From 1d56eb69102b9084a915b0373faafbf2818de5ea Mon Sep 17 00:00:00 2001
From: Rachael Sewell <rachmari@github.com>
Date: Fri, 11 Dec 2020 15:04:57 -0800
Subject: [PATCH 1/3] check for unallowed file os contributions (#16892)

* check for static file os contributions

* add change to show workflow review

* comment for test

* all pushes

* colon after push

* revert to version number

* debugging strange new error

* copy over file from working branch

* remove version

* update from test branch

* fix cond bug

* revert openapi schema change

* add custom translation handling

* allow testing

* push

* debug label

* move to proper area

* update route parm name

* uncomment

* revert translation

* Apply suggestions from code review

Co-authored-by: Kevin Heis <heiskr@users.noreply.github.com>

* Update .github/workflows/triage-unallowed-contributions.yml

Co-authored-by: Janice <janiceilene@github.com>

* Update .github/workflows/triage-unallowed-contributions.yml

Co-authored-by: Janice <janiceilene@github.com>

* format code

* introduce mod

* add wildcard for openapi files

* revert file

* add back checks after tests

Co-authored-by: Kevin Heis <heiskr@users.noreply.github.com>
Co-authored-by: Janice <janiceilene@github.com>
---
 .github/allowed-actions.js                    |   3 +-
 .../close-unwanted-pull-requests.yml          |  39 ------
 .../triage-unallowed-contributions.yml        | 117 ++++++++++++++++++
 3 files changed, 119 insertions(+), 40 deletions(-)
 delete mode 100644 .github/workflows/close-unwanted-pull-requests.yml
 create mode 100644 .github/workflows/triage-unallowed-contributions.yml

diff --git a/.github/allowed-actions.js b/.github/allowed-actions.js
index 9d2d7400e217..7f5baf6f5a07 100644
--- a/.github/allowed-actions.js
+++ b/.github/allowed-actions.js
@@ -32,5 +32,6 @@ module.exports = [
   'repo-sync/pull-request@33777245b1aace1a58c87a29c90321aa7a74bd7d',
   'someimportantcompany/github-actions-slack-message@0b470c14b39da4260ed9e3f9a4f1298a74ccdefd',
   'tjenkinson/gh-action-auto-merge-dependency-updates@cee2ac0',
-  'EndBug/add-and-commit@9358097a71ad9fb9e2f9624c6098c89193d83575'
+  'EndBug/add-and-commit@9358097a71ad9fb9e2f9624c6098c89193d83575',
+  'dorny/paths-filter@eb75a1edc117d3756a18ef89958ee59f9500ba58'
 ]
diff --git a/.github/workflows/close-unwanted-pull-requests.yml b/.github/workflows/close-unwanted-pull-requests.yml
deleted file mode 100644
index 29b30cf3338f..000000000000
--- a/.github/workflows/close-unwanted-pull-requests.yml
+++ /dev/null
@@ -1,39 +0,0 @@
-name: Close unwanted pull requests
-on:
-  pull_request:
-    paths:
-      - '.github/workflows/**'
-      - '.github/CODEOWNERS'
-      - 'translations/**'
-      - 'assets/fonts/**'
-      - 'data/graphql/**'
-      - 'lib/graphql/**'
-      - 'lib/redirects/**'
-      - 'lib/webhooks/**'
-jobs:
-  close_unwanted_pull_requests:
-    if: github.repository == 'github/docs' && github.event.pull_request.user.login != 'Octomerger'
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/github-script@626af12fe9a53dc2972b48385e7fe7dec79145c9
-        with:
-          script: |
-            await github.issues.createComment({
-              ...context.repo,
-              issue_number: context.payload.pull_request.number,
-              body:
-            `Thanks for contributing! We do not accept community changes to these files at this time.
-            - '.github/workflows/**'
-            - '.github/CODEOWNERS'
-            - 'translations/**'
-            - 'assets/fonts/**'
-            - 'data/graphql/**'
-            - 'lib/graphql/**'
-            - 'lib/redirects/**'
-            - 'lib/webhooks/**'`
-            })
-            await github.issues.update({
-              ...context.repo,
-              issue_number: context.payload.pull_request.number,
-              state: 'closed'
-            })
diff --git a/.github/workflows/triage-unallowed-contributions.yml b/.github/workflows/triage-unallowed-contributions.yml
new file mode 100644
index 000000000000..61015d17f095
--- /dev/null
+++ b/.github/workflows/triage-unallowed-contributions.yml
@@ -0,0 +1,117 @@
+name: Check unallowed file changes
+
+on:
+  push:
+
+jobs:
+  triage:
+    if: github.repository == 'github/docs'
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
+      - name: Get pull request number
+        id: pull-number
+        uses: actions/github-script@626af12fe9a53dc2972b48385e7fe7dec79145c9
+        with:
+          github-token: ${{secrets.GITHUB_TOKEN}}
+          result-encoding: string
+          script: |
+            const pulls = await github.repos.listPullRequestsAssociatedWithCommit({
+              ...context.repo,
+              commit_sha: context.sha
+            })
+
+            return pulls.data.map(pull => pull.number).shift()
+      - name: Check for existing requested changes
+        id: requested-change
+        uses: actions/github-script@626af12fe9a53dc2972b48385e7fe7dec79145c9
+        with:
+          github-token: ${{secrets.GITHUB_TOKEN}}
+          result-encoding: json
+          script: |
+            const pullReviews = await github.pulls.listReviews({
+              ...context.repo,
+              pull_number: ${{steps.pull-number.outputs.result}}
+            })
+
+            return pullReviews.data
+              .filter(review => review.user.login === 'github-actions[bot]')
+              .sort((a, b) => new Date(b.submitted_at) - new Date(a.submitted_at))
+              .shift()
+      - name: Get files changed
+        uses: dorny/paths-filter@eb75a1edc117d3756a18ef89958ee59f9500ba58
+        id: filter
+        with:
+          # Base branch used to get changed files
+          base: 'main'
+
+          # Enables setting an output in the format in `${FILTER_NAME}_files
+          # with the names of the matching files formatted as JSON array
+          list-files: json
+
+          # Returns list of changed files matching each filter
+          filters: |
+            translation:
+              - 'translations/**'
+            openapi:
+              - 'lib/rest/static/**'
+            notAllowed:
+              - '.github/workflows/**'
+              - '.github/CODEOWNERS'
+              - 'translations/**'
+              - 'assets/fonts/**'
+              - 'data/graphql/**'
+              - 'lib/graphql/**'
+              - 'lib/redirects/**'
+              - 'lib/rest/**'
+              - 'lib/webhooks/**'
+
+      # When there are changes to files we can't accept
+      # and no review exists,leave a REQUEST_CHANGES review
+      - name: Request pull request changes
+        # Check for no reviews or reviews that aren't CHANGES_REQUESTED
+        if: ${{ steps.filter.outputs.notAllowed == 'true' && (!steps.requested-change.outputs.result || fromJson(steps.requested-change.outputs.result).state != 'CHANGES_REQUESTED') }}
+        uses: actions/github-script@626af12fe9a53dc2972b48385e7fe7dec79145c9
+        with:
+          github-token: ${{secrets.GITHUB_TOKEN}}
+          script: |
+            const changedFiles = ${{steps.filter.outputs.notAllowed_files}}
+            const restFiles = ${{steps.filter.outputs.openapi_files}}
+            const translationFiles = ${{steps.filter.outputs.translation_files}}
+            const markdownFiles = changedFiles.map(file => `- \`${file}\`\n`).join('')
+
+            let reviewMessage = `👋 Hey there spelunker. It looks like you've modified some files that we can't accept as contributions.\n${markdownFiles}\n\nYou'll need to revert all of these ☝️ files using [GitHub Desktop](https://docs.github.com/en/free-pro-team@latest/desktop/contributing-and-collaborating-using-github-desktop/reverting-a-commit) or \`git checkout origin/main <file name>\`. Once you get those files reverted, we can continue with the review process. :octocat:`
+
+            if (restFiles.length > 0) {
+              reviewMessage += "\n\nIt looks like you've modified the OpenAPI schema (`lib/rest/static/**`). While we aren't accepting changes to the schema directly, you can open an issue for any updates to the REST API docs. Head on over to the [`github/rest-api-description`](https://github.com/github/rest-api-description/issues/new?assignees=&labels=Inaccuracy&template=schema-inaccuracy.md&title=%5BSchema+Inaccuracy%5D+%3CDescribe+Problem%3E) repository to open an issue. ⚡"
+            }
+
+            if (translationFiles.length > 0) {
+              await github.issues.addLabels({
+                ...context.repo,
+                issue_number: ${{steps.pull-number.outputs.result}},
+                labels: ['localization']
+              })
+              reviewMessage += "\n\nIt looks like you've modified translated content. Unfortunately, we are not able to accept pull requests for translated content. Our translation process involves an integration with an external service at crowdin.com, where all translation activity happens. We hope to eventually open up the translation process to the open source community, but we're not there yet. See https://github.com/github/docs/blob/main/CONTRIBUTING.md#earth_asia-translations for more details."
+            }
+
+            await github.pulls.createReview({
+              ...context.repo,
+              pull_number: ${{steps.pull-number.outputs.result}},
+              body: reviewMessage,
+              event: 'REQUEST_CHANGES'
+            })
+      # When the most recent review was CHANGES_REQUESTED and the existing
+      # PR no longer contains unallowed changes, dismiss the previous review
+      - name: Dismiss pull request review
+        if: ${{ steps.filter.outputs.notAllowed == 'false' && fromJson(steps.requested-change.outputs.result).state == 'CHANGES_REQUESTED' }}
+        uses: actions/github-script@626af12fe9a53dc2972b48385e7fe7dec79145c9
+        with:
+          github-token: ${{secrets.GITHUB_TOKEN}}
+          script: |
+            await github.pulls.dismissReview({
+              ...context.repo,
+              pull_number: ${{steps.pull-number.outputs.result}},
+              review_id: ${{fromJson(steps.requested-change.outputs.result).id}},
+              message: `✨Looks like you reverted all files we don't accept contributions for. 🙌 A member of the docs team will review your PR soon. 🚂`
+            })

From 0cde1e92f689b77e19ed546e74050e5204e03ae1 Mon Sep 17 00:00:00 2001
From: Chiedo John <2156688+chiedo@users.noreply.github.com>
Date: Fri, 11 Dec 2020 19:04:54 -0500
Subject: [PATCH 2/3] Add Observability docs to service catalog (#16878)

Co-authored-by: Chiedo <chiedo@users.noreply.github.com>
---
 docs/index.yaml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/docs/index.yaml b/docs/index.yaml
index fa1ad248ec18..91461a8c9f53 100644
--- a/docs/index.yaml
+++ b/docs/index.yaml
@@ -2,6 +2,11 @@
 
 version: 1
 links:
+  - name: Observability docs
+    description: Docs Engineering observability docs
+    kind: docs
+    service: docs-internal
+    url: https://github.com/github/docs-engineering/blob/main/docs/observability/docs.github.com.md
   - name: Datadog dashboard
     description: Production Datadog dashboard
     kind: dashboard

From a43544faaf4946f33fdafd2e55931f78a659dd11 Mon Sep 17 00:00:00 2001
From: Kevin Heis <heiskr@users.noreply.github.com>
Date: Sat, 12 Dec 2020 11:49:46 -0800
Subject: [PATCH 3/3] Update
 .github/workflows/triage-unallowed-contributions.yml

---
 .github/workflows/triage-unallowed-contributions.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/triage-unallowed-contributions.yml b/.github/workflows/triage-unallowed-contributions.yml
index 61015d17f095..ab40b3232eaf 100644
--- a/.github/workflows/triage-unallowed-contributions.yml
+++ b/.github/workflows/triage-unallowed-contributions.yml
@@ -5,7 +5,7 @@ on:
 
 jobs:
   triage:
-    if: github.repository == 'github/docs'
+    if: github.repository == 'github/docs' && github.event.pull_request.user.login != 'Octomerger'
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f