Merge branch 'main' into nguyenalex836-remove-unnecessary-spaces-1

Author: nguyenalex836

.devcontainer/devcontainer.json

@@ -19,7 +19,8 @@
       // Set *default* container specific settings.json values on container create.
       "settings": {
         "terminal.integrated.shell.linux": "/bin/bash",
-        "cSpell.language": ",en"
+        "cSpell.language": ",en",
+        "git.autofetch": true
       },
       // Visual Studio Code extensions which help authoring for docs.github.com.
       "extensions": [
@@ -57,7 +58,7 @@
   },
 
   // Use 'postCreateCommand' to run commands after the container is created.
-  "postCreateCommand": "npm ci",
+  "postCreateCommand": "npm ci && npm start",
 
   // Comment out connect as root instead. More info: https://aka.ms/vscode-remote/containers/non-root.
   "remoteUser": "node",

.github/dependabot.yml

@@ -1,4 +1,10 @@
 version: 2
+registries:
+  ghcr: # Define access for a private registry
+    type: docker-registry
+    url: ghcr.io
+    username: PAT
+    password: ${{secrets.CONTAINER_BUILDER_TOKEN}}
 updates:
   - package-ecosystem: npm
     directory: '/'
@@ -23,11 +29,18 @@ updates:
       - dependency-name: '*'
         update-types:
           ['version-update:semver-patch', 'version-update:semver-minor']
+      - dependency-name: 'github/internal-actions'
 
   - package-ecosystem: 'docker'
+    registries:
+      - ghcr
     directory: '/'
     schedule:
       interval: weekly
       day: thursday
+    groups:
+      baseImages:
+        patterns:
+          - '*'
     ignore:
       - dependency-name: 'node'

.github/workflows/azure-preview-env-deploy-public.yml

@@ -123,6 +123,7 @@ jobs:
         uses: docker/build-push-action@16ebe778df0e7752d2cfcbd924afdbbd89c1a755
         with:
           context: .
+          file: Dockerfile.azure
           push: true
           target: preview
           tags: ${{ env.DOCKER_IMAGE }}

.github/workflows/azure-preview-env-deploy.yml

@@ -174,6 +174,7 @@ jobs:
         uses: docker/build-push-action@16ebe778df0e7752d2cfcbd924afdbbd89c1a755
         with:
           context: .
+          file: Dockerfile.azure
           push: true
           target: ${{ steps.with-translations.outputs.result == 'true'  && 'production' || 'preview' }}
           tags: ${{ env.DOCKER_IMAGE }}

.github/workflows/azure-prod-build-deploy.yml

@@ -104,6 +104,7 @@ jobs:
         uses: docker/build-push-action@16ebe778df0e7752d2cfcbd924afdbbd89c1a755
         with:
           context: .
+          file: Dockerfile.azure
           push: true
           target: production
           tags: ${{ env.DOCKER_IMAGE }}, ${{ env.DOCKER_IMAGE_CACHE_REF }}

.github/workflows/azure-staging-build-deploy.yml

@@ -94,6 +94,7 @@ jobs:
         uses: docker/build-push-action@16ebe778df0e7752d2cfcbd924afdbbd89c1a755
         with:
           context: .
+          file: Dockerfile.azure
           push: true
           target: production
           tags: ${{ env.DOCKER_IMAGE }}

.github/workflows/index-general-search.yml

@@ -19,7 +19,7 @@ on:
   schedule:
     - cron: '20 16 * * *' # Run every 24 hours at 20 minutes past the hour
   workflow_run:
-    workflows: ['Azure Production - Build and Deploy']
+    workflows: ['Purge Fastly']
     types:
       - completed
 

.github/workflows/main-preview-docker-cache.yml

@@ -71,6 +71,7 @@ jobs:
         uses: docker/build-push-action@16ebe778df0e7752d2cfcbd924afdbbd89c1a755
         with:
           context: .
+          file: Dockerfile.azure
           push: true
           target: preview
           tags: ${{ env.DOCKER_IMAGE_CACHE_REF }}

.github/workflows/moda-ci.yaml

@@ -0,0 +1,101 @@
+name: docs-internal Moda CI
+
+# More info on CI actions setup can be found here:
+# https://github.com/github/ops/blob/master/docs/playbooks/build-systems/moving-moda-apps-from-bp-to-actions.md
+
+on:
+  workflow_dispatch:
+  push:
+    branches-ignore:
+      - 'gh-readonly-queue/**'
+  merge_group:
+    types: [checks_requested]
+
+jobs:
+  ##########################
+  # Generate Vault keys
+  ##########################
+  set-vault-keys:
+    runs-on: ubuntu-latest
+    outputs:
+      modified_vault_keys: ${{ steps.modify_vault_keys.outputs.modified }}
+    steps:
+      - name: Set vault-keys output
+        id: modify_vault_keys
+        run: |
+          if [ -z "${{ vars.VAULT_KEYS }}" ]; then
+            # We want to add the DOCS_BOT_PAT_READPUBLICKEY to the list of keys
+            # so that builds fetch the secret from the docs-internal vault
+            # where --environment is "ci"
+            echo "modified=DOCS_BOT_PAT_READPUBLICKEY" >> $GITHUB_OUTPUT
+          else
+            echo "modified=${{ vars.VAULT_KEYS }},DOCS_BOT_PAT_READPUBLICKEY" >> $GITHUB_OUTPUT
+          fi
+
+  #############
+  # Moda jobs
+  #############
+  moda-config-bundle:
+    if: ${{ github.repository == 'github/docs-internal' }}
+    name: ${{ matrix.ci_job.job }}
+    needs: set-vault-keys
+    strategy:
+      fail-fast: false
+      matrix:
+        ci_job: [{ 'job': 'docs-internal-moda-config-bundle' }]
+    uses: github/internal-actions/.github/workflows/moda.yml@main
+    with:
+      ci-formatted-job-name: ${{ matrix.ci_job.job }}
+      vault-keys: ${{ needs.set-vault-keys.outputs.modified_vault_keys }}
+    secrets:
+      dx-bot-token: ${{ secrets.INTERNAL_ACTIONS_DX_BOT_ACCOUNT_TOKEN }}
+      datadog-api-key: ${{ secrets.DATADOG_API_KEY }}
+
+  #############
+  # Docker Image jobs
+  #############
+  docker-image:
+    if: ${{ github.repository == 'github/docs-internal' }}
+    name: ${{ matrix.ci_job.job }}
+    needs: set-vault-keys
+    strategy:
+      fail-fast: false
+      matrix:
+        ci_job: [{ 'job': 'docs-internal-docker-image' }]
+    uses: github/internal-actions/.github/workflows/kube.yml@main
+    with:
+      ci-formatted-job-name: ${{ matrix.ci_job.job }}
+      vault-keys: ${{ needs.set-vault-keys.outputs.modified_vault_keys }}
+      # Passes 'DOCS_BOT_PAT_READPUBLICKEY' secret from Vault to docker as --secret id=DOCS_BOT_PAT_READPUBLICKEY,src=<PAT value>
+      docker-build-env-secrets: 'DOCS_BOT_PAT_READPUBLICKEY'
+    secrets:
+      dx-bot-token: ${{ secrets.INTERNAL_ACTIONS_DX_BOT_ACCOUNT_TOKEN }}
+      datadog-api-key: ${{ secrets.DATADOG_API_KEY }}
+
+  #############
+  # Docker Security jobs
+  #############
+  docker-security:
+    if: ${{ github.repository == 'github/docs-internal' }}
+    name: ${{ matrix.ci_job.job }}
+    needs: set-vault-keys
+    strategy:
+      fail-fast: false
+      matrix:
+        ci_job: [{ 'job': 'docs-internal-docker-security' }]
+    uses: github/internal-actions/.github/workflows/docker_security.yml@main
+    with:
+      ci-formatted-job-name: ${{ matrix.ci_job.job }}
+      vault-keys: ${{ needs.set-vault-keys.outputs.modified_vault_keys }}
+      # Passes 'DOCS_BOT_PAT_READPUBLICKEY' secret from Vault to docker as --secret id=DOCS_BOT_PAT_READPUBLICKEY,src=<PAT value>
+      docker-build-env-secrets: 'DOCS_BOT_PAT_READPUBLICKEY'
+    secrets:
+      dx-bot-token: ${{ secrets.INTERNAL_ACTIONS_DX_BOT_ACCOUNT_TOKEN }}
+      datadog-api-key: ${{ secrets.DATADOG_API_KEY }}
+
+permissions:
+  actions: read
+  checks: read
+  contents: read
+  statuses: read
+  id-token: write

.github/workflows/notify-about-deployment.yml

@@ -7,8 +7,7 @@ name: Notify about production deployment
 on:
   workflow_dispatch:
   workflow_run:
-    # Note, we could do this after the "Purge Fastly" finished
-    workflows: ['Azure Production - Build and Deploy']
+    workflows: ['Purge Fastly']
     types:
       - completed
 

.github/workflows/purge-fastly.yml

@@ -16,10 +16,9 @@ on:
         description: "Comma separated languages. E.g. 'en,ja, es' (defaults to all)"
         required: false
         default: ''
-  workflow_run:
-    workflows: ['Azure Production - Build and Deploy']
-    types:
-      - completed
+  push:
+    branches:
+      - main
 
 permissions:
   contents: read
@@ -43,6 +42,23 @@ jobs:
 
       - uses: ./.github/actions/node-npm-setup
 
+      - name: Wait for production to match build number
+        run: |
+          needs=$(git rev-parse HEAD)
+          start_time=$(date +%s)
+          timeout_seconds=1200
+          while [[ $needs != $(curl -s --fail --retry-connrefused --retry 5 https://docs.github.com/_build) ]]
+          do
+            if [[ $(($(date +%s) - $start_time)) -gt $timeout_seconds ]]
+            then
+              echo "Production did not match the build number within $timeout_seconds seconds"
+              exit 1
+            fi
+            echo "Production is not up to date with the build commit"
+            sleep 10
+          done
+          echo "Production is up to date with the build commit"
+
       - name: Purge Fastly edge cache independent of language
         if: ${{ inputs.nuke_all }}
         run: npm run purge-fastly-edge-cache