From 201ad96f44a754019e36475cbf20af8a2335f3c0 Mon Sep 17 00:00:00 2001
From: rhysd <lin90162@yahoo.co.jp>
Date: Sun, 22 Dec 2024 20:09:37 +0900
Subject: [PATCH] update outdated URLs for security guide in documents

---
 docs/checks.md                                     |  4 ++--
 docs/reference.md                                  | 14 +++++++-------
 playground/index.html                              |  2 +-
 .../generate-actionlint-matcher/test/escape.txt    |  2 +-
 .../generate-actionlint-matcher/test/no_escape.txt |  2 +-
 scripts/generate-actionlint-matcher/test/want.json |  2 +-
 6 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/docs/checks.md b/docs/checks.md
index d9ee417b5..5c2c16fc0 100644
--- a/docs/checks.md
+++ b/docs/checks.md
@@ -2941,13 +2941,13 @@ Note that `steps` in Composite action's metadata is not checked at this point. I
 [dependabot-doc]: https://docs.github.com/en/code-security/dependabot/working-with-dependabot/keeping-your-actions-up-to-date-with-dependabot
 [credentials-doc]: https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions#jobsjob_idcontainercredentials
 [actions-cache]: https://github.com/actions/cache
-[permissions-doc]: https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token
+[permissions-doc]: https://docs.github.com/en/actions/security-for-github-actions/security-guides/automatic-token-authentication#permissions-for-the-github_token
 [perm-config-doc]: https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions#permissions
 [generate-webhook-events]: https://github.com/rhysd/actionlint/tree/main/scripts/generate-webhook-events
 [generate-popular-actions]: https://github.com/rhysd/actionlint/tree/main/scripts/generate-popular-actions
 [issue-25]: https://github.com/rhysd/actionlint/issues/25
 [issue-40]: https://github.com/rhysd/actionlint/issues/40
-[security-doc]: https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions
+[security-doc]: https://docs.github.com/en/actions/security-for-github-actions/security-guides/security-hardening-for-github-actions
 [reusable-workflow-doc]: https://docs.github.com/en/actions/learn-github-actions/reusing-workflows
 [create-reusable-workflow-doc]: https://docs.github.com/en/actions/learn-github-actions/reusing-workflows#creating-a-reusable-workflow
 [reusable-workflow-call-keys]: https://docs.github.com/en/actions/learn-github-actions/reusing-workflows#supported-keywords-for-jobs-that-call-a-reusable-workflow
diff --git a/docs/reference.md b/docs/reference.md
index 9aa8e26b8..deadcfa03 100644
--- a/docs/reference.md
+++ b/docs/reference.md
@@ -1,17 +1,17 @@
 References
 ==========
 
-This document describes links to resources.
+This document describes links to resources related to actionlint and GitHub Actions.
 
 - Repository: https://github.com/rhysd/actionlint
 - Playground: https://rhysd.github.io/actionlint/
 - GitHub Actions official documentations
-  - Workflow syntax: https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions
-  - Expression syntax: https://docs.github.com/en/actions/learn-github-actions/expressions
-  - Built-in functions: https://docs.github.com/en/actions/learn-github-actions/expressions#functions
-  - Webhook events: https://docs.github.com/en/actions/learn-github-actions/events-that-trigger-workflows#webhook-events
-  - Self-hosted runner: https://docs.github.com/en/actions/hosting-your-own-runners/about-self-hosted-runners
-  - Security: https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions
+  - Workflow syntax: https://docs.github.com/en/actions/writing-workflows/workflow-syntax-for-github-actions
+  - Expression syntax: https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/evaluate-expressions-in-workflows-and-actions
+  - Built-in functions: https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/evaluate-expressions-in-workflows-and-actions#functions
+  - Webhook events: https://docs.github.com/en/actions/writing-workflows/choosing-when-your-workflow-runs/events-that-trigger-workflows#webhook-events
+  - Self-hosted runner: https://docs.github.com/en/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners
+  - Security: https://docs.github.com/en/actions/security-for-github-actions/security-guides/security-hardening-for-github-actions
 - CRON syntax: https://pubs.opengroup.org/onlinepubs/9699919799/utilities/crontab.html#tag_20_25_07
 - shellcheck: https://github.com/koalaman/shellcheck
 - pyflakes: https://github.com/PyCQA/pyflakes
diff --git a/playground/index.html b/playground/index.html
index 0779e5991..341b126e0 100644
--- a/playground/index.html
+++ b/playground/index.html
@@ -63,7 +63,7 @@ <h2><i id="res-icon" class="devicon-githubactions-plain"></i>Resources</h2>
               <li><a class="has-text-link-my-light" target="_blank" rel="noopener" href="https://github.com/rhysd/actionlint/blob/v1.7.4/docs/checks.md">Checks by actionlint</a></li>
               <li><a class="has-text-link-my-light" target="_blank" rel="noopener" href="https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions">Workflow syntax for GitHub Actions</a></li>
               <li><a class="has-text-link-my-light" target="_blank" rel="noopener" href="https://docs.github.com/en/actions/learn-github-actions/contexts">Available contexts in workflow</a></li>
-              <li><a class="has-text-link-my-light" target="_blank" rel="noopener" href="https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions">Security hardening for GitHub Actions</a></li>
+              <li><a class="has-text-link-my-light" target="_blank" rel="noopener" href="https://docs.github.com/en/actions/security-for-github-actions/security-guides/security-hardening-for-github-actions">Security hardening for GitHub Actions</a></li>
             </ul>
           </p>
         </div>
diff --git a/scripts/generate-actionlint-matcher/test/escape.txt b/scripts/generate-actionlint-matcher/test/escape.txt
index ec29175eb..e1b1ed97d 100644
--- a/scripts/generate-actionlint-matcher/test/escape.txt
+++ b/scripts/generate-actionlint-matcher/test/escape.txt
@@ -1,4 +1,4 @@
-./testdata/err/one_error.yaml:6:41: "github.event.head_commit.message" is potentially untrusted. avoid using it directly in inline scripts. instead, pass it through an environment variable. see https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions for more details [expression]
+./testdata/err/one_error.yaml:6:41: "github.event.head_commit.message" is potentially untrusted. avoid using it directly in inline scripts. instead, pass it through an environment variable. see https://docs.github.com/en/actions/security-for-github-actions/security-guides/security-hardening-for-github-actions for more details [expression]
   |
 6 |       - run: echo "Checking commit '${{ github.event.head_commit.message }}'"
   |                                         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
diff --git a/scripts/generate-actionlint-matcher/test/no_escape.txt b/scripts/generate-actionlint-matcher/test/no_escape.txt
index 3255b3806..b3f487add 100644
--- a/scripts/generate-actionlint-matcher/test/no_escape.txt
+++ b/scripts/generate-actionlint-matcher/test/no_escape.txt
@@ -1,4 +1,4 @@
-./testdata/err/one_error.yaml:6:41: "github.event.head_commit.message" is potentially untrusted. avoid using it directly in inline scripts. instead, pass it through an environment variable. see https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions for more details [expression]
+./testdata/err/one_error.yaml:6:41: "github.event.head_commit.message" is potentially untrusted. avoid using it directly in inline scripts. instead, pass it through an environment variable. see https://docs.github.com/en/actions/security-for-github-actions/security-guides/security-hardening-for-github-actions for more details [expression]
   |
 6 |       - run: echo "Checking commit '${{ github.event.head_commit.message }}'"
   |                                         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
diff --git a/scripts/generate-actionlint-matcher/test/want.json b/scripts/generate-actionlint-matcher/test/want.json
index 9bb0de66b..5178ed5a3 100644
--- a/scripts/generate-actionlint-matcher/test/want.json
+++ b/scripts/generate-actionlint-matcher/test/want.json
@@ -1 +1 @@
-[{"message":"\"github.event.head_commit.message\" is potentially untrusted. avoid using it directly in inline scripts. instead, pass it through an environment variable. see https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions for more details","filepath":"./testdata/err/one_error.yaml","line":6,"column":41,"kind":"expression","snippet":"      - run: echo \"Checking commit '${{ github.event.head_commit.message }}'\"\n                                        ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~","end_column":72}]
+[{"message":"\"github.event.head_commit.message\" is potentially untrusted. avoid using it directly in inline scripts. instead, pass it through an environment variable. see https://docs.github.com/en/actions/security-for-github-actions/security-guides/security-hardening-for-github-actions for more details","filepath":"./testdata/err/one_error.yaml","line":6,"column":41,"kind":"expression","snippet":"      - run: echo \"Checking commit '${{ github.event.head_commit.message }}'\"\n                                        ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~","end_column":72}]