github
diff --git a/‎.devcontainer/devcontainer.json‎
Lines changed: 3 additions & 0 deletions b/‎.devcontainer/devcontainer.json‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎.github/actions/labeler/action.yml‎
Lines changed: 33 additions & 0 deletions b/‎.github/actions/labeler/action.yml‎
Lines changed: 33 additions & 0 deletions
diff --git a/‎.github/actions/labeler/labeler.js‎
Lines changed: 160 additions & 0 deletions b/‎.github/actions/labeler/labeler.js‎
Lines changed: 160 additions & 0 deletions
diff --git a/‎.github/workflows/azure-preview-env-deploy-public.yml‎
Lines changed: 163 additions & 0 deletions b/‎.github/workflows/azure-preview-env-deploy-public.yml‎
Lines changed: 163 additions & 0 deletions
@@ -58,6 +58,9 @@
     // Use 'postCreateCommand' to run commands after the container is created.
     "postCreateCommand": "npm ci",
 
+    // Use 'updateContentCommand' to run commands to be included in Codespace pre-builds
+    "updateContentCommand": "git clone https://github.com/github/rest-api-description.git",
+
     // Comment out connect as root instead. More info: https://aka.ms/vscode-remote/containers/non-root.
     "remoteUser": "node",
 
 
@@ -0,0 +1,33 @@
+name: Labeler
+
+description: Adds labels to an Issue or PR
+inputs:
+  token:
+    description: defaults to GITHUB_TOKEN, otherwise can use a PAT
+    required: false
+    default: ${{ github.token }}
+  addLabels:
+    description: array of labels to apply
+    required: false
+  removeLabels:
+    description: array of labels to remove
+    required: false
+  ignoreIfAssigned:
+    description: don't apply labels if there are assignees
+    required: false
+  ignoreIfLabeled:
+    description: don't apply labels if there are already labels added
+    required: false
+
+runs:
+  using: 'composite'
+  steps:
+    - name: Add label to an issue or pr
+      run: node .github/actions/labeler/labeler.js
+      shell: bash
+      env:
+        GITHUB_TOKEN: ${{ inputs.token }}
+        ADD_LABELS: ${{ inputs.addLabels }}
+        REMOVE_LABELS: ${{ inputs.removeLabels }}
+        IGNORE_IF_ASSIGNED: ${{ inputs.ignoreIfAssigned }}
+        IGNORE_IF_LABELED: ${{ inputs.ignoreIfLabeled }}
@@ -0,0 +1,160 @@
+/* See function main in this file for documentation */
+
+import coreLib from '@actions/core'
+
+import github from '#src/workflows/github.js'
+import { getActionContext } from '#src/workflows/action-context.js'
+import { boolEnvVar } from '#src/workflows/get-env-inputs.js'
+
+// When this file is invoked directly from action as opposed to being imported
+if (import.meta.url.endsWith(process.argv[1])) {
+  if (!process.env.GITHUB_TOKEN) {
+    throw new Error('You must set the GITHUB_TOKEN environment variable.')
+  }
+
+  const { ADD_LABELS, REMOVE_LABELS } = process.env
+
+  const octokit = github()
+
+  const opts = {
+    addLabels: ADD_LABELS,
+    removeLabels: REMOVE_LABELS,
+    ignoreIfAssigned: boolEnvVar('IGNORE_IF_ASSIGNED'),
+    ignoreIfLabeled: boolEnvVar('IGNORE_IF_LABELED'),
+  }
+
+  // labels come in comma separated from actions
+  let addLabels
+
+  if (opts.addLabels) {
+    addLabels = [...opts.addLabels.split(',')]
+    opts.addLabels = addLabels.map((l) => l.trim())
+  } else {
+    opts.addLabels = []
+  }
+
+  let removeLabels
+
+  if (opts.removeLabels) {
+    removeLabels = [...opts.removeLabels.split(',')]
+    opts.removeLabels = removeLabels.map((l) => l.trim())
+  } else {
+    opts.removeLabels = []
+  }
+
+  const actionContext = getActionContext()
+  const { owner, repo } = actionContext
+  let issueOrPrNumber = actionContext?.pull_request?.number
+
+  if (!issueOrPrNumber) {
+    issueOrPrNumber = actionContext?.issue?.number
+  }
+
+  opts.issue_number = issueOrPrNumber
+  opts.owner = owner
+  opts.repo = repo
+
+  main(coreLib, octokit, opts, {})
+}
+
+/*
+ * Applies labels to an issue or pull request.
+ *
+ * opts:
+ *  issue_number {number} id of the issue or pull request to label
+ *  owner {string} owner of the repository
+ *  repo {string} repository name
+ *  addLabels {Array<string>} array of labels to apply
+ *  removeLabels {Array<string>} array of labels to remove
+ *  ignoreIfAssigned {boolean} don't apply labels if there are assignees
+ *  ignoreIfLabeled {boolean} don't apply labels if there are already labels added
+ */
+export default async function main(core, octokit, opts = {}) {
+  if (opts.addLabels?.length === 0 && opts.removeLabels?.length === 0) {
+    core.info('No labels to add or remove specified, nothing to do.')
+    return
+  }
+
+  if (opts.ignoreIfAssigned || opts.ignoreIfLabeled) {
+    try {
+      const { data } = await octokit.issues.get({
+        issue_number: opts.issue_number,
+        owner: opts.owner,
+        repo: opts.repo,
+      })
+
+      if (opts.ignoreIfAssigned) {
+        if (data.assignees.length > 0) {
+          core.info(
+            `ignore-if-assigned is true: not applying labels since there's ${data.assignees.length} assignees`,
+          )
+          return 0
+        }
+      }
+
+      if (opts.ignoreIfLabeled) {
+        if (data.labels.length > 0) {
+          core.info(
+            `ignore-if-labeled is true: not applying labels since there's ${data.labels.length} labels applied`,
+          )
+          return 0
+        }
+      }
+    } catch (err) {
+      throw new Error(`Error getting issue: ${err}`)
+    }
+  }
+
+  if (opts.removeLabels?.length > 0) {
+    // removing a label fails if the label isn't already applied
+    let appliedLabels = []
+
+    try {
+      const { data } = await octokit.issues.get({
+        issue_number: opts.issue_number,
+        owner: opts.owner,
+        repo: opts.repo,
+      })
+
+      appliedLabels = data.labels.map((l) => l.name)
+    } catch (err) {
+      throw new Error(`Error getting issue: ${err}`)
+    }
+
+    opts.removeLabels = opts.removeLabels.filter((l) => appliedLabels.includes(l))
+
+    await Promise.all(
+      opts.removeLabels.map(async (label) => {
+        try {
+          await octokit.issues.removeLabel({
+            issue_number: opts.issue_number,
+            owner: opts.owner,
+            repo: opts.repo,
+            name: label,
+          })
+        } catch (err) {
+          throw new Error(`Error removing label: ${err}`)
+        }
+      }),
+    )
+
+    if (opts.removeLabels.length > 0) {
+      core.info(`Removed labels: ${opts.removeLabels.join(', ')}`)
+    }
+  }
+
+  if (opts.addLabels?.length > 0) {
+    try {
+      await octokit.issues.addLabels({
+        issue_number: opts.issue_number,
+        owner: opts.owner,
+        repo: opts.repo,
+        labels: opts.addLabels,
+      })
+
+      core.info(`Added labels: ${opts.addLabels.join(', ')}`)
+    } catch (err) {
+      throw new Error(`Error adding label: ${err}`)
+    }
+  }
+}
@@ -0,0 +1,163 @@
+name: Azure - Deploy Preview Environment (public)
+
+# NOTE! This is specifically and only for github/docs.
+
+# **What it does**: Build and deploy an Azure preview environment for this PR in github/docs
+# **Why we have it**: It's our preview environment deploy mechanism, to docs public repo
+# **Who does it impact**: All open source contributors.
+
+# !!!
+# ! This worflow has access to secrets, runs in the public repository, and clones untrusted user code.
+# ! Modify with extreme caution
+# !!!
+
+on:
+  pull_request_target:
+    # Note that if someone makes a PR that touches `Dockerfile`
+    # and `content/index.md`, this use of `paths` will still run.
+    # It would run even if we appended `- '!Dockerfile'` to the list.
+    # But if someone makes a PR that touches `Dockerfile` only, the
+    # workflow will not run.
+    paths:
+      - 'content/**'
+      - 'data/**'
+      - 'assets/**'
+  merge_group:
+
+permissions:
+  contents: read
+  deployments: write
+
+# This allows one deploy workflow to interrupt another
+concurrency:
+  group: 'preview-env @ ${{ github.head_ref || github.run_id }} for ${{ github.event.number || inputs.PR_NUMBER }}'
+  cancel-in-progress: true
+
+jobs:
+  build-and-deploy-azure-preview-public:
+    name: Build and deploy Azure preview environment (public)
+    runs-on: ubuntu-latest
+    if: github.repository == 'github/docs'
+    timeout-minutes: 15
+    environment:
+      name: preview-env-${{ github.event.number }}
+      # The environment variable is computer later in this job in
+      # the "Get preview app info" step.
+      # That script sets environment variables which is used by Actions
+      # to link a PR to a list of environments later.
+      url: ${{ env.APP_URL }}
+    env:
+      PR_NUMBER: ${{ github.event.number || github.run_id }}
+      COMMIT_REF: ${{ github.event.pull_request.head.sha }}
+      BRANCH_NAME: ${{ github.head_ref || github.ref_name }}
+      NONPROD_REGISTRY_USERNAME: ghdocs
+
+    steps:
+      - name: 'Az CLI login'
+        uses: azure/login@6c251865b4e6290e7b78be643ea2d005bc51f69a # pin @v2
+        with:
+          creds: ${{ secrets.NONPROD_AZURE_CREDENTIALS }}
+
+      - name: 'Docker login'
+        uses: azure/docker-login@15c4aadf093404726ab2ff205b2cdd33fa6d054c
+        with:
+          login-server: ${{ secrets.NONPROD_REGISTRY_SERVER }}
+          username: ${{ env.NONPROD_REGISTRY_USERNAME }}
+          password: ${{ secrets.NONPROD_REGISTRY_PASSWORD }}
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb
+
+      - name: Check out main branch
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        with:
+          ref: 'main'
+          persist-credentials: 'false'
+
+      - name: Get preview app info
+        env:
+          APP_NAME_SEED: ${{ secrets.PREVIEW_ENV_NAME_SEED }}
+        run: src/workflows/get-preview-app-info.sh
+
+      - name: 'Set env vars'
+        run: |
+          # Image tag is unique to each workflow run so that it always triggers a new deployment
+          echo "DOCKER_IMAGE=${{ secrets.NONPROD_REGISTRY_SERVER }}/${IMAGE_REPO}:${{ env.COMMIT_REF }}-${{ github.run_number }}-${{ github.run_attempt }}" >> $GITHUB_ENV
+
+      - name: Check out user code to temp directory
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        with:
+          path: ./user-code
+          ref: ${{ env.COMMIT_REF }}
+
+      # Move acceptable user changes into our main branch checkout
+      - name: Move acceptable user changes
+        run: |
+          # Make sure recursive path expansion is enabled
+          shopt -s globstar
+          rsync -rptovR ./user-code/content/./**/*.md ./content
+          rsync -rptovR ./user-code/assets/./**/*.png ./assets
+          rsync -rptovR ./user-code/data/./**/*.{yml,md} ./data
+
+      - uses: ./.github/actions/warmup-remotejson-cache
+        with:
+          restore-only: true
+
+      - uses: ./.github/actions/precompute-pageinfo
+        with:
+          restore-only: true
+
+      # In addition to making the final image smaller, we also save time by not sending unnecessary files to the docker build context
+      - name: 'Prune for preview env'
+        run: src/workflows/prune-for-preview-env.sh
+
+      - name: 'Build and push image'
+        uses: docker/build-push-action@ca052bb54ab0790a636c9b5f226502c73d547a25
+        with:
+          context: .
+          push: true
+          target: preview
+          tags: ${{ env.DOCKER_IMAGE }}
+          # we only pull the `main` cache image
+          cache-from: type=registry,ref=${{ secrets.NONPROD_REGISTRY_SERVER }}/${{ github.repository }}:main-preview
+          # `main-docker-cache.yml` handles updating the remote cache so we don't pollute it with PR specific code
+          cache-to: ''
+          build-args: |
+            BUILD_SHA=${{ env.COMMIT_REF }}
+
+      # Succeed despite any non-zero exit code (e.g. if there is no deployment to cancel)
+      - name: 'Cancel any existing deployments for this PR'
+        run: |
+          az deployment group cancel --name ${{ env.DEPLOYMENT_NAME }} -g ${{ secrets.PREVIEW_ENV_RESOURCE_GROUP }} || true
+
+      # Deploy ARM template is idempotent
+      # Note: once the resources exist the image tag must change for a new deployment to occur (the image tag includes workflow run number, run attempt, as well as sha)
+      - name: Run ARM deploy
+        uses: azure/arm-deploy@a1361c2c2cd398621955b16ca32e01c65ea340f5
+        with:
+          scope: resourcegroup
+          resourceGroupName: ${{ secrets.PREVIEW_ENV_RESOURCE_GROUP }}
+          subscriptionId: ${{ secrets.NONPROD_SUBSCRIPTION_ID }}
+          template: ./src/workflows/azure-preview-env-template.json
+          deploymentName: ${{ env.DEPLOYMENT_NAME }}
+          parameters: appName="${{ env.APP_NAME }}"
+            containerImage="${{ env.DOCKER_IMAGE }}"
+            dockerRegistryUrl="${{ secrets.NONPROD_REGISTRY_SERVER }}"
+            dockerRegistryUsername="${{ env.NONPROD_REGISTRY_USERNAME }}"
+            dockerRegistryPassword="${{ secrets.NONPROD_REGISTRY_PASSWORD }}"
+
+      - name: Check that it can be reached
+        # This introduces a necessary delay. Because the preview evironment
+        # URL is announced to the pull request as soon as all the steps
+        # finish, what sometimes happens is that a viewer of the PR clicks
+        # that link too fast and are confronted with a broken page.
+        # It's because there's a delay between the `azure/arm-deploy`
+        # and when the server is actually started and can receive and
+        # process requests.
+        # By introducing a slight "delay" here we avoid announcing a
+        # preview environment URL that isn't actually working just yet.
+        # Note the use of `--fail`. It which means that if it actually
+        # did connect but the error code was >=400, the command will fail.
+        # The `--fail --retry N` combination means that a 4xx response
+        # code will exit immediately but a 5xx will exhaust the retries.
+        run: curl --fail --retry-connrefused --retry 5 -I ${{ env.APP_URL }}