Merge pull request #76 from github/repo-sync

repo sync

content/actions/reference/workflow-syntax-for-github-actions.md

@@ -948,7 +948,25 @@ jobs:
 
 #### **`jobs.<job_id>.container.image`**
 
-The Docker image to use as the container to run the action. The value can be the Docker Hub image name or a public docker registry name.
+The Docker image to use as the container to run the action. The value can be the Docker Hub image name or a {% if currentVersion != "free-pro-team@latest" and currentVersion ver_lt "enterprise-server@2.23" %}public{% endif %} registry name.
+
+{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.22" %}
+#### **`jobs.<job_id>.container.credentials`**
+
+{% data reusables.actions.registry-credentials %}
+
+##### Example
+
+{% raw %}
+```yaml
+container:
+  image: ghcr.io/owner/image
+  credentials:
+     username: ${{ github.actor }}
+     password: ${{ secrets.ghcr_token }}
+```
+{% endraw %}
+{% endif %}
 
 #### **`jobs.<job_id>.container.env`**
 
@@ -1011,19 +1029,43 @@ services:
       - 6379/tcp
 ```
 
-#### **`jobs.<job_id>.services.image`**
+#### **`jobs.<job_id>.services.<service_id>.image`**
+
+The Docker image to use as the service container to run the action. The value can be the Docker Hub image name or a {% if currentVersion != "free-pro-team@latest" and currentVersion ver_lt "enterprise-server@2.23" %}public{% endif %} registry name.
 
-The Docker image to use as the service container to run the action. The value can be the Docker base image name or a public docker Hub or registry.
+{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.22" %}
+#### **`jobs.<job_id>.services.<service_id>.credentials`**
+
+{% data reusables.actions.registry-credentials %}
+
+##### Example
+
+{% raw %}
+```yaml
+services:
+  myservice1: 
+    image: ghcr.io/owner/myservice1
+    credentials:
+      username: ${{ github.actor }}
+      password: ${{ secrets.ghcr_token }}
+  myservice2:
+    image: dockerhub_org/myservice2
+    credentials:
+      username: ${{ secrets.DOCKER_USER }}
+      password: ${{ secrets.DOCKER_PASSWORD }}
+```
+{% endraw %}
+{% endif %}
 
-#### **`jobs.<job_id>.services.env`**
+#### **`jobs.<job_id>.services.<service_id>.env`**
 
 Sets a `map` of environment variables in the service container.
 
-#### **`jobs.<job_id>.services.ports`**
+#### **`jobs.<job_id>.services.<service_id>.ports`**
 
 Sets an `array` of ports to expose on the service container.
 
-#### **`jobs.<job_id>.services.volumes`**
+#### **`jobs.<job_id>.services.<service_id>.volumes`**
 
 Sets an `array` of volumes for the service container to use. You can use volumes to share data between services or other steps in a job. You can specify named Docker volumes, anonymous Docker volumes, or bind mounts on the host.
 
@@ -1042,7 +1084,7 @@ volumes:
   - /source/directory:/destination/directory
 ```
 
-#### **`jobs.<job_id>.services.options`**
+#### **`jobs.<job_id>.services.<service_id>.options`**
 
 Additional Docker container resource options. For a list of options, see "[`docker create` options](https://docs.docker.com/engine/reference/commandline/create/#options)."
 

content/github/finding-security-vulnerabilities-and-errors-in-your-code/about-code-scanning.md

@@ -18,7 +18,7 @@ versions:
 
 You can use {{ site.data.variables.product.prodname_code_scanning }} to find, triage, and prioritize fixes for existing problems in your code. {{ site.data.variables.product.prodname_code_scanning_capc }} also prevents developers from introducing new problems. You can schedule scans for specific days and times, or trigger scans when a specific event occurs in the repository, such as a push.
 
-If {{ site.data.variables.product.prodname_code_scanning }} finds a potential vulnerability or error in your code, {{ site.data.variables.product.prodname_dotcom }} displays an alert in the repository. After you fix the code that triggered the alert, {{ site.data.variables.product.prodname_dotcom }} closes the alert. For more information, see "[Managing alerts from {{ site.data.variables.product.prodname_code_scanning }}](/github/finding-security-vulnerabilities-and-errors-in-your-code/managing-alerts-from-code-scanning)."
+If {{ site.data.variables.product.prodname_code_scanning }} finds a potential vulnerability or error in your code, {{ site.data.variables.product.prodname_dotcom }} displays an alert in the repository. After you fix the code that triggered the alert, {{ site.data.variables.product.prodname_dotcom }} closes the alert. For more information, see "[Managing {{ site.data.variables.product.prodname_code_scanning }} alerts for your repository](/github/finding-security-vulnerabilities-and-errors-in-your-code/managing-code-scanning-alerts-for-your-repository)."
 
 To monitor results from {{ site.data.variables.product.prodname_code_scanning }} across your repositories or your organization, you can use the {{ site.data.variables.product.prodname_code_scanning }} API.
 For more information about API endpoints, see  "[{{ site.data.variables.product.prodname_code_scanning_capc }}](/v3/code-scanning)."

content/github/finding-security-vulnerabilities-and-errors-in-your-code/about-integration-with-code-scanning.md

@@ -11,7 +11,7 @@ versions:
 {{ site.data.reusables.code-scanning.beta }}
 {{ site.data.reusables.code-scanning.enterprise-enable-code-scanning }}
 
-As an alternative to running {{ site.data.variables.product.prodname_code_scanning }} within {{ site.data.variables.product.prodname_dotcom }}, you can perform analysis elsewhere and then upload the results. Alerts for {{ site.data.variables.product.prodname_code_scanning }} that you run externally are displayed in the same way as those for  {{ site.data.variables.product.prodname_code_scanning }} that you run within {{ site.data.variables.product.prodname_dotcom }}. For more information, see "[Managing alerts from code scanning](/github/finding-security-vulnerabilities-and-errors-in-your-code/managing-alerts-from-code-scanning)."
+As an alternative to running {{ site.data.variables.product.prodname_code_scanning }} within {{ site.data.variables.product.prodname_dotcom }}, you can perform analysis elsewhere and then upload the results. Alerts for {{ site.data.variables.product.prodname_code_scanning }} that you run externally are displayed in the same way as those for  {{ site.data.variables.product.prodname_code_scanning }} that you run within {{ site.data.variables.product.prodname_dotcom }}. For more information, see "[Managing {{ site.data.variables.product.prodname_code_scanning }} alerts for your repository](/github/finding-security-vulnerabilities-and-errors-in-your-code/managing-code-scanning-alerts-for-your-repository)."
 
 You can use your continuous integration or continuous delivery/deployment (CI/CD) system to run {{ site.data.variables.product.prodname_dotcom }}'s {{ site.data.variables.product.prodname_codeql }} analysis and upload the results to {{ site.data.variables.product.prodname_dotcom }}. This is an alternative to using {{ site.data.variables.product.prodname_actions }} to run {{ site.data.variables.product.prodname_codeql }} analysis. For more information, see "[Running code scanning in your CI system](/github/finding-security-vulnerabilities-and-errors-in-your-code/running-code-scanning-in-your-ci-system)."
 

content/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning-in-your-ci-system.md

@@ -94,7 +94,7 @@ If the `autobuild` command can't build your code, you can run the build steps yo
 
 By default, the {{ site.data.variables.product.prodname_codeql_runner }} uploads results from {{ site.data.variables.product.prodname_code_scanning }} when you run the `analyze` command. You can also upload SARIF files separately, by using the `upload` command.
 
-Once you've uploaded the data, {{ site.data.variables.product.prodname_dotcom }} displays the alerts in your repository. For more information, see "[Managing alerts from code scanning](/github/finding-security-vulnerabilities-and-errors-in-your-code/managing-alerts-from-code-scanning#viewing-an-alert)."
+Once you've uploaded the data, {{ site.data.variables.product.prodname_dotcom }} displays the alerts in your repository. For more information, see "[Managing {{ site.data.variables.product.prodname_code_scanning }} alerts for your repository](/github/finding-security-vulnerabilities-and-errors-in-your-code/managing-code-scanning-alerts-for-your-repository#viewing-an-alert)."
 
 ### {{ site.data.variables.product.prodname_codeql_runner }} command reference
 

content/github/finding-security-vulnerabilities-and-errors-in-your-code/enabling-code-scanning-for-a-repository.md

@@ -45,5 +45,5 @@ After you commit the workflow file or create a pull request, {{ site.data.variab
 After you enable {{ site.data.variables.product.prodname_code_scanning }}, you can monitor analysis, view results, and further customize how you scan your code.
 
 - You can view the run status of {{ site.data.variables.product.prodname_code_scanning }} and get notifications for completed runs. For more information, see "[Managing a workflow run](/actions/configuring-and-managing-workflows/managing-a-workflow-run)" and "[Configuring notifications](/github/managing-subscriptions-and-notifications-on-github/configuring-notifications#github-actions-notification-options)."
-- After a scan completes, you can view alerts from a completed scan. For more information, see "[Managing alerts from {{ site.data.variables.product.prodname_code_scanning }}](/github/finding-security-vulnerabilities-and-errors-in-your-code/managing-alerts-from-code-scanning)."
+- After a scan completes, you can view alerts from a completed scan. For more information, see "[Managing {{ site.data.variables.product.prodname_code_scanning }} alerts for your repository](/github/finding-security-vulnerabilities-and-errors-in-your-code/managing-code-scanning-alerts-for-your-repository)."
 - You can customize how {{ site.data.variables.product.prodname_code_scanning }} scans the code in your repository. For more information, see "[Configuring code scanning](/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning)."

content/github/finding-security-vulnerabilities-and-errors-in-your-code/index.md

@@ -11,8 +11,9 @@ versions:
 
 {% topic_link_in_list /automatically-scanning-your-code-for-vulnerabilities-and-errors %}
     {% link_in_list /about-code-scanning %}
+    {% link_in_list /triaging-code-scanning-alerts-in-pull-requests %}
     {% link_in_list /enabling-code-scanning-for-a-repository %}
-    {% link_in_list /managing-alerts-from-code-scanning %}
+    {% link_in_list /managing-code-scanning-alerts-for-your-repository %}
     {% link_in_list /configuring-code-scanning %}
     {% link_in_list /configuring-the-codeql-workflow-for-compiled-languages %}
     {% link_in_list /troubleshooting-the-codeql-workflow %}