Merge branch 'main' into patch-6

.github/allowed-actions.js

@@ -4,34 +4,34 @@
 // can be added it this list.
 
 module.exports = [
-  'actions/cache@v1',
-  'actions/cache@v2',
-  'actions/checkout@v2',
-  'actions/github-script@0.9.0',
-  'actions/github-script@v2.0.0',
-  'actions/github-script@v2',
-  'actions/github-script@v3',
-  'actions/labeler@v2',
-  'actions/setup-node@v1',
-  'actions/setup-ruby@v1',
-  'actions/stale@v3',
-  'crowdin/github-action@1.0.10',
-  'dawidd6/action-delete-branch@v3',
-  'docker://chinthakagodawita/autoupdate-action:v1',
+  'actions/cache@70655ec8323daeeaa7ef06d7c56e1b9191396cbe',
+  'actions/cache@d1255ad9362389eac595a9ae406b8e8cb3331f16',
+  'actions/checkout@a81bbbf8298c0fa03ea29cdc473d45769f953675',
+  'actions/github-script@5d03ada4b0a753e9460b312e61cc4f8fdeacf163',
+  'actions/github-script@6e5ee1dc1cb3740e5e5e76ad668e3f526edbfe45',
+  'actions/github-script@44b873bc975058192f5279ebe7579496381f575d',
+  'actions/github-script@626af12fe9a53dc2972b48385e7fe7dec79145c9',
+  'actions/labeler@5f867a63be70efff62b767459b009290364495eb',
+  'actions/setup-node@56899e050abffc08c2b3b61f3ec6a79a9dc3223d',
+  'actions/setup-ruby@5f29a1cd8dfebf420691c4c9a0e832e2fae5a526',
+  'actions/stale@44f9eae0adddf72dbf3eedfacc999f70afcec1a8',
+  'crowdin/github-action@fd9429dd63d6c0f8a8cb4b93ad8076990bd6e688',
+  'dawidd6/action-delete-branch@47743101a121ad657031e6704086271ca81b1911',
+  'docker://chinthakagodawita/autoupdate-action:4d72a15b5989091e07d6f4ce4cd3afb7b835ad1e68190937df778b702a547cdc',
+  'fkirc/skip-duplicate-actions@a12175f6209d4805b5a163d723270be2a0dc7b36',
   'github/codeql-action/analyze@v1',
   'github/codeql-action/init@v1',
-  'ianwalter/puppeteer@3.0.0',
-  'juliangruber/approve-pull-request-action@v1',
-  'juliangruber/find-pull-request-action@v1',
-  'juliangruber/read-file-action@v1',
+  'ianwalter/puppeteer@12728ddef82390d1ecd4732fb543f62177392fbb',
+  'juliangruber/approve-pull-request-action@c530832d4d346c597332e20e03605aa94fa150a8',
+  'juliangruber/find-pull-request-action@64d55773c959748ad30a4184f4dc102af1669f7b',
+  'juliangruber/read-file-action@e0a316da496006ffd19142f0fd594a1783f3b512',
   'pascalgn/automerge-action@c9bd182',
-  'peter-evans/create-issue-from-file@v2',
-  'peter-evans/create-pull-request@v2',
-  'rachmari/actions-add-new-issue-to-column@v1.1.1',
-  'rachmari/labeler@v1.0.4',
-  'repo-sync/github-sync@v2',
-  'repo-sync/pull-request@v2',
-  'rtCamp/action-slack-notify@master',
-  'rtCamp/action-slack-notify@v2.1.0',
+  'peter-evans/create-issue-from-file@35e304e2a12caac08c568247a2cb46ecd0c3ecc5',
+  'peter-evans/create-pull-request@938e6aea6f8dbdaced2064e948cb806c77fe87b8',
+  'rachmari/actions-add-new-issue-to-column@1a459ef92308ba7c9c9dc2fcdd72f232495574a9',
+  'rachmari/labeler@832d42ec5523f3c6d46e8168de71cd54363e3e2e',
+  'repo-sync/github-sync@3832fe8e2be32372e1b3970bbae8e7079edeec88',
+  'repo-sync/pull-request@ea6773388b83b337e4da9a223293309f2c3670e7',
+  'rtCamp/action-slack-notify@e17352feaf9aee300bf0ebc1dfbf467d80438815',
   'tjenkinson/gh-action-auto-merge-dependency-updates@cee2ac0'
 ]

.github/workflows/60-days-stale-check.yml

@@ -7,7 +7,7 @@ jobs:
   stale:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/stale@v3
+    - uses: actions/stale@44f9eae0adddf72dbf3eedfacc999f70afcec1a8
       with:
         repo-token: ${{ secrets.GITHUB_TOKEN }} 
         stale-issue-message: 'This issue is stale because it has been open 60 days with no activity.'

.github/workflows/auto-label-prs.yml

@@ -7,6 +7,6 @@ jobs:
     if: github.repository == 'github/docs-internal'
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/labeler@v2
+    - uses: actions/labeler@5f867a63be70efff62b767459b009290364495eb
       with:
         repo-token: "${{ secrets.GITHUB_TOKEN }}"

.github/workflows/autoupdate-branch.yml

@@ -8,9 +8,9 @@ jobs:
     name: autoupdate
     runs-on: ubuntu-18.04
     steps:
-      - uses: docker://chinthakagodawita/autoupdate-action:v1
+      - uses: docker://chinthakagodawita/autoupdate-action:4d72a15b5989091e07d6f4ce4cd3afb7b835ad1e68190937df778b702a547cdc
         env:
           GITHUB_TOKEN: ${{ secrets.OCTOMERGER_PAT_WITH_REPO_AND_WORKFLOW_SCOPE }}
           PR_FILTER: labelled
           PR_LABELS: autoupdate
-          MERGE_MSG: "Branch was updated using the 'autoupdate branch' Actions workflow."
+          MERGE_MSG: "Branch was updated using the 'autoupdate branch' Actions workflow."

.github/workflows/browser-test.yml

@@ -1,18 +1,40 @@
 name: Browser Tests
 
-on: [push]
+on:
+  workflow_dispatch:
+  push:
 
 jobs:
+  see_if_should_skip:
+    runs-on: ubuntu-latest
+    # Map a step output to a job output
+    outputs:
+      should_skip: ${{ steps.skip_check.outputs.should_skip }}
+    steps:
+      - id: skip_check
+        uses: fkirc/skip-duplicate-actions@a12175f6209d4805b5a163d723270be2a0dc7b36
+        with:
+          cancel_others: 'false'
+          github_token: ${{ github.token }}
+          paths: '["assets/**", "content/**", "data/**", "includes/**", "javascripts/**", "jest-puppeteer.config.js", "jest.config.js", "layouts/**", "lib/**", "middleware/**", "package-lock.json", "package.json", "server.js", "translations/**", "webpack.config.js"]'
   build:
+    needs: see_if_should_skip
     runs-on: ubuntu-latest
     steps:
-      - name: Checkout
-        uses: actions/checkout@v2
-      - name: Install
-        uses: ianwalter/puppeteer@3.0.0
+      # Each of these ifs needs to be repeated at each step to make sure the required check still runs
+      # Even if if doesn't do anything
+      - if: ${{ needs.see_if_should_skip.outputs.should_skip == 'false' }}
+        name: Checkout
+        uses: actions/checkout@a81bbbf8298c0fa03ea29cdc473d45769f953675
+
+      - if: ${{ needs.see_if_should_skip.outputs.should_skip == 'false' }}
+        name: Install
+        uses: ianwalter/puppeteer@12728ddef82390d1ecd4732fb543f62177392fbb
         with:
           args: npm ci
-      - name: Test
-        uses: ianwalter/puppeteer@3.0.0
+
+      - if: ${{ needs.see_if_should_skip.outputs.should_skip == 'false' }}
+        name: Test
+        uses: ianwalter/puppeteer@12728ddef82390d1ecd4732fb543f62177392fbb
         with:
-          args: npm run browser-test
+          args: npm run browser-test

.github/workflows/check-all-english-links.yml

@@ -10,7 +10,7 @@ jobs:
     if: github.repository == 'github/docs-internal'
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@a81bbbf8298c0fa03ea29cdc473d45769f953675
     - name: npm ci
       run: npm ci
     - name: npm run build
@@ -28,7 +28,7 @@ jobs:
         fi
     - if: ${{ steps.check.outputs.continue == 'yes' }}
       name: Create issue from file
-      uses: peter-evans/create-issue-from-file@v2
+      uses: peter-evans/create-issue-from-file@35e304e2a12caac08c568247a2cb46ecd0c3ecc5
       with:
         token: ${{ secrets.DOCUBOT_FR_PROJECT_BOARD_WORKFLOWS_REPO_ORG_READ_SCOPES }}
         title: ${{ steps.check.outputs.title }}

.github/workflows/codeql.yml

@@ -15,7 +15,7 @@ jobs:
     runs-on: ubuntu-latest 
 
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@a81bbbf8298c0fa03ea29cdc473d45769f953675
     - uses: github/codeql-action/init@v1
       with:
         languages: javascript # comma separated list of values from {go, python, javascript, java, cpp, csharp} (not YET ruby, sorry!)

.github/workflows/crowdin.yml

@@ -15,10 +15,10 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@a81bbbf8298c0fa03ea29cdc473d45769f953675
 
       - name: Sync
-        uses: crowdin/github-action@1.0.10
+        uses: crowdin/github-action@fd9429dd63d6c0f8a8cb4b93ad8076990bd6e688
         with:
           upload_translations: false
           download_translations: true
@@ -38,7 +38,7 @@ jobs:
           crowdin_branch_name: crowdin-main
 
         env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITHUB_TOKEN: ${{ secrets.OCTOGLOT_PAT_WITH_REPO_AND_WORKFLOW_SCOPE }}
 
           # This is a numeric id, not to be confused with Crowdin API v1 "project identifier" string
           # See "API v2" on https://crowdin.com/project/<your-project>/settings#api

.github/workflows/first-responder-docs-content.yml

@@ -0,0 +1,79 @@
+name: First responder docs-content
+on:
+  pull_request:
+    types: [reopened, opened, ready_for_review, unlabeled]
+
+jobs:
+  first-responder-triage:
+    if: github.repository == 'github/docs-internal' && github.event.pull_request.draft == false && github.event.action != 'unlabeled'
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Check if the event originated from a team member
+      uses: actions/github-script@44b873bc975058192f5279ebe7579496381f575d
+      id: set-result
+      with:
+        github-token: ${{secrets.DOCUBOT_FR_PROJECT_BOARD_WORKFLOWS_REPO_ORG_READ_SCOPES}}
+        result-encoding: string
+        script: |
+          const repoName = context.payload.repository.name
+          const ownerName = context.payload.repository.owner.login
+          const issueNumber = (context.eventName === "issues") ? context.payload.issue.number : context.payload.number
+          const updatedIssueInformation = await github.issues.get({
+            owner: ownerName,
+            repo: repoName,
+            issue_number: issueNumber
+          })
+          const teamMembers = await github.request(
+            `/orgs/github/teams/docs/members`
+          )
+          const logins = teamMembers.data.map(member => member.login)
+          if (logins.some(login => login === updatedIssueInformation.data.user.login)) {
+            console.log(`This issue or pull request was authored by a member of the github/docs team.`)
+            return 'true'
+          }
+          console.log(`This issue or pull request was authored by an external contributor.`)
+          return 'false'
+    - name: Label external contributor pull requests with docs-content-fr
+      uses: rachmari/labeler@832d42ec5523f3c6d46e8168de71cd54363e3e2e
+      if: steps.set-result.outputs.result == 'false'
+      with:
+        repo-token: "${{ secrets.DOCUBOT_FR_PROJECT_BOARD_WORKFLOWS_REPO_ORG_READ_SCOPES }}"
+        add-labels: "docs-content-fr"
+    - name: Triage to FR PR project column
+      uses: rachmari/actions-add-new-issue-to-column@1a459ef92308ba7c9c9dc2fcdd72f232495574a9
+      if: steps.set-result.outputs.result == 'false'
+      with:
+        action-token: ${{ secrets.DOCUBOT_FR_PROJECT_BOARD_WORKFLOWS_REPO_ORG_READ_SCOPES }}
+        project-url: "https://github.com/orgs/github/projects/1367"
+        column-name: "Docs-internal external contributor PRs"
+
+  first-responder-label-removed:
+    if: github.event.label.name == 'docs-content-fr' && github.event.action == 'unlabeled'
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Dump GitHub context
+      env:
+        GITHUB_CONTEXT: ${{ toJson(github) }}
+      run: echo "$GITHUB_CONTEXT"
+    - name: Remove card from project
+      uses: actions/github-script@44b873bc975058192f5279ebe7579496381f575d
+      with:
+        github-token: ${{secrets.DOCUBOT_FR_PROJECT_BOARD_WORKFLOWS_REPO_ORG_READ_SCOPES}}
+        result-encoding: string
+        script: |
+          const issueToRemove = context.payload.number
+          const cards = await github.projects.listCards({
+            column_id: 11130889
+          })
+          cards.data.forEach(card => {
+            if (card.content_url) {
+              const cardIssueNumber = parseInt(card.content_url.split('/').pop(), 10)
+              if (cardIssueNumber === issueToRemove) {
+                const cards = github.projects.deleteCard({
+                  card_id: card.id
+                })
+              }
+            }
+          })

.github/workflows/merged-notification.yml

@@ -7,7 +7,7 @@ jobs:
     if: github.event.repository.private == false && github.event.pull_request.merged && github.event.pull_request.base.ref == github.event.repository.default_branch
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/github-script@v3
+      - uses: actions/github-script@626af12fe9a53dc2972b48385e7fe7dec79145c9
         with:
           script: |
             github.issues.createComment({

.github/workflows/pa11y.yml

@@ -1,11 +1,14 @@
 name: "Pa11y"
-on: [push]
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: "25 17 * * *" # once a day at 17:25 UTC / 11:50 PST
 jobs:
   test:
     runs-on: ubuntu-latest
     steps:
       - name: Check out repo
-        uses: actions/checkout@v2
+        uses: actions/checkout@a81bbbf8298c0fa03ea29cdc473d45769f953675
 
       - name: Get npm cache directory
         id: npm-cache
@@ -13,7 +16,7 @@ jobs:
           echo "::set-output name=dir::$(npm config get cache)"
 
       - name: Cache node modules
-        uses: actions/cache@v2
+        uses: actions/cache@d1255ad9362389eac595a9ae406b8e8cb3331f16
         with:
           path: ${{ steps.npm-cache.outputs.dir }}
           key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}

.github/workflows/ping-staging-apps.yml

@@ -12,10 +12,10 @@ jobs:
     env:
       HEROKU_API_TOKEN: ${{ secrets.HEROKU_API_TOKEN }}
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@a81bbbf8298c0fa03ea29cdc473d45769f953675
     - name: npm ci
       run: npm ci
     - name: npm run build
       run: npm run build
     - name: Run script
-      run: script/ping-staging-apps.js
+      run: script/ping-staging-apps.js

.github/workflows/remove-unused-assets.yml

@@ -19,7 +19,7 @@ jobs:
         echo 'The repo is currently frozen! Exiting this workflow.'
         exit 1 # prevents further steps from running
     - name: Checkout
-      uses: actions/checkout@v2
+      uses: actions/checkout@a81bbbf8298c0fa03ea29cdc473d45769f953675
     - name: npm ci
       run: npm ci
     - name: Run scripts
@@ -28,13 +28,13 @@ jobs:
         script/remove-extraneous-translation-files.js
     - name: Get script results to use in PR body
       id: results
-      uses: juliangruber/read-file-action@v1
+      uses: juliangruber/read-file-action@e0a316da496006ffd19142f0fd594a1783f3b512
       with:
         path: ./results.md
     - name: Remove script results file
       run: rm -rf ./results.md
     - name: Create pull request
-      uses: peter-evans/create-pull-request@v2
+      uses: peter-evans/create-pull-request@938e6aea6f8dbdaced2064e948cb806c77fe87b8
       with:
         # need to use a token with repo and workflow scopes for this step
         token: ${{ secrets.OCTOMERGER_PAT_WITH_REPO_AND_WORKFLOW_SCOPE }}
@@ -49,7 +49,7 @@ jobs:
         branch: remove-unused-assets
     - if: ${{ failure() }}
       name: Delete remote branch (if previous steps failed)
-      uses: dawidd6/action-delete-branch@v3
+      uses: dawidd6/action-delete-branch@47743101a121ad657031e6704086271ca81b1911
       with:
         github_token: ${{ secrets.GITHUB_TOKEN }}
         branches: remove-unused-assets

.github/workflows/repo-sync.yml

@@ -27,10 +27,10 @@ jobs:
         exit 1 # prevents further steps from running
 
     - name: Check out repo
-      uses: actions/checkout@v2
+      uses: actions/checkout@a81bbbf8298c0fa03ea29cdc473d45769f953675
 
     - name: Sync repo to branch
-      uses: repo-sync/github-sync@v2
+      uses: repo-sync/github-sync@3832fe8e2be32372e1b3970bbae8e7079edeec88
       env:
         GITHUB_TOKEN: ${{ secrets.OCTOMERGER_PAT_WITH_REPO_AND_WORKFLOW_SCOPE }}
       with:
@@ -40,7 +40,7 @@ jobs:
         github_token: ${{ secrets.OCTOMERGER_PAT_WITH_REPO_AND_WORKFLOW_SCOPE }}
 
     - name: Create pull request
-      uses: repo-sync/pull-request@v2
+      uses: repo-sync/pull-request@ea6773388b83b337e4da9a223293309f2c3670e7
       env:
         GITHUB_TOKEN: ${{ secrets.OCTOMERGER_PAT_WITH_REPO_AND_WORKFLOW_SCOPE }}
       with:
@@ -52,7 +52,7 @@ jobs:
         github_token: ${{ secrets.OCTOMERGER_PAT_WITH_REPO_AND_WORKFLOW_SCOPE }}
 
     - name: Find pull request
-      uses: juliangruber/find-pull-request-action@v1
+      uses: juliangruber/find-pull-request-action@64d55773c959748ad30a4184f4dc102af1669f7b
       id: find-pull-request
       with:
         github-token: ${{ secrets.GITHUB_TOKEN }}
@@ -60,13 +60,13 @@ jobs:
 
     - name: Approve pull request
       if: ${{ steps.find-pull-request.outputs.number }}
-      uses: juliangruber/approve-pull-request-action@v1
+      uses: juliangruber/approve-pull-request-action@c530832d4d346c597332e20e03605aa94fa150a8
       with:
         github-token: ${{ secrets.GITHUB_TOKEN }}
         number: ${{ steps.find-pull-request.outputs.number }}
 
     - name: Send Slack notification if workflow fails
-      uses: rtCamp/action-slack-notify@master
+      uses: rtCamp/action-slack-notify@e17352feaf9aee300bf0ebc1dfbf467d80438815
       if: failure()
       env:
         SLACK_WEBHOOK: ${{ secrets.DOCS_ALERTS_SLACK_WEBHOOK }}

.github/workflows/send-eng-issues-to-backlog.yml

@@ -12,7 +12,7 @@ jobs:
     steps:
     - name: Add issues with engineering label to project board
       if: contains(github.event.issue.labels.*.name, 'engineering') || contains(github.event.issue.labels.*.name, 'design') || contains(github.event.issue.labels.*.name, 'Design')
-      uses: actions/github-script@v2
+      uses: actions/github-script@44b873bc975058192f5279ebe7579496381f575d
       with:
           github-token: ${{ secrets.DOCUBOT_FR_PROJECT_BOARD_WORKFLOWS_REPO_ORG_READ_SCOPES }} 
           script: |

.github/workflows/start-new-engineering-pr-workflow.yml

@@ -13,7 +13,7 @@ jobs:
       REGULAR_COLUMN_ID: 10095779
     steps:
     - name: 
-      uses: actions/github-script@v2
+      uses: actions/github-script@44b873bc975058192f5279ebe7579496381f575d
       continue-on-error: true
       with:
           github-token: ${{ secrets.DOCUBOT_FR_PROJECT_BOARD_WORKFLOWS_REPO_ORG_READ_SCOPES }}

.github/workflows/sync-algolia-search-indices.yml

@@ -12,12 +12,12 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - name: checkout
-      uses: actions/checkout@v2
-    - uses: actions/setup-node@v1
+      uses: actions/checkout@a81bbbf8298c0fa03ea29cdc473d45769f953675
+    - uses: actions/setup-node@56899e050abffc08c2b3b61f3ec6a79a9dc3223d
       with:
         node-version: 14.x
     - name: cache node modules
-      uses: actions/cache@v1
+      uses: actions/cache@70655ec8323daeeaa7ef06d7c56e1b9191396cbe
       with:
         path: ~/.npm
         key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
@@ -32,7 +32,7 @@ jobs:
         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
       run: npm run sync-search
     - name: Send slack notification if workflow run fails
-      uses: rtCamp/action-slack-notify@v2.1.0
+      uses: rtCamp/action-slack-notify@e17352feaf9aee300bf0ebc1dfbf467d80438815
       if: failure()
       env:
         SLACK_WEBHOOK: ${{ secrets.DOCS_ALERTS_SLACK_WEBHOOK }}

.github/workflows/test-translations.yml

@@ -12,12 +12,12 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Check out repo
-        uses: actions/checkout@v2
+        uses: actions/checkout@a81bbbf8298c0fa03ea29cdc473d45769f953675
         with:
           ref: translations # check out the 'translations' branch
 
       - name: Setup node
-        uses: actions/setup-node@v1
+        uses: actions/setup-node@56899e050abffc08c2b3b61f3ec6a79a9dc3223d
         with:
           node-version: 14.x
 
@@ -27,7 +27,7 @@ jobs:
           echo "::set-output name=dir::$(npm config get cache)"
 
       - name: Cache node modules
-        uses: actions/cache@v2
+        uses: actions/cache@d1255ad9362389eac595a9ae406b8e8cb3331f16
         with:
           path: ${{ steps.npm-cache.outputs.dir }}
           key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
@@ -52,10 +52,10 @@ jobs:
         test-group: [content, meta, rendering, routing, unit, links-and-images]
     steps:
       - name: Check out repo
-        uses: actions/checkout@v2
+        uses: actions/checkout@a81bbbf8298c0fa03ea29cdc473d45769f953675
 
       - name: Setup node
-        uses: actions/setup-node@v1
+        uses: actions/setup-node@56899e050abffc08c2b3b61f3ec6a79a9dc3223d
         with:
           node-version: 14.x
 
@@ -65,7 +65,7 @@ jobs:
           echo "::set-output name=dir::$(npm config get cache)"
 
       - name: Cache node modules
-        uses: actions/cache@v2
+        uses: actions/cache@d1255ad9362389eac595a9ae406b8e8cb3331f16
         with:
           path: ${{ steps.npm-cache.outputs.dir }}
           key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}

.github/workflows/test-windows.yml

@@ -15,10 +15,10 @@ jobs:
     runs-on: windows-latest
     steps:
       - name: Check out repo
-        uses: actions/checkout@v2
+        uses: actions/checkout@a81bbbf8298c0fa03ea29cdc473d45769f953675
 
       - name: Setup node
-        uses: actions/setup-node@v1
+        uses: actions/setup-node@56899e050abffc08c2b3b61f3ec6a79a9dc3223d
         with:
           node-version: 14.x
 
@@ -28,7 +28,7 @@ jobs:
           echo "::set-output name=dir::$(npm config get cache)"
 
       - name: Cache node modules
-        uses: actions/cache@v2
+        uses: actions/cache@d1255ad9362389eac595a9ae406b8e8cb3331f16
         with:
           path: ${{ steps.npm-cache.outputs.dir }}
           key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
@@ -52,10 +52,10 @@ jobs:
         test-group: [content, meta, rendering, routing, unit, links-and-images]
     steps:
       - name: Check out repo
-        uses: actions/checkout@v2
+        uses: actions/checkout@a81bbbf8298c0fa03ea29cdc473d45769f953675
 
       - name: Setup node
-        uses: actions/setup-node@v1
+        uses: actions/setup-node@56899e050abffc08c2b3b61f3ec6a79a9dc3223d
         with:
           node-version: 14.x
 
@@ -65,7 +65,7 @@ jobs:
           echo "::set-output name=dir::$(npm config get cache)"
 
       - name: Cache node modules
-        uses: actions/cache@v2
+        uses: actions/cache@d1255ad9362389eac595a9ae406b8e8cb3331f16
         with:
           path: ${{ steps.npm-cache.outputs.dir }}
           key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}

.github/workflows/test.yml

@@ -3,6 +3,7 @@
 name: Node.js Tests
 
 on:
+  workflow_dispatch:
   push:
     branches:
       - main
@@ -14,79 +15,110 @@ env:
   CI: true
 
 jobs:
+  see_if_should_skip:
+    runs-on: ubuntu-latest
+    # Map a step output to a job output
+    outputs:
+      should_skip: ${{ steps.skip_check.outputs.should_skip }}
+    steps:
+      - id: skip_check
+        uses: fkirc/skip-duplicate-actions@a12175f6209d4805b5a163d723270be2a0dc7b36
+        with:
+          cancel_others: 'false'
+          github_token: ${{ github.token }}
+          paths_ignore: '[".all-contributorsrc", ".env.example", ".gitattributes", ".vscode/**", "app.json", "assets/**", "CODE_OF_CONDUCT.md", "CONTRIBUTING.md", "contributing/**", "crowdin-actions-config.yml", "crowdin.yml", "docs", "javascripts/**", "jest-puppeteer.config.js", "LICENSE-CODE", "LICENSE", "nodemon.json", "ownership.yaml", "README.md", "script/**", "stylesheets/**"]'
   lint:
+    needs: see_if_should_skip
     runs-on: ubuntu-latest
     steps:
-      - name: Check out repo
-        uses: actions/checkout@v2
+      # Each of these ifs needs to be repeated at each step to make sure the required check still runs
+      # Even if if doesn't do anything
+      - if: ${{ needs.see_if_should_skip.outputs.should_skip == 'false' }}
+        name: Check out repo
+        uses: actions/checkout@a81bbbf8298c0fa03ea29cdc473d45769f953675
 
-      - name: Setup node
-        uses: actions/setup-node@v1
+      - if: ${{ needs.see_if_should_skip.outputs.should_skip == 'false' }}
+        name: Setup node
+        uses: actions/setup-node@56899e050abffc08c2b3b61f3ec6a79a9dc3223d
         with:
           node-version: 14.x
 
-      - name: Get npm cache directory
+      - if: ${{ needs.see_if_should_skip.outputs.should_skip == 'false' }}
+        name: Get npm cache directory
         id: npm-cache
         run: |
           echo "::set-output name=dir::$(npm config get cache)"
 
-      - name: Cache node modules
-        uses: actions/cache@v2
+      - if: ${{ needs.see_if_should_skip.outputs.should_skip == 'false' }}
+        name: Cache node modules
+        uses: actions/cache@d1255ad9362389eac595a9ae406b8e8cb3331f16
         with:
           path: ${{ steps.npm-cache.outputs.dir }}
           key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
           restore-keys: |
             ${{ runner.os }}-node-
 
-      - name: Install dependencies
+      - if: ${{ needs.see_if_should_skip.outputs.should_skip == 'false' }}
+        name: Install dependencies
         run: npm ci
 
-      - name: Run linter
+      - if: ${{ needs.see_if_should_skip.outputs.should_skip == 'false' }}
+        name: Run linter
         run: npx standard
 
-      - name: Check dependencies
+      - if: ${{ needs.see_if_should_skip.outputs.should_skip == 'false' }}
+        name: Check dependencies
         run: npm run check-deps
-
   test:
+    needs: see_if_should_skip
     runs-on: ubuntu-latest
     strategy:
       fail-fast: false
       matrix:
         test-group: [content, meta, rendering, routing, unit, links-and-images]
     steps:
-      - name: Check out repo
-        uses: actions/checkout@v2
+      # Each of these ifs needs to be repeated at each step to make sure the required check still runs
+      # Even if if doesn't do anything
+      - if: ${{ needs.see_if_should_skip.outputs.should_skip == 'false' }}
+        name: Check out repo
+        uses: actions/checkout@a81bbbf8298c0fa03ea29cdc473d45769f953675
 
-      - name: Setup node
-        uses: actions/setup-node@v1
+      - if: ${{ needs.see_if_should_skip.outputs.should_skip == 'false' }}
+        name: Setup node
+        uses: actions/setup-node@56899e050abffc08c2b3b61f3ec6a79a9dc3223d
         with:
           node-version: 14.x
 
-      - name: Get npm cache directory
+      - if: ${{ needs.see_if_should_skip.outputs.should_skip == 'false' }}
+        name: Get npm cache directory
         id: npm-cache
         run: |
           echo "::set-output name=dir::$(npm config get cache)"
 
-      - name: Cache node modules
-        uses: actions/cache@v2
+      - if: ${{ needs.see_if_should_skip.outputs.should_skip == 'false' }}
+        name: Cache node modules
+        uses: actions/cache@d1255ad9362389eac595a9ae406b8e8cb3331f16
         with:
           path: ${{ steps.npm-cache.outputs.dir }}
           key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
           restore-keys: |
             ${{ runner.os }}-node-
 
-      - name: Install dependencies
+      - if: ${{ needs.see_if_should_skip.outputs.should_skip == 'false' }}
+        name: Install dependencies
         run: npm ci
 
-      - name: Run build script
+      - if: ${{ needs.see_if_should_skip.outputs.should_skip == 'false' }}
+        name: Run build script
         run: npm run build
 
-      - name: Run tests
+      - if: ${{ needs.see_if_should_skip.outputs.should_skip == 'false' }}
+        name: Run tests
         run: npx jest tests/${{ matrix.test-group }}/
 
       - name: Send Slack notification if workflow fails
-        uses: rtCamp/action-slack-notify@master
+        uses: rtCamp/action-slack-notify@e17352feaf9aee300bf0ebc1dfbf467d80438815
         if: failure() && github.ref == 'early-access'
         env:
           SLACK_WEBHOOK: ${{ secrets.DOCS_ALERTS_SLACK_WEBHOOK }}
-          SLACK_MESSAGE: "Tests are failing on the `early-access` branch. https://github.com/github/docs-internal/tree/early-access"
+          SLACK_MESSAGE: "Tests are failing on the `early-access` branch. https://github.com/github/docs-internal/tree/early-access"

.github/workflows/translations.yml

@@ -17,14 +17,14 @@ jobs:
         echo 'The repo is currently frozen! Exiting this workflow.'
         exit 1 # prevents further steps from running
     - name: Find original Pull Request
-      uses: juliangruber/find-pull-request-action@v1
+      uses: juliangruber/find-pull-request-action@64d55773c959748ad30a4184f4dc102af1669f7b
       id: pr
       with:
         github-token: ${{ secrets.GITHUB_TOKEN }}
         branch: translations
     - if: ${{ steps.pr.outputs.number }}
       name: Check if already labeled
-      uses: actions/github-script@0.9.0
+      uses: actions/github-script@5d03ada4b0a753e9460b312e61cc4f8fdeacf163
       id: has-label
       with:
         script: |
@@ -38,13 +38,13 @@ jobs:
           }
     - if: ${{ !steps.has-label.outputs.result }}
       name: Approve Pull Request
-      uses: juliangruber/approve-pull-request-action@v1
+      uses: juliangruber/approve-pull-request-action@c530832d4d346c597332e20e03605aa94fa150a8
       with:
         github-token: ${{ secrets.GITHUB_TOKEN }}
         number: ${{ steps.pr.outputs.number }}
     - if: ${{ !steps.has-label.outputs.result }}
       name: Add automerge label
-      uses: actions/github-script@0.9.0
+      uses: actions/github-script@5d03ada4b0a753e9460b312e61cc4f8fdeacf163
       with:
         github-token: ${{ secrets.GITHUB_TOKEN }}
         script: |

.github/workflows/triage-issue-comments.yml

@@ -10,7 +10,7 @@ jobs:
 
     steps:
     - name: Check if the event originated from a team member
-      uses: actions/github-script@v2.0.0
+      uses: actions/github-script@6e5ee1dc1cb3740e5e5e76ad668e3f526edbfe45
       id: is-internal-contributor
       with:
         github-token: ${{secrets.GITHUB_TOKEN}}
@@ -33,13 +33,13 @@ jobs:
             return 'false'
           }
     - name: Label issues with new comments with 'triage'
-      uses: rachmari/labeler@v1.0.4
+      uses: rachmari/labeler@832d42ec5523f3c6d46e8168de71cd54363e3e2e
       if: (steps.is-internal-contributor.outputs.result == 'false')
       with:
         repo-token: "${{ secrets.GITHUB_TOKEN }}"
         add-labels: "triage"
     - name: Triage to project board
-      uses: rachmari/actions-add-new-issue-to-column@v1.1.1
+      uses: rachmari/actions-add-new-issue-to-column@1a459ef92308ba7c9c9dc2fcdd72f232495574a9
       with:
         action-token: ${{ secrets.GITHUB_TOKEN }}
         project-url: "https://github.com/github/docs/projects/1"

.github/workflows/triage-issues.yml

@@ -10,12 +10,12 @@ jobs:
 
     steps:
     - name: Label new issues with 'triage'
-      uses: rachmari/labeler@v1.0.4
+      uses: rachmari/labeler@832d42ec5523f3c6d46e8168de71cd54363e3e2e
       with:
         repo-token: "${{ secrets.GITHUB_TOKEN }}"
         add-labels: "triage"
     - name: Triage to project board
-      uses: rachmari/actions-add-new-issue-to-column@v1.1.1
+      uses: rachmari/actions-add-new-issue-to-column@1a459ef92308ba7c9c9dc2fcdd72f232495574a9
       with:
         action-token: ${{ secrets.GITHUB_TOKEN }}
         project-url: "https://github.com/github/docs/projects/1"

.github/workflows/triage-pull-requests.yml

@@ -10,12 +10,12 @@ jobs:
 
     steps:
     - name: Label new pull requests with 'triage'
-      uses: rachmari/labeler@v1.0.4
+      uses: rachmari/labeler@832d42ec5523f3c6d46e8168de71cd54363e3e2e
       with:
         repo-token: "${{ secrets.GITHUB_TOKEN }}"
         add-labels: "triage"
     - name: Triage to project board
-      uses: rachmari/actions-add-new-issue-to-column@v1.1.1
+      uses: rachmari/actions-add-new-issue-to-column@1a459ef92308ba7c9c9dc2fcdd72f232495574a9
       with:
         action-token: ${{ secrets.GITHUB_TOKEN }}
         project-url: "https://github.com/github/docs/projects/1"

.github/workflows/triage-stale-check.yml

@@ -9,7 +9,7 @@ jobs:
     runs-on: ubuntu-latest
     
     steps:
-    - uses: actions/stale@v3
+    - uses: actions/stale@44f9eae0adddf72dbf3eedfacc999f70afcec1a8
       with:
         repo-token: ${{ secrets.GITHUB_TOKEN }} 
         stale-pr-message: 'This PR is stale because it has been open 7 days with no activity and will be automatically closed in 3 days. To keep this PR open, update the PR by adding a comment or pushing a commit.'

.github/workflows/update-graphql-files.yml

@@ -22,9 +22,9 @@ jobs:
         echo 'The repo is currently frozen! Exiting this workflow.'
         exit 1 # prevents further steps from running
     - name: Checkout
-      uses: actions/checkout@v2
+      uses: actions/checkout@a81bbbf8298c0fa03ea29cdc473d45769f953675
     - name: Set up Ruby
-      uses: actions/setup-ruby@v1
+      uses: actions/setup-ruby@5f29a1cd8dfebf420691c4c9a0e832e2fae5a526
       with:
         ruby-version: '2.4'
     - name: Install Ruby dependencies
@@ -46,7 +46,7 @@ jobs:
         script/graphql/build-changelog-from-markdown.js
     - name: Create pull request
       id: create-pull-request
-      uses: peter-evans/create-pull-request@v2
+      uses: peter-evans/create-pull-request@938e6aea6f8dbdaced2064e948cb806c77fe87b8
       with:
         # need to use a token with repo and workflow scopes for this step
         token: ${{ secrets.OCTOMERGER_PAT_WITH_REPO_AND_WORKFLOW_SCOPE }}
@@ -60,13 +60,13 @@ jobs:
         branch: graphql-schema-update
     - if: ${{ failure() }}
       name: Delete remote branch (if previous steps failed)
-      uses: dawidd6/action-delete-branch@v3
+      uses: dawidd6/action-delete-branch@47743101a121ad657031e6704086271ca81b1911
       with:
         github_token: ${{ secrets.GITHUB_TOKEN }}
         branches: graphql-schema-update
     - if: ${{ steps.create-pull-request.outputs.pr_number }}
       name: Approve
-      uses: juliangruber/approve-pull-request-action@v1
+      uses: juliangruber/approve-pull-request-action@c530832d4d346c597332e20e03605aa94fa150a8
       with:
         github-token: ${{ secrets.GITHUB_TOKEN }}
         number: ${{ steps.create-pull-request.outputs.pr_number }}

content/actions/creating-actions/creating-a-composite-run-steps-action.md

@@ -36,7 +36,7 @@ Before you begin, you'll create a {% data variables.product.product_name %} repo
   echo "Goodbye"
   ```
 
-1. From your terminal, make `goodbye.sh` executable and check it into your repository.
+3. From your terminal, make `goodbye.sh` executable.
 
   ```shell
   chmod +x goodbye.sh
@@ -85,14 +85,26 @@ Before you begin, you'll create a {% data variables.product.product_name %} repo
 
   For more information about how to use `github.action_path`, see "[`github context`](/actions/reference/context-and-expression-syntax-for-github-actions#github-context)".
 
-1. Create a new label. This example uses a label called `v1` for the main branch. For more information, see "[Creating a label
-](/github/managing-your-work-on-github/creating-a-label)."
+1. From your terminal, check in your `action.yml` file.
+
+  ```shell
+  git add action.yml
+  git commit -m "Add action"
+  git push
+  ```
+
+1. From your terminal, add a tag. This example uses a tag called `v1`. For more information, see "[About actions](/actions/creating-actions/about-actions#using-release-management-for-actions)."
+
+  ```shell
+  git tag -a -m "Description of this release" v1
+  git push --follow-tags
+  ```
 
 ### Testing out your action in a workflow
 
 The following workflow code uses the completed hello world action that you made in "[Creating an action metadata file](/actions/creating-actions/creating-a-composite-run-steps-action#creating-an-action-metadata-file)".
 
-Copy the workflow code into a `.github/workflows/main.yml` file in another repository, but replace `actions/hello-world-composite-run-steps-action@v1` with the repository and label you created. You can also replace the `who-to-greet` input with your name.
+Copy the workflow code into a `.github/workflows/main.yml` file in another repository, but replace `actions/hello-world-composite-run-steps-action@v1` with the repository and tag you created. You can also replace the `who-to-greet` input with your name.
 
 {% raw %}
 **.github/workflows/main.yml**

content/actions/creating-actions/creating-a-javascript-action.md

@@ -263,4 +263,8 @@ jobs:
 
 From your repository, click the **Actions** tab, and select the latest workflow run. You should see "Hello Mona the Octocat" or the name you used for the `who-to-greet` input and the timestamp printed in the log.
 
+{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.22" %}
+![A screenshot of using your action in a workflow](/assets/images/help/repository/javascript-action-workflow-run-updated.png)
+{% else %}
 ![A screenshot of using your action in a workflow](/assets/images/help/repository/javascript-action-workflow-run.png)
+{% endif %}

content/actions/learn-github-actions/introduction-to-github-actions.md

@@ -213,8 +213,13 @@ Once your job has started running, you can view each step's activity on {% data
     ![Screenshot of workflow results](/assets/images/help/images/learn-github-actions-workflow.png)
 1. Under "Workflow runs", click the name of the run you want to see.
     ![Screenshot of workflow runs](/assets/images/help/images/learn-github-actions-run.png)
+{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.22" %}
+1. Click on the job name to see the results of each step.
+    ![Screenshot of workflow run details](/assets/images/help/images/overview-actions-result-updated.png)
+{% else %}
 1. Click on the job name to see the results of each step.
     ![Screenshot of workflow run details](/assets/images/help/images/overview-actions-result.png)
+{% endif %}
 
 ### Next steps
 

content/actions/managing-workflow-runs/using-workflow-run-logs.md

@@ -14,8 +14,6 @@ You can see whether a workflow run is in progress or complete from the workflow
 
 If the run is complete, you can see whether the result was a success, failure, canceled, or neutral. If the run failed, you can view and search the build logs to diagnose the failure and re-run the workflow. You can also view billable job execution minutes, or download logs and build artifacts.
 
- ![Annotated workflow run image](/assets/images/help/repository/annotated-workflow.png)
-
 {% data variables.product.prodname_actions %} use the Checks API to output statuses, results, and logs for a workflow. {% data variables.product.prodname_dotcom %} creates a new check suite for each workflow run. The check suite contains a check run for each job in the workflow, and each job includes steps. {% data variables.product.prodname_actions %} are run as a step in a workflow. For more information about the Checks API, see "[Checks](/v3/checks/)."
 
 {% data reusables.github-actions.invalid-workflow-files %}
@@ -30,13 +28,11 @@ For jobs run on {% data variables.product.prodname_dotcom %}-hosted runners, "Se
 
 {% data reusables.repositories.navigate-to-repo %}
 {% data reusables.repositories.actions-tab %}
-{% data reusables.repositories.navigate-to-workflow %}
-{% data reusables.repositories.view-run %}
-{% data reusables.repositories.navigate-to-job %}
-6. To expand the log for a failed step, click the step.
-  ![Failed step name](/assets/images/help/repository/failed-check-step.png)
-7. Optionally, to get a link to a specific line in the logs, click on the step's line number. You can copy the link from the address bar of your web browser.
-  ![Button to copy link](/assets/images/help/repository/copy-link-button.png)
+{% data reusables.repositories.navigate-to-workflow-superlinter %}
+{% data reusables.repositories.view-run-superlinter %}
+{% data reusables.repositories.navigate-to-job-superlinter %}
+{% data reusables.repositories.view-failed-job-results-superlinter %}
+{% data reusables.repositories.view-specific-line-superlinter %}
 
 ### Searching logs
 
@@ -44,13 +40,18 @@ You can search the build logs for a particular step. When you search logs, only
 
 {% data reusables.repositories.navigate-to-repo %}
 {% data reusables.repositories.actions-tab %}
-{% data reusables.repositories.navigate-to-workflow %}
-{% data reusables.repositories.view-run %}
-{% data reusables.repositories.navigate-to-job %}
-6. To expand each step you want to include in your search, click the step.
+{% data reusables.repositories.navigate-to-workflow-superlinter %}
+{% data reusables.repositories.view-run-superlinter %}
+{% data reusables.repositories.navigate-to-job-superlinter %}
+{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.22" %}
+1. In the upper-right corner of the log output, in the **Search logs** search box, type a search query.
+  ![Search box to search logs](/assets/images/help/repository/search-log-box-updated.png)
+{% else %}
+1. To expand each step you want to include in your search, click the step.
   ![Step name](/assets/images/help/repository/failed-check-step.png)
-7. In the upper-right corner of the log output, in the **Search logs** search box, type a search query.
+1. In the upper-right corner of the log output, in the **Search logs** search box, type a search query.
   ![Search box to search logs](/assets/images/help/repository/search-log-box.png)
+{% endif %}
 
 ### Downloading logs
 
@@ -58,12 +59,16 @@ You can download the log files from your workflow run. You can also download a w
 
 {% data reusables.repositories.navigate-to-repo %}
 {% data reusables.repositories.actions-tab %}
-{% data reusables.repositories.navigate-to-workflow %}
-{% data reusables.repositories.view-run %}
-1. In the left sidebar, select any job.
-   ![Select a workflow job](/assets/images/help/repository/workflow-job.png)
-2. In the upper right corner, click {% octicon "kebab-horizontal" aria-label="The horizontal kebab icon" %} and select **Download log archive**.
+{% data reusables.repositories.navigate-to-workflow-superlinter %}
+{% data reusables.repositories.view-run-superlinter %}
+{% data reusables.repositories.navigate-to-job-superlinter %}
+{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.22" %}
+1. In the upper right corner, click {% octicon "kebab-horizontal" aria-label="The horizontal kebab icon" %} and select **Download log archive**.
+  ![Download logs drop-down menu](/assets/images/help/repository/download-logs-drop-down-updated.png)
+{% else %}
+1. In the upper right corner, click {% octicon "kebab-horizontal" aria-label="The horizontal kebab icon" %} and select **Download log archive**.
   ![Download logs drop-down menu](/assets/images/help/repository/download-logs-drop-down.png)
+{% endif %}
 
 ### Deleting logs
 
@@ -71,10 +76,18 @@ You can delete the log files from your workflow run. {% data reusables.repositor
 
 {% data reusables.repositories.navigate-to-repo %}
 {% data reusables.repositories.actions-tab %}
-{% data reusables.repositories.navigate-to-workflow %}
-{% data reusables.repositories.view-run %}
+{% data reusables.repositories.navigate-to-workflow-superlinter %}
+{% data reusables.repositories.view-run-superlinter %}
+{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.22" %}
+1. In the upper right corner, click {% octicon "kebab-horizontal" aria-label="The horizontal kebab icon" %}.
+    ![Kebab-horizontal icon](/assets/images/help/repository/workflow-run-kebab-horizontal-icon-updated.png)
+2. To delete the log files, click the **Delete all logs** button and review the confirmation prompt. 
+  ![Delete all logs](/assets/images/help/repository/delete-all-logs-updated.png)
+After deleting logs, the **Delete all logs** button is removed to indicate that no log files remain in the workflow run.
+{% else %}
 1. In the upper right corner, click {% octicon "kebab-horizontal" aria-label="The horizontal kebab icon" %}.
     ![Kebab-horizontal icon](/assets/images/help/repository/workflow-run-kebab-horizontal-icon.png)
 2. To delete the log files, click the **Delete all logs** button and review the confirmation prompt. 
   ![Delete all logs](/assets/images/help/repository/delete-all-logs.png)
-After deleting logs, the **Delete all logs** button is removed to indicate that no log files remain in the workflow run.
+After the logs have been deleted, the **Delete all logs** button is removed to indicate that no log files remain in the workflow run.
+{% endif %}

content/actions/quickstart.md

@@ -56,15 +56,13 @@ Committing the workflow file in your repository triggers the `push` event and ru
 
 ### Viewing your workflow results
 
+{% data reusables.repositories.navigate-to-repo %}
 {% data reusables.repositories.actions-tab %}
-1. In the left sidebar, click the workflow you want to see.
-  ![Workflow list in left sidebar](/assets/images/help/repository/superlinter-workflow-sidebar.png)
-1. From the list of workflow runs, click the name of the run you want to see.
-![Name of workflow run](/assets/images/help/repository/superlinter-run-name.png)
+{% data reusables.repositories.navigate-to-workflow-superlinter %}
+{% data reusables.repositories.view-run-superlinter %}
 1. In the left sidebar, click the **Lint code base** job.
    ![Lint code base job](/assets/images/help/repository/superlinter-lint-code-base-job.png)
-2. Expand the **Run Super-Linter** step to view the results.
-   ![Super linter workflow results](/assets/images/help/repository/super-linter-workflow-results.png)
+{% data reusables.repositories.view-failed-job-results-superlinter %}
 
 ### More starter workflows
 

content/actions/reference/context-and-expression-syntax-for-github-actions.md

@@ -179,7 +179,7 @@ on: push
 
 jobs:
   one:
-    runs-on: ubuntu-16.04
+    runs-on: ubuntu-latest
     steps:
       - name: Dump GitHub context
         env:

content/developers/apps/authenticating-with-github-apps.md

@@ -38,7 +38,7 @@ To generate a private key:
 {% endnote %}
 
 ### Verifying private keys
-{% data variables.product.product_name %} generates a fingerprint for each private and public key pair using a SHA-1 hash function. You can verify that your private key matches the public key stored on {% data variables.product.product_name %} by generating the fingerprint of your private key and comparing it to the fingerprint shown on {% data variables.product.product_name %}.
+{% data variables.product.product_name %} generates a fingerprint for each private and public key pair using the {% if currentVersion ver_lt "enterprise-server@2.23" %}SHA-1{% else %}SHA-256{% endif %} hash function. You can verify that your private key matches the public key stored on {% data variables.product.product_name %} by generating the fingerprint of your private key and comparing it to the fingerprint shown on {% data variables.product.product_name %}.
 
 To verify a private key:
 
@@ -46,7 +46,7 @@ To verify a private key:
 ![Private key fingerprint](/assets/images/github-apps/github_apps_private_key_fingerprint.png)
 2. Generate the fingerprint of your private key (PEM) locally by using the following command:
     ```shell
-    $ openssl rsa -in PATH_TO_PEM_FILE -pubout -outform DER | openssl sha1 -c
+    $ openssl rsa -in <em>PATH_TO_PEM_FILE</em> -pubout -outform DER | openssl {% if currentVersion ver_lt "enterprise-server@2.23" %}sha1 -c{% else %}sha256 -binary | openssl base64{% endif %}
     ```
 3. Compare the results of the locally generated fingerprint to the fingerprint you see in {% data variables.product.product_name %}.
 

content/developers/webhooks-and-events/securing-your-webhooks.md

@@ -34,9 +34,17 @@ $ export SECRET_TOKEN=<em>your_token</em>
 
 ### Validating payloads from GitHub
 
-When your secret token is set, GitHub uses it to create a hash signature with each payload.
+When your secret token is set, {% data variables.product.product_name %} uses it to create a hash signature with each payload. This hash signature is included with the headers of each request as {% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.22" or currentVersion == "private-instances@latest" %}`X-Hub-Signature-256`{% else if currentVersion ver_lt "enterprise-server@2.23" %}`X-Hub-Signature`{% endif %}.
 
-This hash signature is passed along with each request in the headers as `X-Hub-Signature`. Suppose you have a basic server listening to webhooks that looks like this:
+{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.22" or currentVersion == "private-instances@latest" %}
+{% note %}
+
+**Note:** For backward-compatibility, we also include the `X-Hub-Signature` header that is generated using the SHA-1 hash function. If possible, we recommend that you use the `X-Hub-Signature-256` header for improved security. The example below demonstrate using the `X-Hub-Signature-256` header.
+
+{% endnote %}
+{% endif %}
+
+For example, if you have a basic server that listens for webhooks, it might be configured similar to this:
 
 ``` ruby
 require 'sinatra'
@@ -48,7 +56,7 @@ post '/payload' do
 end
 ```
 
-The goal is to compute a hash using your `SECRET_TOKEN`, and ensure that the hash from GitHub matches. GitHub uses an HMAC hexdigest to compute the hash, so you could change your server to look a little like this:
+The intention is to calculate a hash using your `SECRET_TOKEN`, and ensure that the result matches the hash from {% data variables.product.product_name %}. {% data variables.product.product_name %} uses an HMAC hex digest to compute the hash, so you could reconfigure your server to look a little like this:
 
 ``` ruby
 post '/payload' do
@@ -59,16 +67,21 @@ post '/payload' do
   "I got some JSON: #{push.inspect}"
 end
 
+{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.22" or currentVersion == "private-instances@latest" %}
+def verify_signature(payload_body)
+  signature = 'sha256=' + OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha256'), ENV['SECRET_TOKEN'], payload_body)
+  return halt 500, "Signatures didn't match!" unless Rack::Utils.secure_compare(signature, request.env['HTTP_X_HUB_SIGNATURE_2'])
+end{% else if currentVersion ver_lt "enterprise-server@2.23" %}
 def verify_signature(payload_body)
   signature = 'sha1=' + OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha1'), ENV['SECRET_TOKEN'], payload_body)
   return halt 500, "Signatures didn't match!" unless Rack::Utils.secure_compare(signature, request.env['HTTP_X_HUB_SIGNATURE'])
-end
+end{% endif %}
 ```
 
-Obviously, your language and server implementations may differ than this code. There are a couple of very important things to point out, however:
+Your language and server implementations may differ from this example code. However, there are a number of very important things to point out:
 
-* No matter which implementation you use, the hash signature starts with `sha1=`, using the key of your secret token and your payload body.
+* No matter which implementation you use, the hash signature starts with {% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.22" or "private-instances@latest" %}`sha256=`{% else if currentVersion ver_lt "enterprise-server@2.23" %}`sha1=`{% endif %}, using the key of your secret token and your payload body.
 
-* Using a plain `==` operator is **not advised**. A method like [`secure_compare`][secure_compare] performs a "constant time" string comparison, which renders it safe from certain timing attacks against regular equality operators.
+* Using a plain `==` operator is **not advised**. A method like [`secure_compare`][secure_compare] performs a "constant time" string comparison, which helps mitigate certain timing attacks against regular equality operators.
 
 [secure_compare]: http://rubydoc.info/github/rack/rack/master/Rack/Utils.secure_compare

content/developers/webhooks-and-events/testing-webhooks.md

@@ -15,7 +15,7 @@ view provides some tooling for testing your deployed payloads.
 
 ### Listing recent deliveries
 
-Every webhook has its own "Recent Deliveries" section, which lists, at a glance whether a deployment was successful (green check) or failed (red x). You can also identify when each delivery was attempted.
+Every webhook has its own "Recent Deliveries" section, which lists, at a glance whether a delivery was successful (green check) or failed (red x). You can also identify when each delivery was attempted.
 
 {% data variables.product.product_name %} keeps a log of each webhook delivery for {% if currentVersion == "free-pro-team@latest" %} 30 {% else %} 8 {% endif %} days.
 

content/developers/webhooks-and-events/webhook-events-and-payloads.md

@@ -49,8 +49,9 @@ Header | Description
 `X-GitHub-Event`| Name of the event that triggered the delivery.
 `X-GitHub-Delivery`| A [GUID](http://en.wikipedia.org/wiki/Globally_unique_identifier) to identify the delivery.{% if currentVersion != "free-pro-team@latest" %}
 `X-GitHub-Enterprise-Version` | The version of the {% data variables.product.prodname_ghe_server %} instance that sent the HTTP POST payload.
-`X-GitHub-Enterprise-Host` | The hostname of the {% data variables.product.prodname_ghe_server %} instance that sent the HTTP POST payload.{% endif %}
-`X-Hub-Signature`| The HMAC hex digest of the response body. This header will be sent if the webhook is configured with a [`secret`](/v3/repos/hooks/#create-hook-config-params). The HMAC hex digest is generated using the `sha1` hash function and the `secret` as the HMAC `key`.
+`X-GitHub-Enterprise-Host` | The hostname of the {% data variables.product.prodname_ghe_server %} instance that sent the HTTP POST payload.{% endif %}{% if currentVersion != "private-instances@latest" %}
+`X-Hub-Signature`| This header is sent if the webhook is configured with a [`secret`](/v3/repos/hooks/#create-hook-config-params). This is the HMAC hex digest of the request body, and is generated using the SHA-1 hash function and the `secret` as the HMAC `key`.{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.22" %} `X-Hub-Signature` is provided for compatibility with existing integrations, and we recommend that you use the more secure `X-Hub-Signature-256` instead.{% endif %}{% endif %}{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.22" or currentVersion == "private-instances@latest" %}
+`X-Hub-Signature-256`| This header is sent if the webhook is configured with a [`secret`](/v3/repos/hooks/#create-hook-config-params). This is the HMAC hex digest of the request body, and is generated using the SHA-256 hash function and the `secret` as the HMAC `key`.{% endif %}
 
 Also, the `User-Agent` for the requests will have the prefix `GitHub-Hookshot/`.
 
@@ -62,8 +63,9 @@ Also, the `User-Agent` for the requests will have the prefix `GitHub-Hookshot/`.
 > Host: localhost:4567
 > X-GitHub-Delivery: 72d3162e-cc78-11e3-81ab-4c9367dc0958{% if currentVersion != "free-pro-team@latest" %}
 > X-GitHub-Enterprise-Version: 2.15.0
-> X-GitHub-Enterprise-Host: example.com{% endif %}
-> X-Hub-Signature: sha1=7d38cdd689735b008b3c702edd92eea23791c5f6
+> X-GitHub-Enterprise-Host: example.com{% endif %}{% if currentVersion != "private-instances@latest" %}
+> X-Hub-Signature: sha1=7d38cdd689735b008b3c702edd92eea23791c5f6{% endif %}{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.22" or currentVersion == "private-instances@latest" %}
+> X-Hub-Signature-256: sha256=d57c68ca6f92289e6987922ff26938930f6e66a2d161ef06abdf1859230aa23c{% endif %}
 > User-Agent: GitHub-Hookshot/044aadd
 > Content-Type: application/json
 > Content-Length: 6615

content/github/authenticating-to-github/adding-a-new-ssh-key-to-your-github-account.md

@@ -87,7 +87,7 @@ After adding a new SSH key to your {% data variables.product.product_name %} acc
   $ sudo apt-get install xclip
   # Downloads and installs xclip. If you don't have `apt-get`, you might need to use another installer (like `yum`)
 
-  $ xclip -sel clip < ~/.ssh/id_rsa.pub
+  $ xclip -selection clipboard < ~/.ssh/id_rsa.pub
   # Copies the contents of the id_rsa.pub file to your clipboard
   ```
   {% tip %}

content/github/building-a-strong-community/creating-a-default-community-health-file.md

@@ -44,7 +44,7 @@ You cannot create a default license file. License files must be added to individ
   ![Owner drop-down menu](/assets/images/help/repository/create-repository-owner.png)
 3. Type **.github** as the name for your repository, and an optional description.
   ![Create repository field](/assets/images/help/repository/default-file-repository-name.png)
-4. Choose to make the repository public.
+4. Make sure the repository status is set to **Public** (a repository for default files cannot be private).
   ![Radio buttons to select private or public status](/assets/images/help/repository/create-repository-public-private.png)
 {% data reusables.repositories.initialize-with-readme %}
 {% data reusables.repositories.create-repo %}

content/github/creating-cloning-and-archiving-repositories/about-code-owners.md

@@ -78,7 +78,8 @@ docs/*  docs@example.com
 apps/ @octocat
 
 # In this example, @doctocat owns any file in the `/docs`
-# directory in the root of your repository.
+# directory in the root of your repository and any of its
+# subdirectories.
 /docs/ @doctocat
 ```
 

content/github/managing-your-work-on-github/linking-a-pull-request-to-an-issue.md

@@ -11,9 +11,15 @@ versions:
   enterprise-server: '*'
 ---
 
+{% note %}
+
+**Note:** The special keywords in a pull request description are interpreted when the pull request targets the repository's *default* branch. However, if the PR's base is *any other branch*, then these keywords are ignored, no links are created and merging the PR has no effect on the issues. **If you want to link a pull request to an issue using a keyword, the PR must be on the default branch.**
+
+{% endnote %}
+
 ### About linked issues and pull requests
 
-You can link an issue to a pull request {% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.20" %}manually or {% endif %}using a supported keyword in the pull request description.
+You can link an issue to a pull request {% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.20" %}manually or {% endif %}using a supported keyword in the pull request description. 
 
 When you link a pull request to the issue the pull request addresses, collaborators can see that someone is working on the issue. {% if currentVersion ver_lt "enterprise-server@2.21" %}If the pull request and the issue are in different repositories, {% data variables.product.product_name %} will display the link after the pull request is merged, if the person who merges the pull request also has permission to close the issue.{% endif %}
 
@@ -37,7 +43,7 @@ You can manually link up to ten issues to each pull request. The issue and pull
 
 ### Linking a pull request to an issue using a keyword
 
-You can link a pull request to an issue by using a supported keyword in the pull request's description.
+You can link a pull request to an issue by using a supported keyword in the pull request's description or in a commit message (please note that the pull request must be on the default branch). 
 
 * close
 * closes

content/github/managing-your-work-on-github/linking-a-repository-to-a-project-board.md

@@ -7,6 +7,11 @@ versions:
   free-pro-team: '*'
   enterprise-server: '*'
 ---
+{% note %}
+
+**Note:** In order to link a repository to your organization or user owned project board the repository needs to have issues enabled. For information on how to see if issues are disabled for a repository, see "[Disabling issues](/github/managing-your-work-on-github/disabling-issues) ."
+
+{% endnote %}
 
 Anyone with write permissions to a project board can link repositories owned by that organization or user account to the project board. For more information, see "[Project board permissions for an organization](/articles/project-board-permissions-for-an-organization/)" or "[Permission levels for user-owned project boards](/articles/permission-levels-for-user-owned-project-boards/)."
 

contributing/node-versions.md

@@ -19,10 +19,17 @@ When updating to a new Node.js version, consider the following files:
 
 If you're using macOS, run this command to get the latest:
 
-```
+```sh
 brew upgrade nodenv node-build
 ```
 
+If you see a warning like this one, run the suggested command:
+
+```sh
+# You should change the ownership of these directories to your user.
+sudo chown -R $(whoami) /usr/local/sbin
+```
+
 If you're using another operating system, or did not use Homebrew to install nodenv, see these [upgrade instructions](https://github.com/nodenv/nodenv#installation).
 
 To install Node.js 14 and make it your default version, run this command:

contributing/search.md

@@ -18,9 +18,9 @@ The Actions workflow usually takes about five minutes, and the progress can be v
 
 ## Development
 
-In cases where a publicity event like GitHub Satellite or GitHub Universe demands a very tight shipping window, it is also possible to manually sync the indices with Algolia's servers from your local checkout of the repo, before your feature branch is merged to main. Manually syncing the indices can also be useful to test an unreleased GitHub Enterprise version or a translated language (Portugese, Chinese, etc) that is not yet in production.
+In cases where a publicity event like GitHub Satellite or GitHub Universe demands a very tight shipping window, it is also possible to manually sync the indices with Algolia's servers from your local checkout of the repo, before your feature branch is merged to main. Manually syncing the indices can also be useful to test an unreleased GitHub Enterprise version or a translated language (Portuguese, Chinese, etc) that is not yet in production.
 
-To sync the indices from your development enviroment:
+To sync the indices from your development environment:
 
 1. Make sure the two required environment variables `ALGOLIA_APPLICATION_ID` and `ALGOLIA_API_KEY` are set in your `.env` file. These can be retrieved from the [Algolia site](https://www.algolia.com/apps/ZI5KPY1HBE/api-keys/all).
 2. Run `npm run sync-search-dry-run`. This takes a while to complete. It will prepare, test, and validate all the indices without actually uploading anything to Algolia's servers.

data/reusables/github-actions/docker-container-os-support.md

@@ -2,7 +2,7 @@
 
 **Note:** If your workflows use Docker container actions or service containers, then you must use a Linux runner:
 
-* If you are using {% data variables.product.prodname_dotcom %}-hosted runners, you must use the `ubuntu-latest` runner.
+* If you are using {% data variables.product.prodname_dotcom %}-hosted runners, you must use an Ubuntu runner.
 * If you are using self-hosted runners, you must use a Linux machine as your runner and Docker must be installed.
 
 {% endnote %}

data/reusables/repositories/navigate-to-job-superlinter.md

@@ -0,0 +1,7 @@
+{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.22" %}
+1. In the left sidebar, click the job you want to see.
+   ![Lint code base job](/assets/images/help/repository/superlinter-lint-code-base-job.png)
+{% else %}
+1. In the left sidebar, click the job you want to see.
+   ![Select a workflow job](/assets/images/help/repository/workflow-job.png)
+{% endif %}

data/reusables/repositories/navigate-to-job.md

@@ -1,2 +0,0 @@
-1. In the left sidebar, click the job you want to see.
-  ![List of jobs in left sidebar](/assets/images/help/repository/check-suite-list.png)

data/reusables/repositories/navigate-to-workflow-superlinter.md

@@ -0,0 +1,2 @@
+1. In the left sidebar, click the workflow you want to see.
+  ![Workflow list in left sidebar](/assets/images/help/repository/superlinter-workflow-sidebar.png)

data/reusables/repositories/view-failed-job-results-superlinter.md

@@ -0,0 +1,7 @@
+{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.22" %}
+1. Any failed steps are automatically expanded to display the results.
+   ![Super linter workflow results](/assets/images/help/repository/super-linter-workflow-results-updated.png)
+{% else %}
+1. Expand the **Run Super-Linter** step to view the results.
+   ![Super linter workflow results](/assets/images/help/repository/super-linter-workflow-results.png)
+{% endif %}

data/reusables/repositories/view-run-superlinter.md

@@ -0,0 +1,2 @@
+1. From the list of workflow runs, click the name of the run you want to see.
+![Name of workflow run](/assets/images/help/repository/superlinter-run-name.png)

data/reusables/repositories/view-specific-line-superlinter.md

@@ -0,0 +1,7 @@
+{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.22" %}
+1. Optionally, to get a link to a specific line in the logs, click on the step's line number. You can then copy the link from the address bar of your web browser.
+  ![Button to copy link](/assets/images/help/repository/copy-link-button-updated.png)
+{% else %}
+1. Optionally, to get a link to a specific line in the logs, click on the step's line number. You can then copy the link from the address bar of your web browser.
+  ![Button to copy link](/assets/images/help/repository/copy-link-button.png)
+{% endif %}

data/reusables/webhooks/secret.md

@@ -1 +1 @@
-Setting a webhook secret allows you to ensure that `POST` requests sent to the payload URL are from GitHub. When you set a secret, you'll receive the `X-Hub-Signature` header in the webhook `POST` request. For more details on how to use the secret and the `X-Hub-Signature` header to secure your webhook payloads, see "[Securing your webhooks](/webhooks/securing/)."
+Setting a webhook secret allows you to ensure that `POST` requests sent to the payload URL are from {% data variables.product.product_name %}. When you set a secret, you'll receive the {% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.22" %}`X-Hub-Signature` and `X-Hub-Signature-256` headers{% else if currentVersion ver_lt "enterprise-server@2.23" %}`X-Hub-Signature` header{% else if currentVersion == "private-instances@latest" %}`X-Hub-Signature-256` header{% endif %} in the webhook `POST` request. For more information on how to use a secret with a signature header to secure your webhook payloads, see "[Securing your webhooks](/webhooks/securing/)."

package-lock.json

@@ -1144,9 +1144,9 @@
       }
     },
     "@github/rest-api-operations": {
-      "version": "3.1.0",
-      "resolved": "https://registry.npmjs.org/@github/rest-api-operations/-/rest-api-operations-3.1.0.tgz",
-      "integrity": "sha512-RszMVxIbGvey7pS1wUZ7yULUGH2SFQFYodsAv5X0oubWoJQSlmw1RGoyc8b2YeD/VD4Ljjrq73y3bhu+6eVOlg=="
+      "version": "3.1.1",
+      "resolved": "https://registry.npmjs.org/@github/rest-api-operations/-/rest-api-operations-3.1.1.tgz",
+      "integrity": "sha512-TrF+HIai+4RZq52faEEg92sstNk89VZNCcFUhPZ7sLnlrsEMuKu1Ls7lDDHKj2GgyiiMoL1iHADgzJBosfNnug=="
     },
     "@hapi/address": {
       "version": "2.1.4",

package.json

@@ -16,7 +16,7 @@
     "@github-docs/data-directory": "^1.2.0",
     "@github-docs/frontmatter": "^1.3.1",
     "@github-docs/render-content": "^5.0.0",
-    "@github/rest-api-operations": "^3.1.0",
+    "@github/rest-api-operations": "^3.1.1",
     "@octokit/rest": "^16.38.1",
     "@primer/css": "^15.1.0",
     "@primer/octicons": "^11.0.0",

script/README.md

@@ -307,7 +307,15 @@ This script is run as a git precommit hook (installed by husky after npm install
 
 ### [`preview-openapi-changes`](preview-openapi-changes)
 
+This script stitches and unstitches the `github/github` OpenAPI description via `rest-api-operations` to produce a local preview in docs-internal.  
 
+`github`, `rest-api-operations`, and `docs-internal` must share a parent directory locally.  
+
+You must bootstrap `github` for this script to work. To check if you need to bootstrap, check if the `bin` directory in `github` exists locally. If it does not exist, run `./script/bootstrap` from the `github` directory.  
+
+To stitch the repos together and do an npm build, pass the `stitch` argument.  
+
+To unstitch the repos and revert them to their pre-stitched state, pass the `unstitch` argument.  
 
 ---
 

script/preview-openapi-changes

@@ -1,6 +1,8 @@
 #!/bin/bash
 
-# Stitches and unstitches the github/github OpenAPI description via rest-api-operations to produce a local preview in docs-internal. This script should be placed in the directory that contains all three repos.
+# Stitches and unstitches the github/github OpenAPI description via rest-api-operations to produce a local preview in docs-internal.
+# `github`, `rest-api-operations`, and `docs-internal` must share a parent directory locally.  
+# You must bootstrap `github` for this script to work. To check if you need to bootstrap, check if the `bin` directory in `github` exists. If it does not exist, run `./script/bootstrap` from the `github` directory.  
 
 # Options:
 # stitch: stitches the repos together and does the npm builds
@@ -46,7 +48,7 @@ if [[ $OPTION == "stitch" ]]; then
   
   # Generate the deferenced OpenAPI files from github/github
   cd github
-  bin/dump-openapi-description /tmp/dump
+  bin/openapi bundle /tmp/dump
 
   # Copy the derefrenced json files into rest-api-operations and build them
   cd ../rest-api-operations

translations/de-DE/content/developers/apps/authenticating-with-github-apps.md

@@ -37,14 +37,14 @@ To generate a private key:
 {% endnote %}
 
 ### Verifying private keys
-{% data variables.product.product_name %} generates a fingerprint for each private and public key pair using a SHA-1 hash function. You can verify that your private key matches the public key stored on {% data variables.product.product_name %} by generating the fingerprint of your private key and comparing it to the fingerprint shown on {% data variables.product.product_name %}.
+{% data variables.product.product_name %} generates a fingerprint for each private and public key pair using the {% if currentVersion ver_lt "enterprise-server@2.23" %}SHA-1{% else %}SHA-256{% endif %} hash function. You can verify that your private key matches the public key stored on {% data variables.product.product_name %} by generating the fingerprint of your private key and comparing it to the fingerprint shown on {% data variables.product.product_name %}.
 
 To verify a private key:
 
 1. Find the fingerprint for the private and public key pair you want to verify in the "Private keys" section of your {% data variables.product.prodname_github_app %}'s developer settings page. For more information, see [Generating a private key](#generating-a-private-key). ![Private key fingerprint](/assets/images/github-apps/github_apps_private_key_fingerprint.png)
 2. Generate the fingerprint of your private key (PEM) locally by using the following command:
     ```shell
-    $ openssl rsa -in PATH_TO_PEM_FILE -pubout -outform DER | openssl sha1 -c
+    $ openssl rsa -in <em>PATH_TO_PEM_FILE</em> -pubout -outform DER | openssl {% if currentVersion ver_lt "enterprise-server@2.23" %}sha1 -c{% else %}sha256 -binary | openssl base64{% endif %}
     ```
 3. Compare the results of the locally generated fingerprint to the fingerprint you see in {% data variables.product.product_name %}.
 

translations/es-XL/content/developers/apps/authenticating-with-github-apps.md

@@ -37,14 +37,14 @@ Para generar una llave privada:
 {% endnote %}
 
 ### Verificar las llaves privadas
-{% data variables.product.product_name %} genera una huella digital para cada par de llaves pública y privada utilizando una función de hash SHA-1. Puedes verificar que tu llave privada empate con la llave pública almacenada en {% data variables.product.product_name %} generando la huella digital de tu llave privada y comparándola con la huella digital que se muestra en {% data variables.product.product_name %}.
+{% data variables.product.product_name %} genera una huella digital para cada par de llaves pública y privada utilizando una función de hash {% if currentVersion ver_lt "enterprise-server@2.23" %}SHA-1{% else %}SHA-256{% endif %}. Puedes verificar que tu llave privada empate con la llave pública almacenada en {% data variables.product.product_name %} generando la huella digital de tu llave privada y comparándola con la huella digital que se muestra en {% data variables.product.product_name %}.
 
 Para verificar una llave privada:
 
 1. Encuentra la huella digital del par de llaves pública y privada que quieras verificar en la sección "Llaves privadas" de tu página de configuración de desarrollador de {% data variables.product.prodname_github_app %}. Para obtener más información, consulta la sección [Generar una llave privada](#generating-a-private-key). ![Huella digital de llave privada](/assets/images/github-apps/github_apps_private_key_fingerprint.png)
 2. Genera la huella digital de tu llave privada (PEM) localmente utilizando el siguiente comando:
     ```shell
-    $ openssl rsa -in PATH_TO_PEM_FILE -pubout -outform DER | openssl sha1 -c
+    $ openssl rsa -in <em>PATH_TO_PEM_FILE</em> -pubout -outform DER | openssl {% if currentVersion ver_lt "enterprise-server@2.23" %}sha1 -c{% else %}sha256 -binary | openssl base64{% endif %}
     ```
 3. Compara los resultados de la huella digital generada localmente con aquella que ves en {% data variables.product.product_name %}.
 

translations/ja-JP/content/developers/apps/authenticating-with-github-apps.md

@@ -37,14 +37,14 @@ To generate a private key:
 {% endnote %}
 
 ### Verifying private keys
-{% data variables.product.product_name %} generates a fingerprint for each private and public key pair using a SHA-1 hash function. You can verify that your private key matches the public key stored on {% data variables.product.product_name %} by generating the fingerprint of your private key and comparing it to the fingerprint shown on {% data variables.product.product_name %}.
+{% data variables.product.product_name %} generates a fingerprint for each private and public key pair using the {% if currentVersion ver_lt "enterprise-server@2.23" %}SHA-1{% else %}SHA-256{% endif %} hash function. You can verify that your private key matches the public key stored on {% data variables.product.product_name %} by generating the fingerprint of your private key and comparing it to the fingerprint shown on {% data variables.product.product_name %}.
 
 To verify a private key:
 
 1. Find the fingerprint for the private and public key pair you want to verify in the "Private keys" section of your {% data variables.product.prodname_github_app %}'s developer settings page. For more information, see [Generating a private key](#generating-a-private-key). ![Private key fingerprint](/assets/images/github-apps/github_apps_private_key_fingerprint.png)
 2. Generate the fingerprint of your private key (PEM) locally by using the following command:
     ```shell
-    $ openssl rsa -in PATH_TO_PEM_FILE -pubout -outform DER | openssl sha1 -c
+    $ openssl rsa -in <em>PATH_TO_PEM_FILE</em> -pubout -outform DER | openssl {% if currentVersion ver_lt "enterprise-server@2.23" %}sha1 -c{% else %}sha256 -binary | openssl base64{% endif %}
     ```
 3. Compare the results of the locally generated fingerprint to the fingerprint you see in {% data variables.product.product_name %}.
 

translations/ko-KR/content/developers/apps/authenticating-with-github-apps.md

@@ -37,14 +37,14 @@ To generate a private key:
 {% endnote %}
 
 ### Verifying private keys
-{% data variables.product.product_name %} generates a fingerprint for each private and public key pair using a SHA-1 hash function. You can verify that your private key matches the public key stored on {% data variables.product.product_name %} by generating the fingerprint of your private key and comparing it to the fingerprint shown on {% data variables.product.product_name %}.
+{% data variables.product.product_name %} generates a fingerprint for each private and public key pair using the {% if currentVersion ver_lt "enterprise-server@2.23" %}SHA-1{% else %}SHA-256{% endif %} hash function. You can verify that your private key matches the public key stored on {% data variables.product.product_name %} by generating the fingerprint of your private key and comparing it to the fingerprint shown on {% data variables.product.product_name %}.
 
 To verify a private key:
 
 1. Find the fingerprint for the private and public key pair you want to verify in the "Private keys" section of your {% data variables.product.prodname_github_app %}'s developer settings page. For more information, see [Generating a private key](#generating-a-private-key). ![Private key fingerprint](/assets/images/github-apps/github_apps_private_key_fingerprint.png)
 2. Generate the fingerprint of your private key (PEM) locally by using the following command:
     ```shell
-    $ openssl rsa -in PATH_TO_PEM_FILE -pubout -outform DER | openssl sha1 -c
+    $ openssl rsa -in <em>PATH_TO_PEM_FILE</em> -pubout -outform DER | openssl {% if currentVersion ver_lt "enterprise-server@2.23" %}sha1 -c{% else %}sha256 -binary | openssl base64{% endif %}
     ```
 3. Compare the results of the locally generated fingerprint to the fingerprint you see in {% data variables.product.product_name %}.
 

translations/pt-BR/content/developers/apps/authenticating-with-github-apps.md

@@ -37,14 +37,14 @@ Para gerar uma chave privada:
 {% endnote %}
 
 ### Verificar chaves privadas
-O {% data variables.product.product_name %} gera uma impressão digital para cada par de chave privada e pública usando uma função hash SHA-1. Você pode verificar se a sua chave privada corresponde à chave pública armazenada no {% data variables.product.product_name %}, gerando a impressão digital da sua chave privada e comparando-a com a impressão digital exibida no {% data variables.product.product_name %}.
+O {% data variables.product.product_name %} gera uma impressão digital para cada par de chave privada e pública usando uma função hash {% if currentVersion ver_lt "enterprise-server@2.23" %}SHA-1{% else %}SHA-256{% endif %}. Você pode verificar se a sua chave privada corresponde à chave pública armazenada no {% data variables.product.product_name %}, gerando a impressão digital da sua chave privada e comparando-a com a impressão digital exibida no {% data variables.product.product_name %}.
 
 Para verificar uma chave privada:
 
 1. Encontre a impressão digital para o par de chaves privada e pública que deseja verificar na seção "Chaves privadas" da página de configurações de desenvolvedor do seu {% data variables.product.prodname_github_app %}. Para obter mais informações, consulte [Gerar uma chave privada](#generating-a-private-key). ![Impressão digital de chave privada](/assets/images/github-apps/github_apps_private_key_fingerprint.png)
 2. Gere a impressão digital da sua chave privada (PEM) localmente usando o comando a seguir:
     ```shell
-    $ openssl rsa -in PATH_TO_PEM_FILE -pubout -outform DER | openssl sha1 -c
+    $ openssl rsa -in <em>PATH_TO_PEM_FILE</em> -pubout -outform DER | openssl {% if currentVersion ver_lt "enterprise-server@2.23" %}sha1 -c{% else %}sha256 -binary | openssl base64{% endif %}
     ```
 3. Compare os resultados da impressão digital gerada localmente com a impressão digital que você vê no {% data variables.product.product_name %}.
 

translations/ru-RU/content/developers/apps/authenticating-with-github-apps.md

@@ -37,14 +37,14 @@ To generate a private key:
 {% endnote %}
 
 ### Verifying private keys
-{% data variables.product.product_name %} generates a fingerprint for each private and public key pair using a SHA-1 hash function. You can verify that your private key matches the public key stored on {% data variables.product.product_name %} by generating the fingerprint of your private key and comparing it to the fingerprint shown on {% data variables.product.product_name %}.
+{% data variables.product.product_name %} generates a fingerprint for each private and public key pair using the {% if currentVersion ver_lt "enterprise-server@2.23" %}SHA-1{% else %}SHA-256{% endif %} hash function. You can verify that your private key matches the public key stored on {% data variables.product.product_name %} by generating the fingerprint of your private key and comparing it to the fingerprint shown on {% data variables.product.product_name %}.
 
 To verify a private key:
 
 1. Find the fingerprint for the private and public key pair you want to verify in the "Private keys" section of your {% data variables.product.prodname_github_app %}'s developer settings page. For more information, see [Generating a private key](#generating-a-private-key). ![Private key fingerprint](/assets/images/github-apps/github_apps_private_key_fingerprint.png)
 2. Generate the fingerprint of your private key (PEM) locally by using the following command:
     ```shell
-    $ openssl rsa -in PATH_TO_PEM_FILE -pubout -outform DER | openssl sha1 -c
+    $ openssl rsa -in <em>PATH_TO_PEM_FILE</em> -pubout -outform DER | openssl {% if currentVersion ver_lt "enterprise-server@2.23" %}sha1 -c{% else %}sha256 -binary | openssl base64{% endif %}
     ```
 3. Compare the results of the locally generated fingerprint to the fingerprint you see in {% data variables.product.product_name %}.
 

translations/zh-CN/content/developers/apps/authenticating-with-github-apps.md

@@ -37,14 +37,14 @@ versions:
 {% endnote %}
 
 ### 验证私钥
-{% data variables.product.product_name %} 使用 SHA-1 哈希函数为每对私钥和公钥生成指纹。 您可以生成私钥指纹，然后与 {% data variables.product.product_name %} 显示的指纹相比较，以验证私钥是否与 {% data variables.product.product_name %} 上存储的公钥匹配。
+{% data variables.product.product_name %} 使用 {% if currentVersion ver_lt "enterprise-server@2.23" %}SHA-1{% else %}SHA-256{% endif %} 哈希函数为每对私钥和公钥生成指纹。 您可以生成私钥指纹，然后与 {% data variables.product.product_name %} 显示的指纹相比较，以验证私钥是否与 {% data variables.product.product_name %} 上存储的公钥匹配。
 
 要验证私钥：
 
 1. 在 {% data variables.product.prodname_github_app %} 开发者设置页面的“私钥”部分，查找要验证的私钥和公钥对的指纹。 更多信息请参阅[生成私钥](#generating-a-private-key)。 ![私钥指纹](/assets/images/github-apps/github_apps_private_key_fingerprint.png)
 2. Generate the fingerprint of your private key (PEM) locally by using the following command:
     ```shell
-    $ openssl rsa -in PATH_TO_PEM_FILE -pubout -outform DER | openssl sha1 -c
+    $ openssl rsa -in <em>PATH_TO_PEM_FILE</em> -pubout -outform DER | openssl {% if currentVersion ver_lt "enterprise-server@2.23" %}sha1 -c{% else %}sha256 -binary | openssl base64{% endif %}
     ```
 3. 比较本地生成的指纹结果与 {% data variables.product.product_name %} 中显示的指纹。