umgebung verwendet werden sollen. Darüber hinaus können Sie Umgebungsvariablen für den gesamten Workflow oder für einen Auftrag festlegen. Weitere Informationen finden Sie unter [`env`](#env) und [`jobs.<job_id>.env`](#jobsjob_idenv).
|
||||
|
||||
|
|
@ -755,11 +788,11 @@ steps:
|
|||
```
|
||||
{% endraw %}
|
||||
|
||||
### `jobs.<job_id>.steps.continue-on-error`
|
||||
### `jobs.<job_id>.steps[*].continue-on-error`
|
||||
|
||||
Verhindert das Fehlschlagen eines Auftrags, wenn ein Schritt fehlschlägt. Leg `true` fest, damit ein Auftrag auch dann erfolgreich abgeschlossen werden kann, wenn dieser Schritt fehlschlägt.
|
||||
|
||||
### `jobs.<job_id>.steps.timeout-minutes`
|
||||
### `jobs.<job_id>.steps[*].timeout-minutes`
|
||||
|
||||
Maximaler Zeitraum in Minuten für die Ausführung des Schritts, bevor der Prozess abgebrochen wird.
|
||||
|
||||
|
|
@ -769,7 +802,7 @@ Die maximale Anzahl von Minuten, die ein Job ausgeführt wird, bevor {% data var
|
|||
|
||||
### `jobs.<job_id>.strategy`
|
||||
|
||||
Mit einer Strategie wird eine Build-Matrix für die Aufträge erstellt. Sie können verschiedene Varianten einer Umgebung definieren, in denen die einzelnen Aufträge ausgeführt werden.
|
||||
Mit einer Strategie wird eine Build-Matrix für die Aufträge erstellt. You can define different variations to run each job in.
|
||||
|
||||
### `jobs.<job_id>.strategy.matrix`
|
||||
|
||||
|
|
|
|||
|
|
@ -19,6 +19,7 @@ Your dedicated technical account manager in
|
|||
{% data variables.contact.github_support %} can configure email for notifications to be sent through your SMTP server. Make sure you include the following details in your support request.
|
||||
|
||||
- Your SMTP server address
|
||||
- Login information to authenticate to the server: username and password
|
||||
- The port your SMTP server uses to send email
|
||||
- The domain name that your SMTP server will send with a HELO response, if any
|
||||
- The type of encryption used by your SMTP server
|
||||
|
|
|
|||
|
|
@ -94,7 +94,7 @@ For urgent issues, we can help you in English 24 hours per day, 7 days per week,
|
|||
| Tag nach Thanksgiving | Vierter Freitag im November |
|
||||
| Heiligabend | 24. Dezember |
|
||||
| 1. Weihnachtsfeiertag | 25. Dezember |
|
||||
| 2. Weihnachtsfeiertag | 26. Dezember |
|
||||
| 2. Weihnachtsfeiertag | 28. Dezember |
|
||||
| Silvester | 31. Dezember |
|
||||
|
||||
#### Feiertage in Japan
|
||||
|
|
|
|||
|
|
@ -44,7 +44,7 @@ We offer support for {% data variables.product.prodname_advanced_security %} in
|
|||
|
||||
{% data variables.contact.enterprise_support %} beobachtet diese Feiertage in den USA. holidays.
|
||||
|
||||
| U.S. Weihnachtsfeiertag | Datum im Jahr 2018 |
|
||||
| U.S. Weihnachtsfeiertag | Date observed |
|
||||
| ----------------------- | ------------------------------ |
|
||||
| Neujahr | 1. Januar |
|
||||
| Martin Luther King Day | Dritter Montag im Januar |
|
||||
|
|
@ -57,7 +57,7 @@ We offer support for {% data variables.product.prodname_advanced_security %} in
|
|||
| Tag nach Thanksgiving | Vierter Freitag im November |
|
||||
| Heiligabend | 24. Dezember |
|
||||
| 1. Weihnachtsfeiertag | 25. Dezember |
|
||||
| 2. Weihnachtsfeiertag | 26. Dezember |
|
||||
| 2. Weihnachtsfeiertag | 28. Dezember |
|
||||
| Silvester | 31. Dezember |
|
||||
|
||||
### {% data variables.product.prodname_advanced_security %}-Updates installieren
|
||||
|
|
|
|||
|
|
@ -18,7 +18,11 @@ An enterprise account allows you to manage multiple organizations{% if enterpris
|
|||
- Security {% if enterpriseServerVersions contains currentVersion %}(single sign-on, two factor authentication)
|
||||
- Requests {% if enterpriseServerVersions contains currentVersion %}and support bundle sharing {% endif %}with {% data variables.contact.enterprise_support %}{% endif %}
|
||||
|
||||
{% if enterpriseServerVersions contains currentVersion %}{% data reusables.enterprise-accounts.enterprise-accounts-billing %} For more information about managing your {% data variables.product.prodname_ghe_cloud %} subscription, see "[Viewing the subscription and usage for your enterprise account](/articles/viewing-the-subscription-and-usage-for-your-enterprise-account)." {% endif %}For more information about managing your {% data variables.product.product_name %} billing settings, see "[Managing billing for your enterprise](/admin/overview/managing-billing-for-your-enterprise)."
|
||||
{% if enterpriseServerVersions contains currentVersion %}{% data reusables.enterprise-accounts.enterprise-accounts-billing %} For more information about the management of your {% data variables.product.prodname_ghe_cloud %} subscription, see "[Viewing the subscription and usage for your enterprise account](/articles/viewing-the-subscription-and-usage-for-your-enterprise-account)." {% endif %}For more information about managing your {% data variables.product.product_name %} billing settings, see "[Managing billing for your enterprise](/admin/overview/managing-billing-for-your-enterprise)."
|
||||
|
||||
For more information about the management of users, organizations, data, and policies for {% data variables.product.product_location %}, see "[Managing users, organizations, and repositories](/admin/user-management)" and "[Setting policies for your enterprise](/admin/policies)."
|
||||
|
||||
For more information about the management of enterprise accounts using the GraphQL API, see "[Enterprise accounts](/graphql/guides/managing-enterprise-accounts)."
|
||||
|
||||
{% if enterpriseServerVersions contains currentVersion %}
|
||||
|
||||
|
|
|
|||
|
|
@ -51,6 +51,7 @@ GitHub Desktop-Tastenkürzel auf macOS
|
|||
| <kbd>⌘</kbd><kbd>2</kbd> | Commit-Verlauf anzeigen |
|
||||
| <kbd>⌘</kbd><kbd>B</kbd> | Alle Ihre Branches anzeigen |
|
||||
| <kbd>⌘</kbd><kbd>G</kbd> | Zum Commit-Zusammenfassungsfeld navigieren |
|
||||
| <kbd>⌘</kbd><kbd>Enter</kbd> | Commit changes when summary or description field is active |
|
||||
| <kbd>space (Leerzeichen)</kbd> | Select or deselect all highlighted files |
|
||||
| <kbd>⇧</kbd><kbd>⌘</kbd><kbd>N</kbd> | Neuen Branch erstellen |
|
||||
| <kbd>⇧</kbd><kbd>⌘</kbd><kbd>R</kbd> | Aktuellen Branch umbenennen |
|
||||
|
|
@ -104,6 +105,7 @@ GitHub Desktop-Tastenkürzel auf Windows
|
|||
| <kbd>STRG</kbd><kbd>2</kbd> | Commit-Verlauf anzeigen |
|
||||
| <kbd>STRG</kbd><kbd>B</kbd> | Alle Ihre Branches anzeigen |
|
||||
| <kbd>STRG</kbd><kbd>G</kbd> | Zum Commit-Zusammenfassungsfeld navigieren |
|
||||
| <kbd>Ctrl</kbd><kbd>Enter</kbd> | Commit changes when summary or description field is active |
|
||||
| <kbd>space (Leerzeichen)</kbd> | Select or deselect all highlighted files |
|
||||
| <kbd>STRG</kbd><kbd>UMSCHALT</kbd><kbd>N</kbd> | Neuen Branch erstellen |
|
||||
| <kbd>STRG</kbd><kbd>UMSCHALT</kbd><kbd>R</kbd> | Aktuellen Branch umbenennen |
|
||||
|
|
|
|||
|
|
@ -265,7 +265,9 @@ The optional `redirect_uri` parameter can also be used for localhost URLs. If th
|
|||
|
||||
For the `http://localhost/path` callback URL, you can use this `redirect_uri`:
|
||||
|
||||
http://localhost:1234/path
|
||||
```
|
||||
http://localhost:1234/path
|
||||
```
|
||||
|
||||
### Creating multiple tokens for OAuth Apps
|
||||
|
||||
|
|
|
|||
|
|
@ -49,39 +49,39 @@ The complete list of available query parameters, permissions, and events is list
|
|||
|
||||
You can select permissions in a query string using the permission name in the following table as the query parameter name and the permission type as the query value. For example, to select `Read & write` permissions in the user interface for `contents`, your query string would include `&contents=write`. To select `Read-only` permissions in the user interface for `blocking`, your query string would include `&blocking=read`. To select `no-access` in the user interface for `checks`, your query string would not include the `checks` permission.
|
||||
|
||||
| Berechtigung | Beschreibung |
|
||||
| -------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
|
||||
| Berechtigung | Beschreibung |
|
||||
| -------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
|
||||
| [`administration`](/rest/reference/permissions-required-for-github-apps/#permission-on-administration) | Grants access to various endpoints for organization and repository administration. Can be one of: `none`, `read`, or `write`.{% if currentVersion == "free-pro-team@latest" %}
|
||||
| [`blocking`](/rest/reference/permissions-required-for-github-apps/#permission-on-blocking) | Grants access to the [Blocking Users API](/rest/reference/users#blocking). Can be one of: `none`, `read`, or `write`.{% endif %}
|
||||
| [`checks (Prüfungen)`](/rest/reference/permissions-required-for-github-apps/#permission-on-checks) | Grants access to the [Checks API](/rest/reference/checks). Can be one of: `none`, `read`, or `write`. |
|
||||
| `content_references` | Grants access to the "[Create a content attachment](/rest/reference/apps#create-a-content-attachment)" endpoint. Can be one of: `none`, `read`, or `write`. |
|
||||
| [`contents (Inhalte)`](/rest/reference/permissions-required-for-github-apps/#permission-on-contents) | Grants access to various endpoints that allow you to modify repository contents. Can be one of: `none`, `read`, or `write`. |
|
||||
| [`checks (Prüfungen)`](/rest/reference/permissions-required-for-github-apps/#permission-on-checks) | Grants access to the [Checks API](/rest/reference/checks). Can be one of: `none`, `read`, or `write`. |
|
||||
| `content_references` | Grants access to the "[Create a content attachment](/rest/reference/apps#create-a-content-attachment)" endpoint. Can be one of: `none`, `read`, or `write`. |
|
||||
| [`contents (Inhalte)`](/rest/reference/permissions-required-for-github-apps/#permission-on-contents) | Grants access to various endpoints that allow you to modify repository contents. Can be one of: `none`, `read`, or `write`. |
|
||||
| [`deployments`](/rest/reference/permissions-required-for-github-apps/#permission-on-deployments) | Grants access to the [Deployments API](/v3/repos/deployments/). Can be one of: `none`, `read`, or `write`.{% if currentVersion == "free-pro-team@latest" or enterpriseServerVersions contains currentVersion %}
|
||||
| [`emails`](/rest/reference/permissions-required-for-github-apps/#permission-on-emails) | Grants access to the [Emails API](/rest/reference/users#emails). Can be one of: `none`, `read`, or `write`.{% endif %}
|
||||
| [`follower`](/rest/reference/permissions-required-for-github-apps/#permission-on-followers) | Grants access to the [Followers API](/rest/reference/users#followers). Can be one of: `none`, `read`, or `write`. |
|
||||
| [`gpg_keys`](/rest/reference/permissions-required-for-github-apps/#permission-on-gpg-keys) | Grants access to the [GPG Keys API](/rest/reference/users#gpg-keys). Can be one of: `none`, `read`, or `write`. |
|
||||
| [`Issues (Lieferungen)`](/rest/reference/permissions-required-for-github-apps/#permission-on-issues) | Grants access to the [Issues API](/rest/reference/issues). Can be one of: `none`, `read`, or `write`. |
|
||||
| [`keys`](/rest/reference/permissions-required-for-github-apps/#permission-on-keys) | Grants access to the [Public Keys API](/rest/reference/users#keys). Can be one of: `none`, `read`, or `write`. |
|
||||
| [`follower`](/rest/reference/permissions-required-for-github-apps/#permission-on-followers) | Grants access to the [Followers API](/rest/reference/users#followers). Can be one of: `none`, `read`, or `write`. |
|
||||
| [`gpg_keys`](/rest/reference/permissions-required-for-github-apps/#permission-on-gpg-keys) | Grants access to the [GPG Keys API](/rest/reference/users#gpg-keys). Can be one of: `none`, `read`, or `write`. |
|
||||
| [`Issues (Lieferungen)`](/rest/reference/permissions-required-for-github-apps/#permission-on-issues) | Grants access to the [Issues API](/rest/reference/issues). Can be one of: `none`, `read`, or `write`. |
|
||||
| [`keys`](/rest/reference/permissions-required-for-github-apps/#permission-on-keys) | Grants access to the [Public Keys API](/rest/reference/users#keys). Can be one of: `none`, `read`, or `write`. |
|
||||
| [`members`](/rest/reference/permissions-required-for-github-apps/#permission-on-members) | Grants access to manage an organization's members. Can be one of: `none`, `read`, or `write`.{% if currentVersion == "free-pro-team@latest" %}
|
||||
| [`Metadaten`](/rest/reference/permissions-required-for-github-apps/#metadata-permissions) | Grants access to read-only endpoints that do not leak sensitive data. Can be `read` or `none`. Defaults to `read` when you set any permission, or defaults to `none` when you don't specify any permissions for the {% data variables.product.prodname_github_app %}. |
|
||||
| [`Metadaten`](/rest/reference/permissions-required-for-github-apps/#metadata-permissions) | Grants access to read-only endpoints that do not leak sensitive data. Can be `read` or `none`. Defaults to `read` when you set any permission, or defaults to `none` when you don't specify any permissions for the {% data variables.product.prodname_github_app %}. |
|
||||
| [`organization_administration`](/rest/reference/permissions-required-for-github-apps/#permission-on-organization-administration) | Grants access to "[Update an organization](/rest/reference/orgs#update-an-organization)" endpoint and the [Organization Interaction Restrictions API](/rest/reference/interactions#set-interaction-restrictions-for-an-organization). Can be one of: `none`, `read`, or `write`.{% endif %}
|
||||
| [`organization_hooks`](/rest/reference/permissions-required-for-github-apps/#permission-on-organization-hooks) | Grants access to the [Organization Webhooks API](/v3/orgs/hooks/). Can be one of: `none`, `read`, or `write`. |
|
||||
| `organization_plan` | Grants access to get information about an organization's plan using the "[Get an organization](/rest/reference/orgs#get-an-organization)" endpoint. Can be one of: `none` or `read`. |
|
||||
| [`organization_hooks`](/rest/reference/permissions-required-for-github-apps/#permission-on-organization-hooks) | Grants access to the [Organization Webhooks API](/v3/orgs/hooks/). Can be one of: `none`, `read`, or `write`. |
|
||||
| `organization_plan` | Grants access to get information about an organization's plan using the "[Get an organization](/rest/reference/orgs#get-an-organization)" endpoint. Can be one of: `none` or `read`. |
|
||||
| [`organization_projects`](/rest/reference/permissions-required-for-github-apps/#permission-on-organization-projects) | Grants access to the [Projects API](/rest/reference/projects). Can be one of: `none`, `read`, `write`, or `admin`.{% if currentVersion == "free-pro-team@latest" %}
|
||||
| [`organization_user_blocking`](/rest/reference/permissions-required-for-github-apps/#permission-on-organization-projects) | Grants access to the [Blocking Organization Users API](/rest/reference/orgs#blocking). Can be one of: `none`, `read`, or `write`.{% endif %}
|
||||
| [`Seiten`](/rest/reference/permissions-required-for-github-apps/#permission-on-pages) | Grants access to the [Pages API](/v3/repos/pages/). Can be one of: `none`, `read`, or `write`. |
|
||||
| `plan` | Grants access to get information about a user's GitHub plan using the "[Get a user](/rest/reference/users#get-a-user)" endpoint. Can be one of: `none` or `read`. |
|
||||
| [`pull_requests`](/rest/reference/permissions-required-for-github-apps/#permission-on-pull-requests) | Grants access to various pull request endpoints. Can be one of: `none`, `read`, or `write`. |
|
||||
| [`repository_hooks`](/rest/reference/permissions-required-for-github-apps/#permission-on-repository-hooks) | Grants access to the [Repository Webhooks API](/rest/reference/repos#hooks). Can be one of: `none`, `read`, or `write`. |
|
||||
| [`Seiten`](/rest/reference/permissions-required-for-github-apps/#permission-on-pages) | Grants access to the [Pages API](/v3/repos/pages/). Can be one of: `none`, `read`, or `write`. |
|
||||
| `plan` | Grants access to get information about a user's GitHub plan using the "[Get a user](/rest/reference/users#get-a-user)" endpoint. Can be one of: `none` or `read`. |
|
||||
| [`pull_requests`](/rest/reference/permissions-required-for-github-apps/#permission-on-pull-requests) | Grants access to various pull request endpoints. Can be one of: `none`, `read`, or `write`. |
|
||||
| [`repository_hooks`](/rest/reference/permissions-required-for-github-apps/#permission-on-repository-hooks) | Grants access to the [Repository Webhooks API](/rest/reference/repos#hooks). Can be one of: `none`, `read`, or `write`. |
|
||||
| [`repository_projects`](/rest/reference/permissions-required-for-github-apps/#permission-on-repository-projects) | Grants access to the [Projects API](/rest/reference/projects). Can be one of: `none`, `read`, `write`, or `admin`.{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@3.0" %}
|
||||
| [`secret_scanning_alerts`](/rest/reference/permissions-required-for-github-apps/#permission-on-secret-scanning-alerts) | Grants access to the [Secret scanning API](/rest/reference/secret-scanning). Can be one of: `none`, `read`, or `write`.{% endif %}{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.21" %}
|
||||
| [`security_events`](/rest/reference/permissions-required-for-github-apps/#permission-on-security-events) | Grants access to the [Code scanning API](/rest/reference/code-scanning/). Can be one of: `none`, `read`, or `write`.{% endif %}
|
||||
| [`single_file`](/rest/reference/permissions-required-for-github-apps/#permission-on-single-file) | Grants access to the [Contents API](/rest/reference/repos#contents). Can be one of: `none`, `read`, or `write`. |
|
||||
| [`starring`](/rest/reference/permissions-required-for-github-apps/#permission-on-starring) | Grants access to the [Starring API](/rest/reference/activity#starring). Can be one of: `none`, `read`, or `write`. |
|
||||
| [`statuses (Statusangaben)`](/rest/reference/permissions-required-for-github-apps/#permission-on-statuses) | Grants access to the [Statuses API](/rest/reference/repos#statuses). Can be one of: `none`, `read`, or `write`. |
|
||||
| [`team_discussions`](/rest/reference/permissions-required-for-github-apps/#permission-on-team-discussions) | Grants access to the [Team Discussions API](/rest/reference/teams#discussions) and the [Team Discussion Comments API](/rest/reference/teams#discussion-comments). Can be one of: `none`, `read`, or `write`. |
|
||||
| `vulnerability_alerts` | Grants access to receive security alerts for vulnerable dependencies in a repository. See "[About security alerts for vulnerable dependencies](/articles/about-security-alerts-for-vulnerable-dependencies)" to learn more. Can be one of: `none` or `read`. |
|
||||
| `beobachten` | Grants access to list and change repositories a user is subscribed to. Can be one of: `none`, `read`, or `write`. |
|
||||
| [`single_file`](/rest/reference/permissions-required-for-github-apps/#permission-on-single-file) | Grants access to the [Contents API](/rest/reference/repos#contents). Can be one of: `none`, `read`, or `write`. |
|
||||
| [`starring`](/rest/reference/permissions-required-for-github-apps/#permission-on-starring) | Grants access to the [Starring API](/rest/reference/activity#starring). Can be one of: `none`, `read`, or `write`. |
|
||||
| [`statuses (Statusangaben)`](/rest/reference/permissions-required-for-github-apps/#permission-on-statuses) | Grants access to the [Statuses API](/rest/reference/repos#statuses). Can be one of: `none`, `read`, or `write`. |
|
||||
| [`team_discussions`](/rest/reference/permissions-required-for-github-apps/#permission-on-team-discussions) | Grants access to the [Team Discussions API](/rest/reference/teams#discussions) and the [Team Discussion Comments API](/rest/reference/teams#discussion-comments). Can be one of: `none`, `read`, or `write`.{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@1.19" %}
|
||||
| `vulnerability_alerts` | Grants access to receive security alerts for vulnerable dependencies in a repository. See "[About security alerts for vulnerable dependencies](/articles/about-security-alerts-for-vulnerable-dependencies)" to learn more. Can be one of: `none` or `read`.{% endif %}
|
||||
| `beobachten` | Grants access to list and change repositories a user is subscribed to. Can be one of: `none`, `read`, or `write`. |
|
||||
|
||||
### {% data variables.product.prodname_github_app %} webhook events
|
||||
|
||||
|
|
|
|||
|
|
@ -85,7 +85,7 @@ Unlike OAuth apps, GitHub Apps have targeted permissions that allow them to requ
|
|||
|
||||
| GitHub Apps | OAuth Apps |
|
||||
| ----------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------- |
|
||||
| By default, GitHub Apps have a single webhook that receives the events they are configured to receive for every repository they have access to. | OAuth Apps request the webhook scope to create a repository webhook for each repository they needs to receive events from. |
|
||||
| By default, GitHub Apps have a single webhook that receives the events they are configured to receive for every repository they have access to. | OAuth Apps request the webhook scope to create a repository webhook for each repository they need to receive events from. |
|
||||
| GitHub Apps receive certain organization-level events with the organization member's permission. | OAuth Apps request the organization webhook scope to create an organization webhook for each organization they need to receive organization-level events from. |
|
||||
|
||||
### Git access
|
||||
|
|
|
|||
|
|
@ -67,7 +67,7 @@ If the user accepts your request, GitHub redirects back to your site with a temp
|
|||
|
||||
{% endnote %}
|
||||
|
||||
Exchange this `code` for an access token. {% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.21" or currentVersion == "github-ae@latest" %} When expiring tokens are enabled, the access token expires in 8 hours and the refresh token expires in 6 months. Every time you refresh the token, you get a new refresh token. For more information, see "[Refreshing user-to-server access tokens](/developers/apps/refreshing-user-to-server-access-tokens)."
|
||||
Exchange this `code` for an access token. {% if currentVersion == "free-pro-team@latest" %} When expiring tokens are enabled, the access token expires in 8 hours and the refresh token expires in 6 months. Every time you refresh the token, you get a new refresh token. For more information, see "[Refreshing user-to-server access tokens](/developers/apps/refreshing-user-to-server-access-tokens)."
|
||||
|
||||
Expiring user tokens are currently part of the user-to-server token expiration beta and subject to change. To opt-in to the user-to-server token expiration beta feature, see "[Activating beta features for apps](/developers/apps/activating-beta-features-for-apps)."{% endif %}
|
||||
|
||||
|
|
|
|||
|
|
@ -7,13 +7,11 @@ versions:
|
|||
free-pro-team: '*'
|
||||
---
|
||||
|
||||
{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.21" %}
|
||||
{% note %}
|
||||
|
||||
**Note:** {% data reusables.pre-release-program.suspend-installation-beta %}
|
||||
|
||||
{% endnote %}
|
||||
{% endif %}
|
||||
|
||||
### Suspending a GitHub App
|
||||
|
||||
|
|
|
|||
|
|
@ -166,7 +166,7 @@ To create a Probot App, follow these steps:
|
|||
}
|
||||
```
|
||||
|
||||
4. [Run the GitHub App locally](https://probot.github.io/docs/development/#running-the-app-locally). Navigate to [localhost:3000](http://localhost:3000), and click the **Register GitHub App** button:
|
||||
4. [Run the GitHub App locally](https://probot.github.io/docs/development/#running-the-app-locally). Navigate to `http://localhost:3000`, and click the **Register GitHub App** button:
|
||||
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -4,6 +4,5 @@ intro: 'You can list free and paid tools for developers to use in {% data variab
|
|||
mapTopic: true
|
||||
versions:
|
||||
free-pro-team: '*'
|
||||
enterprise-server: '*'
|
||||
---
|
||||
|
||||
|
|
|
|||
|
|
@ -48,7 +48,7 @@ Customers can start a free trial for any paid plan on a Marketplace listing that
|
|||
|
||||
Free trials have a fixed length of 14 days. Customers are notified 4 days before the end of their trial period (on day 11 of the free trial) that their plan will be upgraded. At the end of a free trial, customers will be auto-enrolled into the plan they are trialing if they do not cancel.
|
||||
|
||||
For more information, see: "[Handling new purchases and free trials](/developers/github-marketplace/integrating-with-the-github-marketplace-api/handling-new-purchases-and-free-trials/)."
|
||||
For more information, see: "[Handling new purchases and free trials](/developers/github-marketplace/handling-new-purchases-and-free-trials/)."
|
||||
|
||||
{% note %}
|
||||
|
||||
|
|
|
|||
|
|
@ -13,8 +13,14 @@ versions:
|
|||
|
||||
|
||||
|
||||
After your {% data variables.product.prodname_marketplace %} listing is created and approved, you'll provide payment details to {% data variables.product.product_name %} as part of the onboarding process.
|
||||
After your {% data variables.product.prodname_marketplace %} listing for an app with a paid plan is created and approved, you'll provide payment details to {% data variables.product.product_name %} as part of the financial onboarding process.
|
||||
|
||||
Once your revenue reaches a minimum of $500 U.S. Dollars for the month, you'll receive an electronic payment from {% data variables.product.product_name %} for 75% of the sales price.
|
||||
Once your revenue reaches a minimum of $500 US dollars for the month, you'll receive an electronic payment from {% data variables.product.company_short %}. This will be the income from marketplace transactions minus the amount charged by {% data variables.product.company_short %} to cover their running costs.
|
||||
|
||||
{% data reusables.apps.marketplace_revenue_share %}
|
||||
For transactions made before January 1, 2021, {% data variables.product.company_short %} retains 25% of transaction income. For transactions made after that date, only 5% is retained by {% data variables.product.company_short %}. This change will be reflected in payments received from the end of January 2021 onward.
|
||||
|
||||
{% note %}
|
||||
|
||||
**Note:** For details of the current pricing and payment terms, see "[{% data variables.product.prodname_marketplace %} developer agreement](/github/site-policy/github-marketplace-developer-agreement)."
|
||||
|
||||
{% endnote %}
|
||||
|
|
|
|||
|
|
@ -53,7 +53,7 @@ In addition to the requirements for all apps above, each app that you offer as a
|
|||
- {% data variables.product.prodname_github_app %}s should have a minimum of 100 installations.
|
||||
- {% data variables.product.prodname_oauth_app %}s should have a minimum of 200 users.
|
||||
- All paid apps must handle {% data variables.product.prodname_marketplace %} purchase events for new purchases, upgrades, downgrades, cancellations, and free trials. For more information, see "[Billing requirements for paid apps](#billing-requirements-for-paid-apps)" below.
|
||||
- Publishing organizations must have a verified domain and must enable two-factor authentication. For more information, see "[Requiring two-factor authentication in your organization](/github/setting-up-and-managing-organizations-and-teams/requiring-two-factor-authentication-in-your-organization.")
|
||||
- Publishing organizations must have a verified domain and must enable two-factor authentication. Weitere Informationen finden Sie unter „[Zwei-Faktor-Authentifizierung in Ihrer Organisation erzwingen](/github/setting-up-and-managing-organizations-and-teams/requiring-two-factor-authentication-in-your-organization)“.
|
||||
|
||||
When you are ready to publish the app on {% data variables.product.prodname_marketplace %} you must request verification for the listing.
|
||||
|
||||
|
|
|
|||
|
|
@ -11,6 +11,7 @@ versions:
|
|||
|
||||
{% link_in_list /about-githubs-apis %}
|
||||
{% link_in_list /managing-deploy-keys %}
|
||||
{% link_in_list /viewing-deployment-history %}
|
||||
{% link_in_list /using-ssh-agent-forwarding %}
|
||||
{% link_in_list /secret-scanning %}
|
||||
{% link_in_list /replacing-github-services %}
|
||||
|
|
|
|||
Некоторые файлы не были показаны из-за слишком большого количества измененных файлов Показать больше
Загрузка…
Ссылка в новой задаче