Fix GitHub Actions workshop content issues

Code:
- seed_database.py now respects DATABASE_PATH env var (matches app.py pattern)

Factual fixes:
- Fix reusable workflow nesting limit: 10 → 4 levels (8-reusable-workflows.md)
- Add cache: 'pip' to composite action setup-python step (7-custom-actions.md)
- Clarify secrets vs variables distinction in reusable workflows example

Content cleanup:
- Fix Ctl → Ctrl typo across 8 files
- Fix 'Then caller' → 'The caller' typo (8-reusable-workflows.md)
- Fix URL path: using-workflows → writing-workflows (5-matrix-strategies.md)
- Fix misleading [marketplace] link label → [caching] in README
- Rewrite 4-caching.md intro to lead with caching, not marketplace
- Clarify 'code scanning workflow' next step (9-required-workflows.md)

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

Author: GeekTrainer

app/server/utils/seed_database.py

@@ -19,7 +19,8 @@ def create_app():
     # Get the server directory path (one level up from utils)
     server_dir = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
 
-    app.config['SQLALCHEMY_DATABASE_URI'] = f'sqlite:///{os.path.join(server_dir, "dogshelter.db")}'
+    db_path = os.environ.get('DATABASE_PATH', os.path.join(server_dir, 'dogshelter.db'))
+    app.config['SQLALCHEMY_DATABASE_URI'] = f'sqlite:///{db_path}'
     app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = False
 
     # Initialize the database with the app

content/github-actions/1-introduction.md

@@ -68,7 +68,7 @@ Let's start with the classic "Hello World" — a workflow you can trigger manual
 
 Now let's push the workflow and trigger it by hand.
 
-1. Open the terminal in your codespace by pressing <kbd>Ctl</kbd>+<kbd>`</kbd>.
+1. Open the terminal in your codespace by pressing <kbd>Ctrl</kbd>+<kbd>`</kbd>.
 2. Stage and commit your changes:
 
     ```bash

content/github-actions/3-running-tests.md

@@ -101,7 +101,7 @@ The **`permissions`** block controls what this token can do. For our CI workflow
 
 A bit later you'll use a more standard branching approach for changes. But for our purposes right now, let's push straight to `main`. What you'll notice is the workflow will automatically run, since the workflow will now exist on `main`!
 
-1. Open the terminal in your codespace by pressing <kbd>Ctl</kbd>+<kbd>`</kbd>, then stage, commit, and push:
+1. Open the terminal in your codespace by pressing <kbd>Ctrl</kbd>+<kbd>`</kbd>, then stage, commit, and push:
 
     ```bash
     git add .github/workflows/run-tests.yml

content/github-actions/4-caching.md

@@ -3,9 +3,9 @@
 | [← Running Tests][walkthrough-previous] | [Next: Matrix Strategies & Parallel Testing →][walkthrough-next] |
 |:-----------------------------------|------------------------------------------:|
 
-The [GitHub Actions Marketplace][actions-marketplace] is a collection of pre-built actions created by GitHub and the community. Actions can set up tools, run tests, deploy code, send notifications, and much more. Rather than writing everything from scratch, you can leverage the work of thousands of developers.
+**Caching** is a technique to speed up your workflows by reusing previously downloaded dependencies instead of fetching them from the internet on every run. This exercise teaches you how to cache Python packages and Node modules so your CI pipeline stays fast as your project grows.
 
-In this exercise you'll also learn about **caching** — a technique to speed up your workflows by reusing previously downloaded dependencies instead of fetching them from the internet on every run.
+Along the way you'll also browse the [GitHub Actions Marketplace][actions-marketplace] — a collection of pre-built actions created by GitHub and the community that you can drop into any workflow.
 
 ## Scenario
 
@@ -71,7 +71,7 @@ The e2e job has two dependencies to cache — Python packages and the Node modul
 
 Now let's push the changes and see the impact of caching.
 
-1. In the terminal (<kbd>Ctl</kbd>+<kbd>`</kbd> to toggle), stage, commit, and push your changes:
+1. In the terminal (<kbd>Ctrl</kbd>+<kbd>`</kbd> to toggle), stage, commit, and push your changes:
 
     ```bash
     git add .github/workflows/run-tests.yml

content/github-actions/5-matrix-strategies.md

@@ -52,7 +52,7 @@ Let's update the CI workflow to test the API across multiple Python versions.
 > [!IMPORTANT]
 > Make sure to quote version numbers like `'3.12'` in the matrix array. Without quotes, YAML may interpret them as floating-point numbers — for example, `3.10` becomes `3.1`, which would cause the setup step to fail.
 
-5. In the terminal (<kbd>Ctl</kbd>+<kbd>`</kbd> to toggle), stage, commit, and push your changes:
+5. In the terminal (<kbd>Ctrl</kbd>+<kbd>`</kbd> to toggle), stage, commit, and push your changes:
 
     ```bash
     git add .github/workflows/run-tests.yml
@@ -126,6 +126,6 @@ Matrix strategies let you test across multiple configurations — language versi
 |:-----------------------------------|------------------------------------------:|
 
 [matrix-docs]: https://docs.github.com/actions/using-jobs/using-a-matrix-for-your-jobs
-[strategy-syntax]: https://docs.github.com/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstrategy
+[strategy-syntax]: https://docs.github.com/actions/writing-workflows/workflow-syntax-for-github-actions#jobsjob_idstrategy
 [walkthrough-previous]: 4-caching.md
 [walkthrough-next]: 6-deploy-azure.md

content/github-actions/6-deploy-azure.md

@@ -30,7 +30,7 @@ There are several strategies for ensuring only validated code reaches production
 
 Let's set up the Azure Developer CLI and scaffold the infrastructure for our project.
 
-1. Open the terminal in your codespace (or press <kbd>Ctl</kbd>+<kbd>`</kbd> to toggle it).
+1. Open the terminal in your codespace (or press <kbd>Ctrl</kbd>+<kbd>`</kbd> to toggle it).
 2. Install azd by running:
 
     ```bash

content/github-actions/7-custom-actions.md

@@ -29,7 +29,7 @@ Inputs and outputs let the action communicate with the calling workflow, making
 
 Let's create a composite action that sets up Python, installs dependencies, and seeds the test database.
 
-1. In your codespace, open a terminal window by selecting <kbd>Ctl</kbd>+<kbd>\`</kbd>.
+1. In your codespace, open a terminal window by selecting <kbd>Ctrl</kbd>+<kbd>\`</kbd>.
 2. Create the directory for the action by executing the following command in the terminal:
 
     ```bash
@@ -65,7 +65,7 @@ Let's create a composite action that sets up Python, installs dependencies, and
           uses: actions/setup-python@v5
           with:
             python-version: ${{ inputs.python-version }}
-
+            cache: 'pip'
         - name: Install dependencies
           run: pip install -r app/server/requirements.txt
           shell: bash
@@ -214,7 +214,7 @@ Now let's update the CI workflow to use the custom action instead of the individ
               DATABASE_PATH: ${{ steps.seed.outputs.database-file }}
     ```
 
-6. In the terminal (<kbd>Ctl</kbd>+<kbd>`</kbd> to toggle), commit and push your changes:
+6. In the terminal (<kbd>Ctrl</kbd>+<kbd>`</kbd> to toggle), commit and push your changes:
 
     ```bash
     git add .github/actions/setup-python-env/action.yml .github/workflows/run-tests.yml

content/github-actions/8-reusable-workflows.md

@@ -25,7 +25,7 @@ A **composite action** combines multiple *steps* into a single step that runs in
 | **Runner control** | Runs on the caller job's runner | Each job specifies its own runner |
 | **Secrets** | Cannot access secrets directly | Can receive secrets via `secrets:` or `secrets: inherit` |
 | **Logging** | Appears as one collapsed step in the log | Every job and step is logged individually |
-| **Nesting depth** | Up to 10 composite actions per workflow | Up to 10 levels of workflow nesting |
+| **Nesting depth** | Up to 10 composite actions per workflow | Up to 4 levels of workflow nesting |
 | **Marketplace** | Can be published to the [Actions Marketplace][actions-marketplace] | Cannot be published to the Marketplace |
 
 **When to use which:**
@@ -69,7 +69,7 @@ on:
         required: true
 ```
 
-Then caller then passes each secret explicitly:
+The caller then passes each secret explicitly:
 
 ```yaml
 deploy:
@@ -84,6 +84,8 @@ deploy:
 
 > [!IMPORTANT]
 > For deployment workflows that need Azure credentials, `secrets: inherit` is the simplest approach. However, defining specific secrets provides better documentation and prevents accidentally exposing secrets the reusable workflow doesn't need. We'll use `secrets: inherit` in this exercise for simplicity.
+>
+> Note: In this workshop, `azd pipeline config` stored the Azure credentials as **repository variables** (accessed via `vars.*`), not secrets. The example above illustrates the pattern for cases where credentials _are_ stored as secrets.
 
 ## Create a reusable deployment workflow
 
@@ -203,7 +205,7 @@ Now let's add the second caller — a manual deploy workflow for rollbacks and h
 
     This workflow is only triggered **manually** via `workflow_dispatch` — it appears as a "Run workflow" button in the Actions tab. It prompts for a **git ref** (a commit SHA, tag, or branch name to deploy), passes that ref to the reusable workflow's `deploy-ref` input, and uses the same deploy logic as the automated pipeline.
 
-3. In the terminal (<kbd>Ctl</kbd>+<kbd>`</kbd> to toggle), commit and push your changes:
+3. In the terminal (<kbd>Ctrl</kbd>+<kbd>`</kbd> to toggle), commit and push your changes:
 
     ```bash
     git add .github/workflows/reusable-deploy.yml .github/workflows/azure-dev.yml .github/workflows/manual-deploy.yml

content/github-actions/9-required-workflows.md

@@ -94,7 +94,7 @@ Let's create a ruleset that requires our tests to pass, and pull requests to be
 
 Let's verify the ruleset is working.
 
-1. Return to your codespace and open the terminal (<kbd>Ctl</kbd>+<kbd>`</kbd> to toggle). Create a new branch and make a small change:
+1. Return to your codespace and open the terminal (<kbd>Ctrl</kbd>+<kbd>`</kbd> to toggle). Create a new branch and make a small change:
 
     ```bash
     git checkout -b test-ruleset
@@ -146,7 +146,7 @@ This pipeline follows the same patterns used by teams across GitHub. As the shel
 
 If you want to keep exploring, here are some suggested next steps:
 
-- Add a code scanning workflow using [GitHub Advanced Security][github-security].
+- Add a custom CodeQL workflow using [GitHub Advanced Security][github-security].
 - Explore [GitHub Environments][environments-docs] with deployment protection rules for staged deployments (e.g., staging → production with manual approval).
 - Explore the [GitHub Actions Marketplace][actions-marketplace] for community-built actions.
 - Take the [GitHub Skills: Deploy to Azure][skills-deploy-azure] course for a deeper dive into Azure deployment.

content/github-actions/README.md

@@ -26,7 +26,7 @@ To complete this workshop, you will need the following:
 1. [Introduction & Your First Workflow][introduction] — Create your first workflow and explore the Actions UI
 2. [Securing the Development Pipeline][code-scanning] — Enable code scanning, Dependabot, and secret scanning
 3. [Running Tests][ci] — Automate unit and e2e testing with parallel jobs
-4. [Caching][marketplace] — Speed up workflows by caching dependencies
+4. [Caching][caching] — Speed up workflows by caching dependencies
 5. [Matrix strategies & parallel testing][matrix] — Test across multiple configurations simultaneously
 6. [Deploying to Azure with azd][deployment] — Set up continuous deployment to Azure
 7. [Creating custom actions][custom-actions] — Build your own reusable action
@@ -57,7 +57,7 @@ To complete this workshop, you will need the following:
 [github-copilot]: https://github.com/features/copilot
 [github-signup]: https://github.com/join
 [introduction]: ./1-introduction.md
-[marketplace]: ./4-caching.md
+[caching]: ./4-caching.md
 [matrix]: ./5-matrix-strategies.md
 [protection]: ./9-required-workflows.md
 [repo-root]: /