Merge branch 'main' into docs/private-action-example-clarify

Author: Sharra-writes

.github/aw/actions-lock.json

@@ -0,0 +1,19 @@
+{
+  "entries": {
+    "actions/github-script@v8": {
+      "repo": "actions/github-script",
+      "version": "v8",
+      "sha": "ed597411d8f924073f98dfc5c65a23a2325f34cd"
+    },
+    "actions/github-script@v9.0.0": {
+      "repo": "actions/github-script",
+      "version": "v9.0.0",
+      "sha": "3a2844b7e9c422d3c10d287c895573f7108da1b3"
+    },
+    "github/gh-aw-actions/setup@v0.71.5": {
+      "repo": "github/gh-aw-actions/setup",
+      "version": "v0.71.5",
+      "sha": "b8068426813005612b960b5ab0b8bd2c27142323"
+    }
+  }
+}

.github/workflows/changelog-agent.lock.yml

@@ -33,6 +33,7 @@ jobs:
         node:
           - playwright-rendering
           - playwright-a11y
+          - playwright-secret-scanning
       fail-fast: false
     timeout-minutes: 60
     steps:
@@ -59,6 +60,7 @@ jobs:
           PLAYWRIGHT_WORKERS: ${{ fromJSON('[1, 4]')[github.repository == 'github/docs-internal'] }}
           # workaround for https://github.com/nodejs/node/issues/59364 as of 22.18.0
           NODE_OPTIONS: '--no-experimental-strip-types'
+          PLAYWRIGHT_TIMEOUT: ${{ matrix.node == 'playwright-a11y' && '60000' || '' }}
 
         # Run playwright rendering tests and a11y tests (axe scans) as distinct checks
         # so that we can run them without blocking merges until we can be confident

.github/workflows/changelog-agent.md

@@ -331,6 +331,36 @@ jobs:
           **Workflow file:** $FILE_URL
 
           This issue was automatically created by the \`$WORKFLOW_NAME\` workflow.
+
+          ---
+
+          ## Instructions for the issue analysis agent
+
+          These scraping failures are **almost never timeouts**. They are
+          almost always caused by Liquid/Markdown corruptions in the
+          translated source that make the page fail to render. Please do not
+          file this as a transient/timeout issue.
+
+          To investigate:
+
+          1. Pull the translation repos locally:
+             \`\`\`
+             npm run clone-translations
+             \`\`\`
+          2. Identify the specific corruptions with the canonical reporter
+             (verify the exact script name in \`package.json\` before running):
+             \`\`\`
+             npm run count-translation-corruptions
+             \`\`\`
+             The script writes a structured JSON report to stdout listing each
+             corrupted file, its location, the error message, and the
+             offending/illegal tag token when available.
+          3. **Open a pull request that fixes the corruptions** rather than
+             just commenting the findings on this issue. The issue body above
+             already lists the affected pages; the value the agent adds is
+             the fix. Where possible, fix the underlying pattern in
+             \`src/languages/lib/correct-translation-content.ts\` so the same
+             corruption is corrected on future syncs.
           EOF
           )
           gh issue create \

.github/workflows/headless-tests.yml

@@ -14,6 +14,16 @@ on:
         type: string
         required: true
         default: 'en'
+      create_copilot_issue:
+        description: 'Create a Copilot-assigned issue with the top 10 redirects to fix'
+        type: boolean
+        required: false
+        default: false
+      create_report:
+        description: 'Create the combined broken links report issue in docs-content'
+        type: boolean
+        required: false
+        default: true
 
 permissions:
   contents: read
@@ -101,6 +111,80 @@ jobs:
           retention-days: 5
           if-no-files-found: ignore
 
+      - name: Create Copilot redirect issue
+        if: inputs.create_copilot_issue
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd
+        with:
+          github-token: ${{ secrets.DOCS_BOT_PAT_BASE }}
+          script: |
+            const fs = require('fs')
+            const reportFile = 'artifacts/link-report-${{ matrix.version }}-${{ matrix.language }}.json'
+
+            if (!fs.existsSync(reportFile)) {
+              core.info('No JSON report found — all links valid, skipping Copilot issue.')
+              return
+            }
+
+            const report = JSON.parse(fs.readFileSync(reportFile, 'utf8'))
+            const allRedirectGroups = report.groups.filter(g => g.isWarning)
+            const redirectGroups = allRedirectGroups.slice(0, 10)
+
+            if (redirectGroups.length === 0) {
+              core.info('No redirect groups found, skipping Copilot issue.')
+              return
+            }
+
+            const tableRows = redirectGroups.map(g => {
+              const occ = g.occurrences[0]
+              const redirectTarget = occ?.redirectTarget ?? 'unknown'
+              const file = occ?.file ?? 'unknown'
+              const lines = (occ?.lines ?? []).join(', ')
+              return `| \`${g.target}\` | \`${redirectTarget}\` | \`${file}\` | ${lines} |`
+            }).join('\n')
+
+            const artifactsUrl = `${context.serverUrl}/${context.repo.owner}/${context.repo.repo}/actions/runs/${context.runId}/artifacts`
+
+            const bodyLines = [
+              'Copilot please fix the redirected internal links listed in the table below. All changes should be made within the `github/docs-internal` repository. For each entry, open the source file and replace the **Current Link** with the **Update To** path.',
+              'When all changes are made, open a pull request in `github/docs-internal` with the fixes. The pull request description should reference this issue to create a link between them. When the pull request is open, leave a comment on this issue with a link to it.',
+              '',
+              `These are the first ${redirectGroups.length} of ${allRedirectGroups.length} redirects found.`,
+              '',
+              '## Redirects to fix',
+              '',
+              '| Current Link | Update To | File | Line(s) |',
+              '|---|---|---|---|',
+              tableRows,
+            ]
+
+            const MAX_ISSUE_BODY_LENGTH = 65536
+            const artifactNote = `\n\n> [!NOTE]\n> The report was truncated because it exceeded the issue body length limit. [View the complete redirect report in the workflow artifacts](${artifactsUrl}).`
+
+            let body = bodyLines.join('\n')
+            if (body.length > MAX_ISSUE_BODY_LENGTH) {
+              const truncatedLength = MAX_ISSUE_BODY_LENGTH - artifactNote.length
+              const lastNewline = body.lastIndexOf('\n', truncatedLength)
+              body = body.slice(0, lastNewline > 0 ? lastNewline : truncatedLength) + artifactNote
+            }
+
+            // Use the REST API with agent_assignment to properly trigger Copilot cloud agent.
+            // See: https://docs.github.com/en/copilot/how-tos/use-copilot-agents/cloud-agent/start-copilot-sessions#using-the-rest-api
+            const issue = await github.request('POST /repos/{owner}/{repo}/issues', {
+              owner: 'github',
+              repo: 'docs-content',
+              title: '[Copilot Task] Fix top redirect links: ${{ matrix.version }}/${{ matrix.language }}',
+              body,
+              labels: ['broken link report'],
+              assignees: ['copilot-swe-agent[bot]'],
+              agent_assignment: {
+                target_repo: 'github/docs-internal',
+                base_branch: 'main',
+                custom_instructions: 'For each entry in the table, open the source file in the github/docs-internal repository and replace the Current Link with the Update To path. When all changes are made, open a pull request in github/docs-internal with the fixes. When the pull request is open, leave a comment on this issue with a link to it.',
+              },
+            })
+
+            core.info(`Created Copilot redirect issue: ${issue.data.html_url}`)
+
       - uses: ./.github/actions/slack-alert
         if: ${{ failure() && github.event_name != 'workflow_dispatch' }}
         with:
@@ -159,7 +243,7 @@ jobs:
           fi
 
       - name: Create issue if broken links found
-        if: steps.combine.outputs.has_reports == 'true'
+        if: steps.combine.outputs.has_reports == 'true' && (github.event_name != 'workflow_dispatch' || inputs.create_report != false)
         uses: peter-evans/create-issue-from-file@fca9117c27cdc29c6c4db3b86c48e4115a786710 # v5
         with:
           token: ${{ secrets.DOCS_BOT_PAT_BASE }}

.github/workflows/index-general-search.yml

@@ -41,3 +41,8 @@ jobs:
         with:
           slack_channel_id: ${{ secrets.DOCS_ALERTS_SLACK_CHANNEL_ID }}
           slack_token: ${{ secrets.SLACK_DOCS_BOT_TOKEN }}
+
+      - uses: ./.github/actions/create-workflow-failure-issue
+        if: ${{ failure() }}
+        with:
+          token: ${{ secrets.DOCS_BOT_PAT_BASE }}

.github/workflows/link-check-internal.yml

@@ -63,3 +63,8 @@ jobs:
         with:
           slack_channel_id: ${{ secrets.DOCS_ALERTS_SLACK_CHANNEL_ID }}
           slack_token: ${{ secrets.SLACK_DOCS_BOT_TOKEN }}
+
+      - uses: ./.github/actions/create-workflow-failure-issue
+        if: ${{ failure() }}
+        with:
+          token: ${{ secrets.DOCS_BOT_PAT_BASE }}

.github/workflows/needs-sme-stale-check.yaml

@@ -75,3 +75,8 @@ jobs:
         with:
           slack_channel_id: ${{ secrets.DOCS_ALERTS_SLACK_CHANNEL_ID }}
           slack_token: ${{ secrets.SLACK_DOCS_BOT_TOKEN }}
+
+      - uses: ./.github/actions/create-workflow-failure-issue
+        if: ${{ failure() }}
+        with:
+          token: ${{ secrets.DOCS_BOT_PAT_BASE }}

.github/workflows/no-response.yaml

@@ -40,6 +40,7 @@ jobs:
       ${{ github.repository == 'github/docs-internal' &&
           !github.event.pull_request.draft &&
           !contains(github.event.pull_request.labels.*.name, 'reviewers-docs-engineering') &&
+          !contains(github.event.pull_request.labels.*.name, 'lockfile-churn-only') &&
           github.event.pull_request.head.ref != 'repo-sync' }}
     runs-on: ubuntu-latest
     env:
@@ -50,7 +51,45 @@ jobs:
       - name: Checkout repository
         uses: actions/checkout@v6.0.1
 
+      # Detect PRs that only changed package-lock.json (no engineering source files).
+      # These are usually cross-platform `npm install` churn from contributors
+      # editing content. We comment with reset instructions instead of pulling in
+      # docs-engineering for review.
+      - name: Detect lockfile-only churn
+        id: detect
+        run: |
+          changed=$(gh pr diff "$PR" --name-only)
+          echo "Changed files:"
+          echo "$changed"
+          lockfile=$(echo "$changed" | grep -c '^package-lock\.json$' || true)
+          other_eng=$(echo "$changed" | grep -cE '(\.tsx?$|\.scss$|^src/|^package\.json$|^\.github/|^config/|^\.devcontainer/|Dockerfile)' || true)
+          if [ "$lockfile" -gt 0 ] && [ "$other_eng" -eq 0 ]; then
+            echo "lockfile_only=true" >> "$GITHUB_OUTPUT"
+          else
+            echo "lockfile_only=false" >> "$GITHUB_OUTPUT"
+          fi
+
+      - name: Comment and label lockfile-only PRs
+        if: steps.detect.outputs.lockfile_only == 'true'
+        run: |
+          cat > /tmp/lockfile-churn-body.md <<'EOF'
+          _Posted by Copilot on behalf of docs-engineering._
+
+          This PR includes `package-lock.json` changes but no engineering files. Please reset the lockfile:
+
+          ```
+          git checkout origin/main -- package-lock.json
+          git commit -m "Reset package-lock.json"
+          git push
+          ```
+
+          If the lockfile change is intentional, remove the `lockfile-churn-only` label and request docs-engineering review.
+          EOF
+          gh pr comment "$PR" --body-file /tmp/lockfile-churn-body.md
+          gh pr edit "$PR" --add-label lockfile-churn-only
+
       - name: Add docs engineering as a reviewer
+        if: steps.detect.outputs.lockfile_only != 'true'
         uses: ./.github/actions/retry-command
         with:
           command: gh pr edit $PR --add-reviewer github/docs-engineering --add-label reviewers-docs-engineering