Merge branch 'main' into patch-1

.github/workflows/delete-orphan-translation-files.yml

@@ -129,7 +129,8 @@ jobs:
             --title "Delete orphan files ($current_daystamp)" \
             --body '👋 humans. This PR was generated from docs-internal/.github/workflows/delete-orphan-translation-files.yml.
             ' \
-            --repo "${{ matrix.language_repo }}"
+            --repo "${{ matrix.language_repo }}" \
+            --head=$branch_name
           echo "Merge created PR..."
           retry_command gh pr merge --merge --auto --delete-branch "$branch_name"
 

.github/workflows/sync-audit-logs.yml

@@ -33,7 +33,7 @@ jobs:
           # need to use a token from a user with access to github/audit-log-allowlists for this step
           GITHUB_TOKEN: ${{ secrets.DOCS_BOT_PAT_WRITEORG_PROJECT }}
         run: |
-          npm run audit-log-sync
+          npm run sync-audit-log
 
       - name: Get the audit-log-allowlists SHA being synced
         id: audit-log-allowlists
@@ -54,7 +54,11 @@ jobs:
           # If nothing to commit, exit now. It's fine. No orphans.
           changes=$(git diff --name-only | wc -l)
           untracked=$(git status --untracked-files --short | wc -l)
-          if [[ $changes -eq 0 ]] && [[ $untracked -eq 0 ]]; then
+          filesChanged=$(git diff --name-only)
+          # There will always be at least one file changed:
+          # src/audit-logs/lib/config.json
+          # If the config file is the only file changed, exit.
+          if [[ $changes -eq 1 ]] && [[ $untracked -eq 1 ]] && [[ $filesChanged == *lib/config.json ]]; then
             echo "There are no changes to commit or untracked files. Exiting..."
             exit 0
           fi
@@ -83,7 +87,8 @@ jobs:
 
             If CI does not pass or other problems arise, contact #docs-engineering on slack.' \
             --repo github/docs-internal \
-            --label audit-log-pipeline
+            --label audit-log-pipeline \
+            --head=$branchname
 
           # can't approve your own PR, approve with Actions
           unset GITHUB_TOKEN
@@ -93,7 +98,7 @@ jobs:
           # Actions can't merge the PR so back to docs-bot to merge the PR
           unset GITHUB_TOKEN
           gh auth login --with-token <<< "${{ secrets.DOCS_BOT_PAT_WORKFLOW_READORG }}"
-          gh pr merge --auto --delete-branch
+          gh pr merge --auto
 
       - uses: ./.github/actions/slack-alert
         if: ${{ failure() && github.event_name != 'workflow_dispatch' }}

.github/workflows/sync-graphql.yml

@@ -25,7 +25,7 @@ jobs:
         env:
           # need to use a token from a user with access to github/github for this step
           GITHUB_TOKEN: ${{ secrets.DOCS_BOT_PAT_WRITEORG_PROJECT }}
-        run: npm run graphql-sync
+        run: npm run sync-graphql
       - name: Create pull request
         id: create-pull-request
         uses: peter-evans/create-pull-request@6cd32fd93684475c31847837f87bb135d40a2b79 # pin @v7.0.3

.github/workflows/sync-secret-scanning.yml

@@ -76,7 +76,8 @@ jobs:
 
             If CI does not pass or other problems arise, contact #docs-engineering on Slack.' \
             --repo github/docs-internal \
-            --label secret-scanning-pipeline,'skip FR board',ready-for-doc-review
+            --label secret-scanning-pipeline,'skip FR board',ready-for-doc-review \
+            --head=$branchname
 
       - uses: ./.github/actions/slack-alert
         if: ${{ failure() && github.event_name != 'workflow_dispatch' }}

Dockerfile

@@ -5,22 +5,30 @@
 # --------------------------------------------------------------------------------
 # BASE IMAGE
 # --------------------------------------------------------------------------------
-# To update the sha, run `docker pull node:$VERSION-alpine`
-# look for something like: `Digest: sha256:0123456789abcdef`
-FROM node:22-alpine@sha256:c13b26e7e602ef2f1074aef304ce6e9b7dd284c419b35d89fcf3cc8e44a8def9 AS base
+# To update the sha:
+# https://github.com/github/gh-base-image/pkgs/container/gh-base-image%2Fgh-base-noble
+FROM ghcr.io/github/gh-base-image/gh-base-noble:20250108-185521-gcd4825276 AS base
+
+# Install git for cloning docs-early-access & translations repos
+# Install curl for determining the early access branch
+RUN apt-get -qq update && apt-get -qq install --no-install-recommends git curl
+
+# Install Node.js latest LTS
+# https://github.com/nodejs/release#release-schedule
+# Ubuntu's apt-get install nodejs is _very_ outdated
+RUN curl -sL https://deb.nodesource.com/setup_22.x | bash -
+RUN apt-get install -y nodejs
+RUN node --version
 
 # This directory is owned by the node user
+RUN useradd -ms /bin/bash node
 ARG APP_HOME=/home/node/app
 RUN mkdir -p $APP_HOME && chown -R node:node $APP_HOME
 WORKDIR $APP_HOME
 
 # Switch to root to ensure we have permissions to copy, chmod, and install
 USER root
 
-# Install git for cloning docs-early-access & translations repos
-# Install curl for determining the early access branch
-RUN apk add --no-cache git curl
-
 # Copy in build scripts
 COPY src/deployments/production/build-scripts/*.sh ./build-scripts/
 
@@ -39,12 +47,12 @@ COPY data ./data
 # We use --mount-type=secret to avoid the secret being copied into the image layers for security
 # The secret passed via --secret can only be used in this RUN command
 RUN --mount=type=secret,id=DOCS_BOT_PAT_READPUBLICKEY \
-    # We don't cache because Docker can't know if we need to fetch new content from remote repos
-    echo "Don't cache this step by printing date: $(date)" && \
-    . ./build-scripts/fetch-repos.sh
+  # We don't cache because Docker can't know if we need to fetch new content from remote repos
+  echo "Don't cache this step by printing date: $(date)" && \
+  . ./build-scripts/fetch-repos.sh
 
 # Give node user access to the copied content since we cloned as root
-RUN chown -R node:node $APP_HOME/content 
+RUN chown -R node:node $APP_HOME/content
 RUN chown -R node:node $APP_HOME/assets
 RUN chown -R node:node $APP_HOME/data
 # Give node user access to translations repos
@@ -105,7 +113,7 @@ RUN npm run precompute-pageinfo -- --max-versions 2
 RUN npm prune --production
 
 # --------------------------------------------------------------------------------
-# PRODUCTION IMAGE 
+# PRODUCTION IMAGE
 # --------------------------------------------------------------------------------
 FROM base AS production
 
@@ -140,7 +148,7 @@ COPY --chown=node:node --from=builder $APP_HOME/next.config.js ./
 COPY --chown=node:node --from=builder $APP_HOME/tsconfig.json ./
 
 # - - -
-# Environment variables are set in the Moda 
+# Environment variables are set in the Moda
 # configuration: config/moda/configuration/*/env.yaml
 # - - -
 

content/account-and-profile/setting-up-and-managing-your-github-profile/customizing-your-profile/index.md

@@ -17,5 +17,5 @@ children:
   - /managing-your-profile-readme
   - /pinning-items-to-your-profile
   - /setting-your-profile-to-private
+  - /using-your-github-profile-to-enhance-your-resume
 ---
-

content/account-and-profile/setting-up-and-managing-your-github-profile/customizing-your-profile/using-your-github-profile-to-enhance-your-resume.md

@@ -0,0 +1,107 @@
+---
+title: Using your GitHub profile to enhance your resume
+intro: 'Demonstrate your skills to hiring managers with your {% data variables.product.github %} profile.'
+versions:
+  fpt: '*'
+topics:
+  - Profiles
+shortTitle: Enhance your resume
+---
+
+## How can my {% data variables.product.github %} profile enhance my resume?
+
+When you include a link to your {% data variables.product.github %} profile in your resume, you showcase your skills and experience to potential employers. In this article, you'll find practical tips for preparing your {% data variables.product.github %} profile for a job search.
+
+After you complete these steps, you can be confident that hiring managers will have a good sense of your technical skills when they are reviewing your {% data variables.product.github %} profile.
+
+## Step 1: Create a professional bio
+
+Your bio is a sentence or two that appears under your profile picture. Use your bio to give potential employers a high-level overview of who you are and what kind of work you're looking for.
+
+Navigate to your [profile settings](https://github.com/settings/profile) to update your bio. Keep this description short and concise. Consider something like, "Hello! My name is Mona and I'm looking for work as a front end developer."
+
+> [!NOTE] While you're here, you can update the rest of your profile settings. Consider including a profile picture, a link to your personal website or portfolio, and links to your social profiles.
+
+## Step 2: Create a profile README
+
+Compared to your bio, your profile README is flexible and allows for more creativity. You can write more in your profile README to showcase your skills and interests.
+
+Things you may want to add to your profile README include:
+
+* **An introduction**: Write a brief introduction of yourself and your professional background.
+* **Skills and experience**: List your technical skills, including any programming languages, frameworks, and tools you are proficient in.
+* **Your professional experience**: Describe where you've worked before and what sort of professional skills you've built. These can even be non-technical skills, such as communication and empathy.
+* **Some of your best projects**: Describe some projects you're proud of. You'll also pin these repositories later, but your README gives you a chance to provide more commentary.
+* **Achievements or awards**: Show off any of your achievements, including certifications or awards you've received for your work.
+
+For instructions for creating a profile README, see [AUTOTITLE](/account-and-profile/setting-up-and-managing-your-github-profile/customizing-your-profile/managing-your-profile-readme#adding-a-profile-readme).
+
+> [!NOTE] Updating and customizing your profile README also helps demonstrate fluency using Markdown and HTML, which are useful skills for technical jobs. To show off your skills for potential employers, look for ways to use more advanced Markdown or HTML elements in your profile README.
+
+## Step 3: Choose projects to showcase
+
+Pick your favorite 3-5 projects to highlight for your job application. For the best chances at an interview, pick projects that show your diverse skills and are relevant to your specific job search.
+
+These can be projects you created or projects that you contributed to:
+
+* Projects you own are fully under your control, so you can prepare the project using the rest of the steps below.
+* Open source projects highlight your ability to collaborate with others.
+
+To take advantage of both, pin some of each to your profile.
+
+Repositories you pin will be prominently displayed on your profile, allowing you to direct hiring managers' attention to the projects you're most proud of.
+
+To get started, click **Customize your pins** in the "Popular repositories" section of your profile.
+
+## Step 4: Prepare the projects you want to showcase
+
+Hiring managers usually consider many applicants for each role. Expect that they will only look at your projects for a couple minutes. To give the best impression during this brief time, you should make your projects easy to understand and explore.
+
+Below, you'll find some practical suggestions for preparing your showcase projects, as well as some tips on using {% data variables.product.prodname_copilot_short %} to help.
+
+> [!NOTE] Always verify the answers that {% data variables.product.prodname_copilot_short %} provides.
+
+### Update the repository details
+
+On the main page of the repository, to the right of "About," click {% octicon "gear" aria-label="Edit repository metadata" %}. Here, you can provide information that helps hiring managers quickly understand the project:
+* A brief description of your project
+* A website where you can see the project in action
+* Topic tags that categorize your project
+
+### Write a helpful README
+
+The README for your project's repository is a perfect space to give a concise project overview. Helpful project README details include:
+* A list of key features of the project
+* Details on how to set up and run the project
+* An example or demo of the project
+* Instructions on testing your code
+
+You can use [Copilot Chat](https://github.com/copilot) to help write your README. Use a prompt like this:
+>Write a README for my `lottery-number-generator` repository.
+
+### Make the code easy to understand
+
+To give the best impression, you'll want to make sure that hiring managers can understand your project quickly. In general, a few best practices can help give any readers an understanding of your project and how you work with code:
+
+* Maintain a consistent coding style with descriptive file and directory names throughout the project
+* Use helpful comments and documentation for any complex or important snippets
+* Refine your code according to popular style guides
+* Simplify complex functions, break down large classes, and remove redundant code
+* Provide tests to validate that your code is working as expected
+
+You can use [{% data variables.product.prodname_copilot_extension_vsc %}](https://marketplace.visualstudio.com/items?itemName=GitHub.copilot) to interact with {% data variables.product.prodname_copilot_short %} in {% data variables.product.prodname_vscode_shortname %}. Here, {% data variables.product.prodname_copilot_short %} can help answer more specific questions about your project, make edits across multiple files, provide suggestions for simplifying your code, and write tests. For more information, see [AUTOTITLE](/copilot/using-github-copilot/guides-on-using-github-copilot/writing-tests-with-github-copilot).
+
+### Update your project's dependencies
+
+To showcase your understanding of security best practices, ensure your project is using the latest versions of any dependencies. You can use {% data variables.product.prodname_dependabot_alerts %} and security updates to view alerts about dependencies with known security vulnerabilities. For more information, see [AUTOTITLE](/code-security/dependabot/dependabot-alerts/about-dependabot-alerts).
+
+## Looking forward: Maintaining your projects
+
+Your profile is now ready to be included on your resume! The changes you made today will have a big impact on your job search and will make your {% data variables.product.github %} profile stand out to hiring managers.
+
+If you want to improve your profile even more, incorporate these practices into your coding routines:
+
+* **Maintain a clean commit history**. To make your project history understandable, use descriptive commit messages and work in smaller batches.
+* **Use issues, pull requests, and {% data variables.product.prodname_projects_v2 %}**. Showcase your task management and project planning skills by tracking bugs and feature requests with issues and using {% data variables.product.prodname_projects_v2 %} to organize them.
+* **Keep dependencies updated**. Use {% data variables.product.prodname_dependabot_version_updates %} to automatically update your project's dependencies with the latest security features and bug fixes.
+* **Contribute to open source**. Open source contributions showcase your collaboration skills and prove that you can work in complex code bases. For more information, see [AUTOTITLE](/get-started/exploring-projects-on-github/finding-ways-to-contribute-to-open-source-on-github).

content/actions/security-for-github-actions/using-artifact-attestations/enforcing-artifact-attestations-with-a-kubernetes-admission-controller.md

@@ -55,7 +55,7 @@ First, install the Helm chart that deploys the Sigstore Policy Controller:
 helm upgrade policy-controller --install --atomic \
   --create-namespace --namespace artifact-attestations \
   oci://ghcr.io/github/artifact-attestations-helm-charts/policy-controller \
-  --version v0.10.0-github9
+  --version v0.12.0-github10
 ```
 
 This installs the Policy Controller into the `artifact-attestations` namespace. At this point, no policies have been configured, and it will not enforce any attestations.
@@ -139,7 +139,7 @@ To see the full set of options you may configure with the Helm chart, you can ru
 For policy controller options:
 
 ```bash copy
-helm show values oci://ghcr.io/github/artifact-attestations-helm-charts/policy-controller --version v0.10.0-github9
+helm show values oci://ghcr.io/github/artifact-attestations-helm-charts/policy-controller --version v0.12.0-github10
 ```
 
 For trust policy options: