Merge branch 'main' into global-attributes-class

mdn · Feb 8, 2025 · a65a49e · a65a49e
2 parents badec55 + 58abd0e
commit a65a49e
Show file tree

Hide file tree

Showing 1,197 changed files with 73,802 additions and 25,596 deletions.
diff --git a/.github/workflows/auto-merge.yml b/.github/workflows/auto-merge.yml
@@ -3,12 +3,14 @@ name: auto-merge
 on:
   pull_request_target:
 
+permissions: {}
+
 jobs:
   auto-merge:
     runs-on: ubuntu-latest
     if: github.event.pull_request.user.login == 'dependabot[bot]'
     steps:
-      - uses: ahmadnassri/action-dependabot-auto-merge@v2
+      - uses: ahmadnassri/action-dependabot-auto-merge@45fc124d949b19b6b8bf6645b6c9d55f4f9ac61a # v2.6.6
         with:
           github-token: ${{ secrets.AUTOMERGE_TOKEN }}
           command: "squash and merge"

diff --git a/.github/workflows/markdown-lint-fix.yml b/.github/workflows/markdown-lint-fix.yml
@@ -5,6 +5,8 @@ on:
     - cron: "0 0 * * *"
   workflow_dispatch:
 
+permissions: {}
+
 jobs:
   fix:
     if: github.repository == 'mdn/translated-content'
@@ -61,7 +63,7 @@ jobs:
 
       - name: Create PR with only fixable issues
         if: success()
-        uses: peter-evans/create-pull-request@v7
+        uses: peter-evans/create-pull-request@67ccf781d68cd99b580ae25a5c18a1cc84ffff1f # v7.0.6
         with:
           commit-message: "${{ matrix.lang }}: auto-fix Markdownlint issues"
           branch: markdownlint-auto-cleanup-${{ matrix.lang }}
@@ -76,7 +78,7 @@ jobs:
 
       - name: Create PR with notice on unfixed issues
         if: failure()
-        uses: peter-evans/create-pull-request@v7
+        uses: peter-evans/create-pull-request@67ccf781d68cd99b580ae25a5c18a1cc84ffff1f # v7.0.6
         with:
           commit-message: "${{ matrix.lang }}: auto-fix Markdownlint issues"
           branch: markdownlint-auto-cleanup-${{ matrix.lang }}

diff --git a/.github/workflows/markdown-lint.yml b/.github/workflows/markdown-lint.yml
@@ -13,6 +13,8 @@ on:
       - .github/workflows/markdown-lint.yml
       - .github/workflows/markdownlint-problem-matcher.json
 
+permissions: {}
+
 jobs:
   docs:
     # do not run on forks

diff --git a/.github/workflows/pr-check-lint_content.yml b/.github/workflows/pr-check-lint_content.yml
@@ -39,14 +39,14 @@ jobs:
           echo "DIFF_DOCUMENTS=${DIFF_DOCUMENTS}" >> $GITHUB_ENV
 
       - name: Checkout HEAD
-        if: ${{ env.DIFF_DOCUMENTS }}
+        if: env.DIFF_DOCUMENTS
         uses: actions/checkout@v4
         with:
           ref: ${{ github.event.pull_request.head.sha }}
           path: pr_head
 
       - name: Get changed content from HEAD
-        if: ${{ env.DIFF_DOCUMENTS }}
+        if: env.DIFF_DOCUMENTS
         run: |
           git config --global user.email "[email protected]"
           git config --global user.name "mdn-bot"
@@ -62,13 +62,13 @@ jobs:
           git commit -m "Code from PR head"
 
       - uses: actions/checkout@v4
-        if: ${{ env.DIFF_DOCUMENTS }}
+        if: env.DIFF_DOCUMENTS
         with:
           repository: mdn/content
           path: mdn/content
 
       - name: Setup Node.js environment
-        if: ${{ env.DIFF_DOCUMENTS }}
+        if: env.DIFF_DOCUMENTS
         uses: actions/setup-node@v4
         with:
           node-version-file: ".nvmrc"
@@ -78,19 +78,19 @@ jobs:
             yarn.lock
 
       - name: Install all yarn packages for mdn/translated-content
-        if: ${{ env.DIFF_DOCUMENTS }}
+        if: env.DIFF_DOCUMENTS
         run: yarn --frozen-lockfile
 
       - name: Install all yarn packages for mdn/content
-        if: ${{ env.DIFF_DOCUMENTS }}
+        if: env.DIFF_DOCUMENTS
         working-directory: ${{ github.workspace }}/mdn/content
         run: yarn --frozen-lockfile
         env:
           # https://github.com/microsoft/vscode-ripgrep#github-api-limit-note
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Lint and format markdown files
-        if: ${{ env.DIFF_DOCUMENTS }}
+        if: env.DIFF_DOCUMENTS
         run: |
           # Generate random delimiter
           # https://docs.github.com/en/actions/using-workflows/workflow-commands-for-github-actions#multiline-strings
@@ -136,7 +136,7 @@ jobs:
 
       - name: Setup reviewdog
         if: env.FILES_MODIFIED == 'true' || env.MD_LINT_FAILED == 'true'
-        uses: reviewdog/action-setup@v1
+        uses: reviewdog/action-setup@3f401fe1d58fe77e10d665ab713057375e39b887 # v1.3.0
         with:
           reviewdog_version: latest
 

diff --git a/.github/workflows/pr-check_json.yml b/.github/workflows/pr-check_json.yml
@@ -10,6 +10,8 @@ on:
       - "**/*.jsonc"
       - .github/workflows/pr-check_json.yml
 
+permissions: {}
+
 jobs:
   docs:
     # do not run on PRs in forks

diff --git a/.github/workflows/pr-check_redirects.yml b/.github/workflows/pr-check_redirects.yml
@@ -5,6 +5,8 @@ on:
     branches:
       - main
 
+permissions: {}
+
 jobs:
   check_redirects:
     # do not run on PRs in forks
@@ -17,7 +19,7 @@ jobs:
       # This is a "required" workflow so path filtering can not be used:
       # https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/collaborating-on-repositories-with-code-quality-features/troubleshooting-required-status-checks#handling-skipped-but-required-checks
       # We have to rely on a custom filtering mechanism to run the checks only if required files are modified.
-      - uses: dorny/paths-filter@v3
+      - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
         name: See if any file needs checking
         id: filter
         with:
@@ -57,4 +59,4 @@ jobs:
           CONTENT_TRANSLATED_ROOT: ${{ github.workspace }}/files
         working-directory: ${{ github.workspace }}/mdn/content
         run: |
-          yarn content validate-redirects --strict
+          yarn content validate-redirects
diff --git a/.github/workflows/pr-check_yml.yml b/.github/workflows/pr-check_yml.yml
@@ -10,6 +10,8 @@ on:
       - "**/*.yml"
       - .github/workflows/pr-check_yml.yml
 
+permissions: {}
+
 jobs:
   docs:
     # do not run on PRs in forks

diff --git a/.github/workflows/pr-labeler.yml b/.github/workflows/pr-labeler.yml
@@ -2,6 +2,10 @@ name: "Pull Request Labeler"
 on:
   - pull_request_target
 
+permissions:
+  contents: read
+  pull-requests: write
+
 jobs:
   triage:
     # do not run on PRs in forks

diff --git a/.github/workflows/pr-rebase-needed.yml b/.github/workflows/pr-rebase-needed.yml
@@ -5,6 +5,9 @@ on:
   pull_request_target:
     types: [synchronize]
 
+permissions:
+  pull-requests: write
+
 jobs:
   label-rebase-needed:
     # do not run on PRs in forks

diff --git a/.github/workflows/pr-review-companion.yml b/.github/workflows/pr-review-companion.yml
@@ -9,31 +9,55 @@
 
 name: PR review companion
 
-on: workflow_call
+on:
+  workflow_run:
+    workflows:
+      - "PR Test"
+      - "PR Test Legacy"
+    types:
+      - completed
+
+permissions:
+  # Required to download artifact.
+  actions: read
+  # Required to post comment.
+  pull-requests: write
 
 jobs:
   review:
     runs-on: ubuntu-latest
+    if: github.event.workflow_run.conclusion == 'success'
     steps:
       - name: "Download artifact"
         uses: actions/download-artifact@v4
         with:
-          name: build
+          pattern: build
           path: build
+          merge-multiple: true
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          run-id: ${{ github.event.workflow_run.id }}
+
+      - name: Check for artifacts
+        if: hashFiles('build/') != ''
+        run: |
+          echo "HAS_ARTIFACT=true" >> "$GITHUB_ENV"
 
       - uses: actions/checkout@v4
+        if: env.HAS_ARTIFACT
         with:
           repository: mdn/yari
           path: yari
 
       - name: Install Python
+        if: env.HAS_ARTIFACT
         id: setup-python
         uses: actions/setup-python@v5
         with:
           python-version: "3.10"
 
       # See https://www.peterbe.com/plog/install-python-poetry-github-actions-faster
       - name: Load cached ~/.local
+        if: env.HAS_ARTIFACT
         uses: actions/cache@v4
         with:
           path: ~/.local
@@ -42,12 +66,14 @@ jobs:
           key: dotlocal-${{ runner.os }}-${{ steps.setup-python.outputs.python-version }}-0
 
       - name: Install Python poetry
-        uses: snok/install-poetry@v1
+        if: env.HAS_ARTIFACT
+        uses: snok/install-poetry@76e04a911780d5b312d89783f7b1cd627778900a # v1.4.1
         with:
           virtualenvs-create: true
           virtualenvs-in-project: true
 
       - name: Load cached venv
+        if: env.HAS_ARTIFACT
         id: cached-poetry-dependencies
         uses: actions/cache@v4
         with:
@@ -57,17 +83,19 @@ jobs:
           key: venv-${{ runner.os }}-${{ hashFiles('**/poetry.lock') }}-${{ steps.setup-python.outputs.python-version }}-0
 
       - name: Install poetry dependencies
-        if: steps.cached-poetry-dependencies.outputs.cache-hit != 'true'
+        if: env.HAS_ARTIFACT && steps.cached-poetry-dependencies.outputs.cache-hit != 'true'
         run: |
           cd yari/deployer
           poetry install --no-interaction --no-root
 
       - name: Install Deployer
+        if: env.HAS_ARTIFACT
         run: |
           cd yari/deployer
           poetry install --no-interaction
 
       - name: Deploy and analyze built content
+        if: env.HAS_ARTIFACT
         env:
           BUILD_OUT_ROOT: ${{ github.workspace }}/build