Skip to content

Commit 1aa7d1b

Browse files
authored
Merge pull request #45161 from github/repo-sync
Repo sync
2 parents 66941c3 + d0bb839 commit 1aa7d1b

78 files changed

Lines changed: 11547 additions & 335 deletions

File tree

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

.github/workflows/sync-openapi.yml

Lines changed: 4 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -42,30 +42,21 @@ jobs:
4242
path: rest-api-description
4343
ref: ${{ inputs.SOURCE_BRANCH }}
4444

45-
- name: Generate GitHub App token
46-
id: app-token
47-
uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3.2.0
48-
with:
49-
app-id: ${{ secrets.DOCS_BOT_APP_ID }}
50-
private-key: ${{ secrets.DOCS_BOT_APP_PRIVATE_KEY }}
51-
owner: github
52-
repositories: docs-internal,models-gateway,docs-engineering
53-
5445
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
5546
with:
5647
# By default, only the most recent commit of the `main` branch
5748
# will be checked out
5849
repository: github/models-gateway
5950
path: models-gateway
6051
ref: main
61-
token: ${{ steps.app-token.outputs.token }}
52+
token: ${{ secrets.DOCS_BOT_PAT_BASE }}
6253

6354
- uses: ./.github/actions/node-npm-setup
6455

6556
- name: Sync the REST, Webhooks, and GitHub Apps schemas
6657
env:
6758
# Needed for gh
68-
GITHUB_TOKEN: ${{ steps.app-token.outputs.token }}
59+
GITHUB_TOKEN: ${{ secrets.DOCS_BOT_PAT_BASE }}
6960
NODE_OPTIONS: '--max-old-space-size=8192'
7061
run: |
7162
npm run sync-rest -- \
@@ -89,7 +80,7 @@ jobs:
8980
- name: Create pull request
9081
env:
9182
# Needed for gh
92-
GITHUB_TOKEN: ${{ steps.app-token.outputs.token }}
83+
GITHUB_TOKEN: ${{ secrets.DOCS_BOT_PAT_BASE }}
9384
run: |
9485
# If nothing to commit, exit now. It's fine. No orphans.
9586
changes=$(git diff --name-only | wc -l)
@@ -137,4 +128,4 @@ jobs:
137128
- uses: ./.github/actions/create-workflow-failure-issue
138129
if: ${{ failure() && github.event_name != 'workflow_dispatch' }}
139130
with:
140-
token: ${{ steps.app-token.outputs.token }}
131+
token: ${{ secrets.DOCS_BOT_PAT_BASE }}

content/copilot/how-tos/copilot-cli/cli-best-practices.md

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -335,7 +335,9 @@ Pair with {% data variables.copilot.copilot_cli_short %} to develop tests.
335335

336336
### Code review assistance
337337

338+
* ``/security-review Review my current local changes for security issues. Prioritize high-severity findings and suggest remediations I can apply before opening a pull request.``
338339
* ``/review Use Opus 4.5 and Codex 5.2 to review the changes in my current branch against `main`. Focus on potential bugs and security issues.``
340+
* Triage high-severity findings first, validate your fixes, then continue through your normal pull request review workflow.
339341

340342
### Git operations
341343

content/copilot/reference/copilot-cli-reference/cli-command-reference.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -246,7 +246,7 @@ These are the slash commands you can use from within an interactive CLI session.
246246
| `/rubber-duck [PROMPT]` | Consult the rubber duck agent for a second opinion on plans, code, and tests. See [AUTOTITLE](/copilot/concepts/agents/copilot-cli/rubber-duck). |
247247
| `/sandbox [enable\|disable]` | Enable, disable, or configure OS-level sandboxing that restricts filesystem and network access for shell commands, MCP/LSP servers, and built-in file/web tools. Run `/sandbox` with no arguments to open the policy dialog. |
248248
| `/search [QUERY]`, `/find [QUERY]` | Search the conversation timeline. {% data reusables.copilot.experimental %} |
249-
| `/security-review [PROMPT]` | Run the security review agent to analyze changes for vulnerabilities. |
249+
| `/security-review [PROMPT]` | Run a focused security review of active local code changes and return prioritized vulnerability findings with remediation suggestions. This command is not a full repository security audit. |
250250
| `/session [info\|checkpoints [n]\|files\|plan\|rename [NAME]\|cleanup\|prune\|delete [ID]\|delete-all]`, `/sessions [info\|checkpoints [n]\|files\|plan\|rename [NAME]\|cleanup\|prune\|delete [ID]\|delete-all]` | Show session information and manage sessions. The `info` subcommand shows session details including the session link (when available). Subcommands: `info`, `checkpoints`, `files`, `plan`, `rename`, `cleanup`, `prune`, `delete`, `delete-all`. |
251251
| `/settings [show KEY\|KEY\|KEY VALUE]`,<br>`/config [show KEY\|KEY\|KEY VALUE]` | Open the settings editor, open it focused on a specific setting (`KEY`), set a setting inline (`KEY VALUE`), or display a setting's current value (`show KEY`). See [AUTOTITLE](/copilot/how-tos/copilot-cli/customize-copilot/change-settings). |
252252
| `/share [file\|html\|gist] [session\|research] [PATH]`, `/export [file\|html\|gist] [session\|research] [PATH]` | Share the session to a Markdown file, interactive HTML file, or {% data variables.product.github %} gist. |

content/copilot/tutorials/roll-out-at-scale/enable-developers/integrate-ai-agents.md

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -61,6 +61,8 @@ To meet a tight deadline, you want to speed up each stage for both developers an
6161

6262
{% data variables.product.prodname_copilot_short %} can update multiple files at once and, with the developer's authorization, run commands for actions like installing dependencies or running tests.
6363

64+
1. Before opening a pull request, the developer runs `/security-review` to identify likely vulnerabilities in active local changes and apply remediations.
65+
6466
1. The developer reviews the diff and chooses which code to keep.
6567

6668
## 3. Test with an MCP server

content/copilot/tutorials/roll-out-at-scale/govern-at-scale/maintain-codebase-standards.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -70,6 +70,7 @@ To improve the quality of {% data variables.product.prodname_copilot_short %}'s
7070
With strong guardrails in place, developers should already be enabled to use AI effectively. However, it is important to provide training on AI tools and create a culture where best practices are encouraged, rather than just enforced.
7171

7272
1. Communicate your governance settings and your company's expectations for how developers should use {% data variables.product.prodname_copilot_short %}. For example, if all agent work should be thoroughly reviewed, ensure this process is established and communicated.
73+
1. Encourage developers to run `/security-review` in {% data variables.copilot.copilot_cli_short %} before opening a pull request or requesting review. Treat this as a lightweight check, then continue with your standard pull request review process. For more information, see [AUTOTITLE](/copilot/how-tos/copilot-cli/cli-best-practices#code-review-assistance).
7374
1. Create onboarding resources such as internal documentation or videos. For a starting point, share existing resources like [AUTOTITLE](/copilot/get-started/best-practices) and [AUTOTITLE](/copilot/tutorials/copilot-cookbook).
7475
1. Offer ongoing training and support, such as workshops. In successful rollouts, many companies identify "champions" who can train others on how to use {% data variables.product.prodname_copilot_short %} effectively.
7576

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,14 @@
1+
---
2+
title: REST API endpoints for secret scanning custom patterns
3+
shortTitle: Custom patterns
4+
intro: Use the REST API to manage custom patterns for secret scanning.
5+
versions: # DO NOT MANUALLY EDIT. CHANGES WILL BE OVERWRITTEN BY A 🤖
6+
fpt: '*'
7+
ghec: '*'
8+
autogenerated: rest
9+
allowTitleToDifferFromFilename: true
10+
category:
11+
- Secure code and manage vulnerabilities
12+
---
13+
14+
<!-- Content after this section is automatically generated -->

content/rest/secret-scanning/index.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -9,6 +9,7 @@ versions:
99
ghes: '*'
1010
children:
1111
- /alert-dismissal-requests
12+
- /custom-patterns
1213
- /delegated-bypass
1314
- /push-protection
1415
- /secret-scanning

src/fixtures/tests/playwright-rendering.spec.ts

Lines changed: 35 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -52,6 +52,41 @@ test('use sidebar to go to Hello World page', async ({ page }) => {
5252
await expect(page).toHaveTitle(/Hello World - GitHub Docs/)
5353
})
5454

55+
test('press "/" to open the search overlay', async ({ page }) => {
56+
await page.goto('/')
57+
await turnOffExperimentsInPage(page)
58+
59+
// Wait for the header search button to render, so the keydown listener is attached.
60+
await page.locator('[data-testid="search"]:visible').waitFor()
61+
62+
const searchInput = page.getByTestId('overlay-search-input')
63+
// The overlay (and its input) is not in the DOM until it's opened.
64+
await expect(searchInput).toHaveCount(0)
65+
66+
// Pressing "/" anywhere on the page opens the overlay and focuses the input.
67+
await page.keyboard.press('/')
68+
await expect(searchInput).toBeFocused()
69+
70+
// Escape closes it again.
71+
await page.keyboard.press('Escape')
72+
await expect(searchInput).toHaveCount(0)
73+
})
74+
75+
test('"/" typed inside the search input is a literal slash', async ({ page }) => {
76+
await page.goto('/')
77+
await turnOffExperimentsInPage(page)
78+
79+
await page.locator('[data-testid="search"]:visible').waitFor()
80+
81+
await page.keyboard.press('/')
82+
const searchInput = page.getByTestId('overlay-search-input')
83+
await expect(searchInput).toBeFocused()
84+
85+
// The "/" shortcut must not fire while typing in a field, so it is not swallowed.
86+
await page.keyboard.type('a/b')
87+
await expect(searchInput).toHaveValue('a/b')
88+
})
89+
5590
test('do a search from home page and click on "Foo" page', async ({ page }) => {
5691
test.skip(!SEARCH_TESTS, 'No local Elasticsearch, no tests involving search')
5792

src/frame/components/page-header/Header.tsx

Lines changed: 26 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -92,6 +92,32 @@ export const Header = () => {
9292
return () => window.removeEventListener('keydown', close)
9393
}, [])
9494

95+
// Pressing "/" anywhere on the page opens the search overlay, matching the
96+
// shortcut on github.com. Ignore the key when the user is typing in a form
97+
// field or editable element so we never swallow a literal "/", and when a
98+
// modifier is held so we don't clash with browser or OS shortcuts.
99+
useEffect(() => {
100+
const openOnSlash = (e: KeyboardEvent) => {
101+
if (e.key !== '/' || e.ctrlKey || e.metaKey || e.altKey) {
102+
return
103+
}
104+
const target = e.target as HTMLElement | null
105+
const tagName = target?.tagName
106+
if (
107+
tagName === 'INPUT' ||
108+
tagName === 'TEXTAREA' ||
109+
tagName === 'SELECT' ||
110+
target?.isContentEditable
111+
) {
112+
return
113+
}
114+
e.preventDefault()
115+
setIsSearchOpen(true)
116+
}
117+
window.addEventListener('keydown', openOnSlash)
118+
return () => window.removeEventListener('keydown', openOnSlash)
119+
}, [])
120+
95121
// For the UI in smaller browser widths, focus the picker menu button when
96122
// the sidebar is closed (not when the search overlay is closed — the
97123
// overlay's returnFocusRef handles focus restoration to the search button).

src/github-apps/data/fpt-2022-11-28/fine-grained-pat-permissions.json

Lines changed: 72 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -873,6 +873,42 @@
873873
"additional-permissions": false,
874874
"access": "write"
875875
},
876+
{
877+
"category": "secret-scanning",
878+
"slug": "list-organization-custom-patterns",
879+
"subcategory": "custom-patterns",
880+
"verb": "get",
881+
"requestPath": "/orgs/{org}/secret-scanning/custom-patterns",
882+
"additional-permissions": false,
883+
"access": "read"
884+
},
885+
{
886+
"category": "secret-scanning",
887+
"slug": "bulk-create-organization-custom-patterns",
888+
"subcategory": "custom-patterns",
889+
"verb": "post",
890+
"requestPath": "/orgs/{org}/secret-scanning/custom-patterns",
891+
"additional-permissions": false,
892+
"access": "write"
893+
},
894+
{
895+
"category": "secret-scanning",
896+
"slug": "bulk-delete-organization-custom-patterns",
897+
"subcategory": "custom-patterns",
898+
"verb": "delete",
899+
"requestPath": "/orgs/{org}/secret-scanning/custom-patterns",
900+
"additional-permissions": false,
901+
"access": "write"
902+
},
903+
{
904+
"category": "secret-scanning",
905+
"slug": "update-an-organization-custom-pattern",
906+
"subcategory": "custom-patterns",
907+
"verb": "patch",
908+
"requestPath": "/orgs/{org}/secret-scanning/custom-patterns/{pattern_id}",
909+
"additional-permissions": false,
910+
"access": "write"
911+
},
876912
{
877913
"category": "secret-scanning",
878914
"slug": "list-organization-pattern-configurations",
@@ -8481,6 +8517,42 @@
84818517
"additional-permissions": false,
84828518
"access": "read"
84838519
},
8520+
{
8521+
"category": "secret-scanning",
8522+
"slug": "list-repository-custom-patterns",
8523+
"subcategory": "custom-patterns",
8524+
"verb": "get",
8525+
"requestPath": "/repos/{owner}/{repo}/secret-scanning/custom-patterns",
8526+
"additional-permissions": false,
8527+
"access": "read"
8528+
},
8529+
{
8530+
"category": "secret-scanning",
8531+
"slug": "bulk-create-repository-custom-patterns",
8532+
"subcategory": "custom-patterns",
8533+
"verb": "post",
8534+
"requestPath": "/repos/{owner}/{repo}/secret-scanning/custom-patterns",
8535+
"additional-permissions": false,
8536+
"access": "write"
8537+
},
8538+
{
8539+
"category": "secret-scanning",
8540+
"slug": "bulk-delete-repository-custom-patterns",
8541+
"subcategory": "custom-patterns",
8542+
"verb": "delete",
8543+
"requestPath": "/repos/{owner}/{repo}/secret-scanning/custom-patterns",
8544+
"additional-permissions": false,
8545+
"access": "write"
8546+
},
8547+
{
8548+
"category": "secret-scanning",
8549+
"slug": "update-a-repository-custom-pattern",
8550+
"subcategory": "custom-patterns",
8551+
"verb": "patch",
8552+
"requestPath": "/repos/{owner}/{repo}/secret-scanning/custom-patterns/{pattern_id}",
8553+
"additional-permissions": false,
8554+
"access": "write"
8555+
},
84848556
{
84858557
"category": "secret-scanning",
84868558
"slug": "get-secret-scanning-scan-history-for-a-repository",

0 commit comments

Comments
 (0)