Merge branch 'main' into patch-14

Author: Sharra-writes

.github/actions/labeler/labeler.ts

@@ -1,6 +1,6 @@
 /* See function main in this file for documentation */
 
-import coreLib from '@actions/core'
+import * as coreLib from '@actions/core'
 import { type Octokit } from '@octokit/rest'
 import { CoreInject } from '@/links/scripts/action-injections'
 

.github/workflows/check-broken-links-github-github.yml

@@ -44,10 +44,9 @@ jobs:
           PORT: 4000
           ENABLED_LANGUAGES: en
         run: |
-
-          npm run start &
+          npm run start-for-ci &
           sleep 5
-          curl --retry-connrefused --retry 3 -I http://localhost:4000/
+          curl --retry-connrefused --retry 5 -I http://localhost:4000/
 
       - name: Run broken github/github link check
         run: |

.github/workflows/index-general-search.yml

@@ -230,21 +230,64 @@ jobs:
           FASTLY_SURROGATE_KEY: api-search:${{ matrix.language }}
         run: npm run purge-fastly-edge-cache
 
-      - name: Alert on scraping failures
-        if: ${{ steps.check-failures.outputs.has_failures == 'true' && github.event_name != 'workflow_dispatch' }}
-        uses: ./.github/actions/slack-alert
+      - name: Upload failures artifact
+        if: ${{ steps.check-failures.outputs.has_failures == 'true' }}
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        with:
+          name: search-failures-${{ matrix.language }}
+          path: /tmp/records/failures-summary.json
+          retention-days: 1
+
+      - uses: ./.github/actions/slack-alert
+        if: ${{ failure() && github.event_name != 'workflow_dispatch' }}
         with:
           slack_channel_id: ${{ secrets.DOCS_ALERTS_SLACK_CHANNEL_ID }}
           slack_token: ${{ secrets.SLACK_DOCS_BOT_TOKEN }}
-          message: |
-            :warning: ${{ steps.check-failures.outputs.failed_pages }} page(s) failed to scrape for general search indexing (language: ${{ matrix.language }})
 
-            The indexing completed but some pages could not be scraped. This may affect search results for those pages.
+  notifyScrapingFailures:
+    name: Notify scraping failures
+    needs: updateElasticsearchIndexes
+    if: ${{ always() && github.repository == 'github/docs-internal' && github.event_name != 'workflow_dispatch' && needs.updateElasticsearchIndexes.result != 'cancelled' }}
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out repo
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+
+      - name: Download all failure artifacts
+        uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
+        with:
+          pattern: search-failures-*
+          path: /tmp/failures
+        continue-on-error: true
 
-            Workflow: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
+      - name: Check if any failures were downloaded
+        id: check-artifacts
+        run: |
+          if [ -d /tmp/failures ] && [ "$(ls -A /tmp/failures 2>/dev/null)" ]; then
+            echo "has_artifacts=true" >> $GITHUB_OUTPUT
+          else
+            echo "has_artifacts=false" >> $GITHUB_OUTPUT
+          fi
 
-      - uses: ./.github/actions/slack-alert
-        if: ${{ failure() && github.event_name != 'workflow_dispatch' }}
+      - uses: ./.github/actions/node-npm-setup
+        if: ${{ steps.check-artifacts.outputs.has_artifacts == 'true' }}
+
+      - name: Aggregate failures and format message
+        if: ${{ steps.check-artifacts.outputs.has_artifacts == 'true' }}
+        id: aggregate
+        run: |
+          RESULT=$(npx tsx src/search/scripts/aggregate-search-index-failures.ts /tmp/failures \
+            --workflow-url "${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}")
+          {
+            echo 'result<<EOF'
+            echo "$RESULT"
+            echo 'EOF'
+          } >> "$GITHUB_OUTPUT"
+
+      - name: Send consolidated Slack notification
+        if: ${{ steps.check-artifacts.outputs.has_artifacts == 'true' }}
+        uses: ./.github/actions/slack-alert
         with:
           slack_channel_id: ${{ secrets.DOCS_ALERTS_SLACK_CHANNEL_ID }}
           slack_token: ${{ secrets.SLACK_DOCS_BOT_TOKEN }}
+          message: ${{ fromJSON(steps.aggregate.outputs.result).message }}

assets/images/help/copilot/coding-agent/open-workbench.png

@@ -115,6 +115,20 @@ For more information, see [AUTOTITLE](/actions/reference/openid-connect-referenc
 
 {% data variables.product.prodname_actions %} workflows can use OIDC tokens instead of secrets to authenticate with cloud providers. Many popular cloud providers offer official login actions that simplify the process of using OIDC in your workflows. For more information about updating your workflows with specific cloud providers, see [AUTOTITLE](/actions/how-tos/security-for-github-actions/security-hardening-your-deployments).
 
+## OIDC support for {% data variables.product.prodname_dependabot %}
+
+{% data variables.product.prodname_dependabot %} can use OIDC to authenticate with private registries, eliminating the need to store long-lived credentials as repository secrets. With OIDC-based authentication, {% data variables.product.prodname_dependabot %} update jobs can dynamically obtain short-lived credentials from your cloud identity provider.
+
+{% data variables.product.prodname_dependabot %} supports OIDC authentication for any registry type that uses `username` and `password` authentication, when the registry is hosted on AWS CodeArtifact, Azure DevOps Artifacts, or JFrog Artifactory.
+
+The benefits of OIDC authentication for {% data variables.product.prodname_dependabot %} are:
+
+* **Enhanced security:** Eliminates static, long-lived credentials from your repositories.
+* **Simpler management:** Enables secure, policy-compliant access to private registries.
+* **Avoid rate limiting:** Dynamic credentials help you avoid hitting rate limits associated with static tokens.
+
+For more information, see [AUTOTITLE](/code-security/dependabot/working-with-dependabot/configuring-access-to-private-registries-for-dependabot#using-oidc-for-authentication).
+
 ## Next steps
 
 For more information about configuring OIDC, see [AUTOTITLE](/actions/how-tos/security-for-github-actions/security-hardening-your-deployments).

assets/images/social-cards/_convert-svgs.sh

@@ -37,7 +37,7 @@ Some information that {% data variables.contact.github_support %} will request c
 * A copy of your workflow run logs for an example workflow run failure. For more information about workflow run logs, see [AUTOTITLE](/actions/monitoring-and-troubleshooting-workflows/using-workflow-run-logs#downloading-logs).
 * {% ifversion ghes %}A copy of your runner logs, {% else %}If you are running this workflow on a self-hosted runner, self-hosted runner logs{% endif %} which can be found under the `_diag` folder within the runner. For more information about self-hosted runners, see [AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/monitoring-and-troubleshooting-self-hosted-runners#reviewing-the-self-hosted-runner-application-log-files).
 
-  Self-hosted runner log file names are be formatted: `Runner_YYYY####-xxxxxx-utc.log` and `Worker_YYYY####-xxxxxx-utc.log`.
+  Self-hosted runner log file names are formatted: `Runner_YYYY####-xxxxxx-utc.log` and `Worker_YYYY####-xxxxxx-utc.log`.
 
 > [!NOTE]
 > Attach files to your support ticket by changing the file's extension to `.txt` or `.zip`. If you include textual data such as log or workflow file snippets inline in your ticket, ensure they are formatted correctly as Markdown code blocks. For more information about proper Markdown formatting, see [AUTOTITLE](/get-started/writing-on-github/getting-started-with-writing-and-formatting-on-github/basic-writing-and-formatting-syntax#quoting-code).