Skip to content

Commit

Permalink
Merge pull request github#35844 from github/repo-sync
Browse files Browse the repository at this point in the history
Repo sync
  • Loading branch information
docs-bot authored Jan 6, 2025
2 parents 2f8656e + 6e1ef80 commit 37b0d16
Show file tree
Hide file tree
Showing 9 changed files with 34 additions and 18 deletions.
3 changes: 0 additions & 3 deletions .github/workflows/azure-prod-build-deploy.yml
Original file line number Diff line number Diff line change
Expand Up @@ -5,9 +5,6 @@ name: Azure Production - Build and Deploy
# **Who does it impact**: All contributors.

on:
push:
branches:
- main
workflow_dispatch:

permissions:
Expand Down
9 changes: 4 additions & 5 deletions .github/workflows/purge-fastly.yml
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ name: Purge Fastly
# **Who does it impact**: Writers and engineers.

on:
deployment_status:
workflow_dispatch:
inputs:
nuke_all:
Expand All @@ -16,9 +17,6 @@ on:
description: "Comma separated languages. E.g. 'en,ja, es' (defaults to all)"
required: false
default: ''
push:
branches:
- main

permissions:
contents: read
Expand All @@ -29,11 +27,12 @@ env:

jobs:
send-purges:
# Run when workflow_dispatch is the event (manual) or when deployment_status is the event (automatic) and it's a successful production deploy
if: >-
${{
github.repository == 'github/docs-internal' &&
(github.event_name != 'workflow_run' ||
github.event.workflow_run.conclusion == 'success')
(github.event_name != 'deployment_status' ||
github.event.deployment_status.state == 'success' && github.event.deployment_status.environment == 'production')
}}
runs-on: ubuntu-latest
steps:
Expand Down
6 changes: 3 additions & 3 deletions config/kubernetes/production/deployments/webapp.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -23,10 +23,10 @@ spec:
image: docs-internal
resources:
requests:
cpu: 4000m
memory: 5Gi
cpu: 8000m
memory: 10Gi
limits:
cpu: 4000m
cpu: 16000m
memory: 14Gi
ports:
- name: http
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,16 @@ This guide gives an overview of how to configure GCP to trust {% data variables.

{% data reusables.actions.oidc-on-ghecom %}

{% ifversion ghes %}
{% data reusables.actions.oidc-endpoints %}
<!-- This note is indented to align with the above reusable. -->

> [!NOTE]
> Google Cloud Platform does not have fixed IP ranges defined for these endpoints.
* Make sure that the value of the issuer claim that's included with the JSON Web Token (JWT) is set to a publicly routable URL. For more information, see [AUTOTITLE](/enterprise-server@latest/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect).
{% endif %}

## Adding a Google Cloud Workload Identity Provider

To configure the OIDC identity provider in GCP, you will need to perform the following configuration. For instructions on making these changes, refer to [the GCP documentation](https://github.com/google-github-actions/auth).
Expand Down
6 changes: 0 additions & 6 deletions data/features/viewscreen-and-notebooks.yml

This file was deleted.

Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
>[!NOTE] CAP protection for web sessions is currently in {% data variables.release-phases.public_preview %} and may change.
>
> If IdP CAP support is already enabled for your enterprise, you can opt into extended protection for web sessions from your enterprise's "Authentication security" settings. To enable this feature, your enterprise must have 1,000 or fewer members, active or suspended.
> When web session protection is enabled and a user's IP conditions are not satisfied, they can view and filter all user-owned resources but cannot view the details of the results for notifications, searches, personal dashboards, or starred repositories.
5 changes: 4 additions & 1 deletion src/archives/middleware/archived-enterprise-versions.ts
Original file line number Diff line number Diff line change
Expand Up @@ -227,14 +227,17 @@ export default async function archivedEnterpriseVersions(
// old Azure Blob Storage URL. These need to be rewritten to
// the new archived enterprise repo URL.
if (versionSatisfiesRange(requestedVersion, `>=${firstReleaseStoredInBlobStorage}`)) {
// `x-host` is a custom header set by Fastly.
// GLB automatically deletes the `x-forwarded-host` header.
const host = req.get('x-host') || req.get('x-forwarded-host') || req.get('host')
r.body = r.body
.replaceAll(
`${OLD_AZURE_BLOB_ENTERPRISE_DIR}/${requestedVersion}/assets/cb-`,
`${ENTERPRISE_GH_PAGES_URL_PREFIX}${requestedVersion}/assets/cb-`,
)
.replaceAll(
`${OLD_AZURE_BLOB_ENTERPRISE_DIR}/${requestedVersion}/`,
`${req.protocol}://${req.get('x-forwarded-host') || req.get('host')}/enterprise-server@${requestedVersion}/`,
`${req.protocol}://${host}/enterprise-server@${requestedVersion}/`,
)
}

Expand Down
2 changes: 2 additions & 0 deletions src/frame/middleware/index.ts
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,7 @@ import healthz from './healthz'
import manifestJson from './manifest-json'
import remoteIP from './remote-ip'
import buildInfo from './build-info'
import reqHeaders from './req-headers'
import archivedEnterpriseVersions from '@/archives/middleware/archived-enterprise-versions'
import robots from './robots'
import earlyAccessLinks from '@/early-access/middleware/early-access-links'
Expand Down Expand Up @@ -246,6 +247,7 @@ export default function (app: Express) {
app.use('/api', api)
app.get('/_ip', remoteIP)
app.get('/_build', buildInfo)
app.get('/_req-headers', reqHeaders)
app.use(asyncMiddleware(manifestJson))

// Things like `/api` sets their own Fastly surrogate keys.
Expand Down
10 changes: 10 additions & 0 deletions src/frame/middleware/req-headers.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
import type { Request, Response } from 'express'

import { noCacheControl } from './cache-control.js'

export default function reqHeaders(req: Request, res: Response) {
noCacheControl(res)
res.json({
'request-headers': req.headers,
})
}

0 comments on commit 37b0d16

Please sign in to comment.