Repo sync

.github/workflows/delete-orphan-translation-files.yml

@@ -133,7 +133,28 @@ jobs:
             --label "workflow-generated" \
             --head=$branch_name
           echo "Merge created PR..."
-          retry_command gh pr merge --merge --auto --delete-branch "$branch_name"
+          # Prefer enabling auto-merge so the PR waits for any required
+          # checks before merging. If auto-merge can't be enabled — usually
+          # because all required checks completed before this step ran and
+          # the PR is already immediately mergeable — fall back to a direct
+          # merge. GitHub returns one of these misleading errors in that
+          # case: "Branch does not have required protected branch rules",
+          # "Pull request is in unstable status", or "Pull request is not
+          # in a mergeable state".
+          auto_merge_err=$(mktemp)
+          trap 'rm -f "$auto_merge_err"' EXIT
+          if retry_command gh pr merge --merge --auto --delete-branch "$branch_name" 2>"$auto_merge_err"; then
+            :
+          else
+            cat "$auto_merge_err"
+            if grep -qE "does not have required protected branch rules|unstable status|Pull request is not in a mergeable state" "$auto_merge_err"; then
+              echo "Auto-merge unavailable; PR appears immediately mergeable. Falling back to direct merge."
+              retry_command gh pr merge --merge --delete-branch "$branch_name"
+            else
+              echo "Auto-merge failed with an unexpected error."
+              exit 1
+            fi
+          fi
 
       - uses: ./.github/actions/slack-alert
         if: ${{ failure() && github.event_name != 'workflow_dispatch' }}

content/copilot/reference/copilot-allowlist-reference.md

@@ -24,18 +24,20 @@ If your company employs security measures like a firewall or proxy server, you s
 | `https://github.com/enterprises/YOUR-ENTERPRISE/*`          | Authentication for {% data variables.enterprise.prodname_managed_users %}, only required with {% data variables.product.prodname_emus %} |
 | `https://api.github.com/user`                               | User Management |
 | `https://api.github.com/copilot_internal/*`                 | User Management |
-| `https://copilot-telemetry.githubusercontent.com/telemetry` | Telemetry |
 | `https://collector.github.com/*`                            | Analytics telemetry |
-| `https://default.exp-tas.com`                               | Telemetry |
+| `https://copilot-telemetry.githubusercontent.com/telemetry` | {% data variables.product.prodname_copilot_short %} client telemetry |
+| `https://default.exp-tas.com`                               | {% data variables.product.prodname_copilot_short %} client experimentation |
 | `https://copilot-proxy.githubusercontent.com`               | API service for {% data variables.product.prodname_copilot_short %} suggestions |
 | `https://origin-tracker.githubusercontent.com`              | API service for {% data variables.product.prodname_copilot_short %} suggestions |
 | `https://*.githubcopilot.com/*`[^1]                         | API service for {% data variables.product.prodname_copilot_short %} suggestions |
 | `https://*.individual.githubcopilot.com`[^2]                | API service for {% data variables.product.prodname_copilot_short %} suggestions |
 | `https://*.business.githubcopilot.com`[^3]                  | API service for {% data variables.product.prodname_copilot_short %} suggestions |
 | `https://*.enterprise.githubcopilot.com`[^4]                | API service for {% data variables.product.prodname_copilot_short %} suggestions |
-| `https://*.SUBDOMAIN.ghe.com`                                      | For {% data variables.product.prodname_copilot_short %} users on {% data variables.enterprise.data_residency_site %} |
-| `https://SUBDOMAIN.ghe.com`                                        | For {% data variables.product.prodname_copilot_short %} users on {% data variables.enterprise.data_residency_site %} |
-| `https://copilot-reports-*.b01.azurefd.net`                        | {% data variables.product.prodname_copilot_short %} usage metrics report downloads |
+| `https://*.SUBDOMAIN.ghe.com`                               | For {% data variables.product.prodname_copilot_short %} users on {% data variables.enterprise.data_residency_site %} |
+| `https://SUBDOMAIN.ghe.com`                                 | For {% data variables.product.prodname_copilot_short %} users on {% data variables.enterprise.data_residency_site %} |
+| `https://copilot-reports.github.com`                        | {% data variables.product.prodname_copilot_short %} usage metrics report downloads |
+| `https://copilot-reports-*.b01.azurefd.net`[^5]             | {% data variables.product.prodname_copilot_short %} usage metrics report downloads (fallback) |
+| `https://usagereports*.blob.core.windows.net`[^6]           | {% data variables.product.prodname_copilot_short %} usage metrics report downloads (fallback) |
 
 Depending on the security policies and editors your organization uses, you may need to allowlist additional domains and URLs. For more information on specific editors, see [Further reading](#further-reading).
 
@@ -397,3 +399,5 @@ The allowlist allows access to the following hosts:
 [^2]: Allows access to authorized users via a {% data variables.copilot.copilot_individuals_short %} plan. Do not add this URL to your allowlist if you are using subscription-based network routing.
 [^3]: Allows access to authorized users via a {% data variables.copilot.copilot_business_short %} plan. Do not add this URL to your allowlist if you want to use subscription-based network routing to block users from using {% data variables.copilot.copilot_business_short %} on your network.
 [^4]: Allows access to authorized users via a {% data variables.copilot.copilot_enterprise_short %} plan. Do not add this URL to your allowlist if you want to use subscription-based network routing to block users from using {% data variables.copilot.copilot_enterprise_short %} on your network.
+[^5]: Required for fallback scenarios where {% data variables.product.prodname_copilot_short %} usage metrics report downloads bypass the custom domain and are served from an Azure Front Door CDN.
+[^6]: Required for fallback scenarios where {% data variables.product.prodname_copilot_short %} usage metrics report downloads bypass the Azure Front Door CDN and are served directly from Azure Blob Storage.

eslint.config.ts

@@ -100,8 +100,8 @@ export default [
       // Disabled rules to review
       'no-console': 'off', // 800+
 
-      // Custom rules (disabled by default for now)
-      'custom-rules/use-custom-logger': 'off',
+      // Custom rules
+      'custom-rules/use-custom-logger': 'error',
 
       // Prevent direct res.redirect() usage — use res.safeRedirect() instead
       // to avoid open redirect vulnerabilities via protocol-relative URLs.
@@ -169,6 +169,36 @@ export default [
     },
   },
 
+  // Directories not yet migrated to structured logger (see github/docs-engineering#5639)
+  // Remove directories from this list as they are migrated
+  {
+    files: [
+      'src/ai-tools/**/*.{ts,js}',
+      'src/article-api/**/*.{ts,js}',
+      'src/audit-logs/**/*.{ts,js}',
+      'src/changelogs/**/*.{ts,js}',
+      'src/color-schemes/**/*.{ts,js}',
+      'src/content-render/**/*.{ts,js}',
+      'src/data-directory/**/*.{ts,js}',
+      'src/dev-toc/**/*.{ts,js}',
+      'src/events/**/*.{ts,js}',
+      'src/fixtures/**/*.{ts,js}',
+      'src/frame/**/*.{ts,js}',
+      'src/github-apps/**/*.{ts,js}',
+      'src/journeys/**/*.{ts,js}',
+      'src/languages/**/*.{ts,js}',
+      'src/links/**/*.{ts,js}',
+      'src/metrics/**/*.{ts,js}',
+      'src/observability/**/*.{ts,js}',
+      'src/rest/**/*.{ts,js}',
+      'src/search/**/*.{ts,js}',
+      'src/shielding/**/*.{ts,js}',
+    ],
+    rules: {
+      'custom-rules/use-custom-logger': 'off',
+    },
+  },
+
   // Override for scripts, tests, workflows, content-linter, and React files (disable custom logger rule)
   {
     files: [