github · docs-bot · Oct 15, 2024 · Oct 15, 2024 · Oct 15, 2024
diff --git a/.github/branch_protection_settings/main.json b/.github/branch_protection_settings/main.json
@@ -41,6 +41,7 @@
       "workflows",
       "lint-code",
       "secret-scanning",
+      "pagelist"
     ],
     "contexts_url": "https://api.github.com/repos/github/docs-internal/branches/main/protection/required_status_checks/contexts",
     "checks": [
@@ -83,7 +84,8 @@
       { "context": "products", "app_id": 15368 },
       { "context": "workflows", "app_id": 15368 },
       { "context": "lint-code", "app_id": 15368 },
-      { "context": "secret-scanning", "app_id": 15368 }
+      { "context": "secret-scanning", "app_id": 15368 },
+      { "context": "pagelist", "app_id": 15368 }
     ]
   },
   "restrictions": {

diff --git a/.github/workflows/alert-changed-branch-protections.yml b/.github/workflows/alert-changed-branch-protections.yml
@@ -3,6 +3,8 @@ name: Alert Changed Branch Protections
 on:
   branch_protection_rule:
   workflow_dispatch:
+  schedule:
+    - cron: '20 16 * * 3' # Run every Wednesday at 16:30 UTC / 8:30 PST
 
 permissions:
   contents: read

diff --git a/.github/workflows/azure-prod-build-deploy.yml b/.github/workflows/azure-prod-build-deploy.yml
@@ -34,23 +34,14 @@ jobs:
       RESOURCE_GROUP_NAME: docs-prod
       APP_SERVICE_NAME: ghdocs-prod
       SLOT_NAME: canary
+      ACR_TOKEN_NAME: acrToken
 
     steps:
       - name: 'Az CLI login'
         uses: azure/login@6c251865b4e6290e7b78be643ea2d005bc51f69a # pin @v2
         with:
           creds: ${{ secrets.PROD_AZURE_CREDENTIALS }}
 
-      - name: 'Docker login'
-        uses: azure/docker-login@15c4aadf093404726ab2ff205b2cdd33fa6d054c
-        with:
-          login-server: ${{ secrets.PROD_REGISTRY_SERVER }}
-          username: ${{ secrets.PROD_REGISTRY_USERNAME }}
-          password: ${{ secrets.PROD_REGISTRY_PASSWORD }}
-
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db
-
       - name: Check out repo
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
         with:
@@ -64,11 +55,30 @@ jobs:
           node-version-file: 'package.json'
           cache: npm
 
-      # Currently we only need this to run dependencies in
-      # src/workflows/check-canary-slots.js
+      # We need this to run a few scripts that were easier to write in JS/TS
       - name: Install dependencies
         run: npm install
 
+      # Create a temporary token for the Azure Container Registry
+      # and set it as a GitHub Actions environment variable
+      # Then clean up by deleting the temp token.
+      # Created token are viewable in the ACR resource UI
+      # under Repository permissions > Tokens
+      - name: 'Create Azure Container Registry Token'
+        env:
+          PROD_REGISTRY_SERVER: ${{ secrets.PROD_REGISTRY_SERVER }}
+        run: npm run create-acr-token
+
+      - name: 'Docker login'
+        uses: azure/docker-login@15c4aadf093404726ab2ff205b2cdd33fa6d054c
+        with:
+          login-server: ${{ secrets.PROD_REGISTRY_SERVER }}
+          username: ${{ env.ACR_TOKEN_NAME }}
+          password: ${{ env.ACR_TOKEN_VALUE }}
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db
+
       - name: Clone docs-early-access
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
         with:

diff --git a/package.json b/package.json
@@ -28,6 +28,7 @@
     "content-changes-table-comment": "tsx src/workflows/content-changes-table-comment.ts",
     "copy-fixture-data": "node src/tests/scripts/copy-fixture-data.js",
     "count-translation-corruptions": "tsx src/languages/scripts/count-translation-corruptions.ts",
+    "create-acr-token": "tsx src/workflows/acr-create-token.js",
     "debug": "cross-env NODE_ENV=development ENABLED_LANGUAGES=en nodemon --inspect src/frame/server.ts",
     "delete-orphan-translation-files": "tsx src/workflows/delete-orphan-translation-files.ts",
     "deleted-features-pr-comment": "tsx src/data-directory/scripts/deleted-features-pr-comment.ts",

diff --git a/src/workflows/acr-create-token.ts b/src/workflows/acr-create-token.ts
@@ -0,0 +1,54 @@
+#!/usr/bin/env node
+import { execSync } from 'child_process'
+import * as core from '@actions/core'
+import dotenv from 'dotenv'
+
+type IsoDateString = string
+
+// For local testing set environment variables in the .env file
+dotenv.config()
+
+const acrTokenName = process.env.ACR_TOKEN_NAME
+const acrProdRegistryServer = process.env.PROD_REGISTRY_SERVER
+const repo = process.env.GITHUB_REPOSITORY
+
+function main() {
+  // Get the current time and add 30 minutes to it
+  // Convert Date format from YYYY-MM-DDTHH:mm:ss.sssZ to
+  // YYYY-MM-DDTHH:mm:ssZ (remove .sss)
+  const expirationDate: IsoDateString =
+    new Date(Date.now() + 30 * 60 * 1000).toISOString().split('.')[0] + 'Z'
+
+  let resp
+  try {
+    const cmd = `az acr token create \
+      --name ${acrTokenName} \
+      --registry ${acrProdRegistryServer} \
+      --repository ${repo} \
+      content/write \
+      content/read \
+      --expiration ${expirationDate} \
+      --output json`
+
+    console.log('Executing az acr token create command.')
+    resp = JSON.parse(execSync(cmd, { encoding: 'utf8' }))
+  } catch (error) {
+    console.error('An error occurred while creating ACR token with the Azure CLI')
+    throw error
+  }
+
+  const acrTokenValue = resp?.credentials?.passwords[0]?.value
+  if (!acrTokenValue) {
+    throw new Error(
+      'The response from the Azure CLI was not in the expected format: \n' +
+        JSON.stringify(resp, null, 2),
+    )
+  }
+
+  // Set the ACR_TOKEN_VALUE environment variable so
+  // that it can be used in the subsequent steps
+  core.exportVariable('ACR_TOKEN_VALUE', acrTokenValue)
+  execSync(`echo $ACR_TOKEN_VALUE`)
+}
+
+main()