diff --git a/.github/workflows/azure-preview-env-deploy-public.yml b/.github/workflows/azure-preview-env-deploy-public.yml deleted file mode 100644 index cb571374edd2..000000000000 --- a/.github/workflows/azure-preview-env-deploy-public.yml +++ /dev/null @@ -1,172 +0,0 @@ -name: Azure - Deploy Preview Environment (public) - -# NOTE! This is specifically and only for github/docs. - -# **What it does**: Build and deploy an Azure preview environment for this PR in github/docs -# **Why we have it**: It's our preview environment deploy mechanism, to docs public repo -# **Who does it impact**: All open source contributors. - -# !!! -# ! This worflow has access to secrets, runs in the public repository, and clones untrusted user code. -# ! Modify with extreme caution -# !!! - -on: - pull_request_target: - # Note that if someone makes a PR that touches `Dockerfile` - # and `content/index.md`, this use of `paths` will still run. - # It would run even if we appended `- '!Dockerfile'` to the list. - # But if someone makes a PR that touches `Dockerfile` only, the - # workflow will not run. - paths: - - 'content/**' - - 'data/**' - - 'assets/**' - merge_group: - -permissions: - contents: read - deployments: write - -# This allows one deploy workflow to interrupt another -concurrency: - group: 'preview-env @ ${{ github.head_ref || github.run_id }} for ${{ github.event.number || inputs.PR_NUMBER }}' - cancel-in-progress: true - -jobs: - build-and-deploy-azure-preview-public: - name: Build and deploy Azure preview environment (public) - runs-on: ubuntu-latest - # Ensure this is actually a pull request and not a merge group - # If its a merge group, report success without doing anything - # See https://bit.ly/3qB9nZW > If a job in a workflow is skipped due to a conditional, it will report its status as "Success". - if: | - ( - (github.event.pull_request.head.sha) - && (github.event.number || github.run_id) - ) - && github.repository == 'github/docs' - timeout-minutes: 15 - environment: - name: preview-env-${{ github.event.number }} - # The environment variable is computer later in this job in - # the "Get preview app info" step. - # That script sets environment variables which is used by Actions - # to link a PR to a list of environments later. - url: ${{ env.APP_URL }} - env: - PR_NUMBER: ${{ github.event.number || github.run_id }} - COMMIT_REF: ${{ github.event.pull_request.head.sha }} - BRANCH_NAME: ${{ github.head_ref || github.ref_name }} - NONPROD_REGISTRY_USERNAME: ghdocs - - steps: - - name: 'Az CLI login' - uses: azure/login@6c251865b4e6290e7b78be643ea2d005bc51f69a # pin @v2 - with: - creds: ${{ secrets.NONPROD_AZURE_CREDENTIALS }} - - - name: 'Docker login' - uses: azure/docker-login@15c4aadf093404726ab2ff205b2cdd33fa6d054c - with: - login-server: ${{ secrets.NONPROD_REGISTRY_SERVER }} - username: ${{ env.NONPROD_REGISTRY_USERNAME }} - password: ${{ secrets.NONPROD_REGISTRY_PASSWORD }} - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db - - - name: Check out main branch - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - with: - ref: 'main' - persist-credentials: 'false' - - - name: Get preview app info - env: - APP_NAME_SEED: ${{ secrets.PREVIEW_ENV_NAME_SEED }} - run: src/workflows/get-preview-app-info.sh - - - name: 'Set env vars' - run: | - # Image tag is unique to each workflow run so that it always triggers a new deployment - echo "DOCKER_IMAGE=${{ secrets.NONPROD_REGISTRY_SERVER }}/${IMAGE_REPO}:${{ env.COMMIT_REF }}-${{ github.run_number }}-${{ github.run_attempt }}" >> $GITHUB_ENV - - - name: Check out user code to temp directory - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - with: - path: ./user-code - ref: ${{ env.COMMIT_REF }} - - # Move acceptable user changes into our main branch checkout - - name: Move acceptable user changes - run: | - # Make sure recursive path expansion is enabled - shopt -s globstar - rsync -rptovR ./user-code/content/./**/*.md ./content - rsync -rptovR ./user-code/assets/./**/*.png ./assets - rsync -rptovR ./user-code/data/./**/*.{yml,md} ./data - - - uses: ./.github/actions/warmup-remotejson-cache - with: - restore-only: true - - - uses: ./.github/actions/precompute-pageinfo - with: - restore-only: true - - # In addition to making the final image smaller, we also save time by not sending unnecessary files to the docker build context - - name: 'Prune for preview env' - run: src/workflows/prune-for-preview-env.sh - - - name: 'Build and push image' - uses: docker/build-push-action@16ebe778df0e7752d2cfcbd924afdbbd89c1a755 - with: - context: . - file: Dockerfile.azure - push: true - target: preview - tags: ${{ env.DOCKER_IMAGE }} - # we only pull the `main` cache image - cache-from: type=registry,ref=${{ secrets.NONPROD_REGISTRY_SERVER }}/${{ github.repository }}:main-preview - # `main-docker-cache.yml` handles updating the remote cache so we don't pollute it with PR specific code - cache-to: '' - build-args: | - BUILD_SHA=${{ env.COMMIT_REF }} - - # Succeed despite any non-zero exit code (e.g. if there is no deployment to cancel) - - name: 'Cancel any existing deployments for this PR' - run: | - az deployment group cancel --name ${{ env.DEPLOYMENT_NAME }} -g ${{ secrets.PREVIEW_ENV_RESOURCE_GROUP }} || true - - # Deploy ARM template is idempotent - # Note: once the resources exist the image tag must change for a new deployment to occur (the image tag includes workflow run number, run attempt, as well as sha) - - name: Run ARM deploy - uses: azure/arm-deploy@a1361c2c2cd398621955b16ca32e01c65ea340f5 - with: - scope: resourcegroup - resourceGroupName: ${{ secrets.PREVIEW_ENV_RESOURCE_GROUP }} - subscriptionId: ${{ secrets.NONPROD_SUBSCRIPTION_ID }} - template: ./src/workflows/azure-preview-env-template.json - deploymentName: ${{ env.DEPLOYMENT_NAME }} - parameters: appName="${{ env.APP_NAME }}" - containerImage="${{ env.DOCKER_IMAGE }}" - dockerRegistryUrl="${{ secrets.NONPROD_REGISTRY_SERVER }}" - dockerRegistryUsername="${{ env.NONPROD_REGISTRY_USERNAME }}" - dockerRegistryPassword="${{ secrets.NONPROD_REGISTRY_PASSWORD }}" - - - name: Check that it can be reached - # This introduces a necessary delay. Because the preview evironment - # URL is announced to the pull request as soon as all the steps - # finish, what sometimes happens is that a viewer of the PR clicks - # that link too fast and are confronted with a broken page. - # It's because there's a delay between the `azure/arm-deploy` - # and when the server is actually started and can receive and - # process requests. - # By introducing a slight "delay" here we avoid announcing a - # preview environment URL that isn't actually working just yet. - # Note the use of `--fail`. It which means that if it actually - # did connect but the error code was >=400, the command will fail. - # The `--fail --retry N` combination means that a 4xx response - # code will exit immediately but a 5xx will exhaust the retries. - run: curl --fail --retry-connrefused --retry 5 -I ${{ env.APP_URL }} diff --git a/.github/workflows/azure-preview-env-deploy.yml b/.github/workflows/azure-preview-env-deploy.yml deleted file mode 100644 index 63e42e4c0a27..000000000000 --- a/.github/workflows/azure-preview-env-deploy.yml +++ /dev/null @@ -1,223 +0,0 @@ -name: Azure - Deploy Preview Environment (private) - -# NOTE! This is specifically and only for github/docs-internal. - -# **What it does**: Build and deploy an Azure preview environment for this PR in github/docs-internal -# **Why we have it**: It's our preview environment deploy mechanism, to docs-internal repo -# **Who does it impact**: Writ-access contributors. - -on: - # The advantage of 'pull_request' over 'pull_request_target' is that we - # can make changes to this file and test them in a pull request, instead - # of relying on landing it in 'main' first. - # From a security point of view, its arguably safer this way because - # unlike 'pull_request_target', these only have secrets if the pull - # request creator has permission to access secrets. - pull_request_target: - merge_group: - workflow_dispatch: - inputs: - PR_NUMBER: - description: 'PR Number' - type: string - required: true - COMMIT_REF: - description: 'The commit SHA to build' - type: string - required: true - WITH_TRANSLATIONS: - description: 'With translations' - required: true - type: boolean -permissions: - contents: read - deployments: write - -# This allows one deploy workflow to interrupt another -concurrency: - group: 'preview-env @ ${{ github.head_ref || github.run_id }} for ${{ github.event.number || inputs.PR_NUMBER }}' - cancel-in-progress: true - -jobs: - build-and-deploy-azure-preview: - name: Build and deploy Azure preview environment - runs-on: ubuntu-latest - # Ensure this is actually a pull request and not a merge group - # If its a merge group, report success without doing anything - # See https://bit.ly/3qB9nZW > If a job in a workflow is skipped due to a conditional, it will report its status as "Success". - if: | - ( - (github.event.pull_request.head.sha || inputs.COMMIT_REF) - && (github.event.number || inputs.PR_NUMBER || github.run_id) - ) - && github.repository == 'github/docs-internal' - timeout-minutes: 15 - environment: - name: preview-env-${{ github.event.number }} - # The environment variable is computer later in this job in - # the "Get preview app info" step. - # That script sets environment variables which is used by Actions - # to link a PR to a list of environments later. - url: ${{ env.APP_URL }} - env: - PR_NUMBER: ${{ github.event.number || inputs.PR_NUMBER || github.run_id }} - COMMIT_REF: ${{ github.event.pull_request.head.sha || inputs.COMMIT_REF }} - BRANCH_NAME: ${{ github.head_ref || github.ref_name }} - NONPROD_REGISTRY_USERNAME: ghdocsinternal - - steps: - - name: 'Az CLI login' - uses: azure/login@6c251865b4e6290e7b78be643ea2d005bc51f69a # pin @v2 - with: - creds: ${{ secrets.NONPROD_AZURE_CREDENTIALS }} - - - name: 'Docker login' - uses: azure/docker-login@15c4aadf093404726ab2ff205b2cdd33fa6d054c - with: - login-server: ${{ secrets.NONPROD_REGISTRY_SERVER }} - username: ${{ env.NONPROD_REGISTRY_USERNAME }} - password: ${{ secrets.NONPROD_REGISTRY_PASSWORD }} - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db - - - name: Check out PR code - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - with: - ref: ${{ env.COMMIT_REF }} - # To prevent issues with cloning early access content later - persist-credentials: 'false' - - - name: Get preview app info - env: - APP_NAME_SEED: ${{ secrets.PREVIEW_ENV_NAME_SEED }} - run: src/workflows/get-preview-app-info.sh - - - name: 'Set env vars' - run: | - # Image tag is unique to each workflow run so that it always triggers a new deployment - echo "DOCKER_IMAGE=${{ secrets.NONPROD_REGISTRY_SERVER }}/${IMAGE_REPO}:${{ env.COMMIT_REF }}-${{ github.run_number }}-${{ github.run_attempt }}" >> $GITHUB_ENV - - - name: Determine which docs-early-access branch to clone - id: 'check-early-access' - uses: actions/github-script@e69ef5462fd455e02edcaf4dd7708eda96b9eda0 - env: - BRANCH_NAME: ${{ env.BRANCH_NAME }} - with: - github-token: ${{ secrets.DOCS_BOT_PAT_READPUBLICKEY }} - result-encoding: string - script: | - const { BRANCH_NAME } = process.env - - try { - const { status } = await github.request('GET /repos/{owner}/{repo}/branches/{branch}', { - owner: 'github', - repo: 'docs-early-access', - branch: BRANCH_NAME, - }) - - if (status !== 200) { - throw new Error('Received non-200 response from branch GET request') - } - - console.log(`Using docs-early-access branch '${BRANCH_NAME}'`) - return BRANCH_NAME - } catch (e) { - console.log(`Failed to get docs-early-access branch '${BRANCH_NAME}', 'main' will be used instead.`) - return 'main' - } - - - name: Clone docs-early-access - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - with: - repository: github/docs-early-access - token: ${{ secrets.DOCS_BOT_PAT_READPUBLICKEY }} - path: docs-early-access - ref: ${{ steps.check-early-access.outputs.result }} - - - name: Merge docs-early-access repo's folders - run: src/early-access/scripts/merge-early-access.sh - - - name: Determine if we should include translations? - uses: actions/github-script@e69ef5462fd455e02edcaf4dd7708eda96b9eda0 - id: with-translations - with: - script: | - if (process.env.IS_INTERNAL_BUILD !== 'true') return false - if (context.eventName === "workflow_dispatch") { - return context.payload.inputs.WITH_TRANSLATIONS === 'true' - } - // This works for pull_request_target too - if (context.payload.pull_request?.labels) { - return context.payload.pull_request.labels.map(label => label.name).includes('preview-with-translations') - } - return false - - - if: ${{ steps.with-translations.outputs.result == 'true' }} - uses: ./.github/actions/clone-translations - with: - token: ${{ secrets.DOCS_BOT_PAT_READPUBLICKEY }} - - - uses: ./.github/actions/warmup-remotejson-cache - with: - restore-only: true - - - uses: ./.github/actions/precompute-pageinfo - with: - restore-only: true - - # In addition to making the final image smaller, we also save time by not sending unnecessary files to the docker build context - - name: 'Prune for preview env' - run: src/workflows/prune-for-preview-env.sh - - - name: 'Build and push image' - uses: docker/build-push-action@16ebe778df0e7752d2cfcbd924afdbbd89c1a755 - with: - context: . - file: Dockerfile.azure - push: true - target: ${{ steps.with-translations.outputs.result == 'true' && 'production' || 'preview' }} - tags: ${{ env.DOCKER_IMAGE }} - # we only pull the `main` cache image - cache-from: type=registry,ref=${{ secrets.NONPROD_REGISTRY_SERVER }}/${{ github.repository }}:main-preview - # `main-docker-cache.yml` handles updating the remote cache so we don't pollute it with PR specific code - cache-to: '' - build-args: | - BUILD_SHA=${{ env.COMMIT_REF }} - - # Succeed despite any non-zero exit code (e.g. if there is no deployment to cancel) - - name: 'Cancel any existing deployments for this PR' - run: | - az deployment group cancel --name ${{ env.DEPLOYMENT_NAME }} -g ${{ secrets.PREVIEW_ENV_RESOURCE_GROUP }} || true - - # Deploy ARM template is idempotent - # Note: once the resources exist the image tag must change for a new deployment to occur (the image tag includes workflow run number, run attempt, as well as sha) - - name: Run ARM deploy - uses: azure/arm-deploy@a1361c2c2cd398621955b16ca32e01c65ea340f5 - with: - scope: resourcegroup - resourceGroupName: ${{ secrets.PREVIEW_ENV_RESOURCE_GROUP }} - subscriptionId: ${{ secrets.NONPROD_SUBSCRIPTION_ID }} - template: ./src/workflows/azure-preview-env-template.json - deploymentName: ${{ env.DEPLOYMENT_NAME }} - parameters: appName="${{ env.APP_NAME }}" - containerImage="${{ env.DOCKER_IMAGE }}" - dockerRegistryUrl="${{ secrets.NONPROD_REGISTRY_SERVER }}" - dockerRegistryUsername="${{ env.NONPROD_REGISTRY_USERNAME }}" - dockerRegistryPassword="${{ secrets.NONPROD_REGISTRY_PASSWORD }}" - - - name: Check that it can be reached - # This introduces a necessary delay. Because the preview evironment - # URL is announced to the pull request as soon as all the steps - # finish, what sometimes happens is that a viewer of the PR clicks - # that link too fast and are confronted with a broken page. - # It's because there's a delay between the `azure/arm-deploy` - # and when the server is actually started and can receive and - # process requests. - # By introducing a slight "delay" here we avoid announcing a - # preview environment URL that isn't actually working just yet. - # Note the use of `--fail`. It which means that if it actually - # did connect but the error code was >=400, the command will fail. - # The `--fail --retry N` combination means that a 4xx response - # code will exit immediately but a 5xx will exhaust the retries. - run: curl --fail --retry-connrefused --retry 5 -I ${{ env.APP_URL }} diff --git a/.github/workflows/azure-preview-env-destroy.yml b/.github/workflows/azure-preview-env-destroy.yml deleted file mode 100644 index 382836eb41b4..000000000000 --- a/.github/workflows/azure-preview-env-destroy.yml +++ /dev/null @@ -1,73 +0,0 @@ -name: Azure - Destroy Preview Env - -# **What it does**: Destroys resources associated with a PRs Azure preview environment -# **Why we have it**: Closed PRs don't need apps -# **Who does it impact**: All contributors. - -on: - # Required in lieu of `pull_request` so that PRs created from forks can destroy the preview environment. - pull_request_target: - types: - - closed - - locked - workflow_dispatch: - inputs: - PR_NUMBER: - description: 'PR Number' - type: string - required: true - -permissions: - contents: read - -# This allows one deploy workflow to interrupt another -concurrency: - group: 'preview-env @ ${{ github.head_ref || github.run_id }} for ${{ github.event.number || inputs.PR_NUMBER }}' - cancel-in-progress: true - -jobs: - destroy-azure-preview-env: - name: Destroy - runs-on: ubuntu-latest - if: github.repository == 'github/docs-internal' || github.repository == 'github/docs' - timeout-minutes: 5 - env: - PR_NUMBER: ${{ github.event.number || inputs.PR_NUMBER }} - - steps: - - name: 'Az CLI login' - uses: azure/login@6c251865b4e6290e7b78be643ea2d005bc51f69a # pin @v2 - with: - creds: ${{ secrets.NONPROD_AZURE_CREDENTIALS }} - - - name: Check out repo - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - - name: Get preview app info - env: - APP_NAME_SEED: ${{ secrets.PREVIEW_ENV_NAME_SEED }} - run: src/workflows/get-preview-app-info.sh - - # Succeed despite any non-zero exit code (e.g. if there is no deployment to cancel) - - name: 'Cancel any in progress deployments' - run: | - az deployment group cancel --name ${{ env.DEPLOYMENT_NAME }} -g ${{ secrets.PREVIEW_ENV_RESOURCE_GROUP }} || true - - # Delete web app (which will also delete the App Service plan) - # This will succeed even if the app doesn't exist / has already been deleted - - name: 'Delete App Service App (which will also delete the App Service plan)' - run: | - az container delete -n ${{ env.APP_NAME }} -g ${{ secrets.PREVIEW_ENV_RESOURCE_GROUP }} -y - - # Untag all images under this PR's container registry repo - the container registry will automatically remove untagged images. - # This will fail if the IMAGE_REPO doesn't exist, but we don't care - - name: 'Untag all docker images for this PR' - run: | - az acr repository delete -n ${{ secrets.NONPROD_REGISTRY_SERVER }} --repository ${{ env.IMAGE_REPO }} -y || true - - # Remove all GitHub deployments from this environment and remove the environment - - uses: strumwolf/delete-deployment-environment@a4825dd9648c57da8437a4885c3fcad58beac69c - with: - # The token provided by the workflow does not have the permissions to delete created environments - token: ${{ secrets.DOCS_BOT_PAT_READPUBLICKEY }} - environment: preview-env-${{ env.PR_NUMBER }} diff --git a/.github/workflows/azure-prod-build-deploy.yml b/.github/workflows/azure-prod-build-deploy.yml deleted file mode 100644 index 9a09b5f18599..000000000000 --- a/.github/workflows/azure-prod-build-deploy.yml +++ /dev/null @@ -1,137 +0,0 @@ -name: Azure Production - Build and Deploy - -# **What it does**: Builds and deploys the default branch to production -# **Why we have it**: To enable us to deploy the latest to production whenever necessary rather than relying on PR merges. -# **Who does it impact**: All contributors. - -on: - workflow_dispatch: - -permissions: - contents: read - deployments: write - -# This allows a subsequently queued workflow run to take priority over -# previously queued runs but NOT interrupt currently executing runs -concurrency: - group: '${{ github.workflow }}' - cancel-in-progress: false - -jobs: - azure-prod-build-and-deploy: - if: ${{ github.repository == 'github/docs-internal' }} - runs-on: ubuntu-20.04-xl - timeout-minutes: 20 - environment: - name: production - url: 'https://docs.github.com' - env: - DOCKER_IMAGE: ${{ secrets.PROD_REGISTRY_SERVER }}/${{ github.repository }}:${{ github.sha }} - DOCKER_IMAGE_CACHE_REF: ${{ secrets.PROD_REGISTRY_SERVER }}/${{ github.repository }}:main-production - RESOURCE_GROUP_NAME: docs-prod - APP_SERVICE_NAME: ghdocs-prod - SLOT_NAME: canary - ACR_TOKEN_NAME: acrToken - - steps: - - name: 'Az CLI login' - uses: azure/login@6c251865b4e6290e7b78be643ea2d005bc51f69a # pin @v2 - with: - creds: ${{ secrets.PROD_AZURE_CREDENTIALS }} - - - name: Check out repo - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - with: - ref: ${{ github.sha }} - # To prevent issues with cloning early access content later - persist-credentials: 'false' - - - name: Setup Node.js - uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2 - with: - node-version-file: 'package.json' - cache: npm - - # We need this to run a few scripts that were easier to write in JS/TS - - name: Install dependencies - run: npm install - - # Create a temporary token for the Azure Container Registry - # and set it as a GitHub Actions environment variable - # Created token are viewable in the ACR resource UI - # under Repository permissions > Tokens - - name: 'Create Azure Container Registry Token' - env: - CONTAINER_REGISTRY_SERVER: ${{ secrets.PROD_REGISTRY_SERVER }} - run: npm run create-acr-token - - - name: 'Docker login' - uses: azure/docker-login@15c4aadf093404726ab2ff205b2cdd33fa6d054c - with: - login-server: ${{ secrets.PROD_REGISTRY_SERVER }} - username: ${{ env.ACR_TOKEN_NAME }} - password: ${{ env.ACR_TOKEN_VALUE }} - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db - - - name: Clone docs-early-access - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - with: - repository: github/docs-early-access - token: ${{ secrets.DOCS_BOT_PAT_READPUBLICKEY }} - path: docs-early-access - - - name: Merge docs-early-access repo's folders - run: src/early-access/scripts/merge-early-access.sh - - - uses: ./.github/actions/warmup-remotejson-cache - with: - restore-only: true - - - uses: ./.github/actions/precompute-pageinfo - with: - restore-only: true - - - uses: ./.github/actions/clone-translations - with: - token: ${{ secrets.DOCS_BOT_PAT_READPUBLICKEY }} - - - name: 'Build and push image' - uses: docker/build-push-action@16ebe778df0e7752d2cfcbd924afdbbd89c1a755 - with: - context: . - file: Dockerfile.azure - push: true - target: production - tags: ${{ env.DOCKER_IMAGE }}, ${{ env.DOCKER_IMAGE_CACHE_REF }} - cache-from: type=registry,ref=${{ env.DOCKER_IMAGE_CACHE_REF }} - cache-to: type=registry,mode=max,ref=${{ env.DOCKER_IMAGE_CACHE_REF }} - build-args: | - BUILD_SHA=${{ github.sha }} - - - name: 'Update docker-compose.prod.yaml template file' - run: | - sed 's|#{IMAGE}#|${{ env.DOCKER_IMAGE }}|g' src/workflows/docker-compose.prod.tmpl.yaml > docker-compose.prod.yaml - - - name: 'Apply updated docker-compose.prod.yaml config to canary slot' - run: | - az webapp config container set --multicontainer-config-type COMPOSE --multicontainer-config-file docker-compose.prod.yaml --slot ${{ env.SLOT_NAME }} -n ${{ env.APP_SERVICE_NAME }} -g ${{ env.RESOURCE_GROUP_NAME }} - - # Watch canary slot instances to see when all the instances are ready - - name: Check that canary slot is ready - env: - CHECK_INTERVAL: 10000 - EXPECTED_SHA: ${{ github.sha }} - CANARY_BUILD_URL: https://ghdocs-prod-canary.azurewebsites.net/_build - run: npm run check-canary-slots - - - name: 'Swap canary slot to production' - run: | - az webapp deployment slot swap --slot ${{ env.SLOT_NAME }} --target-slot production -n ${{ env.APP_SERVICE_NAME }} -g ${{ env.RESOURCE_GROUP_NAME }} - - - uses: ./.github/actions/slack-alert - if: ${{ failure() && github.event_name != 'workflow_dispatch' }} - with: - slack_channel_id: ${{ secrets.DOCS_ALERTS_SLACK_CHANNEL_ID }} - slack_token: ${{ secrets.SLACK_DOCS_BOT_TOKEN }} diff --git a/.github/workflows/azure-staging-build-deploy.yml b/.github/workflows/azure-staging-build-deploy.yml deleted file mode 100644 index 24cf895746c9..000000000000 --- a/.github/workflows/azure-staging-build-deploy.yml +++ /dev/null @@ -1,122 +0,0 @@ -name: Azure Staging - Build and Deploy - -# **What it does**: Builds and deploys a branch/PR to staging -# **Why we have it**: To enable us to deploy a branch/PR to staging whenever necessary -# **Who does it impact**: All contributors. - -on: - workflow_dispatch: - inputs: - PR_NUMBER: - description: 'PR Number' - type: string - required: true - COMMIT_REF: - description: 'The commit SHA to build' - type: string - required: true - -permissions: - contents: read - deployments: write - -# This allows a subsequently queued workflow run to take priority over -# previously queued runs but NOT interrupt currently executing runs -concurrency: - group: 'staging-env @ ${{ github.head_ref || github.run_id }} for ${{ github.event.number || inputs.PR_NUMBER }}' - cancel-in-progress: true - -jobs: - azure-staging-build-and-deploy: - if: ${{ github.repository == 'github/docs-internal' }} - runs-on: ubuntu-latest - timeout-minutes: 20 - environment: - # TODO: Update name and url to point to a specific slot for the branch/PR - name: staging-env - url: ${{ env.APP_URL }} - env: - PR_NUMBER: ${{ github.event.number || inputs.PR_NUMBER || github.run_id }} - COMMIT_REF: ${{ github.event.pull_request.head.sha || inputs.COMMIT_REF }} - IMAGE_REPO: ${{ github.repository }}/pr-${{ github.event.number || inputs.PR_NUMBER || github.run_id }} - RESOURCE_GROUP_NAME: docs-staging - APP_SERVICE_NAME: ghdocs-staging - SLOT_NAME: canary - - steps: - - name: 'Az CLI login' - uses: azure/login@6c251865b4e6290e7b78be643ea2d005bc51f69a # pin @v2 - with: - creds: ${{ secrets.PROD_AZURE_CREDENTIALS }} - - - name: 'Docker login' - uses: azure/docker-login@15c4aadf093404726ab2ff205b2cdd33fa6d054c - with: - login-server: ${{ secrets.NONPROD_REGISTRY_SERVER }} - username: ${{ secrets.NONPROD_REGISTRY_USERNAME }} - password: ${{ secrets.NONPROD_REGISTRY_PASSWORD }} - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db - - - name: Check out repo - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - with: - ref: ${{ env.COMMIT_REF }} - # To prevent issues with cloning early access content later - persist-credentials: 'false' - - - name: 'Set env vars' - run: | - # Set APP_URL - echo "APP_URL=${{ secrets.STAGING_APP_URL }}" >> $GITHUB_ENV - # Image tag is unique to each workflow run so that it always triggers a new deployment - echo "DOCKER_IMAGE=${{ secrets.NONPROD_REGISTRY_SERVER }}/${{ env.IMAGE_REPO }}:${{ env.COMMIT_REF }}-${{ github.run_number }}-${{ github.run_attempt }}" >> $GITHUB_ENV - - - name: Setup Node.js - uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2 - with: - node-version-file: 'package.json' - cache: npm - - - name: Clone docs-early-access - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - with: - repository: github/docs-early-access - token: ${{ secrets.DOCS_BOT_PAT_READPUBLICKEY }} - path: docs-early-access - ref: main - - - name: Merge docs-early-access repo's folders - run: src/early-access/scripts/merge-early-access.sh - - - name: 'Build and push image' - uses: docker/build-push-action@16ebe778df0e7752d2cfcbd924afdbbd89c1a755 - with: - context: . - file: Dockerfile.azure - push: true - target: production - tags: ${{ env.DOCKER_IMAGE }} - build-args: | - BUILD_SHA=${{ env.COMMIT_REF }} - - - name: 'Update docker-compose.staging.yaml template file' - run: | - sed 's|#{IMAGE}#|${{ env.DOCKER_IMAGE }}|g' src/workflows/docker-compose.staging.tmpl.yaml > docker-compose.staging.yaml - - - name: 'Apply updated docker-compose.staging.yaml config to deployment slot' - run: | - az webapp config container set --multicontainer-config-type COMPOSE --multicontainer-config-file docker-compose.staging.yaml --slot ${{ env.SLOT_NAME }} -n ${{ env.APP_SERVICE_NAME }} -g ${{ env.RESOURCE_GROUP_NAME }} - - # Watch deployment slot instances to see when all the instances are ready - - name: Check that deployment slot is ready - env: - CHECK_INTERVAL: 10000 - EXPECTED_SHA: ${{ github.sha }} - CANARY_BUILD_URL: https://ghdocs-staging-canary.azurewebsites.net/_build - run: npm run check-canary-slots - - - name: 'Swap deployment slot to production' - run: | - az webapp deployment slot swap --slot ${{ env.SLOT_NAME }} --target-slot production -n ${{ env.APP_SERVICE_NAME }} -g ${{ env.RESOURCE_GROUP_NAME }} diff --git a/.github/workflows/main-preview-docker-cache.yml b/.github/workflows/main-preview-docker-cache.yml deleted file mode 100644 index 35c386a16d1b..000000000000 --- a/.github/workflows/main-preview-docker-cache.yml +++ /dev/null @@ -1,85 +0,0 @@ -name: Build and Push Main Preview Env Docker Cache - -# **What it does**: Builds and pushes the `main` Docker cache image -# **Why we have it**: It allows PRs using the registry cache to pull a pre-built image, which should speed up the build -# **Who does it impact**: All contributors. - -on: - push: - branches: - - main - -permissions: - contents: read - -# This allows a subsequently queued workflow run to take priority over -# previously queued runs and interrupt currently executing runs -concurrency: - group: '${{ github.workflow }}' - cancel-in-progress: true - -jobs: - build-and-push-nonprod-cache: - if: ${{ github.repository == 'github/docs-internal' || github.repository == 'github/docs' }} - runs-on: ubuntu-latest - timeout-minutes: 15 - env: - ENABLE_EARLY_ACCESS: ${{ github.repository == 'github/docs-internal' }} - DOCKER_IMAGE_CACHE_REF: ${{ secrets.NONPROD_REGISTRY_SERVER }}/${{ github.repository }}:main-preview - NONPROD_REGISTRY_USERNAME: ${{ fromJSON('["ghdocs", "ghdocsinternal"]')[github.repository == 'github/docs-internal'] }} - - steps: - - name: 'Az CLI login' - uses: azure/login@6c251865b4e6290e7b78be643ea2d005bc51f69a # pin @v2 - with: - creds: ${{ secrets.NONPROD_AZURE_CREDENTIALS }} - - - name: 'Docker login' - uses: azure/docker-login@15c4aadf093404726ab2ff205b2cdd33fa6d054c - with: - login-server: ${{ secrets.NONPROD_REGISTRY_SERVER }} - username: ${{ env.NONPROD_REGISTRY_USERNAME }} - password: ${{ secrets.NONPROD_REGISTRY_PASSWORD }} - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db - - - name: Check out repo - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - with: - # To prevent issues with cloning early access content later - persist-credentials: 'false' - - - if: ${{ env.ENABLE_EARLY_ACCESS }} - name: Clone docs-early-access - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - with: - repository: github/docs-early-access - token: ${{ secrets.DOCS_BOT_PAT_READPUBLICKEY }} - path: docs-early-access - ref: main - - - if: ${{ env.ENABLE_EARLY_ACCESS }} - name: Merge docs-early-access repo's folders - run: src/early-access/scripts/merge-early-access.sh - - # In addition to making the final image smaller, we also save time by not sending unnecessary files to the docker build context - - name: 'Prune for preview env' - run: src/workflows/prune-for-preview-env.sh - - - name: 'Build and push image' - uses: docker/build-push-action@16ebe778df0e7752d2cfcbd924afdbbd89c1a755 - with: - context: . - file: Dockerfile.azure - push: true - target: preview - tags: ${{ env.DOCKER_IMAGE_CACHE_REF }} - cache-from: type=registry,ref=${{ env.DOCKER_IMAGE_CACHE_REF }} - cache-to: type=registry,mode=max,ref=${{ env.DOCKER_IMAGE_CACHE_REF }} - - - uses: ./.github/actions/slack-alert - if: ${{ failure() }} - with: - slack_channel_id: ${{ secrets.DOCS_ALERTS_SLACK_CHANNEL_ID }} - slack_token: ${{ secrets.SLACK_DOCS_BOT_TOKEN }} diff --git a/content/account-and-profile/setting-up-and-managing-your-github-profile/customizing-your-profile/using-your-github-profile-to-enhance-your-resume.md b/content/account-and-profile/setting-up-and-managing-your-github-profile/customizing-your-profile/using-your-github-profile-to-enhance-your-resume.md index ac50ae68e4d3..d6a1d4a9a8da 100644 --- a/content/account-and-profile/setting-up-and-managing-your-github-profile/customizing-your-profile/using-your-github-profile-to-enhance-your-resume.md +++ b/content/account-and-profile/setting-up-and-managing-your-github-profile/customizing-your-profile/using-your-github-profile-to-enhance-your-resume.md @@ -42,9 +42,7 @@ To create your profile README, see [AUTOTITLE](/account-and-profile/setting-up-a Pick 3-5 projects to highlight by "pinning" them on your profile. Repositories you pin will be prominently displayed, allowing you to direct hiring managers' attention to the projects you're most proud of. -For the best chances at an interview, pick projects that show your diverse skills and are relevant to your specific job search. - -If possible, pin some projects you created and some that you contributed to: +For the best chances at an interview, pick projects that show your diverse skills and are relevant to your specific job search. If possible, pin some projects you created and some that you contributed to: * Projects you own are fully under your control, so you can improve them using of the steps below. * Open source projects highlight your ability to collaborate with others. diff --git a/data/features/2fa-reconfiguration-inline-update.yml b/data/features/2fa-reconfiguration-inline-update.yml deleted file mode 100644 index 5cbfff324cac..000000000000 --- a/data/features/2fa-reconfiguration-inline-update.yml +++ /dev/null @@ -1,6 +0,0 @@ -# Reference: #9087 - -versions: - fpt: '*' - ghec: '*' - ghes: '> 3.8' diff --git a/data/features/actions-break-glass.yml b/data/features/actions-break-glass.yml deleted file mode 100644 index 6514d5fb6a58..000000000000 --- a/data/features/actions-break-glass.yml +++ /dev/null @@ -1,6 +0,0 @@ -# Reference: #9225 -# Documentation for Actions break glass feature (bypass branch protection rules) -versions: - fpt: '*' - ghec: '*' - ghes: '>=3.9' diff --git a/data/features/actions-cache-list-delete-apis.yml b/data/features/actions-cache-list-delete-apis.yml deleted file mode 100644 index d8e9b5a9c7b4..000000000000 --- a/data/features/actions-cache-list-delete-apis.yml +++ /dev/null @@ -1,7 +0,0 @@ -# Reference: #7340 -# Extends actions-cache-management.yml (Issue #6154) -# Documentation for Actions cache list and delete APIs -versions: - fpt: '*' - ghec: '*' - ghes: '> 3.6' diff --git a/data/features/actions-cache-management.yml b/data/features/actions-cache-management.yml deleted file mode 100644 index 288becb2b0f7..000000000000 --- a/data/features/actions-cache-management.yml +++ /dev/null @@ -1,6 +0,0 @@ -# Reference: #6154 -# Documentation for Actions cache management APIs (initial ship) -versions: - fpt: '*' - ghec: '*' - ghes: '> 3.4' diff --git a/data/features/actions-cache-policy-apis.yml b/data/features/actions-cache-policy-apis.yml deleted file mode 100644 index a6907f27759c..000000000000 --- a/data/features/actions-cache-policy-apis.yml +++ /dev/null @@ -1,4 +0,0 @@ -# Reference: #6456 -# APIs to set default and max cache sizes. Only for GHES. -versions: - ghes: '>=3.5' diff --git a/data/release-notes/enterprise-server/3-11/17.yml b/data/release-notes/enterprise-server/3-11/17.yml index f63cd8ab3cdf..e02c2a2f26e1 100644 --- a/data/release-notes/enterprise-server/3-11/17.yml +++ b/data/release-notes/enterprise-server/3-11/17.yml @@ -1,6 +1,8 @@ date: '2024-11-07' sections: security_fixes: + - | + **HIGH**: An attacker could leak sensitive data from the DOM by injecting malicious input through the `identity` parameter in `querySelector` handling. This allows the attacker to dynamically embed a hidden iframe on the page and exfiltrate data from DOM attributes. To execute the attack, the victim must be logged into GitHub and interact with the attacker controlled malicious webpage containing the hidden iframe. GitHub has requested CVE ID [CVE-2024-10001](https://www.cve.org/cverecord?id=CVE-2024-10001) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/). [Updated: 2025-01-27] - | **HIGH**: An attacker could bypass SAML single sign-on (SSO) authentication with the optional encrypted assertions feature, allowing unauthorized provisioning of users and access to the instance, by exploiting an improper verification of cryptographic signatures vulnerability in GitHub Enterprise Server. This is a follow up fix for [CVE-2024-9487](https://www.cve.org/cverecord?id=CVE-2024-9487) to further harden the encrypted assertions feature against this type of attack. Please note that encrypted assertions are not enabled by default. Instances not utilizing SAML SSO, or utilizing SAML SSO authentication without encrypted assertions, are not impacted. Additionally, an attacker would require direct network access as well as a signed SAML response or metadata document to exploit this vulnerability. - | diff --git a/data/release-notes/enterprise-server/3-12/11.yml b/data/release-notes/enterprise-server/3-12/11.yml index c5d1afed6bf8..5d5de5db014f 100644 --- a/data/release-notes/enterprise-server/3-12/11.yml +++ b/data/release-notes/enterprise-server/3-12/11.yml @@ -1,6 +1,8 @@ date: '2024-11-07' sections: security_fixes: + - | + **HIGH**: An attacker could leak sensitive data from the DOM by injecting malicious input through the `identity` parameter in `querySelector` handling. This allows the attacker to dynamically embed a hidden iframe on the page and exfiltrate data from DOM attributes. To execute the attack, the victim must be logged into GitHub and interact with the attacker controlled malicious webpage containing the hidden iframe. GitHub has requested CVE ID [CVE-2024-10001](https://www.cve.org/cverecord?id=CVE-2024-10001) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/). [Updated: 2025-01-27] - | **HIGH**: An attacker could bypass SAML single sign-on (SSO) authentication with the optional encrypted assertions feature, allowing unauthorized provisioning of users and access to the instance, by exploiting an improper verification of cryptographic signatures vulnerability in GitHub Enterprise Server. This is a follow up fix for [CVE-2024-9487](https://www.cve.org/cverecord?id=CVE-2024-9487) to further harden the encrypted assertions feature against this type of attack. Please note that encrypted assertions are not enabled by default. Instances not utilizing SAML SSO, or utilizing SAML SSO authentication without encrypted assertions, are not impacted. Additionally, an attacker would require direct network access as well as a signed SAML response or metadata document to exploit this vulnerability. - | diff --git a/data/release-notes/enterprise-server/3-13/6.yml b/data/release-notes/enterprise-server/3-13/6.yml index c26af399c355..f8771fac46fd 100644 --- a/data/release-notes/enterprise-server/3-13/6.yml +++ b/data/release-notes/enterprise-server/3-13/6.yml @@ -7,6 +7,8 @@ sections: **HIGH**: An attacker could bypass SAML single sign-on (SSO) authentication with the optional encrypted assertions feature, allowing unauthorized provisioning of users and access to the instance, by exploiting an improper verification of cryptographic signatures vulnerability in GitHub Enterprise Server. This is a follow up fix for [CVE-2024-9487](https://www.cve.org/cverecord?id=CVE-2024-9487) to further harden the encrypted assertions feature against this type of attack. Please note that encrypted assertions are not enabled by default. Instances not utilizing SAML SSO, or utilizing SAML SSO authentication without encrypted assertions, are not impacted. Additionally, an attacker would require direct network access as well as a signed SAML response or metadata document to exploit this vulnerability. - | **HIGH**: An attacker with Enterprise Administrator access to the GitHub Enterprise Server instance could escalate privileges to SSH root access. This is achieved by exploiting the pre-receive hook environment to bypass symlink checks in the `ghe-firejail` path and execute malicious scripts. GitHub has requested CVE ID [CVE-2024-10007](https://www.cve.org/cverecord?id=CVE-2024-10007) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/). [Updated: 2024-11-07] + - | + **HIGH**: An attacker could leak sensitive data from the DOM by injecting malicious input through the `identity` parameter in `querySelector` handling. This allows the attacker to dynamically embed a hidden iframe on the page and exfiltrate data from DOM attributes. To execute the attack, the victim must be logged into GitHub and interact with the attacker controlled malicious webpage containing the hidden iframe. GitHub has requested CVE ID [CVE-2024-10001](https://www.cve.org/cverecord?id=CVE-2024-10001) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/). [Updated: 2025-01-27] bugs: - | A missing configuration value prevented Dependabot from creating group update pull requests. diff --git a/data/release-notes/enterprise-server/3-14/3.yml b/data/release-notes/enterprise-server/3-14/3.yml index 7e7aad8631e5..840cdbabe0b4 100644 --- a/data/release-notes/enterprise-server/3-14/3.yml +++ b/data/release-notes/enterprise-server/3-14/3.yml @@ -9,6 +9,8 @@ sections: **HIGH**: An attacker could bypass SAML single sign-on (SSO) authentication with the optional encrypted assertions feature, allowing unauthorized provisioning of users and access to the instance, by exploiting an improper verification of cryptographic signatures vulnerability in GitHub Enterprise Server. This is a follow up fix for [CVE-2024-9487](https://www.cve.org/cverecord?id=CVE-2024-9487) to further harden the encrypted assertions feature against this type of attack. Please note that encrypted assertions are not enabled by default. Instances not utilizing SAML SSO, or utilizing SAML SSO authentication without encrypted assertions, are not impacted. Additionally, an attacker would require direct network access as well as a signed SAML response or metadata document to exploit this vulnerability. - | **HIGH**: An attacker with Enterprise Administrator access to the GitHub Enterprise Server instance could escalate privileges to SSH root access. This is achieved by exploiting the pre-receive hook environment to bypass symlink checks in the `ghe-firejail` path and execute malicious scripts. GitHub has requested CVE ID [CVE-2024-10007](https://www.cve.org/cverecord?id=CVE-2024-10007) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/). [Updated: 2024-11-07] + - | + **HIGH**: An attacker could leak sensitive data from the DOM by injecting malicious input through the `identity` parameter in `querySelector` handling. This allows the attacker to dynamically embed a hidden iframe on the page and exfiltrate data from DOM attributes. To execute the attack, the victim must be logged into GitHub and interact with the attacker controlled malicious webpage containing the hidden iframe. GitHub has requested CVE ID [CVE-2024-10001](https://www.cve.org/cverecord?id=CVE-2024-10001) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/). [Updated: 2025-01-27] bugs: - | When saving settings in the Management Console, the configuration run would stop if the `enterprise-manage` process was restarted. diff --git a/data/release-notes/enterprise-server/3-15/1.yml b/data/release-notes/enterprise-server/3-15/1.yml index c1e73f15d0cb..db086103bf5f 100644 --- a/data/release-notes/enterprise-server/3-15/1.yml +++ b/data/release-notes/enterprise-server/3-15/1.yml @@ -3,6 +3,8 @@ sections: security_fixes: - | Packages have been updated to the latest security versions. + - | + **HIGH**: An attacker could leak sensitive data from the DOM by injecting malicious input through the `identity` parameter in `querySelector` handling. This allows the attacker to dynamically embed a hidden iframe on the page and exfiltrate data from DOM attributes. To execute the attack, the victim must be logged into GitHub and interact with the attacker controlled malicious webpage containing the hidden iframe. GitHub has requested CVE ID [CVE-2024-10001](https://www.cve.org/cverecord?id=CVE-2024-10001) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/). [Updated: 2025-01-27] bugs: - | On an instance in a cluster configuration, `ghe-repl-promote` failed if the primary node was unavailable. diff --git a/data/reusables/enterprise-accounts/advanced-security-policies.md b/data/reusables/enterprise-accounts/advanced-security-policies.md deleted file mode 100644 index 8269e8c6b9db..000000000000 --- a/data/reusables/enterprise-accounts/advanced-security-policies.md +++ /dev/null @@ -1 +0,0 @@ -1. Under {% octicon "law" aria-hidden="true" %} "Policies", click **Advanced Security**. diff --git a/data/reusables/enterprise-accounts/advanced-security-security-features.md b/data/reusables/enterprise-accounts/advanced-security-security-features.md deleted file mode 100644 index fd65ca08012e..000000000000 --- a/data/reusables/enterprise-accounts/advanced-security-security-features.md +++ /dev/null @@ -1 +0,0 @@ -1. Under "GitHub Advanced Security", click the **Security features** tab. diff --git a/data/reusables/identity-and-permissions/team-sync-disable.md b/data/reusables/identity-and-permissions/team-sync-disable.md index 49508095bdfa..dcfcad1c2bea 100644 --- a/data/reusables/identity-and-permissions/team-sync-disable.md +++ b/data/reusables/identity-and-permissions/team-sync-disable.md @@ -1,2 +1,2 @@ > [!WARNING] -> When you disable team synchronization, any team members that were assigned to a {% data variables.product.prodname_dotcom %} team through the IdP group are removed from the team and may lose access to repositories. +> When you disable team synchronization, any team members that were assigned to a {% data variables.product.prodname_dotcom %} team through the IdP group are not removed from the team and retain their access to repositories. diff --git a/data/reusables/organizations/outside_collaborator_forks.md b/data/reusables/organizations/outside_collaborator_forks.md index 4ba032e36bad..6d5699d98dee 100644 --- a/data/reusables/organizations/outside_collaborator_forks.md +++ b/data/reusables/organizations/outside_collaborator_forks.md @@ -1 +1 @@ -When you add an outside collaborator to a repository, you'll also need to add them to any forks of the repository you'd like them to access.{% ifversion ghec %} If you are adding an outside collaborator to a private or internal fork of a repository, the collaborator must be a member of the enterprise.{% endif %} +When you add an outside collaborator to a repository, you'll also need to add them to any forks of the repository you'd like them to access.{% ifversion ghec %} If you are adding an outside collaborator to a private or internal fork of a repository, the collaborator must be a member of the enterprise or have access to the upstream repository.{% endif %} diff --git a/src/workflows/get-preview-app-info.sh b/src/workflows/get-preview-app-info.sh deleted file mode 100755 index 3624f683d088..000000000000 --- a/src/workflows/get-preview-app-info.sh +++ /dev/null @@ -1,41 +0,0 @@ -#!/usr/bin/env bash - -# [start-readme] -# -# This script sets environment variables with info about the preview app for a given PR -# -# [end-readme] - -# ENV VARS NEEDED TO RUN -[[ -z $GITHUB_REPOSITORY ]] && { echo "Missing GITHUB_REPOSITORY. Exiting."; exit 1; } -[[ -z $PR_NUMBER ]] && { echo "Missing PR_NUMBER. Exiting."; exit 1; } -[[ -z $GITHUB_ENV ]] && { echo "Missing GITHUB_ENV. Exiting."; exit 1; } -[[ -z $APP_NAME_SEED ]] && { echo "Missing APP_NAME_SEED. Exiting."; exit 1; } - -PREVIEW_ENV_LOCATION="eastus" - -# GITHUB_REPOSITORY is a default env variable and cannot be overwritten. -# Use CUSTOM_GITHUB_REPOSITORY to specify a repo owner/name -# other than the repo owner/name where this script was called from. -# If CUSTOM_GITHUB_REPOSITORY is not specified, fall back to GITHUB_REPOSITORY. -REPO_NAME_WITH_OWNER="${CUSTOM_GITHUB_REPOSITORY:-$GITHUB_REPOSITORY}" - -REPO_NAME="${REPO_NAME_WITH_OWNER#*\/}" -echo "REPO_NAME=${REPO_NAME}" >> $GITHUB_ENV - -DEPLOYMENT_NAME="${REPO_NAME}-pr-${PR_NUMBER}" -echo "DEPLOYMENT_NAME=${DEPLOYMENT_NAME}" >> $GITHUB_ENV - -APP_NAME_BASE="${REPO_NAME}-preview-${PR_NUMBER}" - -# pseudo random string so guessing a preview env URL is more difficult -APP_SHA=$(echo -n "${APP_NAME_SEED}-${APP_NAME_BASE}" | sha1sum | cut -c1-6) - -APP_NAME="${APP_NAME_BASE}-${APP_SHA}" -echo "APP_NAME=${APP_NAME}" >> $GITHUB_ENV - -APP_URL="https://${REPO_NAME}-${PR_NUMBER}-${APP_SHA}.preview.ghdocs.com" -echo "APP_URL=${APP_URL}" >> $GITHUB_ENV - -IMAGE_REPO="${REPO_NAME_WITH_OWNER}/pr-${PR_NUMBER}" -echo "IMAGE_REPO=${IMAGE_REPO}" >> $GITHUB_ENV diff --git a/src/workflows/prune-for-preview-env.sh b/src/workflows/prune-for-preview-env.sh deleted file mode 100755 index 8840031f8f88..000000000000 --- a/src/workflows/prune-for-preview-env.sh +++ /dev/null @@ -1,15 +0,0 @@ -#!/usr/bin/env bash - -# [start-readme] -# -# This script removes files that are unnecessary for our preview environments. -# This is typically run before a docker build to reduce the size of the build context sent to docker -# -# [end-readme] - -# The assumption here is that a preview build will not -# need these legacy redirects. Only the redirects from -# front-matter will be at play. -# These static redirects json files are notoriously large -echo '[]' > src/redirects/lib/static/archived-frontmatter-valid-urls.json -echo '{}' > src/redirects/lib/static/archived-redirects-from-213-to-217.json